12 files changed, 59 insertions, 31 deletions
diff --git a/CHANGES b/CHANGES
index 3080c2f05..8200fb89f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -35,6 +35,10 @@ AMI - The manager (TCP/TLS/HTTP)
   * Added Masquerade manager event for when a masquerade happens between
      two channels.
   * Added "manager reload" command for the CLI
+  * Lots of commands that only provided information are now allowed under the
+     Reporting privilege, instead of only under Call or System.
+  * The IAX* commands now require either System or Reporting privilege, to
+     mirror the privileges of the SIP* commands.
 
 Dialplan functions
 ------------------
diff --git a/apps/app_stack.c b/apps/app_stack.c
index 341b4c1d9..7f53aff15 100644
--- a/apps/app_stack.c
+++ b/apps/app_stack.c
@@ -100,7 +100,7 @@ static int frame_set_var(struct ast_channel *chan, struct gosub_stack_frame *fra
 		} else
 			pbx_builtin_setvar_helper(chan, var, value);
 
-		manager_event(EVENT_FLAG_CALL, "VarSet", 
+		manager_event(EVENT_FLAG_DIALPLAN, "VarSet", 
 			"Channel: %s\r\n"
 			"Variable: LOCAL(%s)\r\n"
 			"Value: %s\r\n"
diff --git a/apps/app_voicemail.c b/apps/app_voicemail.c
index 67d605d1f..f0b137cfc 100644
--- a/apps/app_voicemail.c
+++ b/apps/app_voicemail.c
@@ -8745,7 +8745,7 @@ static int load_module(void)
 	res |= ast_register_application(app3, vm_box_exists, synopsis_vm_box_exists, descrip_vm_box_exists);
 	res |= ast_register_application(app4, vmauthenticate, synopsis_vmauthenticate, descrip_vmauthenticate);
 	res |= ast_custom_function_register(&mailbox_exists_acf);
-	res |= ast_manager_register("VoicemailUsersList", EVENT_FLAG_CALL, manager_list_voicemail_users, "List All Voicemail User Information");
+	res |= ast_manager_register("VoicemailUsersList", EVENT_FLAG_CALL | EVENT_FLAG_REPORTING, manager_list_voicemail_users, "List All Voicemail User Information");
 	if (res)
 		return res;
 
diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index 35107fa7b..2ad6d8c9f 100644
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -11670,9 +11670,9 @@ static int load_module(void)
 
 	ast_register_application(papp, iax2_prov_app, psyn, pdescrip);
 	
-	ast_manager_register( "IAXpeers", 0, manager_iax2_show_peers, "List IAX Peers" );
-	ast_manager_register( "IAXpeerlist", 0, manager_iax2_show_peer_list, "List IAX Peers" );
-	ast_manager_register( "IAXnetstats", 0, manager_iax2_show_netstats, "Show IAX Netstats" );
+	ast_manager_register( "IAXpeers", EVENT_FLAG_SYSTEM | EVENT_FLAG_REPORTING, manager_iax2_show_peers, "List IAX Peers" );
+	ast_manager_register( "IAXpeerlist", EVENT_FLAG_SYSTEM | EVENT_FLAG_REPORTING, manager_iax2_show_peer_list, "List IAX Peers" );
+	ast_manager_register( "IAXnetstats", EVENT_FLAG_SYSTEM | EVENT_FLAG_REPORTING, manager_iax2_show_netstats, "Show IAX Netstats" );
 
 	if(set_config(config, 0) == -1)
 		return AST_MODULE_LOAD_DECLINE;
diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index df20aee03..3d1b3158f 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -19590,11 +19590,11 @@ static int load_module(void)
 	ast_custom_function_register(&checksipdomain_function);
 
 	/* Register manager commands */
-	ast_manager_register2("SIPpeers", EVENT_FLAG_SYSTEM, manager_sip_show_peers,
+	ast_manager_register2("SIPpeers", EVENT_FLAG_SYSTEM | EVENT_FLAG_REPORTING, manager_sip_show_peers,
 			"List SIP peers (text format)", mandescr_show_peers);
-	ast_manager_register2("SIPshowpeer", EVENT_FLAG_SYSTEM, manager_sip_show_peer,
+	ast_manager_register2("SIPshowpeer", EVENT_FLAG_SYSTEM | EVENT_FLAG_REPORTING, manager_sip_show_peer,
 			"Show SIP peer (text format)", mandescr_show_peer);
-	ast_manager_register2("SIPshowregistry", EVENT_FLAG_SYSTEM, manager_show_registry,
+	ast_manager_register2("SIPshowregistry", EVENT_FLAG_SYSTEM | EVENT_FLAG_REPORTING, manager_show_registry,
 			"Show SIP registrations (text format)", mandescr_show_registry);
 	sip_poke_all_peers();	
 	sip_send_all_registers();
diff --git a/configs/manager.conf.sample b/configs/manager.conf.sample
index b4d6a0909..80bea5a70 100644
--- a/configs/manager.conf.sample
+++ b/configs/manager.conf.sample
@@ -71,5 +71,27 @@ bindaddr = 0.0.0.0
 ;displayconnects = yes	; Display on CLI user login/logoff
 ;
 ; Authorization for various classes 
-;read = system,call,log,verbose,command,agent,user,config,dtmf,reporting,cdr
-;write = system,call,log,verbose,command,agent,user,config,dtmf,reporting,cdr
+;
+; Read authorization permits you to receive asynchronous events, in general.
+; Write authorization permits you to send commands and get back responses.  The
+; following classes exist:
+;
+; system    - General information about the system and ability to run system
+;             management commands, such as Shutdown, Restart, and Reload.
+; call      - Information about channels and ability to set information in a
+;             running channel.
+; log       - Logging information.  Read-only.
+; verbose   - Verbose information.  Read-only.
+; agent     - Information about queues and agents and ability to add queue
+;             members to a queue.
+; user      - Permission to send and receive UserEvent.
+; config    - Ability to read and write configuration files.
+; command   - Permission to run CLI commands.  Write-only.
+; dtmf      - Receive DTMF events.  Read-only.
+; reporting - Ability to get information about the system.
+; cdr       - Output of cdr_manager, if loaded.  Read-only.
+; dialplan  - Receive NewExten and VarSet events.  Read-only.
+;
+;read = system,call,log,verbose,agent,user,config,dtmf,reporting,cdr,dialplan
+;write = system,call,agent,user,config,command,reporting
+
diff --git a/include/asterisk/manager.h b/include/asterisk/manager.h
index 8e63acfee..327f674f8 100644
--- a/include/asterisk/manager.h
+++ b/include/asterisk/manager.h
@@ -68,6 +68,7 @@
 #define EVENT_FLAG_DTMF  		(1 << 8) /* Ability to read DTMF events */
 #define EVENT_FLAG_REPORTING		(1 << 9) /* Reporting events such as rtcp sent */
 #define EVENT_FLAG_CDR			(1 << 10) /* CDR events */
+#define EVENT_FLAG_DIALPLAN		(1 << 11) /* Dialplan events (VarSet, NewExten) */
 /*@} */
 
 /*! \brief Export manager structures */
diff --git a/main/db.c b/main/db.c
index 39d898d13..94bf4f001 100644
--- a/main/db.c
+++ b/main/db.c
@@ -663,7 +663,7 @@ int astdb_init(void)
 {
 	dbinit();
 	ast_cli_register_multiple(cli_database, sizeof(cli_database) / sizeof(struct ast_cli_entry));
-	ast_manager_register("DBGet", EVENT_FLAG_SYSTEM, manager_dbget, "Get DB Entry");
+	ast_manager_register("DBGet", EVENT_FLAG_SYSTEM | EVENT_FLAG_REPORTING, manager_dbget, "Get DB Entry");
 	ast_manager_register("DBPut", EVENT_FLAG_SYSTEM, manager_dbput, "Put DB Entry");
 	ast_manager_register("DBDel", EVENT_FLAG_SYSTEM, manager_dbdel, "Delete DB Entry");
 	ast_manager_register("DBDelTree", EVENT_FLAG_SYSTEM, manager_dbdeltree, "Delete DB Tree");
diff --git a/main/manager.c b/main/manager.c
index 99fe49c4d..ba3ad9264 100644
--- a/main/manager.c
+++ b/main/manager.c
@@ -312,6 +312,7 @@ static struct permalias {
 	{ EVENT_FLAG_DTMF, "dtmf" },
 	{ EVENT_FLAG_REPORTING, "reporting" },
 	{ EVENT_FLAG_CDR, "cdr" },
+	{ EVENT_FLAG_DIALPLAN, "dialplan" },
 	{ -1, "all" },
 	{ 0, "none" },
 };
@@ -1391,7 +1392,7 @@ static int action_listcommands(struct mansession *s, const struct message *m)
 
 	astman_start_ack(s, m);
 	AST_RWLIST_TRAVERSE(&actions, cur, list) {
-		if ((s->writeperm & cur->authority) == cur->authority)
+		if (s->writeperm & cur->authority)
 			astman_append(s, "%s: %s (Priv: %s)\r\n",
 				cur->action, cur->synopsis, authority_to_str(cur->authority, &temp));
 	}
@@ -2509,7 +2510,7 @@ static int process_message(struct mansession *s, const struct message *m)
 	AST_RWLIST_TRAVERSE(&actions, tmp, list) {
 		if (strcasecmp(action, tmp->action))
 			continue;
-		if ((s->writeperm & tmp->authority) == tmp->authority)
+		if (s->writeperm & tmp->authority)
 			ret = tmp->func(s, m);
 		else
 			astman_send_error(s, m, "Permission denied");
@@ -3467,28 +3468,28 @@ static int __init_manager(int reload)
 		ast_manager_register2("Logoff", 0, action_logoff, "Logoff Manager", mandescr_logoff);
 		ast_manager_register2("Login", 0, action_login, "Login Manager", NULL);
 		ast_manager_register2("Challenge", 0, action_challenge, "Generate Challenge for MD5 Auth", NULL);
-		ast_manager_register2("Hangup", EVENT_FLAG_CALL, action_hangup, "Hangup Channel", mandescr_hangup);
-		ast_manager_register("Status", EVENT_FLAG_CALL, action_status, "Lists channel status" );
+		ast_manager_register2("Hangup", EVENT_FLAG_SYSTEM | EVENT_FLAG_CALL, action_hangup, "Hangup Channel", mandescr_hangup);
+		ast_manager_register("Status", EVENT_FLAG_SYSTEM | EVENT_FLAG_CALL | EVENT_FLAG_REPORTING, action_status, "Lists channel status" );
 		ast_manager_register2("Setvar", EVENT_FLAG_CALL, action_setvar, "Set Channel Variable", mandescr_setvar );
-		ast_manager_register2("Getvar", EVENT_FLAG_CALL, action_getvar, "Gets a Channel Variable", mandescr_getvar );
-		ast_manager_register2("GetConfig", EVENT_FLAG_CONFIG, action_getconfig, "Retrieve configuration", mandescr_getconfig);
-		ast_manager_register2("GetConfigJSON", EVENT_FLAG_CONFIG, action_getconfigjson, "Retrieve configuration (JSON format)", mandescr_getconfigjson);
+		ast_manager_register2("Getvar", EVENT_FLAG_CALL | EVENT_FLAG_REPORTING, action_getvar, "Gets a Channel Variable", mandescr_getvar );
+		ast_manager_register2("GetConfig", EVENT_FLAG_SYSTEM | EVENT_FLAG_CONFIG, action_getconfig, "Retrieve configuration", mandescr_getconfig);
+		ast_manager_register2("GetConfigJSON", EVENT_FLAG_SYSTEM | EVENT_FLAG_CONFIG, action_getconfigjson, "Retrieve configuration (JSON format)", mandescr_getconfigjson);
 		ast_manager_register2("UpdateConfig", EVENT_FLAG_CONFIG, action_updateconfig, "Update basic configuration", mandescr_updateconfig);
 		ast_manager_register2("Redirect", EVENT_FLAG_CALL, action_redirect, "Redirect (transfer) a call", mandescr_redirect );
 		ast_manager_register2("Originate", EVENT_FLAG_CALL, action_originate, "Originate Call", mandescr_originate);
 		ast_manager_register2("Command", EVENT_FLAG_COMMAND, action_command, "Execute Asterisk CLI Command", mandescr_command );
-		ast_manager_register2("ExtensionState", EVENT_FLAG_CALL, action_extensionstate, "Check Extension Status", mandescr_extensionstate );
-		ast_manager_register2("AbsoluteTimeout", EVENT_FLAG_CALL, action_timeout, "Set Absolute Timeout", mandescr_timeout );
-		ast_manager_register2("MailboxStatus", EVENT_FLAG_CALL, action_mailboxstatus, "Check Mailbox", mandescr_mailboxstatus );
-		ast_manager_register2("MailboxCount", EVENT_FLAG_CALL, action_mailboxcount, "Check Mailbox Message Count", mandescr_mailboxcount );
+		ast_manager_register2("ExtensionState", EVENT_FLAG_CALL | EVENT_FLAG_REPORTING, action_extensionstate, "Check Extension Status", mandescr_extensionstate );
+		ast_manager_register2("AbsoluteTimeout", EVENT_FLAG_SYSTEM | EVENT_FLAG_CALL, action_timeout, "Set Absolute Timeout", mandescr_timeout );
+		ast_manager_register2("MailboxStatus", EVENT_FLAG_CALL | EVENT_FLAG_REPORTING, action_mailboxstatus, "Check Mailbox", mandescr_mailboxstatus );
+		ast_manager_register2("MailboxCount", EVENT_FLAG_CALL | EVENT_FLAG_REPORTING, action_mailboxcount, "Check Mailbox Message Count", mandescr_mailboxcount );
 		ast_manager_register2("ListCommands", 0, action_listcommands, "List available manager commands", mandescr_listcommands);
 		ast_manager_register2("SendText", EVENT_FLAG_CALL, action_sendtext, "Send text message to channel", mandescr_sendtext);
 		ast_manager_register2("UserEvent", EVENT_FLAG_USER, action_userevent, "Send an arbitrary event", mandescr_userevent);
 		ast_manager_register2("WaitEvent", 0, action_waitevent, "Wait for an event to occur", mandescr_waitevent);
-		ast_manager_register2("CoreSettings", EVENT_FLAG_SYSTEM, action_coresettings, "Show PBX core settings (version etc)", mandescr_coresettings);
-		ast_manager_register2("CoreStatus", EVENT_FLAG_SYSTEM, action_corestatus, "Show PBX core status variables", mandescr_corestatus);
-		ast_manager_register2("Reload", EVENT_FLAG_CONFIG, action_reload, "Send a reload event", mandescr_reload);
-		ast_manager_register2("CoreShowChannels", EVENT_FLAG_SYSTEM, action_coreshowchannels, "List currently active channels", mandescr_coreshowchannels);
+		ast_manager_register2("CoreSettings", EVENT_FLAG_SYSTEM | EVENT_FLAG_REPORTING, action_coresettings, "Show PBX core settings (version etc)", mandescr_coresettings);
+		ast_manager_register2("CoreStatus", EVENT_FLAG_SYSTEM | EVENT_FLAG_REPORTING, action_corestatus, "Show PBX core status variables", mandescr_corestatus);
+		ast_manager_register2("Reload", EVENT_FLAG_CONFIG | EVENT_FLAG_SYSTEM, action_reload, "Send a reload event", mandescr_reload);
+		ast_manager_register2("CoreShowChannels", EVENT_FLAG_SYSTEM | EVENT_FLAG_REPORTING, action_coreshowchannels, "List currently active channels", mandescr_coreshowchannels);
 		ast_manager_register2("ModuleLoad", EVENT_FLAG_SYSTEM, manager_moduleload, "Module management", mandescr_moduleload);
 		ast_manager_register2("ModuleCheck", EVENT_FLAG_SYSTEM, manager_modulecheck, "Check if module is loaded", mandescr_modulecheck);
 
diff --git a/main/pbx.c b/main/pbx.c
index 308560063..6da44b7c3 100644
--- a/main/pbx.c
+++ b/main/pbx.c
@@ -2659,7 +2659,7 @@ static int pbx_extension_helper(struct ast_channel *c, struct ast_context *con,
 					term_color(tmp3, passdata, COLOR_BRMAGENTA, 0, sizeof(tmp3)),
 					"in new stack");
 			}
-			manager_event(EVENT_FLAG_CALL, "Newexten",
+			manager_event(EVENT_FLAG_DIALPLAN, "Newexten",
 					"Channel: %s\r\n"
 					"Context: %s\r\n"
 					"Extension: %s\r\n"
@@ -7232,7 +7232,7 @@ void pbx_builtin_setvar_helper(struct ast_channel *chan, const char *name, const
 			ast_verb(2, "Setting global variable '%s' to '%s'\n", name, value);
 		newvariable = ast_var_assign(name, value);
 		AST_LIST_INSERT_HEAD(headp, newvariable, entries);
-		manager_event(EVENT_FLAG_CALL, "VarSet", 
+		manager_event(EVENT_FLAG_DIALPLAN, "VarSet", 
 			"Channel: %s\r\n"
 			"Variable: %s\r\n"
 			"Value: %s\r\n"
@@ -7465,7 +7465,7 @@ int load_pbx(void)
 	}
 	
 	/* Register manager application */
-	ast_manager_register2("ShowDialPlan", EVENT_FLAG_CONFIG, manager_show_dialplan, "List dialplan", mandescr_show_dialplan);
+	ast_manager_register2("ShowDialPlan", EVENT_FLAG_CONFIG | EVENT_FLAG_REPORTING, manager_show_dialplan, "List dialplan", mandescr_show_dialplan);
 
 	ast_mutex_init(&device_state.lock);
 	ast_cond_init(&device_state.cond, NULL);
diff --git a/pbx/pbx_realtime.c b/pbx/pbx_realtime.c
index 6b9a0fbff..d4876bd7f 100644
--- a/pbx/pbx_realtime.c
+++ b/pbx/pbx_realtime.c
@@ -195,7 +195,7 @@ static int realtime_exec(struct ast_channel *chan, const char *context, const ch
 						 term_color(tmp1, app, COLOR_BRCYAN, 0, sizeof(tmp1)),
 						 term_color(tmp2, chan->name, COLOR_BRMAGENTA, 0, sizeof(tmp2)),
 						 term_color(tmp3, S_OR(appdata, ""), COLOR_BRMAGENTA, 0, sizeof(tmp3)));
-				manager_event(EVENT_FLAG_CALL, "Newexten",
+				manager_event(EVENT_FLAG_DIALPLAN, "Newexten",
 							  "Channel: %s\r\n"
 							  "Context: %s\r\n"
 							  "Extension: %s\r\n"
diff --git a/res/res_features.c b/res/res_features.c
index 1427038d9..36617da5a 100644
--- a/res/res_features.c
+++ b/res/res_features.c
@@ -3409,7 +3409,7 @@ static int load_module(void)
 		ast_manager_register("ParkedCalls", 0, manager_parking_status, "List parked calls");
 		ast_manager_register2("Park", EVENT_FLAG_CALL, manager_park,
 			"Park a channel", mandescr_park); 
-		ast_manager_register2("Bridge", EVENT_FLAG_COMMAND, action_bridge, "Bridge two channels already in the PBX", mandescr_bridge);
+		ast_manager_register2("Bridge", EVENT_FLAG_CALL, action_bridge, "Bridge two channels already in the PBX", mandescr_bridge);
 	}
 
 	res |= ast_devstate_prov_add("Park", metermaidstate);