diff options
author | Karl Ramm <kcr@1ts.org> | 2013-10-26 15:54:10 -0400 |
---|---|---|
committer | Karl Ramm <kcr@1ts.org> | 2013-10-26 15:54:10 -0400 |
commit | 1947de8e9976e7f6369ad7d3790ff7631e7933cd (patch) | |
tree | 07a333e1461ad345e1eedc715f9564b7a3a56533 | |
parent | d904f43574e1afdd59bc29734617943543445e2f (diff) |
handle unauth checks _properly_
-rw-r--r-- | server/acl_files.c | 30 |
1 files changed, 10 insertions, 20 deletions
diff --git a/server/acl_files.c b/server/acl_files.c index 78404e7..465a668 100644 --- a/server/acl_files.c +++ b/server/acl_files.c @@ -346,19 +346,24 @@ acl_host_match(char *acl, /* Returns nonzero if it can be determined that acl contains principal */ /* Recognizes wildcards in acl. */ /* Also checks for IP address entries and applies negative ACL's */ -static int -acl_check_internal(char *acl, char *princ, struct sockaddr_in *who) +int +acl_check(char *acl, char *princ, struct sockaddr_in *who) { char *realm; + char *name; int result = 0; + syslog(LOG_DEBUG, "acl_check(%s, %s, ?) = %d", acl, name, result); + if (princ) { - realm = split_name(princ); + name = strdup(princ); + realm = split_name(name); - if (acl_match(acl, princ, realm, 1)) + if (acl_match(acl, name, realm, 1)) return 0; - if (acl_match(acl, princ, realm, 0)) + if (acl_match(acl, name, realm, 0)) result = 1; + free(name); } if (who) { @@ -370,18 +375,3 @@ acl_check_internal(char *acl, char *princ, struct sockaddr_in *who) return result; } - -int acl_check(char *acl, char *name, struct sockaddr_in *who) { - char *pname = strdup(name != NULL ? name : ""); - int result; - - if (pname == NULL) - return 0; /* oops */ - - result = acl_check_internal(acl, pname, who); - syslog(LOG_DEBUG, "acl_check(%s, %s, ?) = %d", acl, name, result); - - free(pname); - - return result; -} |