summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Karl Ramm <kcr@1ts.org>2013-10-26 15:54:10 -0400
committerGravatar Karl Ramm <kcr@1ts.org>2013-10-26 15:54:10 -0400
commit1947de8e9976e7f6369ad7d3790ff7631e7933cd (patch)
tree07a333e1461ad345e1eedc715f9564b7a3a56533
parentd904f43574e1afdd59bc29734617943543445e2f (diff)
handle unauth checks _properly_
-rw-r--r--server/acl_files.c30
1 files changed, 10 insertions, 20 deletions
diff --git a/server/acl_files.c b/server/acl_files.c
index 78404e7..465a668 100644
--- a/server/acl_files.c
+++ b/server/acl_files.c
@@ -346,19 +346,24 @@ acl_host_match(char *acl,
/* Returns nonzero if it can be determined that acl contains principal */
/* Recognizes wildcards in acl. */
/* Also checks for IP address entries and applies negative ACL's */
-static int
-acl_check_internal(char *acl, char *princ, struct sockaddr_in *who)
+int
+acl_check(char *acl, char *princ, struct sockaddr_in *who)
{
char *realm;
+ char *name;
int result = 0;
+ syslog(LOG_DEBUG, "acl_check(%s, %s, ?) = %d", acl, name, result);
+
if (princ) {
- realm = split_name(princ);
+ name = strdup(princ);
+ realm = split_name(name);
- if (acl_match(acl, princ, realm, 1))
+ if (acl_match(acl, name, realm, 1))
return 0;
- if (acl_match(acl, princ, realm, 0))
+ if (acl_match(acl, name, realm, 0))
result = 1;
+ free(name);
}
if (who) {
@@ -370,18 +375,3 @@ acl_check_internal(char *acl, char *princ, struct sockaddr_in *who)
return result;
}
-
-int acl_check(char *acl, char *name, struct sockaddr_in *who) {
- char *pname = strdup(name != NULL ? name : "");
- int result;
-
- if (pname == NULL)
- return 0; /* oops */
-
- result = acl_check_internal(acl, pname, who);
- syslog(LOG_DEBUG, "acl_check(%s, %s, ?) = %d", acl, name, result);
-
- free(pname);
-
- return result;
-}