diff options
author | Lucien Van Elsen <lwvanels@mit.edu> | 1992-01-17 03:00:39 +0000 |
---|---|---|
committer | Lucien Van Elsen <lwvanels@mit.edu> | 1992-01-17 03:00:39 +0000 |
commit | 6a9132baf3f5383d17f004c136a711df0fb966eb (patch) | |
tree | b33922a94d5713e5eb930518e79088fa63066328 /server/access.c | |
parent | 358adf29e44d98e657d30a0093e7cff8733fe0fd (diff) |
add extra error checking on acl_load; if acl can't be
loaded, deny access.
Diffstat (limited to 'server/access.c')
-rw-r--r-- | server/access.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/server/access.c b/server/access.c index 05e66ef..c0ee56e 100644 --- a/server/access.c +++ b/server/access.c @@ -78,6 +78,7 @@ access_check(sender, acl, accesstype) char buf[MAXPATHLEN]; /* holds the real acl name */ char *prefix; int flag; + int retval; switch (accesstype) { case TRANSMIT: @@ -109,13 +110,18 @@ access_check(sender, acl, accesstype) acl->acl_filename); /* * If we can't load it (because it probably doesn't exist), - * we grant access by default. Dangerous! + * we deny access. */ #if 0 - zdbug ((LOG_DEBUG, "checking %s for %s", buf, sender->string)); + zdbug ((LOG_DEBUG, "checking %s for %s", buf, sender)); #endif - return (acl_load (buf) < 0 - || acl_check(buf, sender)); + + retval = acl_load(buf); + if (retval < 0) { + syslog(LOG_DEBUG, "Error in acl_load of %s for %s", buf, sender); + return(0); + } + return (acl_check(buf, sender)); } static void @@ -226,10 +232,7 @@ access_setup (int first) class_name, error_message(retval)); continue; } -#if 1 - else if (zdebug) - syslog(LOG_DEBUG, "restricted %s", class_name); -#endif + zdbug((LOG_DEBUG, "restricted %s", class_name)); } (void) fclose(registry); |