From 1947de8e9976e7f6369ad7d3790ff7631e7933cd Mon Sep 17 00:00:00 2001
From: Karl Ramm <kcr@1ts.org>
Date: Sat, 26 Oct 2013 15:54:10 -0400
Subject: handle unauth checks _properly_

---
 server/acl_files.c | 30 ++++++++++--------------------
 1 file changed, 10 insertions(+), 20 deletions(-)

diff --git a/server/acl_files.c b/server/acl_files.c
index 78404e7..465a668 100644
--- a/server/acl_files.c
+++ b/server/acl_files.c
@@ -346,19 +346,24 @@ acl_host_match(char *acl,
 /* Returns nonzero if it can be determined that acl contains principal */
 /* Recognizes wildcards in acl. */
 /* Also checks for IP address entries and applies negative ACL's */
-static int
-acl_check_internal(char *acl, char *princ, struct sockaddr_in *who)
+int
+acl_check(char *acl, char *princ, struct sockaddr_in *who)
 {
     char *realm;
+    char *name;
     int result = 0;
 
+    syslog(LOG_DEBUG, "acl_check(%s, %s, ?) = %d", acl, name, result);
+
     if (princ) {
-        realm = split_name(princ);
+        name = strdup(princ);
+        realm = split_name(name);
 
-        if (acl_match(acl, princ, realm, 1))
+        if (acl_match(acl, name, realm, 1))
             return 0;
-        if (acl_match(acl, princ, realm, 0))
+        if (acl_match(acl, name, realm, 0))
             result = 1;
+        free(name);
     }
 
     if (who) {
@@ -370,18 +375,3 @@ acl_check_internal(char *acl, char *princ, struct sockaddr_in *who)
 
     return result;
 }
-
-int acl_check(char *acl, char *name, struct sockaddr_in *who) {
-    char *pname = strdup(name != NULL ? name : "");
-    int result;
-
-    if (pname == NULL)
-        return 0; /* oops */
-
-    result = acl_check_internal(acl, pname, who);
-    syslog(LOG_DEBUG, "acl_check(%s, %s, ?) = %d", acl, name, result);
-
-    free(pname);
-
-    return result;
-}
-- 
cgit v1.2.3