From 6a9132baf3f5383d17f004c136a711df0fb966eb Mon Sep 17 00:00:00 2001
From: Lucien Van Elsen <lwvanels@mit.edu>
Date: Fri, 17 Jan 1992 03:00:39 +0000
Subject:  add extra error checking on acl_load; if acl can't be 	 
 loaded, deny access.

---
 server/access.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

(limited to 'server/access.c')

diff --git a/server/access.c b/server/access.c
index 05e66ef..c0ee56e 100644
--- a/server/access.c
+++ b/server/access.c
@@ -78,6 +78,7 @@ access_check(sender, acl, accesstype)
 	char buf[MAXPATHLEN];		/* holds the real acl name */
 	char *prefix;
 	int	flag;
+	int retval;
 
 	switch (accesstype) {
 	case TRANSMIT:
@@ -109,13 +110,18 @@ access_check(sender, acl, accesstype)
 		       acl->acl_filename);
 	/*
 	 * If we can't load it (because it probably doesn't exist),
-	 * we grant access by default.  Dangerous!
+	 * we deny access.
 	 */
 #if 0
-	zdbug ((LOG_DEBUG, "checking %s for %s", buf, sender->string));
+	zdbug ((LOG_DEBUG, "checking %s for %s", buf, sender));
 #endif
-	return (acl_load (buf) < 0
-		|| acl_check(buf, sender));
+	
+	retval = acl_load(buf);
+	if (retval < 0) {
+	  syslog(LOG_DEBUG, "Error in acl_load of %s for %s", buf, sender);
+	  return(0);
+	}
+	return (acl_check(buf, sender));
 }
 
 static void
@@ -226,10 +232,7 @@ access_setup (int first)
 			   class_name, error_message(retval));
 		    continue;
 		}
-#if 1
-		else if (zdebug)
-		    syslog(LOG_DEBUG, "restricted %s", class_name);
-#endif
+		zdbug((LOG_DEBUG, "restricted %s", class_name));
 	}
 	(void) fclose(registry);
 
-- 
cgit v1.2.3