[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: access control problem

Bryan Stansell bryan@conserver.com
Tue, 4 Nov 2003 05:50:15 -0800 (PST)

On Mon, Nov 03, 2003 at 06:22:57PM -0500, Michael Dolan wrote:
> Using shortname, fqdn, ipaddress/mask, and exact ip all work. I've
> also tried the entries all behind one 'allowed'.

well, i don't see any messages coming from the debug line that's inside
the '#if TRUST_REVERSE_DNS' section.  you might want to try and do a
'make clean' and then another 'make', in case something didn't get
re-compiled (access.c, really).  what i'm looking for is a debug line
from AccType() mentioning 'name='.

another thing we can try is adding this:

CONDDEBUG((1, "AccType(): TRD w=%s, t=%c", pACtmp->pcwho, pACtmp->ctrust));

between lines 218 and 219 of access.c (just after the for loop on 218).
that will make sure we get a debug statement from that set of code no
matter what (assuming it gets compiled in and the access list isn't
NULL).  if you don't see that or a gethostbyaddr() error, the code isn't
getting compiled in.

heck, to really make sure it's getting compiled in, add


just after the comments at line 210 of access.c.  then compile that
sucker, run it, and grep out AccType() debug messages.

i think i'll add a 'trustrevdns' message in the 'options:' list of the
-V output too...just because.

anyway, let me know how it goes and what you see.  this really should be
working with the access list you have.