From 5f6df01b4e035eeef80bc208d3448ab18031b4b2 Mon Sep 17 00:00:00 2001
From: Peter Simons <simons@cryp.to>
Date: Tue, 16 Jan 2001 10:45:21 +0000
Subject: [PATCH] Moved the call to checkACL() before anything else is tested
 regarding authorization. Combined with the new "approve" action in the ACL
 file, this allows to pass all other authentication mechanisms with the ACL.

---
 hermes.c | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/hermes.c b/hermes.c
index aefda0c..313d1f4 100644
--- a/hermes.c
+++ b/hermes.c
@@ -46,6 +46,7 @@ hermes_main(char * incoming_mail, const char * listname)
 
     /* Initialize internals. */
 
+    MasterConfig = getMasterConfig();
     ListConfig = getListConfig(listname);
 
     /* Parse the incoming mail. */
@@ -83,7 +84,6 @@ hermes_main(char * incoming_mail, const char * listname)
 	exit(1);
 	}
     PostingHeaders = xmalloc(strlen(MailStruct->Header)+1024);
-    MasterConfig = getMasterConfig();
     sprintf(envelope, "%s-owner@%s", listname, ListConfig->fqdn);
     sprintf(owner, "%s-owner@%s", listname, ListConfig->fqdn);
 
@@ -92,6 +92,23 @@ hermes_main(char * incoming_mail, const char * listname)
     if (FindBodyPassword(MailStruct) != 0)
 	exit(1);
 
+    if (checkACL(MailStruct, listname, &operation, &parameter) != 0)
+	{
+	syslog(LOG_ERR, "checkACL() failed with an error.");
+	exit(1);
+	}
+    rc = handleACL(MailStruct, listname, operation, parameter);
+    switch(rc)
+	{
+	case -1:
+	    syslog(LOG_ERR, "handleACL() failed with an error.");
+	    exit(1);
+	case 0:
+	    break;
+	case 1:
+	    return 0;
+	}
+
     if (isValidPostingPassword(MailStruct->Approve, listname) == FALSE)
 	{
 	/* No valid password found. Reject the article, if the list is
@@ -182,23 +199,6 @@ hermes_main(char * incoming_mail, const char * listname)
 		}
 	    return 0;
 	    }
-
-	if (checkACL(MailStruct, listname, &operation, &parameter) != 0)
-	    {
-	    syslog(LOG_ERR, "checkACL() failed with an error.");
-	    exit(1);
-	    }
-	rc = handleACL(MailStruct, listname, operation, parameter);
-	switch(rc)
-	    {
-	    case -1:
-		syslog(LOG_ERR, "handleACL() failed with an error.");
-		exit(1);
-	    case 0:
-		break;
-	    case 1:
-		return 0;
-	    }
 	}
 
     /* Copy the desired headers from the original mail to our own