dovecot-2.0: eaccess_get_error(): Fixes to reporting dir permiss...

Fri Jun 3 17:07:44 EEST 2011

details:   http://hg.dovecot.org/dovecot-2.0/rev/12e3e8570d77
changeset: 12835:12e3e8570d77
user:      Timo Sirainen <tss at iki.fi>
date:      Fri Jun 03 17:07:37 2011 +0300
description:
eaccess_get_error(): Fixes to reporting dir permissions.
Also fixed an infinite loop if stat("/") fails.

diffstat:

 src/lib/eacces-error.c |  39 +++++++++++++++++++--------------------
 1 files changed, 19 insertions(+), 20 deletions(-)

diffs (89 lines):

diff -r 1c9b54de43f2 -r 12e3e8570d77 src/lib/eacces-error.c

--- a/src/lib/eacces-error.c	Fri Jun 03 16:40:03 2011 +0300
+++ b/src/lib/eacces-error.c	Fri Jun 03 17:07:37 2011 +0300
@@ -83,24 +83,21 @@
 static const char *
 eacces_error_get_full(const char *func, const char *path, bool creating)
 {
-	const char *prev_path = path, *dir, *p;
+	const char *prev_path, *dir = NULL, *p;
 	const char *pw_name = NULL, *gr_name = NULL;
 	struct passwd pw;
 	struct group group;
 	string_t *errmsg;
-	struct stat st, dir_st;
-	int orig_errno, ret = -1;
+	struct stat st;
+	int orig_errno, ret;
 
 	orig_errno = errno;
 	errmsg = t_str_new(256);
 	str_printfa(errmsg, "%s(%s)", func, path);
-	dir = "/";
 	if (*path != '/') {
-		if (t_get_current_dir(&dir) == 0)
+		if (t_get_current_dir(&dir) == 0) {
 			str_printfa(errmsg, " in directory %s", dir);
-		if (strchr(path, '/') == NULL) {
-			/* we have no path. do the file access checks anyway. */
-			ret = 0;
+			path = t_strconcat(dir, "/", path, NULL);
 		}
 	}
 	str_printfa(errmsg, " failed: Permission denied (euid=%s",
@@ -133,9 +130,12 @@
 		break;
 	}
 
-	memset(&dir_st, 0, sizeof(dir_st));
-	while ((p = strrchr(prev_path, '/')) != NULL) {
-		dir = p == prev_path ? "/" : t_strdup_until(prev_path, p);
+	prev_path = path; ret = -1;
+	while (strcmp(prev_path, "/") != 0) {
+		if ((p = strrchr(prev_path, '/')) == NULL)
+			break;
+
+		dir = t_strdup_until(prev_path, p);
 		ret = stat(dir, &st);
 		if (ret == 0)
 			break;
@@ -151,8 +151,6 @@
 			break;
 		}
 		prev_path = dir;
-		dir = "/";
-		dir_st = st;
 	}
 
 	if (ret == 0) {
@@ -177,22 +175,23 @@
 			str_printfa(errmsg, " UNIX perms appear ok, "
 				    "some security policy wrong?");
 	}
-	if (dir_st.st_uid != geteuid()) {
-		if (pw_name != NULL && i_getpwuid(dir_st.st_uid, &pw) > 0 &&
+	if (ret == 0 && st.st_uid != geteuid()) {
+		if (pw_name != NULL && i_getpwuid(st.st_uid, &pw) > 0 &&
 		    strcmp(pw.pw_name, pw_name) == 0) {
 			str_printfa(errmsg, ", conflicting dir uid=%s(%s)",
-				    dec2str(dir_st.st_uid), pw_name);
+				    dec2str(st.st_uid), pw_name);
 		} else {
-			str_append(errmsg, ", euid is not dir owner");
+			str_printfa(errmsg, ", dir owned by %s:%s",
+				    dec2str(st.st_uid), dec2str(st.st_gid));
 		}
 	} else {
 		str_append(errmsg, ", euid is dir owner");
 	}
-	if (gr_name != NULL && dir_st.st_gid != getegid()) {
-		if (i_getgrgid(dir_st.st_gid, &group) > 0 &&
+	if (ret == 0 && gr_name != NULL && st.st_gid != getegid()) {
+		if (i_getgrgid(st.st_gid, &group) > 0 &&
 		    strcmp(group.gr_name, gr_name) == 0) {
 			str_printfa(errmsg, ", conflicting dir gid=%s(%s)",
-				    dec2str(dir_st.st_gid), gr_name);
+				    dec2str(st.st_gid), gr_name);
 		}
 	}
 	str_append_c(errmsg, ')');
