dovecot-2.0: eacces_get_error(): Give even better error message ...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.0/rev/d339aeb782ed
changeset: 12837:d339aeb782ed
user:      Timo Sirainen <tss at iki.fi>
date:      Fri Jun 03 17:22:09 2011 +0300
description:
eacces_get_error(): Give even better error message for directory permission errors.

diffstat:

 src/lib/eacces-error.c |  30 +++++++++++++++++++++---------
 1 files changed, 21 insertions(+), 9 deletions(-)

diffs (67 lines):

diff -r 17d8e1f12901 -r d339aeb782ed src/lib/eacces-error.c
--- a/src/lib/eacces-error.c	Fri Jun 03 17:13:59 2011 +0300
+++ b/src/lib/eacces-error.c	Fri Jun 03 17:22:09 2011 +0300
@@ -89,7 +89,7 @@
 	struct group group;
 	string_t *errmsg;
 	struct stat st;
-	int orig_errno, ret;
+	int orig_errno, ret, missing_mode = 0;
 
 	orig_errno = errno;
 	errmsg = t_str_new(256);
@@ -156,11 +156,15 @@
 	if (ret == 0) {
 		/* dir is the first parent directory we can stat() */
 		if (test_access(dir, X_OK, errmsg) < 0) {
-			if (errno == EACCES)
+			if (errno == EACCES) {
 				str_printfa(errmsg, " missing +x perm: %s", dir);
+				missing_mode = 1;
+			}
 		} else if (creating && test_access(dir, W_OK, errmsg) < 0) {
-			if (errno == EACCES)
+			if (errno == EACCES) {
 				str_printfa(errmsg, " missing +w perm: %s", dir);
+				missing_mode = 2;
+			}
 		} else if (prev_path == path &&
 			   test_access(path, R_OK, errmsg) < 0) {
 			if (errno == EACCES)
@@ -169,13 +173,18 @@
 			/* this produces a wrong error if the operation didn't
 			   actually need write permissions, but we don't know
 			   it here.. */
-			if (errno == EACCES)
+			if (errno == EACCES) {
 				str_printfa(errmsg, " missing +w perm: %s", path);
-		} else
-			str_printfa(errmsg, " UNIX perms appear ok, "
-				    "some security policy wrong?");
+				missing_mode = 4;
+			}
+		} else {
+			str_append(errmsg, " UNIX perms appear ok "
+				   "(ACL/MAC wrong?)");
+		}
 	}
-	if (ret == 0 && st.st_uid != geteuid()) {
+	if (ret < 0)
+		;
+	else if (st.st_uid != geteuid()) {
 		if (pw_name != NULL && i_getpwuid(st.st_uid, &pw) > 0 &&
 		    strcmp(pw.pw_name, pw_name) == 0) {
 			str_printfa(errmsg, ", conflicting dir uid=%s(%s)",
@@ -185,8 +194,11 @@
 				    dec2str(st.st_uid), dec2str(st.st_gid),
 				    st.st_mode & 0777);
 		}
+	} else if (missing_mode != 0 &&
+		   (((st.st_mode & 0700) >> 6) & missing_mode) == 0) {
+		str_append(errmsg, ", dir owner missing perms");
 	} else {
-		str_append(errmsg, ", euid is dir owner");
+		str_append(errmsg, ", UNIX perms appear ok (ACL/MAC wrong?)");
 	}
 	if (ret == 0 && gr_name != NULL && st.st_gid != getegid()) {
 		if (i_getgrgid(st.st_gid, &group) > 0 &&