dovecot-2.1: auth: Improved "auth client doesn't have permission...
dovecot at dovecot.org
dovecot at dovecot.org
Fri Oct 7 18:10:02 EEST 2011
details: http://hg.dovecot.org/dovecot-2.1/rev/99ff7bf3c490
changeset: 13611:99ff7bf3c490
user: Timo Sirainen <tss at iki.fi>
date: Fri Oct 07 18:18:20 2011 +0300
description:
auth: Improved "auth client doesn't have permissions to do .." errors.
diffstat:
src/auth/auth-master-connection.c | 23 ++++++++++++++++++-----
src/auth/auth-master-connection.h | 4 +++-
src/auth/main.c | 10 ++++++++--
3 files changed, 29 insertions(+), 8 deletions(-)
diffs (147 lines):
diff -r a70f6f04f1fe -r 99ff7bf3c490 src/auth/auth-master-connection.c
--- a/src/auth/auth-master-connection.c Wed Oct 05 18:47:56 2011 +0300
+++ b/src/auth/auth-master-connection.c Fri Oct 07 18:18:20 2011 +0300
@@ -329,6 +329,13 @@
auth_master_connection_unref(&conn);
}
+static const char *auth_restricted_reason(struct auth_master_connection *conn)
+{
+ return t_strdup_printf("%s mode=0666, but not owned by UID %lu",
+ conn->path,
+ (unsigned long)conn->userdb_restricted_uid);
+}
+
static bool
master_input_pass(struct auth_master_connection *conn, const char *args)
{
@@ -347,8 +354,8 @@
} else if (conn->userdb_restricted_uid != 0) {
/* no permissions to do this lookup */
auth_request_log_error(auth_request, "passdb",
- "Remote client doesn't have permissions to do "
- "a PASS lookup");
+ "Auth client doesn't have permissions to do "
+ "a PASS lookup: %s", auth_restricted_reason(conn));
pass_callback(PASSDB_RESULT_INTERNAL_FAILURE,
NULL, 0, auth_request);
} else {
@@ -445,7 +452,8 @@
}
if (conn->userdb_restricted_uid != 0) {
- i_error("Remote client doesn't have permissions to list users");
+ i_error("Auth client doesn't have permissions to list users: %s",
+ auth_restricted_reason(conn));
str = t_strdup_printf("DONE\t%u\tfail\n", id);
(void)o_stream_send_str(conn->output, str);
return TRUE;
@@ -600,14 +608,18 @@
struct auth_master_connection *
auth_master_connection_create(struct auth *auth, int fd,
- const struct stat *socket_st, bool userdb_only)
+ const char *path, const struct stat *socket_st,
+ bool userdb_only)
{
struct auth_master_connection *conn;
const char *line;
+ i_assert(path != NULL);
+
conn = i_new(struct auth_master_connection, 1);
conn->refcount = 1;
conn->fd = fd;
+ conn->path = i_strdup(path);
conn->auth = auth;
conn->input = i_stream_create_fd(fd, MAX_INBUF_SIZE, FALSE);
conn->output = o_stream_create_fd(fd, (size_t)-1, FALSE);
@@ -657,7 +669,7 @@
io_remove(&conn->io);
if (conn->fd != -1) {
if (close(conn->fd) < 0)
- i_error("close(): %m");
+ i_error("close(%s): %m", conn->path);
conn->fd = -1;
}
@@ -687,6 +699,7 @@
if (conn->output != NULL)
o_stream_unref(&conn->output);
+ i_free(conn->path);
i_free(conn);
}
diff -r a70f6f04f1fe -r 99ff7bf3c490 src/auth/auth-master-connection.h
--- a/src/auth/auth-master-connection.h Wed Oct 05 18:47:56 2011 +0300
+++ b/src/auth/auth-master-connection.h Fri Oct 07 18:18:20 2011 +0300
@@ -9,6 +9,7 @@
int refcount;
int fd;
+ char *path;
struct istream *input;
struct ostream *output;
struct io *io;
@@ -28,7 +29,8 @@
struct auth_master_connection *
auth_master_connection_create(struct auth *auth, int fd,
- const struct stat *socket_st, bool userdb_only);
+ const char *path, const struct stat *socket_st,
+ bool userdb_only);
void auth_master_connection_destroy(struct auth_master_connection **conn);
void auth_master_connection_ref(struct auth_master_connection *conn);
diff -r a70f6f04f1fe -r 99ff7bf3c490 src/auth/main.c
--- a/src/auth/main.c Wed Oct 05 18:47:56 2011 +0300
+++ b/src/auth/main.c Fri Oct 07 18:18:20 2011 +0300
@@ -43,6 +43,7 @@
struct auth_socket_listener {
enum auth_socket_type type;
struct stat st;
+ char *path;
};
bool worker = FALSE, shutdown_request = FALSE;
@@ -141,6 +142,7 @@
l = array_idx_modifiable(&listeners, fd);
l->type = auth_socket_type_get(fd, &path);
+ l->path = i_strdup(path);
if (l->type == AUTH_SOCKET_USERDB) {
if (stat(path, &l->st) < 0)
i_error("stat(%s) failed: %m", path);
@@ -245,6 +247,8 @@
static void main_deinit(void)
{
+ struct auth_socket_listener *l;
+
if (auth_penalty != NULL) {
/* cancel all pending anvil penalty lookups */
auth_penalty_deinit(&auth_penalty);
@@ -278,6 +282,8 @@
sql_drivers_deinit();
random_deinit();
+ array_foreach_modifiable(&listeners, l)
+ i_free(l->path);
array_free(&listeners);
pool_unref(&auth_set_pool);
}
@@ -303,11 +309,11 @@
switch (l->type) {
case AUTH_SOCKET_MASTER:
(void)auth_master_connection_create(auth, conn->fd,
- NULL, FALSE);
+ l->path, NULL, FALSE);
break;
case AUTH_SOCKET_USERDB:
(void)auth_master_connection_create(auth, conn->fd,
- &l->st, TRUE);
+ l->path, &l->st, TRUE);
break;
case AUTH_SOCKET_LOGIN_CLIENT:
(void)auth_client_connection_create(auth, conn->fd, TRUE);
More information about the dovecot-cvs
mailing list