Mercurial > dovecot > core-2.2
changeset 9597:771097ddce48 HEAD
master: Give better error messages if UNIX uid/gid is too high/low.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Thu, 09 Jul 2009 13:26:00 -0400 |
parents | d5637a78d263 |
children | 444ce507a5ea |
files | src/master/service-process.c |
diffstat | 1 files changed, 22 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/src/master/service-process.c Wed Jul 08 18:12:43 2009 -0400 +++ b/src/master/service-process.c Thu Jul 09 13:26:00 2009 -0400 @@ -25,6 +25,8 @@ #include "service-process-notify.h" #include "service-process.h" +#include <grp.h> +#include <pwd.h> #include <stdlib.h> #include <unistd.h> #include <fcntl.h> @@ -150,23 +152,36 @@ const char *user) { if (uid == 0) { - i_error("Logins with UID 0 not permitted (user %s)", user); + i_error("User %s not allowed to log in using UNIX UID 0 " + "(root logins are never allowed)", user); return FALSE; } if (uid < (uid_t)set->first_valid_uid || (set->last_valid_uid != 0 && uid > (uid_t)set->last_valid_uid)) { - i_error("Logins with UID %s (user %s) not permitted " - "(see first_valid_uid in config file)", - dec2str(uid), user); + struct passwd *pw; + + pw = getpwuid(uid); + i_error("User %s not allowed to log in using too %s " + "UNIX UID %s%s (see first_valid_uid in config file)", + user, + uid < (uid_t)set->first_valid_uid ? "low" : "high", + dec2str(uid), pw == NULL ? "" : + t_strdup_printf("(%s)", pw->pw_name)); return FALSE; } if (gid < (gid_t)set->first_valid_gid || (set->last_valid_gid != 0 && gid > (gid_t)set->last_valid_gid)) { - i_error("Logins for users with primary group ID %s (user %s) " - "not permitted (see first_valid_gid in config file).", - dec2str(gid), user); + struct group *gr; + + gr = getgrgid(gid); + i_error("User %s not allowed to log in using too %s " + "UNIX GID %s%s (see first_valid_gid in config file)", + user, + gid < (gid_t)set->first_valid_gid ? "low" : "high", + dec2str(gid), gr == NULL ? "" : + t_strdup_printf("(%s)", gr->gr_name)); return FALSE; }