Mercurial > dovecot > core-2.2
changeset 13611:99ff7bf3c490
auth: Improved "auth client doesn't have permissions to do .." errors.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 07 Oct 2011 18:18:20 +0300 |
parents | a70f6f04f1fe |
children | 21566f1780ef |
files | src/auth/auth-master-connection.c src/auth/auth-master-connection.h src/auth/main.c |
diffstat | 3 files changed, 29 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-master-connection.c Wed Oct 05 18:47:56 2011 +0300 +++ b/src/auth/auth-master-connection.c Fri Oct 07 18:18:20 2011 +0300 @@ -329,6 +329,13 @@ auth_master_connection_unref(&conn); } +static const char *auth_restricted_reason(struct auth_master_connection *conn) +{ + return t_strdup_printf("%s mode=0666, but not owned by UID %lu", + conn->path, + (unsigned long)conn->userdb_restricted_uid); +} + static bool master_input_pass(struct auth_master_connection *conn, const char *args) { @@ -347,8 +354,8 @@ } else if (conn->userdb_restricted_uid != 0) { /* no permissions to do this lookup */ auth_request_log_error(auth_request, "passdb", - "Remote client doesn't have permissions to do " - "a PASS lookup"); + "Auth client doesn't have permissions to do " + "a PASS lookup: %s", auth_restricted_reason(conn)); pass_callback(PASSDB_RESULT_INTERNAL_FAILURE, NULL, 0, auth_request); } else { @@ -445,7 +452,8 @@ } if (conn->userdb_restricted_uid != 0) { - i_error("Remote client doesn't have permissions to list users"); + i_error("Auth client doesn't have permissions to list users: %s", + auth_restricted_reason(conn)); str = t_strdup_printf("DONE\t%u\tfail\n", id); (void)o_stream_send_str(conn->output, str); return TRUE; @@ -600,14 +608,18 @@ struct auth_master_connection * auth_master_connection_create(struct auth *auth, int fd, - const struct stat *socket_st, bool userdb_only) + const char *path, const struct stat *socket_st, + bool userdb_only) { struct auth_master_connection *conn; const char *line; + i_assert(path != NULL); + conn = i_new(struct auth_master_connection, 1); conn->refcount = 1; conn->fd = fd; + conn->path = i_strdup(path); conn->auth = auth; conn->input = i_stream_create_fd(fd, MAX_INBUF_SIZE, FALSE); conn->output = o_stream_create_fd(fd, (size_t)-1, FALSE); @@ -657,7 +669,7 @@ io_remove(&conn->io); if (conn->fd != -1) { if (close(conn->fd) < 0) - i_error("close(): %m"); + i_error("close(%s): %m", conn->path); conn->fd = -1; } @@ -687,6 +699,7 @@ if (conn->output != NULL) o_stream_unref(&conn->output); + i_free(conn->path); i_free(conn); }
--- a/src/auth/auth-master-connection.h Wed Oct 05 18:47:56 2011 +0300 +++ b/src/auth/auth-master-connection.h Fri Oct 07 18:18:20 2011 +0300 @@ -9,6 +9,7 @@ int refcount; int fd; + char *path; struct istream *input; struct ostream *output; struct io *io; @@ -28,7 +29,8 @@ struct auth_master_connection * auth_master_connection_create(struct auth *auth, int fd, - const struct stat *socket_st, bool userdb_only); + const char *path, const struct stat *socket_st, + bool userdb_only); void auth_master_connection_destroy(struct auth_master_connection **conn); void auth_master_connection_ref(struct auth_master_connection *conn);
--- a/src/auth/main.c Wed Oct 05 18:47:56 2011 +0300 +++ b/src/auth/main.c Fri Oct 07 18:18:20 2011 +0300 @@ -43,6 +43,7 @@ struct auth_socket_listener { enum auth_socket_type type; struct stat st; + char *path; }; bool worker = FALSE, shutdown_request = FALSE; @@ -141,6 +142,7 @@ l = array_idx_modifiable(&listeners, fd); l->type = auth_socket_type_get(fd, &path); + l->path = i_strdup(path); if (l->type == AUTH_SOCKET_USERDB) { if (stat(path, &l->st) < 0) i_error("stat(%s) failed: %m", path); @@ -245,6 +247,8 @@ static void main_deinit(void) { + struct auth_socket_listener *l; + if (auth_penalty != NULL) { /* cancel all pending anvil penalty lookups */ auth_penalty_deinit(&auth_penalty); @@ -278,6 +282,8 @@ sql_drivers_deinit(); random_deinit(); + array_foreach_modifiable(&listeners, l) + i_free(l->path); array_free(&listeners); pool_unref(&auth_set_pool); } @@ -303,11 +309,11 @@ switch (l->type) { case AUTH_SOCKET_MASTER: (void)auth_master_connection_create(auth, conn->fd, - NULL, FALSE); + l->path, NULL, FALSE); break; case AUTH_SOCKET_USERDB: (void)auth_master_connection_create(auth, conn->fd, - &l->st, TRUE); + l->path, &l->st, TRUE); break; case AUTH_SOCKET_LOGIN_CLIENT: (void)auth_client_connection_create(auth, conn->fd, TRUE);