Mercurial > dovecot > core-2.2
changeset 10553:b8966b8133f2 HEAD
eacces_error_get*(): Check and warn if multiple uids/gids have same name.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 18 Jan 2010 10:55:55 +0200 |
parents | 40abbeaa7a12 |
children | 443927a546e2 |
files | src/lib/eacces-error.c |
diffstat | 1 files changed, 25 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib/eacces-error.c Wed Jan 06 15:25:52 2010 +0200 +++ b/src/lib/eacces-error.c Mon Jan 18 10:55:55 2010 +0200 @@ -85,6 +85,7 @@ eacces_error_get_full(const char *func, const char *path, bool creating) { const char *prev_path = path, *dir, *p; + const char *pw_name = NULL, *gr_name = NULL; const struct passwd *pw; const struct group *group; string_t *errmsg; @@ -102,15 +103,19 @@ dec2str(geteuid())); pw = getpwuid(geteuid()); - if (pw != NULL) - str_printfa(errmsg, "(%s)", pw->pw_name); + if (pw != NULL) { + pw_name = t_strdup(pw->pw_name); + str_printfa(errmsg, "(%s)", pw_name); + } str_printfa(errmsg, " egid=%s", dec2str(getegid())); group = getgrgid(getegid()); - if (group != NULL) - str_printfa(errmsg, "(%s)", group->gr_name); + if (group != NULL) { + gr_name = t_strdup(group->gr_name); + str_printfa(errmsg, "(%s)", gr_name); + } - dir = "/"; + dir = "/"; memset(&dir_st, 0, sizeof(dir_st)); while ((p = strrchr(prev_path, '/')) != NULL) { dir = t_strdup_until(prev_path, p); ret = stat(dir, &st); @@ -153,6 +158,21 @@ str_printfa(errmsg, " UNIX perms appear ok, " "some security policy wrong?"); } + /* check and warn if another uid has the same name */ + if (pw_name != NULL && dir_st.st_uid != geteuid()) { + pw = getpwuid(dir_st.st_uid); + if (pw != NULL && strcmp(pw->pw_name, pw_name) == 0) { + str_printfa(errmsg, ", dir uid=%s(%s)", + dec2str(dir_st.st_uid), pw_name); + } + } + if (gr_name != NULL && dir_st.st_gid != getegid()) { + group = getgrgid(dir_st.st_gid); + if (group != NULL && strcmp(group->gr_name, gr_name) == 0) { + str_printfa(errmsg, ", dir gid=%s(%s)", + dec2str(dir_st.st_gid), gr_name); + } + } str_append_c(errmsg, ')'); errno = orig_errno; return str_c(errmsg);