dovecot-1.2: master: Give better error messages if UNIX uid/gid ...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-1.2/rev/23f676bada8c
changeset: 9216:23f676bada8c
user:      Timo Sirainen <tss at iki.fi>
date:      Thu Jul 09 13:28:47 2009 -0400
description:
master: Give better error messages if UNIX uid/gid is too high/low.

diffstat:

1 file changed, 29 insertions(+), 10 deletions(-)
src/master/mail-process.c |   39 +++++++++++++++++++++++++++++----------

diffs (70 lines):

diff -r 572cd188f6da -r 23f676bada8c src/master/mail-process.c
--- a/src/master/mail-process.c	Wed Jul 08 17:56:59 2009 -0400
+++ b/src/master/mail-process.c	Thu Jul 09 13:28:47 2009 -0400
@@ -23,6 +23,8 @@
 #include <grp.h>
 #include <syslog.h>
 #include <sys/stat.h>
+#include <pwd.h>
+#include <grp.h>
 
 #ifdef HAVE_SYS_RESOURCE_H
 #  include <sys/resource.h>
@@ -117,30 +119,47 @@ static bool validate_uid_gid(struct sett
 			     const char *user)
 {
 	if (uid == 0) {
-		i_error("user %s: Logins with UID 0 not permitted", user);
+		i_error("User %s not allowed to log in using UNIX UID 0 "
+			"(root logins are never allowed)", user);
 		return FALSE;
 	}
 
 	if (set->login_uid == uid && master_uid != uid) {
-		i_error("user %s: Logins with login_user's UID %s "
-			"not permitted (see http://wiki.dovecot.org/UserIds).",
-			user, dec2str(uid));
+		struct passwd *pw;
+
+		pw = getpwuid(uid);
+		i_error("User %s not allowed to log in using login_user's "
+			"UNIX UID %s%s (see http://wiki.dovecot.org/UserIds)",
+			user, dec2str(uid), pw == NULL ? "" :
+			t_strdup_printf("(%s)", pw->pw_name));
 		return FALSE;
 	}
 
 	if (uid < (uid_t)set->first_valid_uid ||
 	    (set->last_valid_uid != 0 && uid > (uid_t)set->last_valid_uid)) {
-		i_error("user %s: Logins with UID %s not permitted "
-			"(see first_valid_uid in config file).",
-			user, dec2str(uid));
+		struct passwd *pw;
+
+		pw = getpwuid(uid);
+		i_error("User %s not allowed to log in using too %s "
+			"UNIX UID %s%s (see first_valid_uid in config file)",
+			user,
+			uid < (uid_t)set->first_valid_uid ? "low" : "high",
+			dec2str(uid), pw == NULL ? "" :
+			t_strdup_printf("(%s)", pw->pw_name));
 		return FALSE;
 	}
 
 	if (gid < (gid_t)set->first_valid_gid ||
 	    (set->last_valid_gid != 0 && gid > (gid_t)set->last_valid_gid)) {
-		i_error("user %s: Logins for users with primary group ID %s "
-			"not permitted (see first_valid_gid in config file).",
-			user, dec2str(gid));
+		struct group *gr;
+
+		gr = getgrgid(gid);
+		i_error("User %s not allowed to log in using too %s primary "
+			"UNIX group ID %s%s (see first_valid_gid in config file)",
+			user,
+			gid < (gid_t)set->first_valid_gid ? "low" : "high",
+			dec2str(gid), gr == NULL ? "" :
+			t_strdup_printf("(%s)", gr->gr_name));
 		return FALSE;
 	}