global: Don't accept 0 as meaning unlimited anymore in last_valid_uid, last_valid_gid

diff --git a/src/auth/auth-settings.c b/src/auth/auth-settings.c
index 21d664b67c52ba606a4fdd02427bcd4045f2b8af..7d7aca108287e9bf515a16a029f5628ed08e97c8 100644 (file)
--- a/src/auth/auth-settings.c
+++ b/src/auth/auth-settings.c
@@ -406,9 +406,9 @@ static const struct auth_settings auth_default_settings = {
        .base_dir = PKG_RUNDIR,
        .verbose_proctitle = VERBOSE_PROCTITLE_DEFAULT,
        .first_valid_uid = 500,
-       .last_valid_uid = 0,
+       .last_valid_uid = SET_UINT_UNLIMITED,
        .first_valid_gid = 1,
-       .last_valid_gid = 0,
+       .last_valid_gid = SET_UINT_UNLIMITED,
 };
 static const struct setting_keyvalue auth_default_settings_keyvalue[] = {
        { "auth_mechanisms", "plain" },
@@ -595,6 +595,15 @@ static bool auth_settings_ext_check(struct event *event, void *_set,
        if (set->debug)
                set->verbose = TRUE;
 
+       if (set->last_valid_uid == 0) {
+               *error_r = "last_valid_uid must not be 0";
+               return FALSE;
+       }
+       if (set->last_valid_gid == 0) {
+               *error_r = "last_valid_gid must not be 0";
+               return FALSE;
+       }
+
        if (set->cache_size > 0 && set->cache_size < 1024) {
                /* probably a configuration error.
                   older versions used megabyte numbers */

diff --git a/src/lib-storage/mail-storage-settings.c b/src/lib-storage/mail-storage-settings.c
index 393f6bbe90bdb647371ad4bee4213c817b4d5c66..0af502d08806f7f86b16d1a14bd2696d95983c2f 100644 (file)
--- a/src/lib-storage/mail-storage-settings.c
+++ b/src/lib-storage/mail-storage-settings.c
@@ -433,9 +433,9 @@ static const struct mail_user_settings mail_user_default_settings = {
        .valid_chroot_dirs = ARRAY_INIT,
 
        .first_valid_uid = 500,
-       .last_valid_uid = 0,
+       .last_valid_uid = SET_UINT_UNLIMITED,
        .first_valid_gid = 1,
-       .last_valid_gid = 0,
+       .last_valid_gid = SET_UINT_UNLIMITED,
 
        .mail_plugins = ARRAY_INIT,
        .mail_plugin_dir = MODULEDIR,
@@ -1011,6 +1011,14 @@ static bool mail_user_settings_check(void *_set, pool_t pool ATTR_UNUSED,
        (void)parse_postmaster_address(set->postmaster_address, pool,
                                       set, &error);
 #else
+       if (set->last_valid_uid == 0) {
+               *error_r = "last_valid_uid must not be 0";
+               return FALSE;
+       }
+       if (set->last_valid_gid == 0) {
+               *error_r = "last_valid_gid must not be 0";
+               return FALSE;
+       }
        if (array_is_created(&set->mail_plugins) &&
            array_not_empty(&set->mail_plugins) &&
            faccessat(AT_FDCWD, set->mail_plugin_dir, R_OK | X_OK, AT_EACCESS) < 0) {

diff --git a/src/master/master-settings.c b/src/master/master-settings.c
index 6a77c073b6ba8faca86b2964777dab7412261ccc..a5f5bd52006b14e59cdce122eaff9746d0065673 100644 (file)
--- a/src/master/master-settings.c
+++ b/src/master/master-settings.c
@@ -236,9 +236,9 @@ static const struct master_settings master_default_settings = {
        .version_ignore = FALSE,
 
        .first_valid_uid = 500,
-       .last_valid_uid = 0,
+       .last_valid_uid = SET_UINT_UNLIMITED,
        .first_valid_gid = 1,
-       .last_valid_gid = 0,
+       .last_valid_gid = SET_UINT_UNLIMITED,
 
        .services = ARRAY_INIT
 };
@@ -627,13 +627,19 @@ master_settings_ext_check(struct event *event, void *_set,
                set->base_dir = p_strndup(pool, set->base_dir, len - 1);
        }
 
-       if (set->last_valid_uid != 0 &&
-           set->first_valid_uid > set->last_valid_uid) {
+       if (set->last_valid_uid == 0) {
+               *error_r = "last_valid_uid must not be 0";
+               return FALSE;
+       }
+       if (set->first_valid_uid > set->last_valid_uid) {
                *error_r = "first_valid_uid can't be larger than last_valid_uid";
                return FALSE;
        }
-       if (set->last_valid_gid != 0 &&
-           set->first_valid_gid > set->last_valid_gid) {
+       if (set->last_valid_gid == 0) {
+               *error_r = "last_valid_gid must not be 0";
+               return FALSE;
+       }
+       if (set->first_valid_gid > set->last_valid_gid) {
                *error_r = "first_valid_gid can't be larger than last_valid_gid";
                return FALSE;
        }