X-Git-Url: http://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fplugins%2Fwinbind.c;h=1843d6c13fced8b2d26287364f8b56e8b83c3b48;hb=76016e1b948b7d9675b4e0750d1f943d96d9523b;hp=0c395c34711af6cef39d3ac01e3603f7205ebbc5;hpb=c319558b8cacad7d27f04c7d612e44b67f273434;p=ppp.git

diff --git a/pppd/plugins/winbind.c b/pppd/plugins/winbind.c
index 0c395c3..1843d6c 100644
--- a/pppd/plugins/winbind.c
+++ b/pppd/plugins/winbind.c
@@ -34,14 +34,6 @@
 *
 ***********************************************************************/
 
-#include "pppd.h"
-#include "chap-new.h"
-#include "chap_ms.h"
-#ifdef MPPE
-#include "md5.h"
-#endif
-#include "fsm.h"
-#include "ipcp.h"
 #include <syslog.h>
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -54,6 +46,14 @@
 #include <errno.h>
 #include <ctype.h>
 
+#include <pppd/pppd.h>
+#include <pppd/chap-new.h>
+#include <pppd/chap_ms.h>
+#include <pppd/fsm.h>
+#include <pppd/ipcp.h>
+#include <pppd/mppe.h>
+#include <pppd/ppp-crypto.h>
+
 #define BUF_LEN 1024
 
 #define NOT_AUTHENTICATED 0
@@ -102,7 +102,7 @@ static int winbind_chap_verify(char *user, char *ourname, int id,
 			       char *message, int message_space);
 static int winbind_allowed_address(u_int32_t addr); 
 
-char pppd_version[] = VERSION;
+char pppd_version[] = PPPD_VERSION;
 
 /**********************************************************************
 * %FUNCTION: plugin_init
@@ -165,7 +165,7 @@ plugin_init(void)
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
-size_t strhex_to_str(char *p, size_t len, const char *strhex)
+size_t strhex_to_str(unsigned char *p, size_t len, const char *strhex)
 {
 	size_t i;
 	size_t num_chars = 0;
@@ -297,15 +297,20 @@ unsigned int run_ntlm_auth(const char *username,
 	if (forkret == 0) {
 		/* child process */
 		uid_t uid;
+		gid_t gid;
 
 		close(child_out[0]);
 		close(child_in[1]);
 
 		/* run winbind as the user that invoked pppd */
-		setgid(getgid());
+		gid = getgid();
+		if (setgid(gid) == -1 || getgid() != gid) {
+			fatal("pppd/winbind: could not setgid to %d: %m", gid);
+		}
 		uid = getuid();
-		if (setuid(uid) == -1 || getuid() != uid)
+		if (setuid(uid) == -1 || getuid() != uid) {
 			fatal("pppd/winbind: could not setuid to %d: %m", uid);
+		}
 		execl("/bin/sh", "sh", "-c", ntlm_auth, NULL);  
 		fatal("pppd/winbind: could not exec /bin/sh: %m");
 	}
@@ -520,7 +525,7 @@ winbind_chap_verify(char *user, char *ourname, int id,
 	char *domain;
 	char *username;
 	char *p;
-	char saresponse[MS_AUTH_RESPONSE_LENGTH+1];
+	unsigned char saresponse[MS_AUTH_RESPONSE_LENGTH+1];
 
 	/* The first byte of each of these strings contains their length */
 	challenge_len = *challenge++;
@@ -552,7 +557,7 @@ winbind_chap_verify(char *user, char *ourname, int id,
 		u_char *lm_response = NULL;
 		int nt_response_size = 0;
 		int lm_response_size = 0;
-		u_char session_key[16];
+		u_char session_key[MD4_DIGEST_LENGTH];
 		
 		if (response_len != MS_CHAP_RESPONSE_LEN)
 			break;			/* not even the right length */
@@ -562,14 +567,14 @@ winbind_chap_verify(char *user, char *ourname, int id,
 			nt_response = &response[MS_CHAP_NTRESP];
 			nt_response_size = MS_CHAP_NTRESP_LEN;
 		} else {
-#ifdef MSLANMAN
+#ifdef PPP_WITH_MSLANMAN
 			lm_response = &response[MS_CHAP_LANMANRESP];
 			lm_response_size = MS_CHAP_LANMANRESP_LEN;
 #else
 			/* Should really propagate this into the error packet. */
 			notice("Peer request for LANMAN auth not supported");
 			return NOT_AUTHENTICATED;
-#endif /* MSLANMAN */
+#endif /* PPP_WITH_MSLANMAN */
 		}
 		
 		/* ship off to winbind, and check */
@@ -583,7 +588,9 @@ winbind_chap_verify(char *user, char *ourname, int id,
 				  nt_response, nt_response_size,
 				  session_key,
 				  &error_string) == AUTHENTICATED) {
-			mppe_set_keys(challenge, session_key);
+#ifdef PPP_WITH_MPPE
+			mppe_set_chapv1(challenge, session_key);
+#endif
 			slprintf(message, message_space, "Access granted");
 			return AUTHENTICATED;
 			
@@ -602,7 +609,7 @@ winbind_chap_verify(char *user, char *ourname, int id,
 	case CHAP_MICROSOFT_V2:
 	{
 		u_char Challenge[8];
-		u_char session_key[MD4_SIGNATURE_SIZE];
+		u_char session_key[MD4_DIGEST_LENGTH];
 		char *error_string = NULL;
 		
 		if (response_len != MS_CHAP2_RESPONSE_LEN)
@@ -628,8 +635,10 @@ winbind_chap_verify(char *user, char *ourname, int id,
 				&response[MS_CHAP2_NTRESP],
 				&response[MS_CHAP2_PEER_CHALLENGE],
 				challenge, user, saresponse);
-			mppe_set_keys2(session_key, &response[MS_CHAP2_NTRESP],
+#ifdef PPP_WITH_MPPE
+			mppe_set_chapv2(session_key, &response[MS_CHAP2_NTRESP],
 				       MS_CHAP2_AUTHENTICATOR);
+#endif
 			if (response[MS_CHAP2_FLAGS]) {
 				slprintf(message, message_space, "S=%s", saresponse);
 			} else {