X-Git-Url: http://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fplugins%2Fwinbind.c;h=1843d6c13fced8b2d26287364f8b56e8b83c3b48;hb=76016e1b948b7d9675b4e0750d1f943d96d9523b;hp=8c98e2a82972797219be4ab6c9de814caadb3e14;hpb=ab4d4992050ec171e1c72d661a3457efc8e7c141;p=ppp.git diff --git a/pppd/plugins/winbind.c b/pppd/plugins/winbind.c index 8c98e2a..1843d6c 100644 --- a/pppd/plugins/winbind.c +++ b/pppd/plugins/winbind.c @@ -34,16 +34,6 @@ * ***********************************************************************/ -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -#include "pppd.h" -#include "chap-new.h" -#include "chap_ms.h" -#include "fsm.h" -#include "ipcp.h" -#include "mppe.h" #include #include #include @@ -56,6 +46,14 @@ #include #include +#include +#include +#include +#include +#include +#include +#include + #define BUF_LEN 1024 #define NOT_AUTHENTICATED 0 @@ -104,7 +102,7 @@ static int winbind_chap_verify(char *user, char *ourname, int id, char *message, int message_space); static int winbind_allowed_address(u_int32_t addr); -char pppd_version[] = VERSION; +char pppd_version[] = PPPD_VERSION; /********************************************************************** * %FUNCTION: plugin_init @@ -167,7 +165,7 @@ plugin_init(void) Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -size_t strhex_to_str(char *p, size_t len, const char *strhex) +size_t strhex_to_str(unsigned char *p, size_t len, const char *strhex) { size_t i; size_t num_chars = 0; @@ -299,15 +297,20 @@ unsigned int run_ntlm_auth(const char *username, if (forkret == 0) { /* child process */ uid_t uid; + gid_t gid; close(child_out[0]); close(child_in[1]); /* run winbind as the user that invoked pppd */ - setgid(getgid()); + gid = getgid(); + if (setgid(gid) == -1 || getgid() != gid) { + fatal("pppd/winbind: could not setgid to %d: %m", gid); + } uid = getuid(); - if (setuid(uid) == -1 || getuid() != uid) + if (setuid(uid) == -1 || getuid() != uid) { fatal("pppd/winbind: could not setuid to %d: %m", uid); + } execl("/bin/sh", "sh", "-c", ntlm_auth, NULL); fatal("pppd/winbind: could not exec /bin/sh: %m"); } @@ -522,7 +525,7 @@ winbind_chap_verify(char *user, char *ourname, int id, char *domain; char *username; char *p; - char saresponse[MS_AUTH_RESPONSE_LENGTH+1]; + unsigned char saresponse[MS_AUTH_RESPONSE_LENGTH+1]; /* The first byte of each of these strings contains their length */ challenge_len = *challenge++; @@ -554,7 +557,7 @@ winbind_chap_verify(char *user, char *ourname, int id, u_char *lm_response = NULL; int nt_response_size = 0; int lm_response_size = 0; - u_char session_key[16]; + u_char session_key[MD4_DIGEST_LENGTH]; if (response_len != MS_CHAP_RESPONSE_LEN) break; /* not even the right length */ @@ -564,14 +567,14 @@ winbind_chap_verify(char *user, char *ourname, int id, nt_response = &response[MS_CHAP_NTRESP]; nt_response_size = MS_CHAP_NTRESP_LEN; } else { -#ifdef MSLANMAN +#ifdef PPP_WITH_MSLANMAN lm_response = &response[MS_CHAP_LANMANRESP]; lm_response_size = MS_CHAP_LANMANRESP_LEN; #else /* Should really propagate this into the error packet. */ notice("Peer request for LANMAN auth not supported"); return NOT_AUTHENTICATED; -#endif /* MSLANMAN */ +#endif /* PPP_WITH_MSLANMAN */ } /* ship off to winbind, and check */ @@ -585,7 +588,7 @@ winbind_chap_verify(char *user, char *ourname, int id, nt_response, nt_response_size, session_key, &error_string) == AUTHENTICATED) { -#ifdef MPPE +#ifdef PPP_WITH_MPPE mppe_set_chapv1(challenge, session_key); #endif slprintf(message, message_space, "Access granted"); @@ -606,7 +609,7 @@ winbind_chap_verify(char *user, char *ourname, int id, case CHAP_MICROSOFT_V2: { u_char Challenge[8]; - u_char session_key[MD4_SIGNATURE_SIZE]; + u_char session_key[MD4_DIGEST_LENGTH]; char *error_string = NULL; if (response_len != MS_CHAP2_RESPONSE_LEN) @@ -632,7 +635,7 @@ winbind_chap_verify(char *user, char *ourname, int id, &response[MS_CHAP2_NTRESP], &response[MS_CHAP2_PEER_CHALLENGE], challenge, user, saresponse); -#ifdef MPPE +#ifdef PPP_WITH_MPPE mppe_set_chapv2(session_key, &response[MS_CHAP2_NTRESP], MS_CHAP2_AUTHENTICATOR); #endif