X-Git-Url: http://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fplugins%2Fwinbind.c;h=4638f46530469fa29812c5b45c56c06263d27745;hb=c9d9dbfb8459b528ab56bd1cf0c41460801bbfdf;hp=2bcb83dfff614eb4b0e850598455a090bfdfcfdc;hpb=6bd2208f408588cab66a4da26ebee1159840db81;p=ppp.git

diff --git a/pppd/plugins/winbind.c b/pppd/plugins/winbind.c
index 2bcb83d..4638f46 100644
--- a/pppd/plugins/winbind.c
+++ b/pppd/plugins/winbind.c
@@ -209,42 +209,33 @@ static const char *b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz01
  **/
 char * base64_encode(const char *data)
 {
-	int bits = 0;
-	int char_count = 0;
 	size_t out_cnt = 0;
 	size_t len = strlen(data);
-	size_t output_len = strlen(data) * 2;
+	size_t output_len = 4 * ((len + 2) / 3) + 2;
+	const unsigned char *ptr = (const unsigned char *) data;
 	char *result = malloc(output_len); /* get us plenty of space */
-
-	while (len-- && out_cnt < (output_len) - 5) {
-		int c = (unsigned char) *(data++);
-		bits += c;
-		char_count++;
-		if (char_count == 3) {
-			result[out_cnt++] = b64[bits >> 18];
-			result[out_cnt++] = b64[(bits >> 12) & 0x3f];
-			result[out_cnt++] = b64[(bits >> 6) & 0x3f];
-	    result[out_cnt++] = b64[bits & 0x3f];
-	    bits = 0;
-	    char_count = 0;
-	} else {
-	    bits <<= 8;
+	unsigned int bits;
+
+	for (; len >= 3; len -= 3) {
+		bits = (ptr[0] << 16) + (ptr[1] << 8) + ptr[2];
+		ptr += 3;
+		result[out_cnt++] = b64[bits >> 18];
+		result[out_cnt++] = b64[(bits >> 12) & 0x3f];
+		result[out_cnt++] = b64[(bits >> 6) & 0x3f];
+		result[out_cnt++] = b64[bits & 0x3f];
 	}
-    }
-    if (char_count != 0) {
-	bits <<= 16 - (8 * char_count);
-	result[out_cnt++] = b64[bits >> 18];
-	result[out_cnt++] = b64[(bits >> 12) & 0x3f];
-	if (char_count == 1) {
-	    result[out_cnt++] = '=';
-	    result[out_cnt++] = '=';
-	} else {
-	    result[out_cnt++] = b64[(bits >> 6) & 0x3f];
-	    result[out_cnt++] = '=';
+	if (len != 0) {
+		bits = ptr[0] << 16;
+		if (len > 1)
+			bits |= ptr[1] << 8;
+		result[out_cnt++] = b64[bits >> 18];
+		result[out_cnt++] = b64[(bits >> 12) & 0x3f];
+		result[out_cnt++] = (len > 1)? b64[(bits >> 6) & 0x3f]: '=';
+		result[out_cnt++] = '=';
 	}
-    }
-    result[out_cnt] = '\0';	/* terminate */
-    return result;
+
+	result[out_cnt] = '\0';	/* terminate */
+	return result;
 }
 
 unsigned int run_ntlm_auth(const char *username, 
@@ -305,15 +296,18 @@ unsigned int run_ntlm_auth(const char *username,
 
 	if (forkret == 0) {
 		/* child process */
+		uid_t uid;
+
 		close(child_out[0]);
 		close(child_in[1]);
 
 		/* run winbind as the user that invoked pppd */
 		setgid(getgid());
-		setuid(getuid());
+		uid = getuid();
+		if (setuid(uid) == -1 || getuid() != uid)
+			fatal("pppd/winbind: could not setuid to %d: %m", uid);
 		execl("/bin/sh", "sh", "-c", ntlm_auth, NULL);  
-		perror("pppd/winbind: could not exec /bin/sh");
-		exit(1);
+		fatal("pppd/winbind: could not exec /bin/sh: %m");
 	}
 
         /* parent */
@@ -438,6 +432,7 @@ unsigned int run_ntlm_auth(const char *username,
 
         /* parent */
         if (close(child_out[0]) == -1) {
+                close(child_in[1]);
                 notice("error closing pipe?!? for child OUT[0]");
                 return NOT_AUTHENTICATED;
         }