X-Git-Url: http://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fplugins%2Fwinbind.c;h=67c72f65ef3f0533e5a648bb8dda7647401f44ce;hb=d706c95906d996534f13632a747af5dc617f306e;hp=8d8e981db190c8c74075094778a0f6e33866c52f;hpb=2c8046d6a1470ffb7593b456b403a03b90e13b3c;p=ppp.git

diff --git a/pppd/plugins/winbind.c b/pppd/plugins/winbind.c
index 8d8e981..67c72f6 100644
--- a/pppd/plugins/winbind.c
+++ b/pppd/plugins/winbind.c
@@ -37,11 +37,9 @@
 #include "pppd.h"
 #include "chap-new.h"
 #include "chap_ms.h"
-#ifdef MPPE
-#include "md5.h"
-#endif
 #include "fsm.h"
 #include "ipcp.h"
+#include "mppe.h"
 #include <syslog.h>
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -296,15 +294,18 @@ unsigned int run_ntlm_auth(const char *username,
 
 	if (forkret == 0) {
 		/* child process */
+		uid_t uid;
+
 		close(child_out[0]);
 		close(child_in[1]);
 
 		/* run winbind as the user that invoked pppd */
 		setgid(getgid());
-		setuid(getuid());
+		uid = getuid();
+		if (setuid(uid) == -1 || getuid() != uid)
+			fatal("pppd/winbind: could not setuid to %d: %m", uid);
 		execl("/bin/sh", "sh", "-c", ntlm_auth, NULL);  
-		perror("pppd/winbind: could not exec /bin/sh");
-		exit(1);
+		fatal("pppd/winbind: could not exec /bin/sh: %m");
 	}
 
         /* parent */
@@ -429,6 +430,7 @@ unsigned int run_ntlm_auth(const char *username,
 
         /* parent */
         if (close(child_out[0]) == -1) {
+                close(child_in[1]);
                 notice("error closing pipe?!? for child OUT[0]");
                 return NOT_AUTHENTICATED;
         }
@@ -439,7 +441,7 @@ unsigned int run_ntlm_auth(const char *username,
                 return NOT_AUTHENTICATED;
         }
 
-	while ((wait(&status) == -1) && errno == EINTR)
+	while ((wait(&status) == -1) && errno == EINTR && !got_sigterm)
                 ;
 
 	if ((authenticated == AUTHENTICATED) && nt_key && !got_user_session_key) {
@@ -579,7 +581,7 @@ winbind_chap_verify(char *user, char *ourname, int id,
 				  nt_response, nt_response_size,
 				  session_key,
 				  &error_string) == AUTHENTICATED) {
-			mppe_set_keys(challenge, session_key);
+			mppe_set_chapv1(challenge, session_key);
 			slprintf(message, message_space, "Access granted");
 			return AUTHENTICATED;
 			
@@ -624,7 +626,7 @@ winbind_chap_verify(char *user, char *ourname, int id,
 				&response[MS_CHAP2_NTRESP],
 				&response[MS_CHAP2_PEER_CHALLENGE],
 				challenge, user, saresponse);
-			mppe_set_keys2(session_key, &response[MS_CHAP2_NTRESP],
+			mppe_set_chapv2(session_key, &response[MS_CHAP2_NTRESP],
 				       MS_CHAP2_AUTHENTICATOR);
 			if (response[MS_CHAP2_FLAGS]) {
 				slprintf(message, message_space, "S=%s", saresponse);