X-Git-Url: http://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fplugins%2Fwinbind.c;h=86b5198dd0d8b61624cabb1cfa68550cffde4bb6;hb=05f088613bebc9fb743c309e9b9390d376387f1c;hp=67c72f65ef3f0533e5a648bb8dda7647401f44ce;hpb=d706c95906d996534f13632a747af5dc617f306e;p=ppp.git

diff --git a/pppd/plugins/winbind.c b/pppd/plugins/winbind.c
index 67c72f6..86b5198 100644
--- a/pppd/plugins/winbind.c
+++ b/pppd/plugins/winbind.c
@@ -34,6 +34,10 @@
 *
 ***********************************************************************/
 
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
 #include "pppd.h"
 #include "chap-new.h"
 #include "chap_ms.h"
@@ -295,15 +299,20 @@ unsigned int run_ntlm_auth(const char *username,
 	if (forkret == 0) {
 		/* child process */
 		uid_t uid;
+		gid_t gid;
 
 		close(child_out[0]);
 		close(child_in[1]);
 
 		/* run winbind as the user that invoked pppd */
-		setgid(getgid());
+		gid = getgid();
+		if (setgid(gid) == -1 || getgid() != gid) {
+			fatal("pppd/winbind: could not setgid to %d: %m", gid);
+		}
 		uid = getuid();
-		if (setuid(uid) == -1 || getuid() != uid)
+		if (setuid(uid) == -1 || getuid() != uid) {
 			fatal("pppd/winbind: could not setuid to %d: %m", uid);
+		}
 		execl("/bin/sh", "sh", "-c", ntlm_auth, NULL);  
 		fatal("pppd/winbind: could not exec /bin/sh: %m");
 	}
@@ -581,7 +590,9 @@ winbind_chap_verify(char *user, char *ourname, int id,
 				  nt_response, nt_response_size,
 				  session_key,
 				  &error_string) == AUTHENTICATED) {
+#ifdef MPPE
 			mppe_set_chapv1(challenge, session_key);
+#endif
 			slprintf(message, message_space, "Access granted");
 			return AUTHENTICATED;
 			
@@ -626,8 +637,10 @@ winbind_chap_verify(char *user, char *ourname, int id,
 				&response[MS_CHAP2_NTRESP],
 				&response[MS_CHAP2_PEER_CHALLENGE],
 				challenge, user, saresponse);
+#ifdef MPPE
 			mppe_set_chapv2(session_key, &response[MS_CHAP2_NTRESP],
 				       MS_CHAP2_AUTHENTICATOR);
+#endif
 			if (response[MS_CHAP2_FLAGS]) {
 				slprintf(message, message_space, "S=%s", saresponse);
 			} else {