X-Git-Url: https://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Foptions.c;h=5c9d3a0d9534345460c7dc247521506d59bd630d;hb=bf69479845b0dc57e75423be4dd2491cadda1f89;hp=155bcd0033649ee8173d67c9694dd7484d1eb82e;hpb=298bda129d41179121373122bce6c44c8f09e7d7;p=ppp.git diff --git a/pppd/options.c b/pppd/options.c index 155bcd0..5c9d3a0 100644 --- a/pppd/options.c +++ b/pppd/options.c @@ -40,7 +40,7 @@ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#define RCSID "$Id: options.c,v 1.95 2004/11/09 22:33:35 paulus Exp $" +#define RCSID "$Id: options.c,v 1.99 2006/06/04 07:04:57 paulus Exp $" #include #include @@ -58,14 +58,19 @@ #ifdef PPP_FILTER #include /* - * DLT_PPP_WITH_DIRECTION is in current libpcap cvs, and should be in - * libpcap-0.8.4. Until that is released, use DLT_PPP - but that means + * There have been 3 or 4 different names for this in libpcap CVS, but + * this seems to be what they have settled on... + * For older versions of libpcap, use DLT_PPP - but that means * we lose the inbound and outbound qualifiers. */ -#ifndef DLT_PPP_WITH_DIRECTION -#define DLT_PPP_WITH_DIRECTION DLT_PPP +#ifndef DLT_PPP_PPPD +#ifdef DLT_PPP_WITHDIRECTION +#define DLT_PPP_PPPD DLT_PPP_WITHDIRECTION +#else +#define DLT_PPP_PPPD DLT_PPP #endif #endif +#endif /* PPP_FILTER */ #include "pppd.h" #include "pathnames.h" @@ -296,10 +301,10 @@ option_t general_options[] = { #endif #ifdef PPP_FILTER - { "pass-filter", 1, setpassfilter, + { "pass-filter", o_special, setpassfilter, "set filter for packets to pass", OPT_PRIO }, - { "active-filter", 1, setactivefilter, + { "active-filter", o_special, setactivefilter, "set filter for active pkts", OPT_PRIO }, #endif @@ -398,12 +403,14 @@ options_from_file(filename, must_exist, check_prot, priv) char args[MAXARGS][MAXWORDLEN]; char cmd[MAXWORDLEN]; - if (check_prot) - seteuid(getuid()); + if (check_prot && seteuid(getuid()) == -1) { + option_error("unable to drop privileges to open %s: %m", filename); + return 0; + } f = fopen(filename, "r"); err = errno; - if (check_prot) - seteuid(0); + if (check_prot && seteuid(0) == -1) + fatal("unable to regain privileges"); if (f == NULL) { errno = err; if (!must_exist) { @@ -1447,13 +1454,13 @@ setpassfilter(argv) char **argv; { pcap_t *pc; - int ret = 0; + int ret = 1; - pc = pcap_open_dead(DLT_PPP_WITH_DIRECTION, 65535); + pc = pcap_open_dead(DLT_PPP_PPPD, 65535); if (pcap_compile(pc, &pass_filter, *argv, 1, netmask) == -1) { option_error("error in pass-filter expression: %s\n", pcap_geterr(pc)); - ret = 1; + ret = 0; } pcap_close(pc); @@ -1468,13 +1475,13 @@ setactivefilter(argv) char **argv; { pcap_t *pc; - int ret = 0; + int ret = 1; - pc = pcap_open_dead(DLT_PPP_WITH_DIRECTION, 65535); + pc = pcap_open_dead(DLT_PPP_PPPD, 65535); if (pcap_compile(pc, &active_filter, *argv, 1, netmask) == -1) { option_error("error in active-filter expression: %s\n", pcap_geterr(pc)); - ret = 1; + ret = 0; } pcap_close(pc); @@ -1506,14 +1513,16 @@ setlogfile(argv) { int fd, err; - if (!privileged_option) - seteuid(getuid()); + if (!privileged_option && seteuid(getuid()) == -1) { + option_error("unable to drop permissions to open %s: %m", *argv); + return 0; + } fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644); if (fd < 0 && errno == EEXIST) fd = open(*argv, O_WRONLY | O_APPEND); err = errno; - if (!privileged_option) - seteuid(0); + if (!privileged_option && seteuid(0) == -1) + fatal("unable to regain privileges: %m"); if (fd < 0) { errno = err; option_error("Can't open log file %s: %m", *argv);