From a00baab063b349591289cbde22ab40cf80b8f0af Mon Sep 17 00:00:00 2001
From: Paul Mackerras <paulus@samba.org>
Date: Sat, 6 Mar 1999 11:28:11 +0000
Subject: [PATCH] leave the real user ID as the user's now

---
 pppd/auth.c    |  9 +++++++--
 pppd/main.c    | 10 +++++-----
 pppd/options.c | 15 ++++++++++++---
 pppd/pppd.h    |  3 +--
 4 files changed, 25 insertions(+), 12 deletions(-)

diff --git a/pppd/auth.c b/pppd/auth.c
index 47ecae3..2f763c1 100644
--- a/pppd/auth.c
+++ b/pppd/auth.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$Id: auth.c,v 1.42 1999/03/02 05:33:09 paulus Exp $";
+static char rcsid[] = "$Id: auth.c,v 1.43 1999/03/06 11:28:10 paulus Exp $";
 #endif
 
 #include <stdio.h>
@@ -211,14 +211,19 @@ setupapfile(argv)
     lcp_allowoptions[0].neg_upap = 1;
 
     /* open user info file */
-    if ((ufile = fopen(*argv, "r")) == NULL) {
+    seteuid(getuid());
+    ufile = fopen(*argv, "r");
+    seteuid(0);
+    if (ufile == NULL) {
 	option_error("unable to open user login data file %s", *argv);
 	return 0;
     }
+#if 0	/* check done by setting effective UID above */
     if (!readable(fileno(ufile))) {
 	option_error("%s: access denied", *argv);
 	return 0;
     }
+#endif
     check_access(ufile, *argv);
 
     /* get username */
diff --git a/pppd/main.c b/pppd/main.c
index 2ab3514..4ec593e 100644
--- a/pppd/main.c
+++ b/pppd/main.c
@@ -18,7 +18,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$Id: main.c,v 1.55 1999/03/02 05:59:21 paulus Exp $";
+static char rcsid[] = "$Id: main.c,v 1.56 1999/03/06 11:28:10 paulus Exp $";
 #endif
 
 #include <stdio.h>
@@ -77,6 +77,7 @@ char hostname[MAXNAMELEN];	/* Our hostname */
 static char pidfilename[MAXPATHLEN];	/* name of pid file */
 static char default_devnam[MAXPATHLEN];	/* name of default device */
 static pid_t pid;		/* Our pid */
+static uid_t uid;		/* Our real user-id */
 static int conn_running;	/* we have a [dis]connector running */
 
 int ttyfd = -1;			/* Serial port file descriptor */
@@ -84,7 +85,6 @@ mode_t tty_mode = -1;		/* Original access permissions to tty */
 int baud_rate;			/* Actual bits/second for serial device */
 int hungup;			/* terminal has been hung up */
 int privileged;			/* we're running as real uid root */
-int uid;			/* real user ID of the user */
 int need_holdoff;		/* need holdoff period before restarting */
 int detached;			/* have detached from terminal */
 
@@ -231,7 +231,6 @@ main(argc, argv)
 		     argv[0]);
 	exit(1);
     }
-    setuid(0);			/* make real uid = root */
 
     if (!ppp_available()) {
 	option_error(no_ppp_msg);
@@ -1241,9 +1240,10 @@ run_program(prog, args, must_exist, done, arg)
 	int new_fd;
 
 	/* Leave the current location */
-	(void) setsid();    /* No controlling tty. */
+	(void) setsid();	/* No controlling tty. */
 	(void) umask (S_IRWXG|S_IRWXO);
-	(void) chdir ("/"); /* no current directory. */
+	(void) chdir ("/");	/* no current directory. */
+	setuid(0);		/* set real UID = root */
 	setgid(getegid());
 
 	/* Ensure that nothing of our device environment is inherited. */
diff --git a/pppd/options.c b/pppd/options.c
index 6078dcc..328b142 100644
--- a/pppd/options.c
+++ b/pppd/options.c
@@ -18,7 +18,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$Id: options.c,v 1.47 1999/03/02 05:59:21 paulus Exp $";
+static char rcsid[] = "$Id: options.c,v 1.48 1999/03/06 11:28:10 paulus Exp $";
 #endif
 
 #include <ctype.h>
@@ -342,17 +342,24 @@ options_from_file(filename, must_exist, check_prot, priv)
     char args[MAXARGS][MAXWORDLEN];
     char cmd[MAXWORDLEN];
 
-    if ((f = fopen(filename, "r")) == NULL) {
+    if (check_prot)
+	seteuid(getuid());
+    f = fopen(filename, "r");
+    if (check_prot)
+	seteuid(0);
+    if (f == NULL) {
 	if (!must_exist && errno == ENOENT)
 	    return 1;
 	option_error("Can't open options file %s: %m", filename);
 	return 0;
     }
+#if 0	/* check done by setting effective UID above */
     if (check_prot && !readable(fileno(f))) {
 	option_error("Can't open options file %s: access denied", filename);
 	fclose(f);
 	return 0;
     }
+#endif
 
     oldpriv = privileged_option;
     privileged_option = priv;
@@ -416,7 +423,7 @@ options_from_user()
     int ret;
     struct passwd *pw;
 
-    pw = getpwuid(uid);
+    pw = getpwuid(getuid());
     if (pw == NULL || (user = pw->pw_dir) == NULL || user[0] == 0)
 	return 1;
     file = _PATH_USEROPT;
@@ -688,10 +695,12 @@ int
 readable(fd)
     int fd;
 {
+    uid_t uid;
     int ngroups, i;
     struct stat sbuf;
     GIDSET_TYPE groups[NGROUPS_MAX];
 
+    uid = getuid();
     if (uid == 0)
 	return 1;
     if (fstat(fd, &sbuf) != 0)
diff --git a/pppd/pppd.h b/pppd/pppd.h
index 3154360..509015c 100644
--- a/pppd/pppd.h
+++ b/pppd/pppd.h
@@ -16,7 +16,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: pppd.h,v 1.26 1999/03/02 05:59:22 paulus Exp $
+ * $Id: pppd.h,v 1.27 1999/03/06 11:28:11 paulus Exp $
  */
 
 /*
@@ -116,7 +116,6 @@ extern int	privileged;	/* We were run by real-uid root */
 extern int	need_holdoff;	/* Need holdoff period after link terminates */
 extern char	**script_env;	/* Environment variables for scripts */
 extern int	detached;	/* Have detached from controlling tty */
-extern int	uid;		/* Real user ID of the user running pppd */
 
 /*
  * Variables set by command-line options.
-- 
2.39.2