aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBrian Somers <brian@FreeBSD.org>1997-11-09 06:22:49 +0000
committerBrian Somers <brian@FreeBSD.org>1997-11-09 06:22:49 +0000
commit5106c67149438f0d50a1915bbcb75be1db7aae30 (patch)
treef70cb76041f6c38e5c713f0dc7169a38854e3374
parent4000f72f0459bad2e47ce95aaddf5e952e98a155 (diff)
downloadsrc-5106c67149438f0d50a1915bbcb75be1db7aae30.tar.gz
src-5106c67149438f0d50a1915bbcb75be1db7aae30.zip
Introduce ID0 logging.
Stay as the invoking uid as much as possible. Execution as a normal user is still forbidden for now, so these changes are pretty ineffective. The next commit will implement the modifications suggested on -hackers a number of days ago.
Notes
Notes: svn path=/head/; revision=31061
Diffstat
-rw-r--r--usr.sbin/ppp/Makefile4
-rw-r--r--usr.sbin/ppp/arp.c13
-rw-r--r--usr.sbin/ppp/chat.c12
-rw-r--r--usr.sbin/ppp/command.c15
-rw-r--r--usr.sbin/ppp/id.c145
-rw-r--r--usr.sbin/ppp/id.h13
-rw-r--r--usr.sbin/ppp/loadalias.c5
-rw-r--r--usr.sbin/ppp/log.c3
-rw-r--r--usr.sbin/ppp/log.h27
-rw-r--r--usr.sbin/ppp/main.c16
-rw-r--r--usr.sbin/ppp/modem.c26
-rw-r--r--usr.sbin/ppp/os.c21
-rw-r--r--usr.sbin/ppp/ppp.83
-rw-r--r--usr.sbin/ppp/ppp.8.m43
-rw-r--r--usr.sbin/ppp/pred.c3
-rw-r--r--usr.sbin/ppp/route.c19
-rw-r--r--usr.sbin/ppp/server.c13
-rw-r--r--usr.sbin/ppp/systems.c101
-rw-r--r--usr.sbin/ppp/systems.h4
-rw-r--r--usr.sbin/ppp/timer.c3
-rw-r--r--usr.sbin/ppp/vjcomp.c3
21 files changed, 259 insertions, 193 deletions
diff --git a/usr.sbin/ppp/Makefile b/usr.sbin/ppp/Makefile
index 49b24e951aef..35a35b0b8448 100644
--- a/usr.sbin/ppp/Makefile
+++ b/usr.sbin/ppp/Makefile
@@ -1,8 +1,8 @@
-# $Id: Makefile,v 1.27 1997/09/28 20:17:59 brian Exp $
+# $Id: Makefile,v 1.28 1997/10/26 01:01:58 brian Exp $
PROG= ppp
SRCS= alias_cmd.c arp.c async.c auth.c ccp.c chap.c chat.c command.c \
- defs.c filter.c fsm.c hdlc.c ip.c ipcp.c lcp.c loadalias.c log.c \
+ defs.c filter.c fsm.c hdlc.c id.c ip.c ipcp.c lcp.c loadalias.c log.c \
lqr.c main.c mbuf.c modem.c os.c pap.c phase.c pred.c route.c \
server.c sig.c slcompress.c systems.c timer.c vars.c vjcomp.c
CFLAGS+=-Wall -Wmissing-prototypes
diff --git a/usr.sbin/ppp/arp.c b/usr.sbin/ppp/arp.c
index 5129e7b596bb..9450511e4ac8 100644
--- a/usr.sbin/ppp/arp.c
+++ b/usr.sbin/ppp/arp.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: arp.c,v 1.15 1997/09/10 02:20:27 brian Exp $
+ * $Id: arp.c,v 1.16 1997/10/26 01:02:03 brian Exp $
*
*/
@@ -47,6 +47,7 @@
#include "mbuf.h"
#include "log.h"
+#include "id.h"
#include "arp.h"
static int rtm_seq;
@@ -91,7 +92,8 @@ sifproxyarp(int unit, u_long hisaddr)
LogPrintf(LogERROR, "Cannot determine ethernet address for proxy ARP\n");
return 0;
}
- if ((routes = socket(PF_ROUTE, SOCK_RAW, AF_INET)) < 0) {
+ routes = ID0socket(PF_ROUTE, SOCK_RAW, AF_INET);
+ if (routes < 0) {
LogPrintf(LogERROR, "sifproxyarp: opening routing socket: %s\n",
strerror(errno));
return 0;
@@ -134,7 +136,8 @@ cifproxyarp(int unit, u_long hisaddr)
arpmsg.hdr.rtm_type = RTM_DELETE;
arpmsg.hdr.rtm_seq = ++rtm_seq;
- if ((routes = socket(PF_ROUTE, SOCK_RAW, AF_INET)) < 0) {
+ routes = ID0socket(PF_ROUTE, SOCK_RAW, AF_INET);
+ if (routes < 0) {
LogPrintf(LogERROR, "sifproxyarp: opening routing socket: %s\n",
strerror(errno));
return 0;
@@ -178,7 +181,7 @@ sifproxyarp(int unit, u_long hisaddr)
SET_SA_FAMILY(arpreq.arp_pa, AF_INET);
((struct sockaddr_in *) & arpreq.arp_pa)->sin_addr.s_addr = hisaddr;
arpreq.arp_flags = ATF_PERM | ATF_PUBL;
- if (ioctl(unit, SIOCSARP, (caddr_t) & arpreq) < 0) {
+ if (ID0ioctl(unit, SIOCSARP, (caddr_t) & arpreq) < 0) {
LogPrintf(LogERROR, "sifproxyarp: ioctl(SIOCSARP): %s\n", strerror(errno));
return 0;
}
@@ -196,7 +199,7 @@ cifproxyarp(int unit, u_long hisaddr)
memset(&arpreq, '\0', sizeof(arpreq));
SET_SA_FAMILY(arpreq.arp_pa, AF_INET);
((struct sockaddr_in *) & arpreq.arp_pa)->sin_addr.s_addr = hisaddr;
- if (ioctl(unit, SIOCDARP, (caddr_t) & arpreq) < 0) {
+ if (ID0ioctl(unit, SIOCDARP, (caddr_t) & arpreq) < 0) {
LogPrintf(LogERROR, "cifproxyarp: ioctl(SIOCDARP): %s\n", strerror(errno));
return 0;
}
diff --git a/usr.sbin/ppp/chat.c b/usr.sbin/ppp/chat.c
index 58d61b3f54c7..bf537f53701c 100644
--- a/usr.sbin/ppp/chat.c
+++ b/usr.sbin/ppp/chat.c
@@ -18,7 +18,7 @@
* Columbus, OH 43221
* (614)451-1883
*
- * $Id: chat.c,v 1.35 1997/10/26 01:02:22 brian Exp $
+ * $Id: chat.c,v 1.36 1997/10/29 01:19:39 brian Exp $
*
* TODO:
* o Support more UUCP compatible control sequences.
@@ -460,16 +460,8 @@ ExecStr(char *command, char *out)
LogPrintf(LogCHAT, "dup2(nb, 0) in ExecStr: %s\n", strerror(errno));
return;
}
+ setuid(geteuid());
LogPrintf(LogCHAT, "exec: %s\n", command);
- /* switch back to original privileges */
- if (setgid(getgid()) < 0) {
- LogPrintf(LogCHAT, "setgid: %s\n", strerror(errno));
- exit(1);
- }
- if (setuid(getuid()) < 0) {
- LogPrintf(LogCHAT, "setuid: %s\n", strerror(errno));
- exit(1);
- }
pid = execvp(command, vector);
LogPrintf(LogCHAT, "execvp failed for (%d/%d): %s\n", pid, errno, command);
exit(127);
diff --git a/usr.sbin/ppp/command.c b/usr.sbin/ppp/command.c
index 6f253062def4..00d10ce0e115 100644
--- a/usr.sbin/ppp/command.c
+++ b/usr.sbin/ppp/command.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: command.c,v 1.90 1997/11/04 01:16:59 brian Exp $
+ * $Id: command.c,v 1.91 1997/11/08 00:28:06 brian Exp $
*
*/
#include <sys/param.h>
@@ -273,19 +273,8 @@ ShellCommand(struct cmdtab const * cmdlist, int argc, char **argv, int bg)
for (dtablesize = getdtablesize(), i = 3; i < dtablesize; i++)
(void) close(i);
- /*
- * We are running setuid, we should change to real user for avoiding
- * security problems.
- */
- if (setgid(getgid()) < 0) {
- LogPrintf(LogERROR, "setgid: %s\n", strerror(errno));
- exit(1);
- }
- if (setuid(getuid()) < 0) {
- LogPrintf(LogERROR, "setuid: %s\n", strerror(errno));
- exit(1);
- }
TtyOldMode();
+ setuid(geteuid());
if (argc > 0) {
/* substitute pseudo args */
for (i = 1; i < argc; i++)
diff --git a/usr.sbin/ppp/id.c b/usr.sbin/ppp/id.c
new file mode 100644
index 000000000000..c37e5fe94298
--- /dev/null
+++ b/usr.sbin/ppp/id.c
@@ -0,0 +1,145 @@
+/*
+ * $Id: defs.c,v 1.1 1997/10/26 01:02:30 brian Exp $
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#include <sys/ioctl.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sysexits.h>
+#include <unistd.h>
+
+#include "mbuf.h"
+#include "log.h"
+#include "main.h"
+#ifdef __OpenBSD__
+#include <util.h>
+#else
+#include <libutil.h>
+#endif
+#include "id.h"
+
+static int uid;
+static int gid;
+static int euid;
+static int egid;
+
+void
+ID0init()
+{
+ uid = getuid();
+ gid = getgid();
+ euid = geteuid();
+ egid = getegid();
+}
+
+static void
+ID0setuser()
+{
+ if (setreuid(euid, uid) == -1) {
+ LogPrintf(LogERROR, "ID0setuser: Unable to setreuid!\n");
+ Cleanup(EX_NOPERM);
+ }
+}
+
+uid_t
+ID0realuid()
+{
+ return uid;
+}
+
+static void
+ID0set0()
+{
+ if (setreuid(uid, euid) == -1) {
+ LogPrintf(LogERROR, "ID0set0: Unable to setreuid!\n");
+ Cleanup(EX_NOPERM);
+ }
+}
+
+int
+ID0ioctl(int fd, unsigned long req, void *arg)
+{
+ int ret;
+
+ ID0set0();
+ ret = ioctl(fd, req, arg);
+ LogPrintf(LogID0, "%d = ioctl(%d, %d, %p)\n", ret, fd, req, arg);
+ ID0setuser();
+ return ret;
+}
+
+int
+ID0unlink(const char *name)
+{
+ int ret;
+
+ ID0set0();
+ ret = unlink(name);
+ LogPrintf(LogID0, "%d = unlink(\"%s\")\n", ret, name);
+ ID0setuser();
+ return ret;
+}
+
+int
+ID0socket(int domain, int type, int protocol)
+{
+ int ret;
+
+ ID0set0();
+ ret = socket(domain, type, protocol);
+ LogPrintf(LogID0, "%d = socket(%d, %d, %d)\n", ret, domain, type, protocol);
+ ID0setuser();
+ return ret;
+}
+
+FILE *
+ID0fopen(const char *path, const char *mode)
+{
+ FILE *ret;
+
+ ID0set0();
+ ret = fopen(path, mode);
+ LogPrintf(LogID0, "%p = fopen(\"%s\", \"%s\")\n", ret, path, mode);
+ ID0setuser();
+ return ret;
+}
+
+int
+ID0open(const char *path, int flags)
+{
+ int ret;
+
+ ID0set0();
+ ret = open(path, flags);
+ LogPrintf(LogID0, "%d = open(\"%s\", %d)\n", ret, path, flags);
+ ID0setuser();
+ return ret;
+}
+
+int
+ID0uu_lock(const char *ttyname)
+{
+ int ret;
+
+ ID0set0();
+ ret = uu_lock(ttyname);
+ LogPrintf(LogID0, "%d = uu_lock(\"%s\")\n", ret, ttyname);
+ ID0setuser();
+ return ret;
+}
+
+int
+ID0uu_unlock(const char *ttyname)
+{
+ int ret;
+
+ ID0set0();
+ ret = uu_unlock(ttyname);
+ LogPrintf(LogID0, "%d = uu_unlock(\"%s\")\n", ret, ttyname);
+ ID0setuser();
+ return ret;
+}
diff --git a/usr.sbin/ppp/id.h b/usr.sbin/ppp/id.h
new file mode 100644
index 000000000000..ff569c34a2c3
--- /dev/null
+++ b/usr.sbin/ppp/id.h
@@ -0,0 +1,13 @@
+/*
+ * $Id$
+ */
+
+extern void ID0init(void);
+extern uid_t ID0realuid(void);
+extern int ID0ioctl(int, unsigned long, void *);
+extern int ID0unlink(const char *);
+extern int ID0socket(int, int, int);
+extern FILE *ID0fopen(const char *, const char *);
+extern int ID0open(const char *, int);
+extern int ID0uu_lock(const char *);
+extern int ID0uu_unlock(const char *);
diff --git a/usr.sbin/ppp/loadalias.c b/usr.sbin/ppp/loadalias.c
index c5e7487fd0f5..b20983326ffa 100644
--- a/usr.sbin/ppp/loadalias.c
+++ b/usr.sbin/ppp/loadalias.c
@@ -1,5 +1,5 @@
/*
- * $Id: $
+ * $Id: loadalias.c,v 1.8 1997/10/26 01:03:01 brian Exp $
*/
#include <sys/param.h>
@@ -16,6 +16,7 @@
#include "systems.h"
#include "mbuf.h"
#include "log.h"
+#include "id.h"
#include "loadalias.h"
#include "vars.h"
@@ -53,7 +54,7 @@ loadAliasHandlers(struct aliasHandlers * h)
path = _PATH_ALIAS;
env = getenv("_PATH_ALIAS");
if (env)
- if (OrigUid() == 0)
+ if (ID0realuid() == 0)
path = env;
else
LogPrintf(LogALERT, "Ignoring environment _PATH_ALIAS value (%s)\n", env);
diff --git a/usr.sbin/ppp/log.c b/usr.sbin/ppp/log.c
index 298372b45fcd..f2d61517556f 100644
--- a/usr.sbin/ppp/log.c
+++ b/usr.sbin/ppp/log.c
@@ -1,5 +1,5 @@
/*
- * $Id: log.c,v 1.17 1997/10/26 01:03:05 brian Exp $
+ * $Id: log.c,v 1.18 1997/11/04 01:17:00 brian Exp $
*/
#include <sys/param.h>
@@ -25,6 +25,7 @@ static char *LogNames[] = {
"Connect",
"Debug",
"HDLC",
+ "ID0",
"IPCP",
"LCP",
"Link",
diff --git a/usr.sbin/ppp/log.h b/usr.sbin/ppp/log.h
index e3197c7fef0c..d7fefa07866a 100644
--- a/usr.sbin/ppp/log.h
+++ b/usr.sbin/ppp/log.h
@@ -1,5 +1,5 @@
/*
- * $Id: log.h,v 1.14 1997/10/26 01:03:06 brian Exp $
+ * $Id: log.h,v 1.15 1997/11/04 01:17:01 brian Exp $
*/
#define LogMIN (1)
@@ -11,18 +11,19 @@
#define LogCONNECT (6)
#define LogDEBUG (7) /* syslog(LOG_DEBUG, ....) */
#define LogHDLC (8)
-#define LogIPCP (9)
-#define LogLCP (10)
-#define LogLINK (11)
-#define LogLQM (12)
-#define LogPHASE (13)
-#define LogTCPIP (14)
-#define LogTUN (15) /* If set, tun%d is output with each message */
-#define LogMAXCONF (15)
-#define LogWARN (16) /* Sent to VarTerm else syslog(LOG_WARNING, ) */
-#define LogERROR (17) /* syslog(LOG_ERR, ....), + sent to VarTerm */
-#define LogALERT (18) /* syslog(LOG_ALERT, ....) */
-#define LogMAX (18)
+#define LogID0 (9)
+#define LogIPCP (10)
+#define LogLCP (11)
+#define LogLINK (12)
+#define LogLQM (13)
+#define LogPHASE (14)
+#define LogTCPIP (15)
+#define LogTUN (16) /* If set, tun%d is output with each message */
+#define LogMAXCONF (16)
+#define LogWARN (17) /* Sent to VarTerm else syslog(LOG_WARNING, ) */
+#define LogERROR (18) /* syslog(LOG_ERR, ....), + sent to VarTerm */
+#define LogALERT (19) /* syslog(LOG_ALERT, ....) */
+#define LogMAX (19)
/* The first int arg for all of the following is one of the above values */
extern const char *LogName(int);
diff --git a/usr.sbin/ppp/main.c b/usr.sbin/ppp/main.c
index 73b6d6cb2c1e..36ec955876da 100644
--- a/usr.sbin/ppp/main.c
+++ b/usr.sbin/ppp/main.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: main.c,v 1.87 1997/11/04 01:17:02 brian Exp $
+ * $Id: main.c,v 1.88 1997/11/08 00:28:09 brian Exp $
*
* TODO:
* o Add commands for traffic summary, version display, etc.
@@ -47,6 +47,7 @@
#include "mbuf.h"
#include "log.h"
#include "defs.h"
+#include "id.h"
#include "timer.h"
#include "fsm.h"
#include "modem.h"
@@ -82,7 +83,6 @@ static struct termios oldtio; /* Original tty mode */
static struct termios comtio; /* Command level tty mode */
static pid_t BGPid = 0;
static char pid_filename[MAXPATHLEN];
-static char if_filename[MAXPATHLEN];
static int dial_up;
static void DoLoop(void);
@@ -178,8 +178,7 @@ Cleanup(int excode)
nointr_sleep(1);
if (mode & MODE_AUTO)
DeleteIfRoutes(1);
- (void) unlink(pid_filename);
- (void) unlink(if_filename);
+ ID0unlink(pid_filename);
if (mode & MODE_BACKGROUND && BGFiledes[1] != -1) {
char c = EX_ERRDEAD;
@@ -190,9 +189,9 @@ Cleanup(int excode)
close(BGFiledes[1]);
}
LogPrintf(LogPHASE, "PPP Terminated (%s).\n", ex_desc(excode));
- LogClose();
ServerClose();
TtyOldMode();
+ LogClose();
exit(excode);
}
@@ -344,8 +343,8 @@ main(int argc, char **argv)
}
VarTerm = stdout;
}
+ ID0init();
Greetings();
- GetUid();
IpcpDefAddress();
LocalAuthInit();
@@ -475,9 +474,8 @@ main(int argc, char **argv)
snprintf(pid_filename, sizeof(pid_filename), "%stun%d.pid",
_PATH_VARRUN, tunno);
- (void) unlink(pid_filename);
-
- if ((lockfile = fopen(pid_filename, "w")) != NULL) {
+ lockfile = ID0fopen(pid_filename, "w");
+ if (lockfile != NULL) {
fprintf(lockfile, "%d\n", (int) getpid());
fclose(lockfile);
} else
diff --git a/usr.sbin/ppp/modem.c b/usr.sbin/ppp/modem.c
index 9015d4e3afdd..89d07267c296 100644
--- a/usr.sbin/ppp/modem.c
+++ b/usr.sbin/ppp/modem.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: modem.c,v 1.61 1997/10/29 01:19:44 brian Exp $
+ * $Id: modem.c,v 1.62 1997/11/08 00:28:09 brian Exp $
*
* TODO:
*/
@@ -38,16 +38,12 @@
#include <termios.h>
#include <time.h>
#include <unistd.h>
-#ifdef __OpenBSD__
-#include <util.h>
-#else
-#include <libutil.h>
-#endif
#include <utmp.h>
#include "mbuf.h"
#include "log.h"
#include "defs.h"
+#include "id.h"
#include "timer.h"
#include "fsm.h"
#include "hdlc.h"
@@ -59,6 +55,11 @@
#include "vars.h"
#include "main.h"
#include "chat.h"
+#ifdef __OpenBSD__
+#include <util.h>
+#else
+#include <libutil.h>
+#endif
#ifndef O_NONBLOCK
#ifdef O_NDELAY
@@ -440,7 +441,7 @@ LockModem()
if (*VarDevice != '/')
return 0;
- if (!(mode & MODE_DIRECT) && (res = uu_lock(VarBaseDevice)) != UU_LOCK_OK) {
+ if (!(mode & MODE_DIRECT) && (res = ID0uu_lock(VarBaseDevice)) != UU_LOCK_OK) {
if (res == UU_LOCK_INUSE)
LogPrintf(LogPHASE, "Modem %s is in use\n", VarDevice);
else
@@ -450,9 +451,8 @@ LockModem()
}
snprintf(fn, sizeof fn, "%s%s.if", _PATH_VARRUN, VarBaseDevice);
- (void) unlink(fn);
-
- if ((lockfile = fopen(fn, "w")) != NULL) {
+ lockfile = ID0fopen(fn, "w");
+ if (lockfile != NULL) {
fprintf(lockfile, "tun%d\n", tunno);
fclose(lockfile);
} else
@@ -468,10 +468,10 @@ UnlockModem()
return;
snprintf(fn, sizeof fn, "%s%s.if", _PATH_VARRUN, VarBaseDevice);
- if (unlink(fn) == -1)
+ if (ID0unlink(fn) == -1)
LogPrintf(LogALERT, "Warning: Can't remove %s: %s\n", fn, strerror(errno));
- if (!(mode & MODE_DIRECT) && uu_unlock(VarBaseDevice) == -1)
+ if (!(mode & MODE_DIRECT) && ID0uu_unlock(VarBaseDevice) == -1)
LogPrintf(LogALERT, "Warning: Can't uu_unlock %s\n", fn);
}
@@ -517,7 +517,7 @@ OpenModem()
if (strncmp(VarDevice, "/dev/", 5) == 0) {
if (LockModem() == -1)
return (-1);
- modem = open(VarDevice, O_RDWR | O_NONBLOCK);
+ modem = ID0open(VarDevice, O_RDWR | O_NONBLOCK);
if (modem < 0) {
LogPrintf(LogERROR, "OpenModem failed: %s: %s\n", VarDevice,
strerror(errno));
diff --git a/usr.sbin/ppp/os.c b/usr.sbin/ppp/os.c
index e862e6b7f5a8..91d74353276e 100644
--- a/usr.sbin/ppp/os.c
+++ b/usr.sbin/ppp/os.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: os.c,v 1.29 1997/10/29 01:19:47 brian Exp $
+ * $Id: os.c,v 1.30 1997/11/08 00:28:10 brian Exp $
*
*/
#include <sys/param.h>
@@ -41,6 +41,7 @@
#include "mbuf.h"
#include "log.h"
+#include "id.h"
#include "defs.h"
#include "timer.h"
#include "fsm.h"
@@ -73,7 +74,7 @@ SetIpDevice(struct in_addr myaddr,
int changeaddr = 0;
u_long mask, addr;
- s = socket(AF_INET, SOCK_DGRAM, 0);
+ s = ID0socket(AF_INET, SOCK_DGRAM, 0);
if (s < 0) {
LogPrintf(LogERROR, "SetIpDevice: socket(): %s\n", strerror(errno));
return (-1);
@@ -88,7 +89,7 @@ SetIpDevice(struct in_addr myaddr,
memset(&ifra.ifra_addr, '\0', sizeof(ifra.ifra_addr));
memset(&ifra.ifra_broadaddr, '\0', sizeof(ifra.ifra_addr));
memset(&ifra.ifra_mask, '\0', sizeof(ifra.ifra_addr));
- if (ioctl(s, SIOCDIFADDR, &ifra) < 0) {
+ if (ID0ioctl(s, SIOCDIFADDR, &ifra) < 0) {
LogPrintf(LogERROR, "SetIpDevice: ioctl(SIOCDIFADDR): %s\n",
strerror(errno));
close(s);
@@ -155,20 +156,20 @@ SetIpDevice(struct in_addr myaddr,
* Interface already exists. Just change the address.
*/
memcpy(&ifrq.ifr_addr, &ifra.ifra_addr, sizeof(struct sockaddr));
- if (ioctl(s, SIOCSIFADDR, &ifra) < 0)
+ if (ID0ioctl(s, SIOCSIFADDR, &ifra) < 0)
LogPrintf(LogERROR, "SetIpDevice: ioctl(SIFADDR): %s\n",
strerror(errno));
memcpy(&ifrq.ifr_dstaddr, &ifra.ifra_broadaddr, sizeof(struct sockaddr));
- if (ioctl(s, SIOCSIFDSTADDR, &ifrq) < 0)
+ if (ID0ioctl(s, SIOCSIFDSTADDR, &ifrq) < 0)
LogPrintf(LogERROR, "SetIpDevice: ioctl(SIFDSTADDR): %s\n",
strerror(errno));
#ifdef notdef
memcpy(&ifrq.ifr_broadaddr, &ifra.ifra_mask, sizeof(struct sockaddr));
- if (ioctl(s, SIOCSIFBRDADDR, &ifrq) < 0)
+ if (ID0ioctl(s, SIOCSIFBRDADDR, &ifrq) < 0)
LogPrintf(LogERROR, "SetIpDevice: ioctl(SIFBRDADDR): %s\n",
strerror(errno));
#endif
- } else if (ioctl(s, SIOCAIFADDR, &ifra) < 0) {
+ } else if (ID0ioctl(s, SIOCAIFADDR, &ifra) < 0) {
LogPrintf(LogERROR, "SetIpDevice: ioctl(SIOCAIFADDR): %s\n",
strerror(errno));
close(s);
@@ -275,7 +276,7 @@ OsInterfaceDown(int final)
return (-1);
}
ifrq.ifr_flags &= ~IFF_UP;
- if (ioctl(s, SIOCSIFFLAGS, &ifrq) < 0) {
+ if (ID0ioctl(s, SIOCSIFFLAGS, &ifrq) < 0) {
LogPrintf(LogERROR, "OsInterfaceDown: ioctl(SIOCSIFFLAGS): %s\n",
strerror(errno));
close(s);
@@ -324,7 +325,7 @@ OpenTunnel(int *ptun)
err = ENOENT;
for (unit = 0; unit <= MAX_TUN; unit++) {
snprintf(devname, sizeof(devname), "/dev/tun%d", unit);
- tun_out = open(devname, O_RDWR);
+ tun_out = ID0open(devname, O_RDWR);
if (tun_out >= 0)
break;
if (errno == ENXIO) {
@@ -373,7 +374,7 @@ OpenTunnel(int *ptun)
return (-1);
}
ifrq.ifr_flags |= IFF_UP;
- if (ioctl(s, SIOCSIFFLAGS, &ifrq) < 0) {
+ if (ID0ioctl(s, SIOCSIFFLAGS, &ifrq) < 0) {
LogPrintf(LogERROR, "OpenTunnel: ioctl(SIOCSIFFLAGS): %s\n",
strerror(errno));
close(s);
diff --git a/usr.sbin/ppp/ppp.8 b/usr.sbin/ppp/ppp.8
index 17059ca586c9..7e3b1c14761e 100644
--- a/usr.sbin/ppp/ppp.8
+++ b/usr.sbin/ppp/ppp.8
@@ -1,4 +1,4 @@
-.\" $Id: ppp.8,v 1.72 1997/11/06 00:25:33 brian Exp $
+.\" $Id: ppp.8,v 1.73 1997/11/08 12:37:33 brian Exp $
.Dd 20 September 1995
.Os FreeBSD
.Dt PPP 8
@@ -1366,6 +1366,7 @@ or directly to the screen:
.It Li Connect Generate complete Chat log
.It Li Debug Log (very verbose) debug information
.It Li HDLC Dump HDLC packet in hex
+.It Li ID0 Log all function calls specifically made as user id 0.
.It Li IPCP Generate an IPCP packet trace
.It Li LCP Generate an LCP packet trace
.It Li Link Log address assignments and link up/down events
diff --git a/usr.sbin/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp.8.m4
index 17059ca586c9..7e3b1c14761e 100644
--- a/usr.sbin/ppp/ppp.8.m4
+++ b/usr.sbin/ppp/ppp.8.m4
@@ -1,4 +1,4 @@
-.\" $Id: ppp.8,v 1.72 1997/11/06 00:25:33 brian Exp $
+.\" $Id: ppp.8,v 1.73 1997/11/08 12:37:33 brian Exp $
.Dd 20 September 1995
.Os FreeBSD
.Dt PPP 8
@@ -1366,6 +1366,7 @@ or directly to the screen:
.It Li Connect Generate complete Chat log
.It Li Debug Log (very verbose) debug information
.It Li HDLC Dump HDLC packet in hex
+.It Li ID0 Log all function calls specifically made as user id 0.
.It Li IPCP Generate an IPCP packet trace
.It Li LCP Generate an LCP packet trace
.It Li Link Log address assignments and link up/down events
diff --git a/usr.sbin/ppp/pred.c b/usr.sbin/ppp/pred.c
index d6e6a00f1114..025120fd730c 100644
--- a/usr.sbin/ppp/pred.c
+++ b/usr.sbin/ppp/pred.c
@@ -5,13 +5,14 @@
* Updated by: Carsten Bormann <cabo@cs.tu-berlin.de>
* Original : Dave Rand <dlr@bungi.com>/<dave_rand@novell.com>
*
- * $Id: pred.c,v 1.14 1997/08/25 00:29:25 brian Exp $
+ * $Id: pred.c,v 1.15 1997/10/26 01:03:34 brian Exp $
*
*/
#include <sys/types.h>
#include <netinet/in.h>
+#include <stdio.h>
#include <string.h>
#include "mbuf.h"
diff --git a/usr.sbin/ppp/route.c b/usr.sbin/ppp/route.c
index 8bca1f2c26c0..b43ca2263aa6 100644
--- a/usr.sbin/ppp/route.c
+++ b/usr.sbin/ppp/route.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: route.c,v 1.21 1997/11/08 00:28:11 brian Exp $
+ * $Id: route.c,v 1.22 1997/11/09 03:22:49 brian Exp $
*
*/
@@ -44,6 +44,7 @@
#include "loadalias.h"
#include "command.h"
#include "vars.h"
+#include "id.h"
#include "route.h"
static int IfIndex;
@@ -63,11 +64,12 @@ OsSetRoute(int cmd,
{
struct rtmsg rtmes;
int s, nb, wb;
- char *cp;
+ char *cp, *cmdstr;
u_long *lp;
struct sockaddr_in rtdata;
- s = socket(PF_ROUTE, SOCK_RAW, 0);
+ cmdstr = (cmd == RTM_ADD ? "Add" : "Delete");
+ s = ID0socket(PF_ROUTE, SOCK_RAW, 0);
if (s < 0) {
LogPrintf(LogERROR, "OsSetRoute: socket(): %s\n", strerror(errno));
return;
@@ -122,15 +124,18 @@ OsSetRoute(int cmd,
case ESRCH:
LogPrintf(LogTCPIP, "Del route failed: Non-existent\n");
break;
+ case 0:
+ LogPrintf(LogTCPIP, "%s route failed: %s\n", cmdstr, strerror(errno));
+ break;
case ENOBUFS:
default:
- LogPrintf(LogTCPIP, "Add/Del route failed: %s\n",
- strerror(rtmes.m_rtm.rtm_errno));
+ LogPrintf(LogTCPIP, "%s route failed: %s\n",
+ cmdstr, strerror(rtmes.m_rtm.rtm_errno));
break;
}
}
- LogPrintf(LogDEBUG, "wrote %d: dst = %x, gateway = %x\n", nb,
- dst.s_addr, gateway.s_addr);
+ LogPrintf(LogDEBUG, "wrote %d: cmd = %s, dst = %x, gateway = %x\n",
+ wb, cmdstr, dst.s_addr, gateway.s_addr);
close(s);
}
diff --git a/usr.sbin/ppp/server.c b/usr.sbin/ppp/server.c
index 4cc8f2e623b6..7415e566de37 100644
--- a/usr.sbin/ppp/server.c
+++ b/usr.sbin/ppp/server.c
@@ -1,5 +1,5 @@
/*
- * $Id: $
+ * $Id: server.c,v 1.6 1997/10/26 01:03:39 brian Exp $
*/
#include <sys/param.h>
@@ -23,6 +23,7 @@
#include "vars.h"
#include "server.h"
#include "log.h"
+#include "id.h"
#include "defs.h"
int server = -2;
@@ -54,7 +55,7 @@ ServerLocalOpen(const char *name, mode_t mask)
ifsun.sun_family = AF_LOCAL;
strcpy(ifsun.sun_path, name);
- s = socket(PF_LOCAL, SOCK_STREAM, 0);
+ s = ID0socket(PF_LOCAL, SOCK_STREAM, 0);
if (s < 0) {
LogPrintf(LogERROR, "Local: socket: %s\n", strerror(errno));
return 3;
@@ -67,14 +68,14 @@ ServerLocalOpen(const char *name, mode_t mask)
if (errno == EADDRINUSE && VarTerm)
fprintf(VarTerm, "Wait for a while, then try again.\n");
close(s);
- unlink(name);
+ ID0unlink(name);
return 4;
}
umask(mask);
if (listen(s, 5) != 0) {
LogPrintf(LogERROR, "Local: Unable to listen to socket - OS overload?\n");
close(s);
- unlink(name);
+ ID0unlink(name);
return 5;
}
ServerClose();
@@ -101,7 +102,7 @@ ServerTcpOpen(int port)
return 6;
}
- s = socket(PF_INET, SOCK_STREAM, 0);
+ s = ID0socket(PF_INET, SOCK_STREAM, 0);
if (s < 0) {
LogPrintf(LogERROR, "Tcp: socket: %s\n", strerror(errno));
return 7;
@@ -134,7 +135,7 @@ ServerClose()
if (server >= 0) {
close(server);
if (rm) {
- unlink(rm);
+ ID0unlink(rm);
rm = 0;
}
}
diff --git a/usr.sbin/ppp/systems.c b/usr.sbin/ppp/systems.c
index 79ca8a843e46..d51e339fecd5 100644
--- a/usr.sbin/ppp/systems.c
+++ b/usr.sbin/ppp/systems.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: systems.c,v 1.17 1997/10/26 01:03:48 brian Exp $
+ * $Id: systems.c,v 1.18 1997/11/04 01:17:05 brian Exp $
*
* TODO:
*/
@@ -31,6 +31,7 @@
#include "mbuf.h"
#include "log.h"
+#include "id.h"
#include "defs.h"
#include "timer.h"
#include "fsm.h"
@@ -42,88 +43,16 @@
#include "server.h"
#include "systems.h"
-static int uid;
-static int gid;
-static int euid;
-static int egid;
-static int usermode;
-
-int
-OrigUid()
-{
- return uid;
-}
-
-void
-GetUid()
-{
- uid = getuid();
- gid = getgid();
- euid = geteuid();
- egid = getegid();
- usermode = 0;
-}
-
-static void
-SetUserId()
-{
- if (!usermode) {
- if (setreuid(euid, uid) == -1) {
- LogPrintf(LogERROR, "unable to setreuid!\n");
- ServerClose();
- exit(1);
- }
- if (setregid(egid, gid) == -1) {
- LogPrintf(LogERROR, "unable to setregid!\n");
- ServerClose();
- exit(1);
- }
- usermode = 1;
- }
-}
-
-static void
-SetPppId()
-{
- if (usermode) {
- if (setreuid(uid, euid) == -1) {
- LogPrintf(LogERROR, "unable to setreuid!\n");
- ServerClose();
- exit(1);
- }
- if (setregid(gid, egid) == -1) {
- LogPrintf(LogERROR, "unable to setregid!\n");
- ServerClose();
- exit(1);
- }
- usermode = 0;
- }
-}
-
FILE *
OpenSecret(char *file)
{
FILE *fp;
- char *cp;
char line[100];
- fp = NULL;
- cp = getenv("HOME");
- if (cp) {
- SetUserId();
- snprintf(line, sizeof line, "%s/.%s", cp, file);
- fp = fopen(line, "r");
- }
- if (fp == NULL) {
- SetPppId();
- snprintf(line, sizeof line, "%s/%s", _PATH_PPP, file);
- fp = fopen(line, "r");
- }
- if (fp == NULL) {
+ snprintf(line, sizeof line, "%s/%s", _PATH_PPP, file);
+ fp = ID0fopen(line, "r");
+ if (fp == NULL)
LogPrintf(LogWARN, "OpenSecret: Can't open %s.\n", line);
- SetPppId();
- return (NULL);
- }
return (fp);
}
@@ -131,7 +60,6 @@ void
CloseSecret(FILE * fp)
{
fclose(fp);
- SetPppId();
}
int
@@ -145,21 +73,10 @@ SelectSystem(char *name, char *file)
char filename[200];
int linenum;
- fp = NULL;
- cp = getenv("HOME");
- if (cp) {
- SetUserId();
- snprintf(filename, sizeof filename, "%s/.%s", cp, file);
- fp = fopen(filename, "r");
- }
- if (fp == NULL) {
- SetPppId(); /* fix from pdp@ark.jr3uom.iijnet.or.jp */
- snprintf(filename, sizeof filename, "%s/%s", _PATH_PPP, file);
- fp = fopen(filename, "r");
- }
+ snprintf(filename, sizeof filename, "%s/%s", _PATH_PPP, file);
+ fp = ID0fopen(filename, "r");
if (fp == NULL) {
LogPrintf(LogDEBUG, "SelectSystem: Can't open %s.\n", filename);
- SetPppId();
return (-1);
}
LogPrintf(LogDEBUG, "SelectSystem: Checking %s (%s).\n", name, filename);
@@ -197,27 +114,23 @@ SelectSystem(char *name, char *file)
if (!len)
continue;
LogPrintf(LogCOMMAND, "%s: %s\n", name, cp);
- SetPppId();
olauth = VarLocalAuth;
if (VarLocalAuth == LOCAL_NO_AUTH)
VarLocalAuth = LOCAL_AUTH;
DecodeCommand(cp, len, 0);
VarLocalAuth = olauth;
- SetUserId();
} else if (*cp == '#') {
continue;
} else
break;
}
fclose(fp);
- SetPppId();
return (0);
}
break;
}
}
fclose(fp);
- SetPppId();
return -1;
}
diff --git a/usr.sbin/ppp/systems.h b/usr.sbin/ppp/systems.h
index 624df393cc20..00f1748cc219 100644
--- a/usr.sbin/ppp/systems.h
+++ b/usr.sbin/ppp/systems.h
@@ -17,12 +17,10 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: systems.h,v 1.6 1997/08/25 00:29:29 brian Exp $
+ * $Id: systems.h,v 1.7 1997/10/26 01:03:49 brian Exp $
*
*/
-extern int OrigUid(void);
-extern void GetUid(void);
extern int SelectSystem(char *, char *);
extern FILE *OpenSecret(char *);
extern void CloseSecret(FILE *);
diff --git a/usr.sbin/ppp/timer.c b/usr.sbin/ppp/timer.c
index cdb17bcfdb0c..83ebb6d8c71c 100644
--- a/usr.sbin/ppp/timer.c
+++ b/usr.sbin/ppp/timer.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: timer.c,v 1.21 1997/10/24 22:36:31 brian Exp $
+ * $Id: timer.c,v 1.22 1997/10/26 01:03:52 brian Exp $
*
* TODO:
*/
@@ -27,6 +27,7 @@
#include <errno.h>
#endif
#include <sys/time.h>
+#include <stdio.h>
#include <unistd.h>
#include "mbuf.h"
diff --git a/usr.sbin/ppp/vjcomp.c b/usr.sbin/ppp/vjcomp.c
index 4f9330494956..e614e4b7fc4b 100644
--- a/usr.sbin/ppp/vjcomp.c
+++ b/usr.sbin/ppp/vjcomp.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: vjcomp.c,v 1.10 1997/10/07 00:56:58 brian Exp $
+ * $Id: vjcomp.c,v 1.11 1997/10/26 01:04:01 brian Exp $
*
* TODO:
*/
@@ -26,6 +26,7 @@
#include <netinet/in_systm.h>
#include <netinet/ip.h>
+#include <stdio.h>
#include <string.h>
#include "mbuf.h"
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-10 00:22:05 +0000