Introduce ID0 logging.

Stay as the invoking uid as much as possible. Execution as a normal user is still forbidden for now, so these changes are pretty ineffective. The next commit will implement the modifications suggested on -hackers a number of days ago.
author: brian <brian@FreeBSD.org> 1997-11-09 06:22:49 +0000
committer: brian <brian@FreeBSD.org> 1997-11-09 06:22:49 +0000
commit: eae0088b91cbc4408b450aa68745064732b86734 (patch)
tree: 330d8937c8f71a0d93df3a925214b73ae069d846 /usr.sbin/ppp
parent: adcd7ae702997873c044a63779bc24521e2f9349 (diff)
download: FreeBSD-src-eae0088b91cbc4408b450aa68745064732b86734.zip
FreeBSD-src-eae0088b91cbc4408b450aa68745064732b86734.tar.gz
21 files changed, 259 insertions, 193 deletions
diff --git a/usr.sbin/ppp/Makefile b/usr.sbin/ppp/Makefile
index 49b24e9..35a35b0 100644
--- a/usr.sbin/ppp/Makefile
+++ b/usr.sbin/ppp/Makefile
@@ -1,8 +1,8 @@
-#	$Id: Makefile,v 1.27 1997/09/28 20:17:59 brian Exp $
+#	$Id: Makefile,v 1.28 1997/10/26 01:01:58 brian Exp $
 
 PROG=	ppp
 SRCS=	alias_cmd.c arp.c async.c auth.c ccp.c chap.c chat.c command.c \
-	defs.c filter.c fsm.c hdlc.c ip.c ipcp.c lcp.c loadalias.c log.c \
+	defs.c filter.c fsm.c hdlc.c id.c ip.c ipcp.c lcp.c loadalias.c log.c \
 	lqr.c main.c mbuf.c modem.c os.c pap.c phase.c pred.c route.c \
 	server.c sig.c slcompress.c systems.c timer.c vars.c vjcomp.c
 CFLAGS+=-Wall -Wmissing-prototypes
diff --git a/usr.sbin/ppp/arp.c b/usr.sbin/ppp/arp.c
index 5129e7b..9450511 100644
--- a/usr.sbin/ppp/arp.c
+++ b/usr.sbin/ppp/arp.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: arp.c,v 1.15 1997/09/10 02:20:27 brian Exp $
+ * $Id: arp.c,v 1.16 1997/10/26 01:02:03 brian Exp $
  *
  */
 
@@ -47,6 +47,7 @@
 
 #include "mbuf.h"
 #include "log.h"
+#include "id.h"
 #include "arp.h"
 
 static int rtm_seq;
@@ -91,7 +92,8 @@ sifproxyarp(int unit, u_long hisaddr)
     LogPrintf(LogERROR, "Cannot determine ethernet address for proxy ARP\n");
     return 0;
   }
-  if ((routes = socket(PF_ROUTE, SOCK_RAW, AF_INET)) < 0) {
+  routes = ID0socket(PF_ROUTE, SOCK_RAW, AF_INET);
+  if (routes < 0) {
     LogPrintf(LogERROR, "sifproxyarp: opening routing socket: %s\n",
 	      strerror(errno));
     return 0;
@@ -134,7 +136,8 @@ cifproxyarp(int unit, u_long hisaddr)
   arpmsg.hdr.rtm_type = RTM_DELETE;
   arpmsg.hdr.rtm_seq = ++rtm_seq;
 
-  if ((routes = socket(PF_ROUTE, SOCK_RAW, AF_INET)) < 0) {
+  routes = ID0socket(PF_ROUTE, SOCK_RAW, AF_INET);
+  if (routes < 0) {
     LogPrintf(LogERROR, "sifproxyarp: opening routing socket: %s\n",
 	      strerror(errno));
     return 0;
@@ -178,7 +181,7 @@ sifproxyarp(int unit, u_long hisaddr)
   SET_SA_FAMILY(arpreq.arp_pa, AF_INET);
   ((struct sockaddr_in *) & arpreq.arp_pa)->sin_addr.s_addr = hisaddr;
   arpreq.arp_flags = ATF_PERM | ATF_PUBL;
-  if (ioctl(unit, SIOCSARP, (caddr_t) & arpreq) < 0) {
+  if (ID0ioctl(unit, SIOCSARP, (caddr_t) & arpreq) < 0) {
     LogPrintf(LogERROR, "sifproxyarp: ioctl(SIOCSARP): %s\n", strerror(errno));
     return 0;
   }
@@ -196,7 +199,7 @@ cifproxyarp(int unit, u_long hisaddr)
   memset(&arpreq, '\0', sizeof(arpreq));
   SET_SA_FAMILY(arpreq.arp_pa, AF_INET);
   ((struct sockaddr_in *) & arpreq.arp_pa)->sin_addr.s_addr = hisaddr;
-  if (ioctl(unit, SIOCDARP, (caddr_t) & arpreq) < 0) {
+  if (ID0ioctl(unit, SIOCDARP, (caddr_t) & arpreq) < 0) {
     LogPrintf(LogERROR, "cifproxyarp: ioctl(SIOCDARP): %s\n", strerror(errno));
     return 0;
   }
diff --git a/usr.sbin/ppp/chat.c b/usr.sbin/ppp/chat.c
index 58d61b3..bf537f5 100644
--- a/usr.sbin/ppp/chat.c
+++ b/usr.sbin/ppp/chat.c
@@ -18,7 +18,7 @@
  *		Columbus, OH  43221
  *		(614)451-1883
  *
- * $Id: chat.c,v 1.35 1997/10/26 01:02:22 brian Exp $
+ * $Id: chat.c,v 1.36 1997/10/29 01:19:39 brian Exp $
  *
  *  TODO:
  *	o Support more UUCP compatible control sequences.
@@ -460,16 +460,8 @@ ExecStr(char *command, char *out)
       LogPrintf(LogCHAT, "dup2(nb, 0) in ExecStr: %s\n", strerror(errno));
       return;
     }
+    setuid(geteuid());
     LogPrintf(LogCHAT, "exec: %s\n", command);
-    /* switch back to original privileges */
-    if (setgid(getgid()) < 0) {
-      LogPrintf(LogCHAT, "setgid: %s\n", strerror(errno));
-      exit(1);
-    }
-    if (setuid(getuid()) < 0) {
-      LogPrintf(LogCHAT, "setuid: %s\n", strerror(errno));
-      exit(1);
-    }
     pid = execvp(command, vector);
     LogPrintf(LogCHAT, "execvp failed for (%d/%d): %s\n", pid, errno, command);
     exit(127);
diff --git a/usr.sbin/ppp/command.c b/usr.sbin/ppp/command.c
index 6f25306..00d10ce 100644
--- a/usr.sbin/ppp/command.c
+++ b/usr.sbin/ppp/command.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: command.c,v 1.90 1997/11/04 01:16:59 brian Exp $
+ * $Id: command.c,v 1.91 1997/11/08 00:28:06 brian Exp $
  *
  */
 #include <sys/param.h>
@@ -273,19 +273,8 @@ ShellCommand(struct cmdtab const * cmdlist, int argc, char **argv, int bg)
     for (dtablesize = getdtablesize(), i = 3; i < dtablesize; i++)
       (void) close(i);
 
-    /*
-     * We are running setuid, we should change to real user for avoiding
-     * security problems.
-     */
-    if (setgid(getgid()) < 0) {
-      LogPrintf(LogERROR, "setgid: %s\n", strerror(errno));
-      exit(1);
-    }
-    if (setuid(getuid()) < 0) {
-      LogPrintf(LogERROR, "setuid: %s\n", strerror(errno));
-      exit(1);
-    }
     TtyOldMode();
+    setuid(geteuid());
     if (argc > 0) {
       /* substitute pseudo args */
       for (i = 1; i < argc; i++)
diff --git a/usr.sbin/ppp/id.c b/usr.sbin/ppp/id.c
new file mode 100644
index 0000000..c37e5fe
--- /dev/null
+++ b/usr.sbin/ppp/id.c
@@ -0,0 +1,145 @@
+/*
+ * $Id: defs.c,v 1.1 1997/10/26 01:02:30 brian Exp $
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#include <sys/ioctl.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sysexits.h>
+#include <unistd.h>
+
+#include "mbuf.h"
+#include "log.h"
+#include "main.h"
+#ifdef __OpenBSD__
+#include <util.h>
+#else
+#include <libutil.h>
+#endif
+#include "id.h"
+
+static int uid;
+static int gid;
+static int euid;
+static int egid;
+
+void
+ID0init()
+{
+  uid = getuid();
+  gid = getgid();
+  euid = geteuid();
+  egid = getegid();
+}
+
+static void
+ID0setuser()
+{
+  if (setreuid(euid, uid) == -1) {
+    LogPrintf(LogERROR, "ID0setuser: Unable to setreuid!\n");
+    Cleanup(EX_NOPERM);
+  }
+}
+
+uid_t
+ID0realuid()
+{
+  return uid;
+}
+
+static void
+ID0set0()
+{
+  if (setreuid(uid, euid) == -1) {
+    LogPrintf(LogERROR, "ID0set0: Unable to setreuid!\n");
+    Cleanup(EX_NOPERM);
+  }
+}
+
+int
+ID0ioctl(int fd, unsigned long req, void *arg)
+{
+  int ret;
+
+  ID0set0();
+  ret = ioctl(fd, req, arg);
+  LogPrintf(LogID0, "%d = ioctl(%d, %d, %p)\n", ret, fd, req, arg);
+  ID0setuser();
+  return ret;
+}
+
+int
+ID0unlink(const char *name)
+{
+  int ret;
+
+  ID0set0();
+  ret = unlink(name);
+  LogPrintf(LogID0, "%d = unlink(\"%s\")\n", ret, name);
+  ID0setuser();
+  return ret;
+}
+
+int
+ID0socket(int domain, int type, int protocol)
+{
+  int ret;
+
+  ID0set0();
+  ret = socket(domain, type, protocol);
+  LogPrintf(LogID0, "%d = socket(%d, %d, %d)\n", ret, domain, type, protocol);
+  ID0setuser();
+  return ret;
+}
+
+FILE *
+ID0fopen(const char *path, const char *mode)
+{
+  FILE *ret;
+
+  ID0set0();
+  ret = fopen(path, mode);
+  LogPrintf(LogID0, "%p = fopen(\"%s\", \"%s\")\n", ret, path, mode);
+  ID0setuser();
+  return ret;
+}
+
+int
+ID0open(const char *path, int flags)
+{
+  int ret;
+
+  ID0set0();
+  ret = open(path, flags);
+  LogPrintf(LogID0, "%d = open(\"%s\", %d)\n", ret, path, flags);
+  ID0setuser();
+  return ret;
+}
+
+int
+ID0uu_lock(const char *ttyname)
+{
+  int ret;
+
+  ID0set0();
+  ret = uu_lock(ttyname);
+  LogPrintf(LogID0, "%d = uu_lock(\"%s\")\n", ret, ttyname);
+  ID0setuser();
+  return ret;
+}
+
+int
+ID0uu_unlock(const char *ttyname)
+{
+  int ret;
+
+  ID0set0();
+  ret = uu_unlock(ttyname);
+  LogPrintf(LogID0, "%d = uu_unlock(\"%s\")\n", ret, ttyname);
+  ID0setuser();
+  return ret;
+}
diff --git a/usr.sbin/ppp/id.h b/usr.sbin/ppp/id.h
new file mode 100644
index 0000000..ff569c3
--- /dev/null
+++ b/usr.sbin/ppp/id.h
@@ -0,0 +1,13 @@
+/*
+ * $Id$
+ */
+
+extern void ID0init(void);
+extern uid_t ID0realuid(void);
+extern int ID0ioctl(int, unsigned long, void *);
+extern int ID0unlink(const char *);
+extern int ID0socket(int, int, int);
+extern FILE *ID0fopen(const char *, const char *);
+extern int ID0open(const char *, int);
+extern int ID0uu_lock(const char *);
+extern int ID0uu_unlock(const char *);
diff --git a/usr.sbin/ppp/loadalias.c b/usr.sbin/ppp/loadalias.c
index c5e7487..b209833 100644
--- a/usr.sbin/ppp/loadalias.c
+++ b/usr.sbin/ppp/loadalias.c
@@ -1,5 +1,5 @@
 /*
- * $Id: $
+ * $Id: loadalias.c,v 1.8 1997/10/26 01:03:01 brian Exp $
  */
 
 #include <sys/param.h>
@@ -16,6 +16,7 @@
 #include "systems.h"
 #include "mbuf.h"
 #include "log.h"
+#include "id.h"
 #include "loadalias.h"
 #include "vars.h"
 
@@ -53,7 +54,7 @@ loadAliasHandlers(struct aliasHandlers * h)
   path = _PATH_ALIAS;
   env = getenv("_PATH_ALIAS");
   if (env)
-    if (OrigUid() == 0)
+    if (ID0realuid() == 0)
       path = env;
     else
       LogPrintf(LogALERT, "Ignoring environment _PATH_ALIAS value (%s)\n", env);
diff --git a/usr.sbin/ppp/log.c b/usr.sbin/ppp/log.c
index 298372b..f2d6151 100644
--- a/usr.sbin/ppp/log.c
+++ b/usr.sbin/ppp/log.c
@@ -1,5 +1,5 @@
 /*
- * $Id: log.c,v 1.17 1997/10/26 01:03:05 brian Exp $
+ * $Id: log.c,v 1.18 1997/11/04 01:17:00 brian Exp $
  */
 
 #include <sys/param.h>
@@ -25,6 +25,7 @@ static char *LogNames[] = {
   "Connect",
   "Debug",
   "HDLC",
+  "ID0",
   "IPCP",
   "LCP",
   "Link",
diff --git a/usr.sbin/ppp/log.h b/usr.sbin/ppp/log.h
index e3197c7..d7fefa0 100644
--- a/usr.sbin/ppp/log.h
+++ b/usr.sbin/ppp/log.h
@@ -1,5 +1,5 @@
 /*
- * $Id: log.h,v 1.14 1997/10/26 01:03:06 brian Exp $
+ * $Id: log.h,v 1.15 1997/11/04 01:17:01 brian Exp $
  */
 
 #define LogMIN		(1)
@@ -11,18 +11,19 @@
 #define LogCONNECT	(6)
 #define LogDEBUG	(7)	/* syslog(LOG_DEBUG, ....)	 */
 #define LogHDLC		(8)
-#define LogIPCP		(9)
-#define LogLCP		(10)
-#define LogLINK		(11)
-#define LogLQM		(12)
-#define LogPHASE	(13)
-#define LogTCPIP	(14)
-#define LogTUN		(15)	/* If set, tun%d is output with each message */
-#define LogMAXCONF	(15)
-#define LogWARN		(16)	/* Sent to VarTerm else syslog(LOG_WARNING, ) */
-#define LogERROR	(17)	/* syslog(LOG_ERR, ....), + sent to VarTerm */
-#define LogALERT	(18)	/* syslog(LOG_ALERT, ....)	 */
-#define LogMAX		(18)
+#define LogID0		(9)
+#define LogIPCP		(10)
+#define LogLCP		(11)
+#define LogLINK		(12)
+#define LogLQM		(13)
+#define LogPHASE	(14)
+#define LogTCPIP	(15)
+#define LogTUN		(16)	/* If set, tun%d is output with each message */
+#define LogMAXCONF	(16)
+#define LogWARN		(17)	/* Sent to VarTerm else syslog(LOG_WARNING, ) */
+#define LogERROR	(18)	/* syslog(LOG_ERR, ....), + sent to VarTerm */
+#define LogALERT	(19)	/* syslog(LOG_ALERT, ....)	 */
+#define LogMAX		(19)
 
 /* The first int arg for all of the following is one of the above values */
 extern const char *LogName(int);
diff --git a/usr.sbin/ppp/main.c b/usr.sbin/ppp/main.c
index 73b6d6c..36ec955 100644
--- a/usr.sbin/ppp/main.c
+++ b/usr.sbin/ppp/main.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: main.c,v 1.87 1997/11/04 01:17:02 brian Exp $
+ * $Id: main.c,v 1.88 1997/11/08 00:28:09 brian Exp $
  *
  *	TODO:
  *		o Add commands for traffic summary, version display, etc.
@@ -47,6 +47,7 @@
 #include "mbuf.h"
 #include "log.h"
 #include "defs.h"
+#include "id.h"
 #include "timer.h"
 #include "fsm.h"
 #include "modem.h"
@@ -82,7 +83,6 @@ static struct termios oldtio;	/* Original tty mode */
 static struct termios comtio;	/* Command level tty mode */
 static pid_t BGPid = 0;
 static char pid_filename[MAXPATHLEN];
-static char if_filename[MAXPATHLEN];
 static int dial_up;
 
 static void DoLoop(void);
@@ -178,8 +178,7 @@ Cleanup(int excode)
   nointr_sleep(1);
   if (mode & MODE_AUTO)
     DeleteIfRoutes(1);
-  (void) unlink(pid_filename);
-  (void) unlink(if_filename);
+  ID0unlink(pid_filename);
   if (mode & MODE_BACKGROUND && BGFiledes[1] != -1) {
     char c = EX_ERRDEAD;
 
@@ -190,9 +189,9 @@ Cleanup(int excode)
     close(BGFiledes[1]);
   }
   LogPrintf(LogPHASE, "PPP Terminated (%s).\n", ex_desc(excode));
-  LogClose();
   ServerClose();
   TtyOldMode();
+  LogClose();
 
   exit(excode);
 }
@@ -344,8 +343,8 @@ main(int argc, char **argv)
     }
     VarTerm = stdout;
   }
+  ID0init();
   Greetings();
-  GetUid();
   IpcpDefAddress();
   LocalAuthInit();
 
@@ -475,9 +474,8 @@ main(int argc, char **argv)
 
   snprintf(pid_filename, sizeof(pid_filename), "%stun%d.pid",
            _PATH_VARRUN, tunno);
-  (void) unlink(pid_filename);
-
-  if ((lockfile = fopen(pid_filename, "w")) != NULL) {
+  lockfile = ID0fopen(pid_filename, "w");
+  if (lockfile != NULL) {
     fprintf(lockfile, "%d\n", (int) getpid());
     fclose(lockfile);
   } else
diff --git a/usr.sbin/ppp/modem.c b/usr.sbin/ppp/modem.c
index 9015d4e..89d0726 100644
--- a/usr.sbin/ppp/modem.c
+++ b/usr.sbin/ppp/modem.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: modem.c,v 1.61 1997/10/29 01:19:44 brian Exp $
+ * $Id: modem.c,v 1.62 1997/11/08 00:28:09 brian Exp $
  *
  *  TODO:
  */
@@ -38,16 +38,12 @@
 #include <termios.h>
 #include <time.h>
 #include <unistd.h>
-#ifdef __OpenBSD__
-#include <util.h>
-#else
-#include <libutil.h>
-#endif
 #include <utmp.h>
 
 #include "mbuf.h"
 #include "log.h"
 #include "defs.h"
+#include "id.h"
 #include "timer.h"
 #include "fsm.h"
 #include "hdlc.h"
@@ -59,6 +55,11 @@
 #include "vars.h"
 #include "main.h"
 #include "chat.h"
+#ifdef __OpenBSD__
+#include <util.h>
+#else
+#include <libutil.h>
+#endif
 
 #ifndef O_NONBLOCK
 #ifdef O_NDELAY
@@ -440,7 +441,7 @@ LockModem()
   if (*VarDevice != '/')
     return 0;
 
-  if (!(mode & MODE_DIRECT) && (res = uu_lock(VarBaseDevice)) != UU_LOCK_OK) {
+  if (!(mode & MODE_DIRECT) && (res = ID0uu_lock(VarBaseDevice)) != UU_LOCK_OK) {
     if (res == UU_LOCK_INUSE)
       LogPrintf(LogPHASE, "Modem %s is in use\n", VarDevice);
     else
@@ -450,9 +451,8 @@ LockModem()
   }
 
   snprintf(fn, sizeof fn, "%s%s.if", _PATH_VARRUN, VarBaseDevice);
-  (void) unlink(fn);
-
-  if ((lockfile = fopen(fn, "w")) != NULL) {
+  lockfile = ID0fopen(fn, "w");
+  if (lockfile != NULL) {
     fprintf(lockfile, "tun%d\n", tunno);
     fclose(lockfile);
   } else
@@ -468,10 +468,10 @@ UnlockModem()
     return;
 
   snprintf(fn, sizeof fn, "%s%s.if", _PATH_VARRUN, VarBaseDevice);
-  if (unlink(fn) == -1)
+  if (ID0unlink(fn) == -1)
     LogPrintf(LogALERT, "Warning: Can't remove %s: %s\n", fn, strerror(errno));
 
-  if (!(mode & MODE_DIRECT) && uu_unlock(VarBaseDevice) == -1)
+  if (!(mode & MODE_DIRECT) && ID0uu_unlock(VarBaseDevice) == -1)
     LogPrintf(LogALERT, "Warning: Can't uu_unlock %s\n", fn);
 }
 
@@ -517,7 +517,7 @@ OpenModem()
     if (strncmp(VarDevice, "/dev/", 5) == 0) {
       if (LockModem() == -1)
         return (-1);
-      modem = open(VarDevice, O_RDWR | O_NONBLOCK);
+      modem = ID0open(VarDevice, O_RDWR | O_NONBLOCK);
       if (modem < 0) {
 	LogPrintf(LogERROR, "OpenModem failed: %s: %s\n", VarDevice,
 		  strerror(errno));
diff --git a/usr.sbin/ppp/os.c b/usr.sbin/ppp/os.c
index e862e6b..91d7435 100644
--- a/usr.sbin/ppp/os.c
+++ b/usr.sbin/ppp/os.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: os.c,v 1.29 1997/10/29 01:19:47 brian Exp $
+ * $Id: os.c,v 1.30 1997/11/08 00:28:10 brian Exp $
  *
  */
 #include <sys/param.h>
@@ -41,6 +41,7 @@
 
 #include "mbuf.h"
 #include "log.h"
+#include "id.h"
 #include "defs.h"
 #include "timer.h"
 #include "fsm.h"
@@ -73,7 +74,7 @@ SetIpDevice(struct in_addr myaddr,
   int changeaddr = 0;
   u_long mask, addr;
 
-  s = socket(AF_INET, SOCK_DGRAM, 0);
+  s = ID0socket(AF_INET, SOCK_DGRAM, 0);
   if (s < 0) {
     LogPrintf(LogERROR, "SetIpDevice: socket(): %s\n", strerror(errno));
     return (-1);
@@ -88,7 +89,7 @@ SetIpDevice(struct in_addr myaddr,
     memset(&ifra.ifra_addr, '\0', sizeof(ifra.ifra_addr));
     memset(&ifra.ifra_broadaddr, '\0', sizeof(ifra.ifra_addr));
     memset(&ifra.ifra_mask, '\0', sizeof(ifra.ifra_addr));
-    if (ioctl(s, SIOCDIFADDR, &ifra) < 0) {
+    if (ID0ioctl(s, SIOCDIFADDR, &ifra) < 0) {
       LogPrintf(LogERROR, "SetIpDevice: ioctl(SIOCDIFADDR): %s\n",
 		strerror(errno));
       close(s);
@@ -155,20 +156,20 @@ SetIpDevice(struct in_addr myaddr,
        * Interface already exists. Just change the address.
        */
       memcpy(&ifrq.ifr_addr, &ifra.ifra_addr, sizeof(struct sockaddr));
-      if (ioctl(s, SIOCSIFADDR, &ifra) < 0)
+      if (ID0ioctl(s, SIOCSIFADDR, &ifra) < 0)
 	LogPrintf(LogERROR, "SetIpDevice: ioctl(SIFADDR): %s\n",
 		  strerror(errno));
       memcpy(&ifrq.ifr_dstaddr, &ifra.ifra_broadaddr, sizeof(struct sockaddr));
-      if (ioctl(s, SIOCSIFDSTADDR, &ifrq) < 0)
+      if (ID0ioctl(s, SIOCSIFDSTADDR, &ifrq) < 0)
 	LogPrintf(LogERROR, "SetIpDevice: ioctl(SIFDSTADDR): %s\n",
 		  strerror(errno));
 #ifdef notdef
       memcpy(&ifrq.ifr_broadaddr, &ifra.ifra_mask, sizeof(struct sockaddr));
-      if (ioctl(s, SIOCSIFBRDADDR, &ifrq) < 0)
+      if (ID0ioctl(s, SIOCSIFBRDADDR, &ifrq) < 0)
 	LogPrintf(LogERROR, "SetIpDevice: ioctl(SIFBRDADDR): %s\n",
 		  strerror(errno));
 #endif
-    } else if (ioctl(s, SIOCAIFADDR, &ifra) < 0) {
+    } else if (ID0ioctl(s, SIOCAIFADDR, &ifra) < 0) {
       LogPrintf(LogERROR, "SetIpDevice: ioctl(SIOCAIFADDR): %s\n",
 		strerror(errno));
       close(s);
@@ -275,7 +276,7 @@ OsInterfaceDown(int final)
     return (-1);
   }
   ifrq.ifr_flags &= ~IFF_UP;
-  if (ioctl(s, SIOCSIFFLAGS, &ifrq) < 0) {
+  if (ID0ioctl(s, SIOCSIFFLAGS, &ifrq) < 0) {
     LogPrintf(LogERROR, "OsInterfaceDown: ioctl(SIOCSIFFLAGS): %s\n",
 	      strerror(errno));
     close(s);
@@ -324,7 +325,7 @@ OpenTunnel(int *ptun)
   err = ENOENT;
   for (unit = 0; unit <= MAX_TUN; unit++) {
     snprintf(devname, sizeof(devname), "/dev/tun%d", unit);
-    tun_out = open(devname, O_RDWR);
+    tun_out = ID0open(devname, O_RDWR);
     if (tun_out >= 0)
       break;
     if (errno == ENXIO) {
@@ -373,7 +374,7 @@ OpenTunnel(int *ptun)
     return (-1);
   }
   ifrq.ifr_flags |= IFF_UP;
-  if (ioctl(s, SIOCSIFFLAGS, &ifrq) < 0) {
+  if (ID0ioctl(s, SIOCSIFFLAGS, &ifrq) < 0) {
     LogPrintf(LogERROR, "OpenTunnel: ioctl(SIOCSIFFLAGS): %s\n",
 	      strerror(errno));
     close(s);
diff --git a/usr.sbin/ppp/ppp.8 b/usr.sbin/ppp/ppp.8
index 17059ca..7e3b1c1 100644
--- a/usr.sbin/ppp/ppp.8
+++ b/usr.sbin/ppp/ppp.8
@@ -1,4 +1,4 @@
-.\" $Id: ppp.8,v 1.72 1997/11/06 00:25:33 brian Exp $
+.\" $Id: ppp.8,v 1.73 1997/11/08 12:37:33 brian Exp $
 .Dd 20 September 1995
 .Os FreeBSD
 .Dt PPP 8
@@ -1366,6 +1366,7 @@ or directly to the screen:
 .It Li Connect	Generate complete Chat log
 .It Li Debug	Log (very verbose) debug information
 .It Li HDLC	Dump HDLC packet in hex
+.It Li ID0	Log all function calls specifically made as user id 0.
 .It Li IPCP	Generate an IPCP packet trace
 .It Li LCP	Generate an LCP packet trace
 .It Li Link	Log address assignments and link up/down events
diff --git a/usr.sbin/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp.8.m4
index 17059ca..7e3b1c1 100644
--- a/usr.sbin/ppp/ppp.8.m4
+++ b/usr.sbin/ppp/ppp.8.m4
@@ -1,4 +1,4 @@
-.\" $Id: ppp.8,v 1.72 1997/11/06 00:25:33 brian Exp $
+.\" $Id: ppp.8,v 1.73 1997/11/08 12:37:33 brian Exp $
 .Dd 20 September 1995
 .Os FreeBSD
 .Dt PPP 8
@@ -1366,6 +1366,7 @@ or directly to the screen:
 .It Li Connect	Generate complete Chat log
 .It Li Debug	Log (very verbose) debug information
 .It Li HDLC	Dump HDLC packet in hex
+.It Li ID0	Log all function calls specifically made as user id 0.
 .It Li IPCP	Generate an IPCP packet trace
 .It Li LCP	Generate an LCP packet trace
 .It Li Link	Log address assignments and link up/down events
diff --git a/usr.sbin/ppp/pred.c b/usr.sbin/ppp/pred.c
index d6e6a00..025120f 100644
--- a/usr.sbin/ppp/pred.c
+++ b/usr.sbin/ppp/pred.c
@@ -5,13 +5,14 @@
  * Updated by: Carsten Bormann <cabo@cs.tu-berlin.de>
  * Original  : Dave Rand <dlr@bungi.com>/<dave_rand@novell.com>
  *
- * $Id: pred.c,v 1.14 1997/08/25 00:29:25 brian Exp $
+ * $Id: pred.c,v 1.15 1997/10/26 01:03:34 brian Exp $
  *
  */
 
 #include <sys/types.h>
 #include <netinet/in.h>
 
+#include <stdio.h>
 #include <string.h>
 
 #include "mbuf.h"
diff --git a/usr.sbin/ppp/route.c b/usr.sbin/ppp/route.c
index 8bca1f2..b43ca22 100644
--- a/usr.sbin/ppp/route.c
+++ b/usr.sbin/ppp/route.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: route.c,v 1.21 1997/11/08 00:28:11 brian Exp $
+ * $Id: route.c,v 1.22 1997/11/09 03:22:49 brian Exp $
  *
  */
 
@@ -44,6 +44,7 @@
 #include "loadalias.h"
 #include "command.h"
 #include "vars.h"
+#include "id.h"
 #include "route.h"
 
 static int IfIndex;
@@ -63,11 +64,12 @@ OsSetRoute(int cmd,
 {
   struct rtmsg rtmes;
   int s, nb, wb;
-  char *cp;
+  char *cp, *cmdstr;
   u_long *lp;
   struct sockaddr_in rtdata;
 
-  s = socket(PF_ROUTE, SOCK_RAW, 0);
+  cmdstr = (cmd == RTM_ADD ? "Add" : "Delete");
+  s = ID0socket(PF_ROUTE, SOCK_RAW, 0);
   if (s < 0) {
     LogPrintf(LogERROR, "OsSetRoute: socket(): %s\n", strerror(errno));
     return;
@@ -122,15 +124,18 @@ OsSetRoute(int cmd,
     case ESRCH:
       LogPrintf(LogTCPIP, "Del route failed: Non-existent\n");
       break;
+    case 0:
+      LogPrintf(LogTCPIP, "%s route failed: %s\n", cmdstr, strerror(errno));
+      break;
     case ENOBUFS:
     default:
-      LogPrintf(LogTCPIP, "Add/Del route failed: %s\n",
-		strerror(rtmes.m_rtm.rtm_errno));
+      LogPrintf(LogTCPIP, "%s route failed: %s\n",
+		cmdstr, strerror(rtmes.m_rtm.rtm_errno));
       break;
     }
   }
-  LogPrintf(LogDEBUG, "wrote %d: dst = %x, gateway = %x\n", nb,
-	    dst.s_addr, gateway.s_addr);
+  LogPrintf(LogDEBUG, "wrote %d: cmd = %s, dst = %x, gateway = %x\n",
+            wb, cmdstr, dst.s_addr, gateway.s_addr);
   close(s);
 }
 
diff --git a/usr.sbin/ppp/server.c b/usr.sbin/ppp/server.c
index 4cc8f2e..7415e56 100644
--- a/usr.sbin/ppp/server.c
+++ b/usr.sbin/ppp/server.c
@@ -1,5 +1,5 @@
 /*
- * $Id: $
+ * $Id: server.c,v 1.6 1997/10/26 01:03:39 brian Exp $
  */
 
 #include <sys/param.h>
@@ -23,6 +23,7 @@
 #include "vars.h"
 #include "server.h"
 #include "log.h"
+#include "id.h"
 #include "defs.h"
 
 int server = -2;
@@ -54,7 +55,7 @@ ServerLocalOpen(const char *name, mode_t mask)
   ifsun.sun_family = AF_LOCAL;
   strcpy(ifsun.sun_path, name);
 
-  s = socket(PF_LOCAL, SOCK_STREAM, 0);
+  s = ID0socket(PF_LOCAL, SOCK_STREAM, 0);
   if (s < 0) {
     LogPrintf(LogERROR, "Local: socket: %s\n", strerror(errno));
     return 3;
@@ -67,14 +68,14 @@ ServerLocalOpen(const char *name, mode_t mask)
     if (errno == EADDRINUSE && VarTerm)
       fprintf(VarTerm, "Wait for a while, then try again.\n");
     close(s);
-    unlink(name);
+    ID0unlink(name);
     return 4;
   }
   umask(mask);
   if (listen(s, 5) != 0) {
     LogPrintf(LogERROR, "Local: Unable to listen to socket - OS overload?\n");
     close(s);
-    unlink(name);
+    ID0unlink(name);
     return 5;
   }
   ServerClose();
@@ -101,7 +102,7 @@ ServerTcpOpen(int port)
     return 6;
   }
 
-  s = socket(PF_INET, SOCK_STREAM, 0);
+  s = ID0socket(PF_INET, SOCK_STREAM, 0);
   if (s < 0) {
     LogPrintf(LogERROR, "Tcp: socket: %s\n", strerror(errno));
     return 7;
@@ -134,7 +135,7 @@ ServerClose()
   if (server >= 0) {
     close(server);
     if (rm) {
-      unlink(rm);
+      ID0unlink(rm);
       rm = 0;
     }
   }
diff --git a/usr.sbin/ppp/systems.c b/usr.sbin/ppp/systems.c
index 79ca8a8..d51e339 100644
--- a/usr.sbin/ppp/systems.c
+++ b/usr.sbin/ppp/systems.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: systems.c,v 1.17 1997/10/26 01:03:48 brian Exp $
+ * $Id: systems.c,v 1.18 1997/11/04 01:17:05 brian Exp $
  *
  *  TODO:
  */
@@ -31,6 +31,7 @@
 
 #include "mbuf.h"
 #include "log.h"
+#include "id.h"
 #include "defs.h"
 #include "timer.h"
 #include "fsm.h"
@@ -42,88 +43,16 @@
 #include "server.h"
 #include "systems.h"
 
-static int uid;
-static int gid;
-static int euid;
-static int egid;
-static int usermode;
-
-int
-OrigUid()
-{
-  return uid;
-}
-
-void
-GetUid()
-{
-  uid = getuid();
-  gid = getgid();
-  euid = geteuid();
-  egid = getegid();
-  usermode = 0;
-}
-
-static void
-SetUserId()
-{
-  if (!usermode) {
-    if (setreuid(euid, uid) == -1) {
-      LogPrintf(LogERROR, "unable to setreuid!\n");
-      ServerClose();
-      exit(1);
-    }
-    if (setregid(egid, gid) == -1) {
-      LogPrintf(LogERROR, "unable to setregid!\n");
-      ServerClose();
-      exit(1);
-    }
-    usermode = 1;
-  }
-}
-
-static void
-SetPppId()
-{
-  if (usermode) {
-    if (setreuid(uid, euid) == -1) {
-      LogPrintf(LogERROR, "unable to setreuid!\n");
-      ServerClose();
-      exit(1);
-    }
-    if (setregid(gid, egid) == -1) {
-      LogPrintf(LogERROR, "unable to setregid!\n");
-      ServerClose();
-      exit(1);
-    }
-    usermode = 0;
-  }
-}
-
 FILE *
 OpenSecret(char *file)
 {
   FILE *fp;
-  char *cp;
   char line[100];
 
-  fp = NULL;
-  cp = getenv("HOME");
-  if (cp) {
-    SetUserId();
-    snprintf(line, sizeof line, "%s/.%s", cp, file);
-    fp = fopen(line, "r");
-  }
-  if (fp == NULL) {
-    SetPppId();
-    snprintf(line, sizeof line, "%s/%s", _PATH_PPP, file);
-    fp = fopen(line, "r");
-  }
-  if (fp == NULL) {
+  snprintf(line, sizeof line, "%s/%s", _PATH_PPP, file);
+  fp = ID0fopen(line, "r");
+  if (fp == NULL)
     LogPrintf(LogWARN, "OpenSecret: Can't open %s.\n", line);
-    SetPppId();
-    return (NULL);
-  }
   return (fp);
 }
 
@@ -131,7 +60,6 @@ void
 CloseSecret(FILE * fp)
 {
   fclose(fp);
-  SetPppId();
 }
 
 int
@@ -145,21 +73,10 @@ SelectSystem(char *name, char *file)
   char filename[200];
   int linenum;
 
-  fp = NULL;
-  cp = getenv("HOME");
-  if (cp) {
-    SetUserId();
-    snprintf(filename, sizeof filename, "%s/.%s", cp, file);
-    fp = fopen(filename, "r");
-  }
-  if (fp == NULL) {
-    SetPppId();			/* fix from pdp@ark.jr3uom.iijnet.or.jp */
-    snprintf(filename, sizeof filename, "%s/%s", _PATH_PPP, file);
-    fp = fopen(filename, "r");
-  }
+  snprintf(filename, sizeof filename, "%s/%s", _PATH_PPP, file);
+  fp = ID0fopen(filename, "r");
   if (fp == NULL) {
     LogPrintf(LogDEBUG, "SelectSystem: Can't open %s.\n", filename);
-    SetPppId();
     return (-1);
   }
   LogPrintf(LogDEBUG, "SelectSystem: Checking %s (%s).\n", name, filename);
@@ -197,27 +114,23 @@ SelectSystem(char *name, char *file)
             if (!len)
               continue;
 	    LogPrintf(LogCOMMAND, "%s: %s\n", name, cp);
-	    SetPppId();
 	    olauth = VarLocalAuth;
 	    if (VarLocalAuth == LOCAL_NO_AUTH)
 	      VarLocalAuth = LOCAL_AUTH;
 	    DecodeCommand(cp, len, 0);
 	    VarLocalAuth = olauth;
-	    SetUserId();
 	  } else if (*cp == '#') {
 	    continue;
 	  } else
 	    break;
 	}
 	fclose(fp);
-	SetPppId();
 	return (0);
       }
       break;
     }
   }
   fclose(fp);
-  SetPppId();
   return -1;
 }
 
diff --git a/usr.sbin/ppp/systems.h b/usr.sbin/ppp/systems.h
index 624df39..00f1748 100644
--- a/usr.sbin/ppp/systems.h
+++ b/usr.sbin/ppp/systems.h
@@ -17,12 +17,10 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: systems.h,v 1.6 1997/08/25 00:29:29 brian Exp $
+ * $Id: systems.h,v 1.7 1997/10/26 01:03:49 brian Exp $
  *
  */
 
-extern int OrigUid(void);
-extern void GetUid(void);
 extern int SelectSystem(char *, char *);
 extern FILE *OpenSecret(char *);
 extern void CloseSecret(FILE *);
diff --git a/usr.sbin/ppp/timer.c b/usr.sbin/ppp/timer.c
index cdb17bc..83ebb6d 100644
--- a/usr.sbin/ppp/timer.c
+++ b/usr.sbin/ppp/timer.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: timer.c,v 1.21 1997/10/24 22:36:31 brian Exp $
+ * $Id: timer.c,v 1.22 1997/10/26 01:03:52 brian Exp $
  *
  *  TODO:
  */
@@ -27,6 +27,7 @@
 #include <errno.h>
 #endif
 #include <sys/time.h>
+#include <stdio.h>
 #include <unistd.h>
 
 #include "mbuf.h"
diff --git a/usr.sbin/ppp/vjcomp.c b/usr.sbin/ppp/vjcomp.c
index 4f93304..e614e4b 100644
--- a/usr.sbin/ppp/vjcomp.c
+++ b/usr.sbin/ppp/vjcomp.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: vjcomp.c,v 1.10 1997/10/07 00:56:58 brian Exp $
+ * $Id: vjcomp.c,v 1.11 1997/10/26 01:04:01 brian Exp $
  *
  *  TODO:
  */
@@ -26,6 +26,7 @@
 #include <netinet/in_systm.h>
 #include <netinet/ip.h>
 
+#include <stdio.h>
 #include <string.h>
 
 #include "mbuf.h"
author	brian <brian@FreeBSD.org>	1997-11-09 06:22:49 +0000
committer	brian <brian@FreeBSD.org>	1997-11-09 06:22:49 +0000
commit	eae0088b91cbc4408b450aa68745064732b86734 (patch)
tree	330d8937c8f71a0d93df3a925214b73ae069d846 /usr.sbin/ppp
parent	adcd7ae702997873c044a63779bc24521e2f9349 (diff)
download	FreeBSD-src-eae0088b91cbc4408b450aa68745064732b86734.zip FreeBSD-src-eae0088b91cbc4408b450aa68745064732b86734.tar.gz