2003-06-04 Paul Jakma <paul@dishone.st>

	* Merge of zebra privileges

3 files changed, 38 insertions, 2 deletions

diff --git a/ospf6d/Makefile.am b/ospf6d/Makefile.am
index 680e89b8..e42814af 100644
--- a/ospf6d/Makefile.am
+++ b/ospf6d/Makefile.am
@@ -28,7 +28,7 @@ noinst_HEADERS = \
 ospf6d_SOURCES = \
 	ospf6_main.c $(libospf6_a_SOURCES)
 
-ospf6d_LDADD = -L../lib -lzebra
+ospf6d_LDADD = -L../lib -lzebra @LIBCAP@
 
 sysconf_DATA = ospf6d.conf.sample
 
diff --git a/ospf6d/ospf6_main.c b/ospf6d/ospf6_main.c
index 10203bf8..e6cd6aaa 100644
--- a/ospf6d/ospf6_main.c
+++ b/ospf6d/ospf6_main.c
@@ -27,6 +27,7 @@
 #include "command.h"
 #include "vty.h"
 #include "memory.h"
+#include "privs.h"
 
 #include "ospf6d.h"
 #include "ospf6_network.h"
@@ -43,6 +44,26 @@ extern int ospf6_sock;
 /* Default port values. */
 #define OSPF6_VTY_PORT             2606
 
+/* ospf6d privileges */
+zebra_capabilities_t _caps_p [] = 
+{
+  ZCAP_RAW,
+  ZCAP_BIND
+};
+
+struct zebra_privs_t ospf6d_privs =
+{
+#if defined(ZEBRA_USER)
+  .user = ZEBRA_USER,
+#endif
+#if defined ZEBRA_GROUP
+  .group = ZEBRA_GROUP,
+#endif
+  .caps_p = _caps_p,
+  .cap_num_p = 2,
+  .cap_num_i = 0
+};
+
 /* ospf6d options, we use GNU getopt library. */
 struct option longopts[] = 
 {
@@ -51,6 +72,7 @@ struct option longopts[] =
   { "pid_file",    required_argument, NULL, 'i'},
   { "vty_addr",    required_argument, NULL, 'A'},
   { "vty_port",    required_argument, NULL, 'P'},
+  { "user",        required_argument, NULL, 'u'},
   { "version",     no_argument,       NULL, 'v'},
   { "help",        no_argument,       NULL, 'h'},
   { 0 }
@@ -93,6 +115,7 @@ Daemon which manages OSPF version 3.\n\n\
 -i, --pid_file     Set process identifier file name\n\
 -A, --vty_addr     Set vty's bind address\n\
 -P, --vty_port     Set vty's port number\n\
+-u, --user         User and group to run as\n\
 -v, --version      Print program version\n\
 -h, --help         Display this help and exit\n\
 \n\
@@ -231,7 +254,7 @@ main (int argc, char *argv[], char *envp[])
   /* Command line argument treatment. */
   while (1) 
     {
-      opt = getopt_long (argc, argv, "df:hp:A:P:v", longopts, 0);
+      opt = getopt_long (argc, argv, "df:hp:A:P:u:v", longopts, 0);
     
       if (opt == EOF)
         break;
@@ -263,6 +286,9 @@ main (int argc, char *argv[], char *envp[])
           vty_port = atoi (optarg);
           vty_port = (vty_port ? vty_port : OSPF6_VTY_PORT);
 	  break;
+        case 'u':
+          ospf6d_privs.user = ospf6d_privs.group = optarg;
+          break;
         case 'v':
           print_version (progname);
           exit (0);
@@ -288,6 +314,7 @@ main (int argc, char *argv[], char *envp[])
   zlog_default = openzlog (progname, flag, ZLOG_OSPF6,
 			   LOG_CONS|LOG_NDELAY|LOG_PID,
 			   LOG_DAEMON);
+	zprivs_init (&ospf6d_privs);
   signal_init ();
   cmd_init (1);
   vty_init ();
diff --git a/ospf6d/ospf6_network.c b/ospf6d/ospf6_network.c
index e90614e5..ece34135 100644
--- a/ospf6d/ospf6_network.c
+++ b/ospf6d/ospf6_network.c
@@ -23,6 +23,7 @@
 #include "memory.h"
 #include "log.h"
 #include "sockunion.h"
+#include "privs.h"
 
 #include "ospf6d.h"
 #include "ospf6_proto.h"
@@ -32,6 +33,7 @@ extern struct sockaddr_in6 allspfrouters6;
 extern struct sockaddr_in6 alldrouters6;
 extern int ospf6_sock;
 extern struct thread_master *master;
+extern struct zebra_privs_t ospf6d_privs;
 
 /* iovec functions */
 void
@@ -194,6 +196,10 @@ iov_copy_all (struct iovec *dst, struct iovec *src, size_t size)
 int
 ospf6_serv_sock ()
 {
+
+  if (ospf6d_privs.change (ZPRIVS_RAISE))
+      zlog_err ("ospf6_serv_sock: could not raise privs");
+      
   ospf6_sock = socket (AF_INET6, SOCK_RAW, IPPROTO_OSPFIGP);
   if (ospf6_sock < 0)
     {
@@ -202,6 +208,9 @@ ospf6_serv_sock ()
     }
   sockopt_reuseaddr (ospf6_sock);
 
+  if (ospf6d_privs.change (ZPRIVS_LOWER))
+      zlog_err ("ospf_sock_init: could not lower privs");
+  
   /* setup global sockaddr_in6, allspf6 & alldr6 for later use */
   allspfrouters6.sin6_family = AF_INET6;
   alldrouters6.sin6_family = AF_INET6;