diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Makefile.am | 7 | ||||
| -rw-r--r-- | lib/memory.h | 2 | ||||
| -rw-r--r-- | lib/vty.c | 16 | ||||
| -rw-r--r-- | lib/zebra.h | 6 |
4 files changed, 27 insertions, 4 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am index 02680603..d041770d 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -10,9 +10,9 @@ libzebra_a_SOURCES = \ print_version.c checksum.c vector.c linklist.c vty.c command.c \ sockunion.c prefix.c thread.c if.c memory.c buffer.c table.c hash.c \ filter.c routemap.c distribute.c stream.c str.c log.c plist.c \ - zclient.c sockopt.c smux.c md5.c if_rmap.c keychain.c + zclient.c sockopt.c smux.c md5.c if_rmap.c keychain.c privs.c debug.c -libzebra_a_DEPENDENCIES = @LIB_REGEX@ +libzebra_a_DEPENDENCIES = @LIB_REGEX@ @LIBCAP@ libzebra_a_LIBADD = @LIB_REGEX@ @@ -20,7 +20,8 @@ noinst_HEADERS = \ buffer.h command.h filter.h getopt.h hash.h if.h linklist.h log.h \ memory.h network.h prefix.h routemap.h distribute.h sockunion.h \ str.h stream.h table.h thread.h vector.h version.h vty.h zebra.h \ - plist.h zclient.h sockopt.h smux.h md5-gnu.h if_rmap.h keychain.h + plist.h zclient.h sockopt.h smux.h md5-gnu.h if_rmap.h keychain.h \ + privs.h debug.h EXTRA_DIST = regex.c regex-gnu.h diff --git a/lib/memory.h b/lib/memory.h index a38cda3f..925f6b65 100644 --- a/lib/memory.h +++ b/lib/memory.h @@ -189,6 +189,8 @@ enum MTYPE_VRF, MTYPE_VRF_NAME, + + MTYPE_PRIVS, MTYPE_MAX }; @@ -33,6 +33,7 @@ #include "log.h" #include "prefix.h" #include "filter.h" +#include "privs.h" /* Vty events */ enum event @@ -1851,7 +1852,8 @@ vty_serv_un (char *path) int sock, len; struct sockaddr_un serv; mode_t old_mask; - + struct zprivs_ids_t ids; + /* First of all, unlink existing socket */ unlink (path); @@ -1894,6 +1896,18 @@ vty_serv_un (char *path) umask (old_mask); + zprivs_get_ids(&ids); + + if (ids.gid_vty > 0) + { + /* set group of socket */ + if ( chown (path, -1, ids.gid_vty) ) + { + zlog_err ("vty_serv_un: could chown socket, %s", + strerror (errno) ); + } + } + vty_event (VTYSH_SERV, sock, NULL); } diff --git a/lib/zebra.h b/lib/zebra.h index 62566cf8..15608dbc 100644 --- a/lib/zebra.h +++ b/lib/zebra.h @@ -42,6 +42,8 @@ typedef int socklen_t; #include <fcntl.h> #include <signal.h> #include <string.h> +#include <pwd.h> +#include <grp.h> #ifdef HAVE_STROPTS_H #include <stropts.h> #endif /* HAVE_STROPTS_H */ @@ -70,6 +72,10 @@ typedef int socklen_t; #ifdef HAVE_RUSAGE #include <sys/resource.h> #endif /* HAVE_RUSAGE */ +#ifdef HAVE_LCAPS +#include <sys/capability.h> +#include <sys/prctl.h> +#endif /* HAVE_LCAPS */ /* machine dependent includes */ #ifdef SUNOS_5 |