diff options
Diffstat (limited to 'ospf6d')
-rw-r--r-- | ospf6d/Makefile.am | 2 | ||||
-rw-r--r-- | ospf6d/ospf6_main.c | 29 | ||||
-rw-r--r-- | ospf6d/ospf6_network.c | 9 |
3 files changed, 38 insertions, 2 deletions
diff --git a/ospf6d/Makefile.am b/ospf6d/Makefile.am index 680e89b8..e42814af 100644 --- a/ospf6d/Makefile.am +++ b/ospf6d/Makefile.am @@ -28,7 +28,7 @@ noinst_HEADERS = \ ospf6d_SOURCES = \ ospf6_main.c $(libospf6_a_SOURCES) -ospf6d_LDADD = -L../lib -lzebra +ospf6d_LDADD = -L../lib -lzebra @LIBCAP@ sysconf_DATA = ospf6d.conf.sample diff --git a/ospf6d/ospf6_main.c b/ospf6d/ospf6_main.c index 10203bf8..e6cd6aaa 100644 --- a/ospf6d/ospf6_main.c +++ b/ospf6d/ospf6_main.c @@ -27,6 +27,7 @@ #include "command.h" #include "vty.h" #include "memory.h" +#include "privs.h" #include "ospf6d.h" #include "ospf6_network.h" @@ -43,6 +44,26 @@ extern int ospf6_sock; /* Default port values. */ #define OSPF6_VTY_PORT 2606 +/* ospf6d privileges */ +zebra_capabilities_t _caps_p [] = +{ + ZCAP_RAW, + ZCAP_BIND +}; + +struct zebra_privs_t ospf6d_privs = +{ +#if defined(ZEBRA_USER) + .user = ZEBRA_USER, +#endif +#if defined ZEBRA_GROUP + .group = ZEBRA_GROUP, +#endif + .caps_p = _caps_p, + .cap_num_p = 2, + .cap_num_i = 0 +}; + /* ospf6d options, we use GNU getopt library. */ struct option longopts[] = { @@ -51,6 +72,7 @@ struct option longopts[] = { "pid_file", required_argument, NULL, 'i'}, { "vty_addr", required_argument, NULL, 'A'}, { "vty_port", required_argument, NULL, 'P'}, + { "user", required_argument, NULL, 'u'}, { "version", no_argument, NULL, 'v'}, { "help", no_argument, NULL, 'h'}, { 0 } @@ -93,6 +115,7 @@ Daemon which manages OSPF version 3.\n\n\ -i, --pid_file Set process identifier file name\n\ -A, --vty_addr Set vty's bind address\n\ -P, --vty_port Set vty's port number\n\ +-u, --user User and group to run as\n\ -v, --version Print program version\n\ -h, --help Display this help and exit\n\ \n\ @@ -231,7 +254,7 @@ main (int argc, char *argv[], char *envp[]) /* Command line argument treatment. */ while (1) { - opt = getopt_long (argc, argv, "df:hp:A:P:v", longopts, 0); + opt = getopt_long (argc, argv, "df:hp:A:P:u:v", longopts, 0); if (opt == EOF) break; @@ -263,6 +286,9 @@ main (int argc, char *argv[], char *envp[]) vty_port = atoi (optarg); vty_port = (vty_port ? vty_port : OSPF6_VTY_PORT); break; + case 'u': + ospf6d_privs.user = ospf6d_privs.group = optarg; + break; case 'v': print_version (progname); exit (0); @@ -288,6 +314,7 @@ main (int argc, char *argv[], char *envp[]) zlog_default = openzlog (progname, flag, ZLOG_OSPF6, LOG_CONS|LOG_NDELAY|LOG_PID, LOG_DAEMON); + zprivs_init (&ospf6d_privs); signal_init (); cmd_init (1); vty_init (); diff --git a/ospf6d/ospf6_network.c b/ospf6d/ospf6_network.c index e90614e5..ece34135 100644 --- a/ospf6d/ospf6_network.c +++ b/ospf6d/ospf6_network.c @@ -23,6 +23,7 @@ #include "memory.h" #include "log.h" #include "sockunion.h" +#include "privs.h" #include "ospf6d.h" #include "ospf6_proto.h" @@ -32,6 +33,7 @@ extern struct sockaddr_in6 allspfrouters6; extern struct sockaddr_in6 alldrouters6; extern int ospf6_sock; extern struct thread_master *master; +extern struct zebra_privs_t ospf6d_privs; /* iovec functions */ void @@ -194,6 +196,10 @@ iov_copy_all (struct iovec *dst, struct iovec *src, size_t size) int ospf6_serv_sock () { + + if (ospf6d_privs.change (ZPRIVS_RAISE)) + zlog_err ("ospf6_serv_sock: could not raise privs"); + ospf6_sock = socket (AF_INET6, SOCK_RAW, IPPROTO_OSPFIGP); if (ospf6_sock < 0) { @@ -202,6 +208,9 @@ ospf6_serv_sock () } sockopt_reuseaddr (ospf6_sock); + if (ospf6d_privs.change (ZPRIVS_LOWER)) + zlog_err ("ospf_sock_init: could not lower privs"); + /* setup global sockaddr_in6, allspf6 & alldr6 for later use */ allspfrouters6.sin6_family = AF_INET6; alldrouters6.sin6_family = AF_INET6; |