summaryrefslogtreecommitdiff
path: root/zebra/ipforward_sysctl.c
diff options
context:
space:
mode:
Diffstat (limited to 'zebra/ipforward_sysctl.c')
-rw-r--r--zebra/ipforward_sysctl.c43
1 files changed, 38 insertions, 5 deletions
diff --git a/zebra/ipforward_sysctl.c b/zebra/ipforward_sysctl.c
index 828eb865..53b6c6f0 100644
--- a/zebra/ipforward_sysctl.c
+++ b/zebra/ipforward_sysctl.c
@@ -20,6 +20,7 @@
*/
#include <zebra.h>
+#include "privs.h"
#ifdef NRL
#include <netinet6/in6.h>
@@ -29,6 +30,8 @@
#define MIB_SIZ 4
+extern struct zebra_privs_t zserv_privs;
+
/* IPv4 forwarding control MIB. */
int mib[MIB_SIZ] =
{
@@ -60,11 +63,17 @@ ipforward_on ()
int ipforwarding = 1;
len = sizeof ipforwarding;
- if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0)
+ if (zserv_privs.change(ZPRIVS_RAISE))
+ zlog (NULL, LOG_ERR, "Can't raise privileges");
+ if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0)
{
+ if (zserv_privs.change(ZPRIVS_LOWER))
+ zlog (NULL, LOG_ERR, "Can't lower privileges");
zlog_warn ("Can't set ipforwarding on");
return -1;
}
+ if (zserv_privs.change(ZPRIVS_LOWER))
+ zlog (NULL, LOG_ERR, "Can't lower privileges");
return ipforwarding;
}
@@ -75,11 +84,17 @@ ipforward_off ()
int ipforwarding = 0;
len = sizeof ipforwarding;
- if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0)
+ if (zserv_privs.change(ZPRIVS_RAISE))
+ zlog (NULL, LOG_ERR, "Can't raise privileges");
+ if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0)
{
+ if (zserv_privs.change(ZPRIVS_LOWER))
+ zlog (NULL, LOG_ERR, "Can't lower privileges");
zlog_warn ("Can't set ipforwarding on");
return -1;
}
+ if (zserv_privs.change(ZPRIVS_LOWER))
+ zlog (NULL, LOG_ERR, "Can't lower privileges");
return ipforwarding;
}
@@ -106,11 +121,17 @@ ipforward_ipv6 ()
int ip6forwarding = 0;
len = sizeof ip6forwarding;
- if (sysctl (mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0)
+ if (zserv_privs.change(ZPRIVS_RAISE))
+ zlog (NULL, LOG_ERR, "Can't raise privileges");
+ if (sysctl (mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0)
{
+ if (zserv_privs.change(ZPRIVS_LOWER))
+ zlog (NULL, LOG_ERR, "Can't lower privileges");
zlog_warn ("can't get ip6forwarding value");
return -1;
}
+ if (zserv_privs.change(ZPRIVS_LOWER))
+ zlog (NULL, LOG_ERR, "Can't lower privileges");
return ip6forwarding;
}
@@ -121,11 +142,17 @@ ipforward_ipv6_on ()
int ip6forwarding = 1;
len = sizeof ip6forwarding;
- if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0)
+ if (zserv_privs.change(ZPRIVS_RAISE))
+ zlog (NULL, LOG_ERR, "Can't raise privileges");
+ if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0)
{
+ if (zserv_privs.change(ZPRIVS_LOWER))
+ zlog (NULL, LOG_ERR, "Can't lower privileges");
zlog_warn ("can't get ip6forwarding value");
return -1;
}
+ if (zserv_privs.change(ZPRIVS_LOWER))
+ zlog (NULL, LOG_ERR, "Can't lower privileges");
return ip6forwarding;
}
@@ -136,11 +163,17 @@ ipforward_ipv6_off ()
int ip6forwarding = 0;
len = sizeof ip6forwarding;
- if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0)
+ if (zserv_privs.change(ZPRIVS_RAISE))
+ zlog (NULL, LOG_ERR, "Can't raise privileges");
+ if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0)
{
+ if (zserv_privs.change(ZPRIVS_LOWER))
+ zlog (NULL, LOG_ERR, "Can't lower privileges");
zlog_warn ("can't get ip6forwarding value");
return -1;
}
+ if (zserv_privs.change(ZPRIVS_LOWER))
+ zlog (NULL, LOG_ERR, "Can't lower privileges");
return ip6forwarding;
}
#endif /* HAVE_IPV6 */