diff options
Diffstat (limited to 'zebra/ipforward_sysctl.c')
-rw-r--r-- | zebra/ipforward_sysctl.c | 43 |
1 files changed, 38 insertions, 5 deletions
diff --git a/zebra/ipforward_sysctl.c b/zebra/ipforward_sysctl.c index 828eb865..53b6c6f0 100644 --- a/zebra/ipforward_sysctl.c +++ b/zebra/ipforward_sysctl.c @@ -20,6 +20,7 @@ */ #include <zebra.h> +#include "privs.h" #ifdef NRL #include <netinet6/in6.h> @@ -29,6 +30,8 @@ #define MIB_SIZ 4 +extern struct zebra_privs_t zserv_privs; + /* IPv4 forwarding control MIB. */ int mib[MIB_SIZ] = { @@ -60,11 +63,17 @@ ipforward_on () int ipforwarding = 1; len = sizeof ipforwarding; - if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) + if (zserv_privs.change(ZPRIVS_RAISE)) + zlog (NULL, LOG_ERR, "Can't raise privileges"); + if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) { + if (zserv_privs.change(ZPRIVS_LOWER)) + zlog (NULL, LOG_ERR, "Can't lower privileges"); zlog_warn ("Can't set ipforwarding on"); return -1; } + if (zserv_privs.change(ZPRIVS_LOWER)) + zlog (NULL, LOG_ERR, "Can't lower privileges"); return ipforwarding; } @@ -75,11 +84,17 @@ ipforward_off () int ipforwarding = 0; len = sizeof ipforwarding; - if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) + if (zserv_privs.change(ZPRIVS_RAISE)) + zlog (NULL, LOG_ERR, "Can't raise privileges"); + if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) { + if (zserv_privs.change(ZPRIVS_LOWER)) + zlog (NULL, LOG_ERR, "Can't lower privileges"); zlog_warn ("Can't set ipforwarding on"); return -1; } + if (zserv_privs.change(ZPRIVS_LOWER)) + zlog (NULL, LOG_ERR, "Can't lower privileges"); return ipforwarding; } @@ -106,11 +121,17 @@ ipforward_ipv6 () int ip6forwarding = 0; len = sizeof ip6forwarding; - if (sysctl (mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0) + if (zserv_privs.change(ZPRIVS_RAISE)) + zlog (NULL, LOG_ERR, "Can't raise privileges"); + if (sysctl (mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0) { + if (zserv_privs.change(ZPRIVS_LOWER)) + zlog (NULL, LOG_ERR, "Can't lower privileges"); zlog_warn ("can't get ip6forwarding value"); return -1; } + if (zserv_privs.change(ZPRIVS_LOWER)) + zlog (NULL, LOG_ERR, "Can't lower privileges"); return ip6forwarding; } @@ -121,11 +142,17 @@ ipforward_ipv6_on () int ip6forwarding = 1; len = sizeof ip6forwarding; - if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) + if (zserv_privs.change(ZPRIVS_RAISE)) + zlog (NULL, LOG_ERR, "Can't raise privileges"); + if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) { + if (zserv_privs.change(ZPRIVS_LOWER)) + zlog (NULL, LOG_ERR, "Can't lower privileges"); zlog_warn ("can't get ip6forwarding value"); return -1; } + if (zserv_privs.change(ZPRIVS_LOWER)) + zlog (NULL, LOG_ERR, "Can't lower privileges"); return ip6forwarding; } @@ -136,11 +163,17 @@ ipforward_ipv6_off () int ip6forwarding = 0; len = sizeof ip6forwarding; - if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) + if (zserv_privs.change(ZPRIVS_RAISE)) + zlog (NULL, LOG_ERR, "Can't raise privileges"); + if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) { + if (zserv_privs.change(ZPRIVS_LOWER)) + zlog (NULL, LOG_ERR, "Can't lower privileges"); zlog_warn ("can't get ip6forwarding value"); return -1; } + if (zserv_privs.change(ZPRIVS_LOWER)) + zlog (NULL, LOG_ERR, "Can't lower privileges"); return ip6forwarding; } #endif /* HAVE_IPV6 */ |