From edd7c245d3a77012abf801da00d5664ebaa5f749 Mon Sep 17 00:00:00 2001 From: paul Date: Wed, 4 Jun 2003 13:59:38 +0000 Subject: 2003-06-04 Paul Jakma * Merge of zebra privileges --- zebra/ipforward_sysctl.c | 43 ++++++++++++++++++++++++++++++++++++++----- 1 file changed, 38 insertions(+), 5 deletions(-) (limited to 'zebra/ipforward_sysctl.c') diff --git a/zebra/ipforward_sysctl.c b/zebra/ipforward_sysctl.c index 828eb865..53b6c6f0 100644 --- a/zebra/ipforward_sysctl.c +++ b/zebra/ipforward_sysctl.c @@ -20,6 +20,7 @@ */ #include +#include "privs.h" #ifdef NRL #include @@ -29,6 +30,8 @@ #define MIB_SIZ 4 +extern struct zebra_privs_t zserv_privs; + /* IPv4 forwarding control MIB. */ int mib[MIB_SIZ] = { @@ -60,11 +63,17 @@ ipforward_on () int ipforwarding = 1; len = sizeof ipforwarding; - if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) + if (zserv_privs.change(ZPRIVS_RAISE)) + zlog (NULL, LOG_ERR, "Can't raise privileges"); + if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) { + if (zserv_privs.change(ZPRIVS_LOWER)) + zlog (NULL, LOG_ERR, "Can't lower privileges"); zlog_warn ("Can't set ipforwarding on"); return -1; } + if (zserv_privs.change(ZPRIVS_LOWER)) + zlog (NULL, LOG_ERR, "Can't lower privileges"); return ipforwarding; } @@ -75,11 +84,17 @@ ipforward_off () int ipforwarding = 0; len = sizeof ipforwarding; - if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) + if (zserv_privs.change(ZPRIVS_RAISE)) + zlog (NULL, LOG_ERR, "Can't raise privileges"); + if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) { + if (zserv_privs.change(ZPRIVS_LOWER)) + zlog (NULL, LOG_ERR, "Can't lower privileges"); zlog_warn ("Can't set ipforwarding on"); return -1; } + if (zserv_privs.change(ZPRIVS_LOWER)) + zlog (NULL, LOG_ERR, "Can't lower privileges"); return ipforwarding; } @@ -106,11 +121,17 @@ ipforward_ipv6 () int ip6forwarding = 0; len = sizeof ip6forwarding; - if (sysctl (mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0) + if (zserv_privs.change(ZPRIVS_RAISE)) + zlog (NULL, LOG_ERR, "Can't raise privileges"); + if (sysctl (mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0) { + if (zserv_privs.change(ZPRIVS_LOWER)) + zlog (NULL, LOG_ERR, "Can't lower privileges"); zlog_warn ("can't get ip6forwarding value"); return -1; } + if (zserv_privs.change(ZPRIVS_LOWER)) + zlog (NULL, LOG_ERR, "Can't lower privileges"); return ip6forwarding; } @@ -121,11 +142,17 @@ ipforward_ipv6_on () int ip6forwarding = 1; len = sizeof ip6forwarding; - if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) + if (zserv_privs.change(ZPRIVS_RAISE)) + zlog (NULL, LOG_ERR, "Can't raise privileges"); + if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) { + if (zserv_privs.change(ZPRIVS_LOWER)) + zlog (NULL, LOG_ERR, "Can't lower privileges"); zlog_warn ("can't get ip6forwarding value"); return -1; } + if (zserv_privs.change(ZPRIVS_LOWER)) + zlog (NULL, LOG_ERR, "Can't lower privileges"); return ip6forwarding; } @@ -136,11 +163,17 @@ ipforward_ipv6_off () int ip6forwarding = 0; len = sizeof ip6forwarding; - if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) + if (zserv_privs.change(ZPRIVS_RAISE)) + zlog (NULL, LOG_ERR, "Can't raise privileges"); + if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) { + if (zserv_privs.change(ZPRIVS_LOWER)) + zlog (NULL, LOG_ERR, "Can't lower privileges"); zlog_warn ("can't get ip6forwarding value"); return -1; } + if (zserv_privs.change(ZPRIVS_LOWER)) + zlog (NULL, LOG_ERR, "Can't lower privileges"); return ip6forwarding; } #endif /* HAVE_IPV6 */ -- cgit v1.2.1