From 41d3fc96959c9dea614822dfbb1891cd9a6f38a4 Mon Sep 17 00:00:00 2001 From: hasso Date: Tue, 6 Apr 2004 11:59:00 +0000 Subject: * Fixed lowering privileges in proc ipforward method. * Fixed "(no) ipv6 forwarding" command logic. * Added --disable-capabilities switch to configure. --- zebra/ipforward_proc.c | 45 ++++++++++++++++++++++++++++----------------- zebra/zserv.c | 16 +++++++++++++++- 2 files changed, 43 insertions(+), 18 deletions(-) (limited to 'zebra') diff --git a/zebra/ipforward_proc.c b/zebra/ipforward_proc.c index befa2369..4c30cf67 100644 --- a/zebra/ipforward_proc.c +++ b/zebra/ipforward_proc.c @@ -81,16 +81,19 @@ ipforward_on () fp = fopen (proc_ipv4_forwarding, "w"); - if ( zserv_privs.change(ZPRIVS_LOWER) ) - zlog_err ("Can't lower privileges, %s", strerror (errno)); - - if (fp == NULL) + if (fp == NULL) { + if ( zserv_privs.change(ZPRIVS_LOWER) ) + zlog_err ("Can't lower privileges, %s", strerror (errno)); return -1; + } fprintf (fp, "1\n"); fclose (fp); + if ( zserv_privs.change(ZPRIVS_LOWER) ) + zlog_err ("Can't lower privileges, %s", strerror (errno)); + return ipforward (); } @@ -104,17 +107,19 @@ ipforward_off () fp = fopen (proc_ipv4_forwarding, "w"); - if ( zserv_privs.change(ZPRIVS_LOWER) ) - zlog_err ("Can't lower privileges, %s", strerror (errno)); - - - if (fp == NULL) + if (fp == NULL) { + if ( zserv_privs.change(ZPRIVS_LOWER) ) + zlog_err ("Can't lower privileges, %s", strerror (errno)); return -1; + } fprintf (fp, "0\n"); fclose (fp); + if ( zserv_privs.change(ZPRIVS_LOWER) ) + zlog_err ("Can't lower privileges, %s", strerror (errno)); + return ipforward (); } #ifdef HAVE_IPV6 @@ -149,16 +154,19 @@ ipforward_ipv6_on () fp = fopen (proc_ipv6_forwarding, "w"); - if ( zserv_privs.change(ZPRIVS_LOWER) ) - zlog_err ("Can't lower privileges, %s", strerror (errno)); - - if (fp == NULL) + if (fp == NULL) { + if ( zserv_privs.change(ZPRIVS_LOWER) ) + zlog_err ("Can't lower privileges, %s", strerror (errno)); return -1; + } fprintf (fp, "1\n"); fclose (fp); + if ( zserv_privs.change(ZPRIVS_LOWER) ) + zlog_err ("Can't lower privileges, %s", strerror (errno)); + return ipforward_ipv6 (); } @@ -172,16 +180,19 @@ ipforward_ipv6_off () fp = fopen (proc_ipv6_forwarding, "w"); - if ( zserv_privs.change(ZPRIVS_LOWER) ) - zlog_err ("Can't lower privileges, %s", strerror (errno)); - - if (fp == NULL) + if (fp == NULL) { + if ( zserv_privs.change(ZPRIVS_LOWER) ) + zlog_err ("Can't lower privileges, %s", strerror (errno)); return -1; + } fprintf (fp, "0\n"); fclose (fp); + if ( zserv_privs.change(ZPRIVS_LOWER) ) + zlog_err ("Can't lower privileges, %s", strerror (errno)); + return ipforward_ipv6 (); } #endif /* HAVE_IPV6 */ diff --git a/zebra/zserv.c b/zebra/zserv.c index 833b369d..c623151e 100644 --- a/zebra/zserv.c +++ b/zebra/zserv.c @@ -1919,8 +1919,15 @@ DEFUN (ipv6_forwarding, { int ret; - ret = ipforward_ipv6_on (); + ret = ipforward_ipv6 (); if (ret != 0) + { + vty_out (vty, "IPv6 forwarding is already on%s", VTY_NEWLINE); + return CMD_ERR_NOTHING_TODO; + } + + ret = ipforward_ipv6_on (); + if (ret == 0) { vty_out (vty, "Can't turn on IPv6 forwarding%s", VTY_NEWLINE); return CMD_WARNING; @@ -1938,6 +1945,13 @@ DEFUN (no_ipv6_forwarding, { int ret; + ret = ipforward_ipv6 (); + if (ret == 0) + { + vty_out (vty, "IP forwarding is already off%s", VTY_NEWLINE); + return CMD_ERR_NOTHING_TODO; + } + ret = ipforward_ipv6_off (); if (ret != 0) { -- cgit v1.2.1