Mirror/frr
0
0
Fork 1
mirror of https://github.com/FRRouting/frr.git synced 2025-04-30 13:37:17 +02:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

* Fixed lowering privileges in proc ipforward method.

Browse source 
* Fixed "(no) ipv6 forwarding" command logic.
* Added --disable-capabilities switch to configure.
This commit is contained in:
hasso 2004-04-06 11:59:00 +00:00
parent 4991f6ca30
commit 41d3fc9695
4 changed files with 68 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
ChangeLog
View file

@ -1,3 +1,9 @@
2004-04-06 Hasso Tepper <hasso@estpak.ee>
* zebra/ipforward_proc.c: Fixed lowering privileges.
* zebra/zserv.c: Fixed "(no) ipv6 forwarding" command logic.
* configure.ac: Added --disable-capabilities switch to configure.
2004-03-22 Hasso Tepper <hasso@estpak.ee> 2004-03-22 Hasso Tepper <hasso@estpak.ee>
* Readded SIGTERM handling so daemons can clean up their stuff if they * Readded SIGTERM handling so daemons can clean up their stuff if they

34
configure.ac
View file

@ -124,6 +124,8 @@ AC_ARG_ENABLE(logfile_mask,
AC_ARG_ENABLE(rtadv, AC_ARG_ENABLE(rtadv,
[ --disable-rtadv disable IPV6 router advertisement feature]) [ --disable-rtadv disable IPV6 router advertisement feature])
AC_ARG_ENABLE(capabilities,
[ --disable-capabilities disable using POSIX capabilities])
if test "${enable_broken_aliases}" = "yes"; then if test "${enable_broken_aliases}" = "yes"; then
if test "${enable_netlink}" = "yes" if test "${enable_netlink}" = "yes"
@ -970,22 +972,24 @@ AC_TRY_COMPILE([#include <sys/resource.h>
dnl ------------------- dnl -------------------
dnl capabilities checks dnl capabilities checks
dnl ------------------- dnl -------------------
AC_MSG_CHECKING(whether prctl PR_SET_KEEPCAPS is available) if test "${enable_capabilities}" != "no"; then
AC_TRY_COMPILE([#include <sys/prctl.h>],[prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);], AC_MSG_CHECKING(whether prctl PR_SET_KEEPCAPS is available)
[AC_MSG_RESULT(yes) AC_TRY_COMPILE([#include <sys/prctl.h>],[prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);],
AC_DEFINE(HAVE_PR_SET_KEEPCAPS,,prctl) [AC_MSG_RESULT(yes)
quagga_ac_keepcaps="yes"], AC_DEFINE(HAVE_PR_SET_KEEPCAPS,,prctl)
AC_MSG_RESULT(no) quagga_ac_keepcaps="yes"],
) AC_MSG_RESULT(no)
if test x"${quagga_ac_keepcaps}" = x"yes"; then
AC_CHECK_HEADERS(sys/capability.h)
fi
if test x"${ac_cv_header_sys_capability_h}" = x"yes"; then
AC_CHECK_LIB(cap, cap_init,
[AC_DEFINE(HAVE_LCAPS,1,Capabilities)
LIBCAP="-lcap"
]
) )
if test x"${quagga_ac_keepcaps}" = x"yes"; then
AC_CHECK_HEADERS(sys/capability.h)
fi
if test x"${ac_cv_header_sys_capability_h}" = x"yes"; then
AC_CHECK_LIB(cap, cap_init,
[AC_DEFINE(HAVE_LCAPS,1,Capabilities)
LIBCAP="-lcap"
]
)
fi
fi fi
AC_SUBST(LIBCAP) AC_SUBST(LIBCAP)

45
zebra/ipforward_proc.c
View file

@ -81,16 +81,19 @@ ipforward_on ()
fp = fopen (proc_ipv4_forwarding, "w"); fp = fopen (proc_ipv4_forwarding, "w");
if ( zserv_privs.change(ZPRIVS_LOWER) ) if (fp == NULL) {
zlog_err ("Can't lower privileges, %s", strerror (errno)); if ( zserv_privs.change(ZPRIVS_LOWER) )
zlog_err ("Can't lower privileges, %s", strerror (errno));
if (fp == NULL)
return -1; return -1;
}
fprintf (fp, "1\n"); fprintf (fp, "1\n");
fclose (fp); fclose (fp);
if ( zserv_privs.change(ZPRIVS_LOWER) )
zlog_err ("Can't lower privileges, %s", strerror (errno));
return ipforward (); return ipforward ();
} }
@ -104,17 +107,19 @@ ipforward_off ()
fp = fopen (proc_ipv4_forwarding, "w"); fp = fopen (proc_ipv4_forwarding, "w");
if ( zserv_privs.change(ZPRIVS_LOWER) ) if (fp == NULL) {
zlog_err ("Can't lower privileges, %s", strerror (errno)); if ( zserv_privs.change(ZPRIVS_LOWER) )
zlog_err ("Can't lower privileges, %s", strerror (errno));
if (fp == NULL)
return -1; return -1;
}
fprintf (fp, "0\n"); fprintf (fp, "0\n");
fclose (fp); fclose (fp);
if ( zserv_privs.change(ZPRIVS_LOWER) )
zlog_err ("Can't lower privileges, %s", strerror (errno));
return ipforward (); return ipforward ();
} }
#ifdef HAVE_IPV6 #ifdef HAVE_IPV6
@ -149,16 +154,19 @@ ipforward_ipv6_on ()
fp = fopen (proc_ipv6_forwarding, "w"); fp = fopen (proc_ipv6_forwarding, "w");
if ( zserv_privs.change(ZPRIVS_LOWER) ) if (fp == NULL) {
zlog_err ("Can't lower privileges, %s", strerror (errno)); if ( zserv_privs.change(ZPRIVS_LOWER) )
zlog_err ("Can't lower privileges, %s", strerror (errno));
if (fp == NULL)
return -1; return -1;
}
fprintf (fp, "1\n"); fprintf (fp, "1\n");
fclose (fp); fclose (fp);
if ( zserv_privs.change(ZPRIVS_LOWER) )
zlog_err ("Can't lower privileges, %s", strerror (errno));
return ipforward_ipv6 (); return ipforward_ipv6 ();
} }
@ -172,16 +180,19 @@ ipforward_ipv6_off ()
fp = fopen (proc_ipv6_forwarding, "w"); fp = fopen (proc_ipv6_forwarding, "w");
if ( zserv_privs.change(ZPRIVS_LOWER) ) if (fp == NULL) {
zlog_err ("Can't lower privileges, %s", strerror (errno)); if ( zserv_privs.change(ZPRIVS_LOWER) )
zlog_err ("Can't lower privileges, %s", strerror (errno));
if (fp == NULL)
return -1; return -1;
}
fprintf (fp, "0\n"); fprintf (fp, "0\n");
fclose (fp); fclose (fp);
if ( zserv_privs.change(ZPRIVS_LOWER) )
zlog_err ("Can't lower privileges, %s", strerror (errno));
return ipforward_ipv6 (); return ipforward_ipv6 ();
} }
#endif /* HAVE_IPV6 */ #endif /* HAVE_IPV6 */

16
zebra/zserv.c
View file

@ -1919,8 +1919,15 @@ DEFUN (ipv6_forwarding,
{ {
int ret; int ret;
ret = ipforward_ipv6_on (); ret = ipforward_ipv6 ();
if (ret != 0) if (ret != 0)
{
vty_out (vty, "IPv6 forwarding is already on%s", VTY_NEWLINE);
return CMD_ERR_NOTHING_TODO;
}
ret = ipforward_ipv6_on ();
if (ret == 0)
{ {
vty_out (vty, "Can't turn on IPv6 forwarding%s", VTY_NEWLINE); vty_out (vty, "Can't turn on IPv6 forwarding%s", VTY_NEWLINE);
return CMD_WARNING; return CMD_WARNING;
@ -1938,6 +1945,13 @@ DEFUN (no_ipv6_forwarding,
{ {
int ret; int ret;
ret = ipforward_ipv6 ();
if (ret == 0)
{
vty_out (vty, "IP forwarding is already off%s", VTY_NEWLINE);
return CMD_ERR_NOTHING_TODO;
}
ret = ipforward_ipv6_off (); ret = ipforward_ipv6_off ();
if (ret != 0) if (ret != 0)
{ {