|
@@ -20,6 +20,7 @@
|
|
|
*/
|
|
|
|
|
|
#include <zebra.h>
|
|
|
+#include "privs.h"
|
|
|
|
|
|
#ifdef NRL
|
|
|
#include <netinet6/in6.h>
|
|
@@ -29,6 +30,8 @@
|
|
|
|
|
|
#define MIB_SIZ 4
|
|
|
|
|
|
+extern struct zebra_privs_t zserv_privs;
|
|
|
+
|
|
|
/* IPv4 forwarding control MIB. */
|
|
|
int mib[MIB_SIZ] =
|
|
|
{
|
|
@@ -60,11 +63,17 @@ ipforward_on ()
|
|
|
int ipforwarding = 1;
|
|
|
|
|
|
len = sizeof ipforwarding;
|
|
|
- if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0)
|
|
|
+ if (zserv_privs.change(ZPRIVS_RAISE))
|
|
|
+ zlog (NULL, LOG_ERR, "Can't raise privileges");
|
|
|
+ if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0)
|
|
|
{
|
|
|
+ if (zserv_privs.change(ZPRIVS_LOWER))
|
|
|
+ zlog (NULL, LOG_ERR, "Can't lower privileges");
|
|
|
zlog_warn ("Can't set ipforwarding on");
|
|
|
return -1;
|
|
|
}
|
|
|
+ if (zserv_privs.change(ZPRIVS_LOWER))
|
|
|
+ zlog (NULL, LOG_ERR, "Can't lower privileges");
|
|
|
return ipforwarding;
|
|
|
}
|
|
|
|
|
@@ -75,11 +84,17 @@ ipforward_off ()
|
|
|
int ipforwarding = 0;
|
|
|
|
|
|
len = sizeof ipforwarding;
|
|
|
- if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0)
|
|
|
+ if (zserv_privs.change(ZPRIVS_RAISE))
|
|
|
+ zlog (NULL, LOG_ERR, "Can't raise privileges");
|
|
|
+ if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0)
|
|
|
{
|
|
|
+ if (zserv_privs.change(ZPRIVS_LOWER))
|
|
|
+ zlog (NULL, LOG_ERR, "Can't lower privileges");
|
|
|
zlog_warn ("Can't set ipforwarding on");
|
|
|
return -1;
|
|
|
}
|
|
|
+ if (zserv_privs.change(ZPRIVS_LOWER))
|
|
|
+ zlog (NULL, LOG_ERR, "Can't lower privileges");
|
|
|
return ipforwarding;
|
|
|
}
|
|
|
|
|
@@ -106,11 +121,17 @@ ipforward_ipv6 ()
|
|
|
int ip6forwarding = 0;
|
|
|
|
|
|
len = sizeof ip6forwarding;
|
|
|
- if (sysctl (mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0)
|
|
|
+ if (zserv_privs.change(ZPRIVS_RAISE))
|
|
|
+ zlog (NULL, LOG_ERR, "Can't raise privileges");
|
|
|
+ if (sysctl (mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0)
|
|
|
{
|
|
|
+ if (zserv_privs.change(ZPRIVS_LOWER))
|
|
|
+ zlog (NULL, LOG_ERR, "Can't lower privileges");
|
|
|
zlog_warn ("can't get ip6forwarding value");
|
|
|
return -1;
|
|
|
}
|
|
|
+ if (zserv_privs.change(ZPRIVS_LOWER))
|
|
|
+ zlog (NULL, LOG_ERR, "Can't lower privileges");
|
|
|
return ip6forwarding;
|
|
|
}
|
|
|
|
|
@@ -121,11 +142,17 @@ ipforward_ipv6_on ()
|
|
|
int ip6forwarding = 1;
|
|
|
|
|
|
len = sizeof ip6forwarding;
|
|
|
- if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0)
|
|
|
+ if (zserv_privs.change(ZPRIVS_RAISE))
|
|
|
+ zlog (NULL, LOG_ERR, "Can't raise privileges");
|
|
|
+ if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0)
|
|
|
{
|
|
|
+ if (zserv_privs.change(ZPRIVS_LOWER))
|
|
|
+ zlog (NULL, LOG_ERR, "Can't lower privileges");
|
|
|
zlog_warn ("can't get ip6forwarding value");
|
|
|
return -1;
|
|
|
}
|
|
|
+ if (zserv_privs.change(ZPRIVS_LOWER))
|
|
|
+ zlog (NULL, LOG_ERR, "Can't lower privileges");
|
|
|
return ip6forwarding;
|
|
|
}
|
|
|
|
|
@@ -136,11 +163,17 @@ ipforward_ipv6_off ()
|
|
|
int ip6forwarding = 0;
|
|
|
|
|
|
len = sizeof ip6forwarding;
|
|
|
- if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0)
|
|
|
+ if (zserv_privs.change(ZPRIVS_RAISE))
|
|
|
+ zlog (NULL, LOG_ERR, "Can't raise privileges");
|
|
|
+ if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0)
|
|
|
{
|
|
|
+ if (zserv_privs.change(ZPRIVS_LOWER))
|
|
|
+ zlog (NULL, LOG_ERR, "Can't lower privileges");
|
|
|
zlog_warn ("can't get ip6forwarding value");
|
|
|
return -1;
|
|
|
}
|
|
|
+ if (zserv_privs.change(ZPRIVS_LOWER))
|
|
|
+ zlog (NULL, LOG_ERR, "Can't lower privileges");
|
|
|
return ip6forwarding;
|
|
|
}
|
|
|
#endif /* HAVE_IPV6 */
|