2003-06-04 Paul Jakma <paul@dishone.st>
* Merge of zebra privileges
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 0268060..d041770 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -10,9 +10,9 @@
print_version.c checksum.c vector.c linklist.c vty.c command.c \
sockunion.c prefix.c thread.c if.c memory.c buffer.c table.c hash.c \
filter.c routemap.c distribute.c stream.c str.c log.c plist.c \
- zclient.c sockopt.c smux.c md5.c if_rmap.c keychain.c
+ zclient.c sockopt.c smux.c md5.c if_rmap.c keychain.c privs.c debug.c
-libzebra_a_DEPENDENCIES = @LIB_REGEX@
+libzebra_a_DEPENDENCIES = @LIB_REGEX@ @LIBCAP@
libzebra_a_LIBADD = @LIB_REGEX@
@@ -20,7 +20,8 @@
buffer.h command.h filter.h getopt.h hash.h if.h linklist.h log.h \
memory.h network.h prefix.h routemap.h distribute.h sockunion.h \
str.h stream.h table.h thread.h vector.h version.h vty.h zebra.h \
- plist.h zclient.h sockopt.h smux.h md5-gnu.h if_rmap.h keychain.h
+ plist.h zclient.h sockopt.h smux.h md5-gnu.h if_rmap.h keychain.h \
+ privs.h debug.h
EXTRA_DIST = regex.c regex-gnu.h
diff --git a/lib/memory.h b/lib/memory.h
index a38cda3..925f6b6 100644
--- a/lib/memory.h
+++ b/lib/memory.h
@@ -189,6 +189,8 @@
MTYPE_VRF,
MTYPE_VRF_NAME,
+
+ MTYPE_PRIVS,
MTYPE_MAX
};
diff --git a/lib/vty.c b/lib/vty.c
index 5ef364a..4d6eb30 100644
--- a/lib/vty.c
+++ b/lib/vty.c
@@ -33,6 +33,7 @@
#include "log.h"
#include "prefix.h"
#include "filter.h"
+#include "privs.h"
/* Vty events */
enum event
@@ -1851,7 +1852,8 @@
int sock, len;
struct sockaddr_un serv;
mode_t old_mask;
-
+ struct zprivs_ids_t ids;
+
/* First of all, unlink existing socket */
unlink (path);
@@ -1894,6 +1896,18 @@
umask (old_mask);
+ zprivs_get_ids(&ids);
+
+ if (ids.gid_vty > 0)
+ {
+ /* set group of socket */
+ if ( chown (path, -1, ids.gid_vty) )
+ {
+ zlog_err ("vty_serv_un: could chown socket, %s",
+ strerror (errno) );
+ }
+ }
+
vty_event (VTYSH_SERV, sock, NULL);
}
diff --git a/lib/zebra.h b/lib/zebra.h
index 62566cf..15608db 100644
--- a/lib/zebra.h
+++ b/lib/zebra.h
@@ -42,6 +42,8 @@
#include <fcntl.h>
#include <signal.h>
#include <string.h>
+#include <pwd.h>
+#include <grp.h>
#ifdef HAVE_STROPTS_H
#include <stropts.h>
#endif /* HAVE_STROPTS_H */
@@ -70,6 +72,10 @@
#ifdef HAVE_RUSAGE
#include <sys/resource.h>
#endif /* HAVE_RUSAGE */
+#ifdef HAVE_LCAPS
+#include <sys/capability.h>
+#include <sys/prctl.h>
+#endif /* HAVE_LCAPS */
/* machine dependent includes */
#ifdef SUNOS_5