commit edd7c245d3a77012abf801da00d5664ebaa5f749
author paul <paul> Wed Jun 04 13:59:38 2003 +0000
committer paul <paul> Wed Jun 04 13:59:38 2003 +0000
tree d4fada229d7980fb751f28c9a979aa88de1a0af0
parent a159ed935b580ed99111a185734ddd9c973e7691

2003-06-04 Paul Jakma <paul@dishone.st>

	* Merge of zebra privileges

zebra/rt_socket.c

diff --git a/zebra/rt_socket.c b/zebra/rt_socket.c
index 19b2fc2..d603c60 100644
--- a/zebra/rt_socket.c
+++ b/zebra/rt_socket.c
@@ -27,10 +27,13 @@
 #include "sockunion.h"
 #include "log.h"
 #include "str.h"
+#include "privs.h"
 
 #include "zebra/debug.h"
 #include "zebra/rib.h"
 
+extern struct zebra_privs_t zserv_privs;
+
 int
 rtm_write (int message,
 	   union sockunion *dest,
@@ -187,13 +190,29 @@
 int
 kernel_add_ipv4 (struct prefix *p, struct rib *rib)
 {
-  return kernel_rtm_ipv4 (RTM_ADD, p, rib, AF_INET);
+  int route;
+
+  if (zserv_privs.change(ZPRIVS_RAISE))
+    zlog (NULL, LOG_ERR, "Can't raise privileges");
+  route = kernel_rtm_ipv4 (RTM_ADD, p, rib, AF_INET);
+  if (zserv_privs.change(ZPRIVS_LOWER))
+    zlog (NULL, LOG_ERR, "Can't lower privileges");
+
+  return route;
 }
 
 int
 kernel_delete_ipv4 (struct prefix *p, struct rib *rib)
 {
-  return kernel_rtm_ipv4 (RTM_DELETE, p, rib, AF_INET);
+  int route;
+
+  if (zserv_privs.change(ZPRIVS_RAISE))
+    zlog (NULL, LOG_ERR, "Can't raise privileges");
+  route = kernel_rtm_ipv4 (RTM_DELETE, p, rib, AF_INET);
+  if (zserv_privs.change(ZPRIVS_LOWER))
+    zlog (NULL, LOG_ERR, "Can't lower privileges");
+
+  return route;
 }
 
 #ifdef HAVE_IPV6
@@ -421,13 +440,29 @@
 int
 kernel_add_ipv6 (struct prefix *p, struct rib *rib)
 {
-  return kernel_rtm_ipv6_multipath (RTM_ADD, p, rib, AF_INET6);
+  int route;
+
+  if (zserv_privs.change(ZPRIVS_RAISE))
+    zlog (NULL, LOG_ERR, "Can't raise privileges");
+  route =  kernel_rtm_ipv6_multipath (RTM_ADD, p, rib, AF_INET6);
+  if (zserv_privs.change(ZPRIVS_LOWER))
+    zlog (NULL, LOG_ERR, "Can't lower privileges");
+
+  return route;
 }
 
 int
 kernel_delete_ipv6 (struct prefix *p, struct rib *rib)
 {
-  return kernel_rtm_ipv6_multipath (RTM_DELETE, p, rib, AF_INET6);
+  int route;
+
+  if (zserv_privs.change(ZPRIVS_RAISE))
+    zlog (NULL, LOG_ERR, "Can't raise privileges");
+  route =  kernel_rtm_ipv6_multipath (RTM_DELETE, p, rib, AF_INET6);
+  if (zserv_privs.change(ZPRIVS_LOWER))
+    zlog (NULL, LOG_ERR, "Can't lower privileges");
+
+  return route;
 }
 
 /* Delete IPv6 route from the kernel. */
@@ -435,6 +470,14 @@
 kernel_delete_ipv6_old (struct prefix_ipv6 *dest, struct in6_addr *gate,
 		    int index, int flags, int table)
 {
-  return kernel_rtm_ipv6 (RTM_DELETE, dest, gate, index, flags);
+  int route;
+
+  if (zserv_privs.change(ZPRIVS_RAISE))
+    zlog (NULL, LOG_ERR, "Can't raise privileges");
+  route = kernel_rtm_ipv6 (RTM_DELETE, dest, gate, index, flags);
+  if (zserv_privs.change(ZPRIVS_LOWER))
+    zlog (NULL, LOG_ERR, "Can't lower privileges");
+
+  return route;
 }
 #endif /* HAVE_IPV6 */