#include <time.h>
#include <sys/time.h>
#include <errno.h>
+#ifdef HAVE_LIBCAP
+#include <sys/capability.h>
+#endif
#include "rt_names.h"
#include "utils.h"
{
memset(addr, 0, sizeof(*addr));
- if (strcmp(name, "default") == 0 ||
- strcmp(name, "all") == 0 ||
- strcmp(name, "any") == 0) {
+ if (strcmp(name, "default") == 0) {
if ((family == AF_DECnet) || (family == AF_MPLS))
return -1;
addr->family = (family != AF_UNSPEC) ? family : AF_INET;
addr->bytelen = af_byte_len(addr->family);
addr->bitlen = -2;
+ addr->flags |= PREFIXLEN_SPECIFIED;
+ return 0;
+ }
+
+ if (strcmp(name, "all") == 0 ||
+ strcmp(name, "any") == 0) {
+ if ((family == AF_DECnet) || (family == AF_MPLS))
+ return -1;
+ addr->family = AF_UNSPEC;
+ addr->bytelen = 0;
+ addr->bitlen = -2;
return 0;
}
char *slash;
int err, bitlen, flags;
+ memset(dst, 0, sizeof(*dst));
+
+ if (strcmp(arg, "default") == 0 ||
+ strcmp(arg, "any") == 0 ||
+ strcmp(arg, "all") == 0) {
+ if ((family == AF_DECnet) || (family == AF_MPLS))
+ return -1;
+ dst->family = family;
+ dst->bytelen = 0;
+ dst->bitlen = 0;
+ return 0;
+ }
+
slash = strchr(arg, '/');
if (slash)
*slash = 0;
bitlen = af_bit_len(dst->family);
- flags = PREFIXLEN_SPECIFIED;
+ flags = 0;
if (slash) {
unsigned int plen;
if (plen > bitlen)
return -1;
+ flags |= PREFIXLEN_SPECIFIED;
bitlen = plen;
} else {
if (dst->bitlen == -2)
bitlen = 0;
- else
- flags = 0;
}
dst->flags |= flags;
return dlen + strlcpy(dst + dlen, src, size - dlen);
}
#endif
+
+void drop_cap(void)
+{
+#ifdef HAVE_LIBCAP
+ /* don't harmstring root/sudo */
+ if (getuid() != 0 && geteuid() != 0) {
+ cap_t capabilities;
+
+ capabilities = cap_get_proc();
+ if (!capabilities)
+ exit(EXIT_FAILURE);
+ if (cap_clear(capabilities) != 0)
+ exit(EXIT_FAILURE);
+ if (cap_set_proc(capabilities) != 0)
+ exit(EXIT_FAILURE);
+ cap_free(capabilities);
+ }
+#endif
+}
projects / mirror_iproute2.git / blobdiff