2003-06-04 Paul Jakma <paul@dishone.st>

[mirror_frr.git] / zebra / ipforward_sysctl.c

diff --git a/zebra/ipforward_sysctl.c b/zebra/ipforward_sysctl.c
index 828eb8655762977b68576b56ae8b4a9afbc4b34b..53b6c6f0b9b4128263ea408b375471633acb3e63 100644 (file)
--- a/zebra/ipforward_sysctl.c
+++ b/zebra/ipforward_sysctl.c
@@ -20,6 +20,7 @@
  */
 
 #include <zebra.h>
+#include "privs.h"
 
 #ifdef NRL
 #include <netinet6/in6.h>
@@ -29,6 +30,8 @@
 
 #define MIB_SIZ 4
 
+extern struct zebra_privs_t zserv_privs;
+
 /* IPv4 forwarding control MIB. */
 int mib[MIB_SIZ] =
 {
@@ -60,11 +63,17 @@ ipforward_on ()
   int ipforwarding = 1;
 
   len = sizeof ipforwarding;
-  if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) 
+  if (zserv_privs.change(ZPRIVS_RAISE))
+    zlog (NULL, LOG_ERR, "Can't raise privileges");
+  if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0)
     {
+      if (zserv_privs.change(ZPRIVS_LOWER))
+        zlog (NULL, LOG_ERR, "Can't lower privileges");
       zlog_warn ("Can't set ipforwarding on");
       return -1;
     }
+  if (zserv_privs.change(ZPRIVS_LOWER))
+    zlog (NULL, LOG_ERR, "Can't lower privileges");
   return ipforwarding;
 }
 
@@ -75,11 +84,17 @@ ipforward_off ()
   int ipforwarding = 0;
 
   len = sizeof ipforwarding;
-  if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) 
+  if (zserv_privs.change(ZPRIVS_RAISE))
+    zlog (NULL, LOG_ERR, "Can't raise privileges");
+  if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0)
     {
+      if (zserv_privs.change(ZPRIVS_LOWER))
+        zlog (NULL, LOG_ERR, "Can't lower privileges");
       zlog_warn ("Can't set ipforwarding on");
       return -1;
     }
+  if (zserv_privs.change(ZPRIVS_LOWER))
+    zlog (NULL, LOG_ERR, "Can't lower privileges");
   return ipforwarding;
 }
 
@@ -106,11 +121,17 @@ ipforward_ipv6 ()
   int ip6forwarding = 0;
 
   len = sizeof ip6forwarding;
-  if (sysctl (mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0) 
+  if (zserv_privs.change(ZPRIVS_RAISE))
+    zlog (NULL, LOG_ERR, "Can't raise privileges");
+  if (sysctl (mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0)
     {
+     if (zserv_privs.change(ZPRIVS_LOWER))
+        zlog (NULL, LOG_ERR, "Can't lower privileges");
       zlog_warn ("can't get ip6forwarding value");
       return -1;
     }
+  if (zserv_privs.change(ZPRIVS_LOWER))
+    zlog (NULL, LOG_ERR, "Can't lower privileges");
   return ip6forwarding;
 }
 
@@ -121,11 +142,17 @@ ipforward_ipv6_on ()
   int ip6forwarding = 1;
 
   len = sizeof ip6forwarding;
-  if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) 
+  if (zserv_privs.change(ZPRIVS_RAISE))
+    zlog (NULL, LOG_ERR, "Can't raise privileges");
+  if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0)
     {
+     if (zserv_privs.change(ZPRIVS_LOWER))
+        zlog (NULL, LOG_ERR, "Can't lower privileges");
       zlog_warn ("can't get ip6forwarding value");
       return -1;
     }
+  if (zserv_privs.change(ZPRIVS_LOWER))
+    zlog (NULL, LOG_ERR, "Can't lower privileges");
   return ip6forwarding;
 }
 
@@ -136,11 +163,17 @@ ipforward_ipv6_off ()
   int ip6forwarding = 0;
 
   len = sizeof ip6forwarding;
-  if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) 
+  if (zserv_privs.change(ZPRIVS_RAISE))
+    zlog (NULL, LOG_ERR, "Can't raise privileges");
+  if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0)
     {
+      if (zserv_privs.change(ZPRIVS_LOWER))
+        zlog (NULL, LOG_ERR, "Can't lower privileges");
       zlog_warn ("can't get ip6forwarding value");
       return -1;
     }
+  if (zserv_privs.change(ZPRIVS_LOWER))
+    zlog (NULL, LOG_ERR, "Can't lower privileges");
   return ip6forwarding;
 }
 #endif /* HAVE_IPV6 */