Rivo Nurgess:

- privs ports for zebra/kernel_socket.c and zebra/ipforward_solaris.c
- configure fix for VTY_GROUP.

Paul Jakma: add lib/debug.?
- lib/zebra.h,lib/debug.{c,h}: experimental glibc backtrace support
- Little tweaks and fixes to lib/privs.?
- ospfd/ospf_main.c: tweaks, add experimental backtrace suppor (glibc only)
- Cleanup configure.ac IPv6 handling.
- remove acconfig.h
- update cvsignore's
- tweaks to redhat spec file, add users/groups

1 files changed, 10 insertions, 0 deletions

diff --git a/zebra/kernel_socket.c b/zebra/kernel_socket.c
index 17893a87..30e0fb1d 100644
--- a/zebra/kernel_socket.c
+++ b/zebra/kernel_socket.c
@@ -31,11 +31,14 @@
 #include "str.h"
 #include "table.h"
 #include "rib.h"
+#include "privs.h"
 
 #include "zebra/interface.h"
 #include "zebra/zserv.h"
 #include "zebra/debug.h"
 
+extern struct zebra_privs_t zserv_privs;
+
 /* Socket length roundup function. */
 #define ROUNDUP(a) \
   ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
@@ -798,16 +801,23 @@ kernel_read (struct thread *thread)
 void
 routing_socket ()
 {
+  if ( zserv_privs.change (ZPRIVS_RAISE) )
+    zlog_err ("routing_socket: Can't raise privileges");
+
   routing_sock = socket (AF_ROUTE, SOCK_RAW, 0);
 
   if (routing_sock < 0) 
     {
+      if ( zserv_privs.change (ZPRIVS_LOWER) )
+        zlog_err ("routing_socket: Can't lower privileges");
       zlog_warn ("Can't init kernel routing socket");
       return;
     }
 
   if (fcntl (routing_sock, F_SETFL, O_NONBLOCK) < 0) 
     zlog_warn ("Can't set O_NONBLOCK to routing socket");
+  if ( zserv_privs.change (ZPRIVS_LOWER) )
+    zlog_err ("routing_socket: Can't lower privileges");
 
   /* kernel_read needs rewrite. */
   thread_add_read (master, kernel_read, NULL, routing_sock);