diff options
Diffstat (limited to 'lib/privs.c')
| -rw-r--r-- | lib/privs.c | 71 |
1 files changed, 36 insertions, 35 deletions
diff --git a/lib/privs.c b/lib/privs.c index cd0f94ec..91114a7e 100644 --- a/lib/privs.c +++ b/lib/privs.c @@ -28,7 +28,9 @@ #include "qpthreads.h" /* Needs to be qpthread safe */ -static qpt_mutex_t* mx = NULL; +static qpt_mutex_t privs_mutex; +#define LOCK qpt_mutex_lock(&privs_mutex); +#define UNLOCK qpt_mutex_unlock(&privs_mutex); #ifdef HAVE_CAPABILITIES /* sort out some generic internal types for: @@ -195,13 +197,13 @@ zprivs_change_caps (zebra_privs_ops_t op) int result = 0; int change = 0; - qpt_mutex_lock(mx); + LOCK /* should be no possibility of being called without valid caps */ assert (zprivs_state.syscaps_p && zprivs_state.caps); if (! (zprivs_state.syscaps_p && zprivs_state.caps)) { - qpt_mutex_unlock(mx); + UNLOCK exit (1); } @@ -226,7 +228,7 @@ zprivs_change_caps (zebra_privs_ops_t op) cflag)) result = cap_set_proc (zprivs_state.caps); - qpt_mutex_unlock(mx); + UNLOCK return result; } @@ -237,13 +239,13 @@ zprivs_state_caps (void) cap_flag_value_t val; zebra_privs_current_t result = ZPRIVS_LOWERED; - qpt_mutex_lock(mx); + LOCK /* should be no possibility of being called without valid caps */ assert (zprivs_state.syscaps_p && zprivs_state.caps); if (! (zprivs_state.syscaps_p && zprivs_state.caps)) { - qpt_mutex_unlock(mx); + UNLOCK exit (1); } @@ -264,7 +266,7 @@ zprivs_state_caps (void) } } - qpt_mutex_unlock(mx); + UNLOCK return result; } @@ -412,14 +414,14 @@ zprivs_change_caps (zebra_privs_ops_t op) { int result = 0; - qpt_mutex_lock(mx); + LOCK /* should be no possibility of being called without valid caps */ assert (zprivs_state.syscaps_p); if (!zprivs_state.syscaps_p) { fprintf (stderr, "%s: Eek, missing caps!", __func__); - qpt_mutex_unlock(mx); + UNLOCK exit (1); } @@ -447,7 +449,7 @@ zprivs_change_caps (zebra_privs_ops_t op) else result = -1; - qpt_mutex_unlock(mx); + UNLOCK return result; } @@ -459,7 +461,7 @@ zprivs_state_caps (void) zebra_privs_current_t result = ZPRIVS_UNKNOWN; pset_t *effective; - qpt_mutex_lock(mx); + LOCK if ( (effective = priv_allocset()) == NULL) { @@ -486,7 +488,7 @@ zprivs_state_caps (void) priv_freeset (effective); } - qpt_mutex_unlock(mx); + UNLOCK return result; } @@ -617,7 +619,7 @@ zprivs_change_uid (zebra_privs_ops_t op) { int result = 0; - qpt_mutex_lock(mx); + LOCK if (op == ZPRIVS_RAISE) { @@ -638,7 +640,7 @@ zprivs_change_uid (zebra_privs_ops_t op) result = -1; } - qpt_mutex_unlock(mx); + UNLOCK return result; } @@ -647,9 +649,9 @@ zprivs_state_uid (void) { zebra_privs_current_t result; - qpt_mutex_lock(mx); + LOCK result = ( (zprivs_state.zuid == geteuid()) ? ZPRIVS_LOWERED : ZPRIVS_RAISED); - qpt_mutex_unlock(mx); + UNLOCK return result; } @@ -664,23 +666,22 @@ zprivs_state_null (void) { int result; - qpt_mutex_lock(mx); + LOCK result = zprivs_null_state; - qpt_mutex_unlock(mx); + UNLOCK return result; } void zprivs_init_r() { - mx = qpt_mutex_init(mx, qpt_mutex_quagga); + qpt_mutex_init(&privs_mutex, qpt_mutex_quagga); } void zprivs_finish(void) { - if (mx) - mx = qpt_mutex_destroy(mx, 1); + qpt_mutex_destroy(&privs_mutex, 0); } void @@ -695,7 +696,7 @@ zprivs_init(struct zebra_privs_t *zprivs) exit (1); } - qpt_mutex_lock(mx); + LOCK /* NULL privs */ if (! (zprivs->user || zprivs->group @@ -703,7 +704,7 @@ zprivs_init(struct zebra_privs_t *zprivs) { zprivs->change = zprivs_change_null; zprivs->current_state = zprivs_state_null; - qpt_mutex_unlock(mx); + UNLOCK return; } @@ -718,7 +719,7 @@ zprivs_init(struct zebra_privs_t *zprivs) /* cant use log.h here as it depends on vty */ fprintf (stderr, "privs_init: could not lookup user %s\n", zprivs->user); - qpt_mutex_unlock(mx); + UNLOCK exit (1); } } @@ -735,7 +736,7 @@ zprivs_init(struct zebra_privs_t *zprivs) { fprintf (stderr, "privs_init: could not setgroups, %s\n", safe_strerror (errno) ); - qpt_mutex_unlock(mx); + UNLOCK exit (1); } } @@ -743,7 +744,7 @@ zprivs_init(struct zebra_privs_t *zprivs) { fprintf (stderr, "privs_init: could not lookup vty group %s\n", zprivs->vty_group); - qpt_mutex_unlock(mx); + UNLOCK exit (1); } } @@ -758,7 +759,7 @@ zprivs_init(struct zebra_privs_t *zprivs) { fprintf (stderr, "privs_init: could not lookup group %s\n", zprivs->group); - qpt_mutex_unlock(mx); + UNLOCK exit (1); } /* change group now, forever. uid we do later */ @@ -766,7 +767,7 @@ zprivs_init(struct zebra_privs_t *zprivs) { fprintf (stderr, "zprivs_init: could not setregid, %s\n", safe_strerror (errno) ); - qpt_mutex_unlock(mx); + UNLOCK exit (1); } } @@ -787,7 +788,7 @@ zprivs_init(struct zebra_privs_t *zprivs) { fprintf (stderr, "privs_init (uid): could not setreuid, %s\n", safe_strerror (errno)); - qpt_mutex_unlock(mx); + UNLOCK exit (1); } } @@ -796,7 +797,7 @@ zprivs_init(struct zebra_privs_t *zprivs) zprivs->current_state = zprivs_state_uid; #endif /* HAVE_CAPABILITIES */ - qpt_mutex_unlock(mx); + UNLOCK } void @@ -808,7 +809,7 @@ zprivs_terminate (struct zebra_privs_t *zprivs) exit (0); } - qpt_mutex_lock(mx); + LOCK #ifdef HAVE_CAPABILITIES zprivs_caps_terminate(); @@ -819,7 +820,7 @@ zprivs_terminate (struct zebra_privs_t *zprivs) { fprintf (stderr, "privs_terminate: could not setreuid, %s", safe_strerror (errno) ); - qpt_mutex_unlock(mx); + UNLOCK exit (1); } } @@ -830,14 +831,14 @@ zprivs_terminate (struct zebra_privs_t *zprivs) zprivs_null_state = ZPRIVS_LOWERED; raise_count = 0; - qpt_mutex_unlock(mx); + UNLOCK return; } void zprivs_get_ids(struct zprivs_ids_t *ids) { - qpt_mutex_lock(mx); + LOCK ids->uid_priv = getuid(); (zprivs_state.zuid) ? (ids->uid_normal = zprivs_state.zuid) @@ -847,6 +848,6 @@ zprivs_get_ids(struct zprivs_ids_t *ids) (zprivs_state.vtygrp) ? (ids->gid_vty = zprivs_state.vtygrp) : (ids->gid_vty = -1); - qpt_mutex_unlock(mx); + UNLOCK return; } |