1 files changed, 45 insertions, 6 deletions

diff --git a/zebra/main.c b/zebra/main.c
index 25d8b6de..1c9269d5 100644
--- a/zebra/main.c
+++ b/zebra/main.c
@@ -1,5 +1,4 @@
-/*
- * zebra daemon main routine.
+/* zebra daemon main routine.
  * Copyright (C) 1997, 98 Kunihiro Ishiguro
  *
  * This file is part of GNU Zebra.
@@ -30,6 +29,7 @@
 #include "memory.h"
 #include "prefix.h"
 #include "log.h"
+#include "privs.h"
 
 #include "zebra/rib.h"
 #include "zebra/zserv.h"
@@ -62,10 +62,35 @@ struct option longopts[] =
   { "vty_addr",    required_argument, NULL, 'A'},
   { "vty_port",    required_argument, NULL, 'P'},
   { "retain",      no_argument,       NULL, 'r'},
+  { "user",        required_argument, NULL, 'u'},
   { "version",     no_argument,       NULL, 'v'},
   { 0 }
 };
 
+zebra_capabilities_t _caps_p [] = 
+{
+  ZCAP_ADMIN,
+  ZCAP_RAW,
+  ZCAP_BIND,
+  ZCAP_SYS_ADMIN,
+  ZCAP_FOWNER,
+};
+
+/* zebra privileges to run with */
+struct zebra_privs_t zserv_privs =
+{
+#if defined(ZEBRA_USER) && defined(ZEBRA_GROUP)
+  .user = ZEBRA_USER,
+  .group = ZEBRA_GROUP,
+#endif
+#ifdef VTY_GROUP
+  .vty_group = VTY_GROUP,
+#endif
+  .caps_p = _caps_p,
+  .cap_num_p = sizeof(_caps_p)/sizeof(_caps_p[0]),
+  .cap_num_i = 0
+};
+
 /* Default configuration file path. */
 char config_current[] = DEFAULT_CONFIG_FILE;
 char config_default[] = SYSCONFDIR DEFAULT_CONFIG_FILE;
@@ -93,6 +118,7 @@ redistribution between different routing protocols.\n\n\
 -A, --vty_addr     Set vty's bind address\n\
 -P, --vty_port     Set vty's port number\n\
 -r, --retain       When program terminates, retain added route by zebra.\n\
+-u, --user         User and group to run as\n\
 -v, --version      Print program version\n\
 -h, --help         Display this help and exit\n\
 \n\
@@ -174,7 +200,7 @@ main (int argc, char **argv)
 {
   char *p;
   char *vty_addr = NULL;
-  int vty_port = 0;
+  int vty_port = ZEBRA_VTY_PORT;
   int batch_mode = 0;
   int daemon_mode = 0;
   char *config_file = NULL;
@@ -196,7 +222,7 @@ main (int argc, char **argv)
     {
       int opt;
   
-      opt = getopt_long (argc, argv, "bdklf:hA:P:rv", longopts, 0);
+      opt = getopt_long (argc, argv, "bdklf:hA:P:ru:v", longopts, 0);
 
       if (opt == EOF)
 	break;
@@ -226,11 +252,22 @@ main (int argc, char **argv)
           pid_file = optarg;
           break;
 	case 'P':
+	  /* Deal with atoi() returning 0 on failure, and zebra not
+	     listening on zebra port... */
+	  if (strcmp(optarg, "0") == 0) 
+	    {
+	      vty_port = 0;
+	      break;
+	    } 
 	  vty_port = atoi (optarg);
+	  vty_port = (vty_port ? vty_port : ZEBRA_VTY_PORT);
 	  break;
 	case 'r':
 	  retain_mode = 1;
 	  break;
+  case 'u':
+    zserv_privs.user = zserv_privs.group = optarg;
+    break;
 	case 'v':
 	  print_version (progname);
 	  exit (0);
@@ -247,6 +284,9 @@ main (int argc, char **argv)
   /* Make master thread emulator. */
   master = thread_master_create ();
 
+  /* privs initialise */
+  zprivs_init (&zserv_privs);
+
   /* Vty related initialize. */
   signal_init ();
   cmd_init (1);
@@ -305,8 +345,7 @@ main (int argc, char **argv)
   pid = getpid ();
 
   /* Make vty server socket. */
-  vty_serv_sock (vty_addr,
-		 vty_port ? vty_port : ZEBRA_VTY_PORT, ZEBRA_VTYSH_PATH);
+  vty_serv_sock (vty_addr, vty_port, ZEBRA_VTYSH_PATH);
 
   while (thread_fetch (master, &thread))
     thread_call (&thread);