2003-06-04 Paul Jakma <paul@dishone.st>

	* Merge of zebra privileges

bgpd/Makefile.am

@@ -24,7 +24,7 @@ noinst_HEADERS = \
 bgpd_SOURCES = \
 	bgp_main.c $(libbgp_a_SOURCES)
 
-bgpd_LDADD = ../lib/libzebra.a
+bgpd_LDADD = ../lib/libzebra.a @LIBCAP@
 
 sysconf_DATA = bgpd.conf.sample bgpd.conf.sample2
 

bgpd/bgp_main.c

@@ -29,6 +29,7 @@ Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
 #include "memory.h"
 #include "prefix.h"
 #include "log.h"
+#include "privs.h"
 
 #include "bgpd/bgpd.h"
 #include "bgpd/bgp_attr.h"
@@ -45,6 +46,7 @@ struct option longopts[] =
   { "vty_port",    required_argument, NULL, 'P'},
   { "retain",      no_argument,       NULL, 'r'},
   { "no_kernel",   no_argument,       NULL, 'n'},
+  { "user",        required_argument, NULL, 'u'},
   { "version",     no_argument,       NULL, 'v'},
   { "help",        no_argument,       NULL, 'h'},
   { 0 }
@@ -70,6 +72,23 @@ char *pid_file = PATH_BGPD_PID;
 int vty_port = BGP_VTY_PORT;
 char *vty_addr = NULL;
 
+/* privileges */
+zebra_capabilities_t _caps_p [] =  
+{
+    ZCAP_BIND,
+};
+
+struct zebra_privs_t bgpd_privs =
+{
+#if defined(ZEBRA_USER) && defined(ZEBRA_GROUP)
+  .user = ZEBRA_USER,
+  .group = ZEBRA_GROUP,
+#endif
+  .caps_p = _caps_p,
+  .cap_num_p = sizeof(_caps_p)/sizeof(_caps_p[0]),
+  .cap_num_i = 0,
+};
+
 /* Help information display. */
 static void
 usage (char *progname, int status)
@@ -89,6 +108,7 @@ redistribution between different routing protocols.\n\n\
 -P, --vty_port     Set vty's port number\n\
 -r, --retain       When program terminates, retain added route by bgpd.\n\
 -n, --no_kernel    Do not install route to kernel.\n\
+-u, --user         User and group to run as\n\
 -v, --version      Print program version\n\
 -h, --help         Display this help and exit\n\
 \n\
@@ -197,7 +217,7 @@ main (int argc, char **argv)
   /* Command line argument treatment. */
   while (1) 
     {
-      opt = getopt_long (argc, argv, "df:hp:A:P:rnv", longopts, 0);
+      opt = getopt_long (argc, argv, "df:hp:A:P:rnu:v", longopts, 0);
 
       if (opt == EOF)
 	break;
@@ -238,6 +258,9 @@ main (int argc, char **argv)
 	case 'n':
 	  bgp_option_set (BGP_OPT_NO_FIB);
 	  break;
+  case 'u':
+    bgpd_privs.user = bgpd_privs.group = optarg;
+    break;
 	case 'v':
 	  print_version (progname);
 	  exit (0);
@@ -257,6 +280,7 @@ main (int argc, char **argv)
   /* Initializations. */
   srand (time (NULL));
   signal_init ();
+  zprivs_init (&bgpd_privs);
   cmd_init (1);
   vty_init ();
   memory_init ();

bgpd/bgp_network.c

@@ -27,12 +27,16 @@ Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
 #include "if.h"
 #include "prefix.h"
 #include "command.h"
+#include "privs.h"
 
 #include "bgpd/bgpd.h"
 #include "bgpd/bgp_fsm.h"
 #include "bgpd/bgp_attr.h"
 #include "bgpd/bgp_debug.h"
 #include "bgpd/bgp_network.h"
+
+extern struct zebra_privs_t bgpd_privs;
+
 
 /* Accept bgp connection. */
 static int
@@ -153,9 +157,16 @@ bgp_bind_address (int sock, struct in_addr *addr)
 #endif /* HAVE_SIN_LEN */
   memcpy (&local.sin_addr, addr, sizeof (struct in_addr));
 
+  if ( bgpd_privs.change (ZPRIVS_RAISE) )
+    zlog_err ("bgp_bind_address: could not raise privs");
+
   ret = bind (sock, (struct sockaddr *)&local, sizeof (struct sockaddr_in));
   if (ret < 0)
     ;
+
+  if (bgpd_privs.change (ZPRIVS_LOWER) )
+    zlog_err ("bgp_bind_address: could not lower privs");
+
   return 0;
 }
 
@@ -306,6 +317,9 @@ bgp_socket (struct bgp *bgp, unsigned short port)
 
       sockopt_reuseaddr (sock);
       sockopt_reuseport (sock);
+
+      if (bgpd_privs.change (ZPRIVS_RAISE) )
+        zlog_err ("bgp_socket: could not raise privs");
 
       ret = bind (sock, ainfo->ai_addr, ainfo->ai_addrlen);
       if (ret < 0)
@@ -314,6 +328,10 @@ bgp_socket (struct bgp *bgp, unsigned short port)
 	  close (sock);
 	  continue;
 	}
+
+      if (bgpd_privs.change (ZPRIVS_LOWER) )
+        zlog_err ("bgp_bind_address: could not lower privs");
+
       ret = listen (sock, 3);
       if (ret < 0) 
 	{
@@ -359,13 +377,20 @@ bgp_socket (struct bgp *bgp, unsigned short port)
   sin.sin_len = socklen;
 #endif /* HAVE_SIN_LEN */
 
+  if ( bgpd_privs.change (ZPRIVS_RAISE) )
+    zlog_err ("bgp_socket: could not raise privs");
+
   ret = bind (sock, (struct sockaddr *) &sin, socklen);
   if (ret < 0)
     {
       zlog_err ("bind: %s", strerror (errno));
       close (sock);
       return ret;
     }
+
+  if (bgpd_privs.change (ZPRIVS_LOWER) )
+    zlog_err ("bgp_socket: could not lower privs");
+
   ret = listen (sock, 3);
   if (ret < 0) 
     {

configure.ac

@@ -98,8 +98,15 @@ AC_ARG_ENABLE(ospf-te,
 [  --enable-ospf-te        enable Traffic Engineering Extension to OSPF])
 AC_ARG_ENABLE(multipath,
 [  --enable-multipath=ARG  enable multipath function, ARG must be digit])
+AC_ARG_ENABLE(zebra_user,
+[  --enable-user=ARG       user to run zebra suite as (default zebra)])
+AC_ARG_ENABLE(zebra_group,
+[  --enable-group=ARG      group to run zebra suite as (default zebra)])
+AC_ARG_ENABLE(vty_group,
+[  --enable-vty-group=ARG      set vty sockets to have specified group as owner])
+
 AC_ARG_ENABLE(rtadv,
-[  --enable-rtadv         enable IPV6 router advertisment feature])
+[  --enable-rtadv         enable IPV6 router advertisement feature])
 
 if test "${enable_broken_aliases}" = "yes"; then
   if test "${enable_netlink}" = "yes"
@@ -136,6 +143,32 @@ else
   AC_MSG_RESULT(no)
 fi
 
+if test "${enable_user}" = "yes" ; then
+  enable_user="zebra"
+elif test "${enable_user}" = "no"; then
+  enable_user="root"
+fi
+AC_DEFINE_UNQUOTED(ZEBRA_USER, "${enable_user}", Zebra User)
+
+if test "${enable_group}" = "yes" ; then
+  enable_group="zebra"
+elif test "${enable_group}" = "no"; then
+  enable_group="root"
+fi
+AC_DEFINE_UNQUOTED(ZEBRA_GROUP, "${enable_group}", Zebra Group)
+
+if test x"${enable_vty_group}" = x"yes" ; then
+  AC_MSG_ERROR([--enable-vty-group requires a group as argument])
+fi
+if test "${enable_vty_group}" = ""; then
+  AC_MSG_ERROR([--enable-vty-group requires a group as argument])
+fi
+if test x"${enable_vty_group}" != x"no"; then
+  if test "${enable_vty_group}" != ""; then
+    AC_DEFINE_UNQUOTED(VTY_GROUP, "${enable_vty_group}", VTY Sockets Group)
+  fi
+fi
+
 changequote(, )dnl
 
 MULTIPATH_NUM=1
@@ -864,6 +897,28 @@ AC_TRY_COMPILE([#include <sys/resource.h>
  AC_DEFINE(HAVE_RUSAGE,,rusage)],
  AC_MSG_RESULT(no))
 
+dnl -------------------
+dnl capabilities checks
+dnl -------------------
+AC_MSG_CHECKING(whether prctl PR_SET_KEEPCAPS is available)
+AC_TRY_COMPILE([#include <sys/prctl.h>],[prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);],
+  [AC_MSG_RESULT(yes)
+   AC_DEFINE(HAVE_PR_SET_KEEPCAPS,,prctl)
+   zebra_ac_keepcaps="yes"],
+   AC_MSG_RESULT(no)
+)
+if test x"${zebra_ac_keepcaps}" = x"yes"; then
+  AC_CHECK_HEADERS(sys/capability.h)
+fi
+if test x"${ac_cv_header_sys_capability_h}" = x"yes"; then
+  AC_CHECK_LIB(cap, cap_init, 
+    [AC_DEFINE(HAVE_LCAPS,1,Capabilities)
+     LIBCAP="-lcap"
+    ]
+  )
+fi
+AC_SUBST(LIBCAP)
+
 dnl ---------------------------
 dnl check for glibc 'backtrace'
 dnl --------------------------- 
@@ -968,5 +1023,4 @@ compiler                : ${CC}
 compiler flags          : ${CFLAGS}
 linker flags            : ${LDFLAGS} ${LIBS}
 state file directory    : ${zebra_statedir}
-linker flags            : ${LDFLAGS} ${LIBS}
 "

lib/Makefile.am

@@ -10,17 +10,18 @@ libzebra_a_SOURCES = \
 	print_version.c checksum.c vector.c linklist.c vty.c command.c \
 	sockunion.c prefix.c thread.c if.c memory.c buffer.c table.c hash.c \
 	filter.c routemap.c distribute.c stream.c str.c log.c plist.c \
-	zclient.c sockopt.c smux.c md5.c if_rmap.c keychain.c
+	zclient.c sockopt.c smux.c md5.c if_rmap.c keychain.c privs.c debug.c
 
-libzebra_a_DEPENDENCIES = @LIB_REGEX@
+libzebra_a_DEPENDENCIES = @LIB_REGEX@ @LIBCAP@
 
 libzebra_a_LIBADD = @LIB_REGEX@
 
 noinst_HEADERS = \
 	buffer.h command.h filter.h getopt.h hash.h if.h linklist.h log.h \
 	memory.h network.h prefix.h routemap.h distribute.h sockunion.h \
 	str.h stream.h table.h thread.h vector.h version.h vty.h zebra.h \
-	plist.h zclient.h sockopt.h smux.h md5-gnu.h if_rmap.h keychain.h
+	plist.h zclient.h sockopt.h smux.h md5-gnu.h if_rmap.h keychain.h \
+	privs.h debug.h
 
 EXTRA_DIST = regex.c regex-gnu.h
 

lib/memory.h

@@ -189,6 +189,8 @@ enum
 
   MTYPE_VRF,
   MTYPE_VRF_NAME,
+
+  MTYPE_PRIVS,
 
   MTYPE_MAX
 };

lib/vty.c

@@ -33,6 +33,7 @@
 #include "log.h"
 #include "prefix.h"
 #include "filter.h"
+#include "privs.h"
 
 /* Vty events */
 enum event 
@@ -1851,7 +1852,8 @@ vty_serv_un (char *path)
   int sock, len;
   struct sockaddr_un serv;
   mode_t old_mask;
-
+  struct zprivs_ids_t ids;
+
   /* First of all, unlink existing socket */
   unlink (path);
 
@@ -1894,6 +1896,18 @@ vty_serv_un (char *path)
 
   umask (old_mask);
 
+  zprivs_get_ids(&ids);
+
+  if (ids.gid_vty > 0)
+    {
+      /* set group of socket */
+      if ( chown (path, -1, ids.gid_vty) )
+        {
+          zlog_err ("vty_serv_un: could chown socket, %s",
+                     strerror (errno) );
+        }
+    }
+
   vty_event (VTYSH_SERV, sock, NULL);
 }
 

lib/zebra.h

@@ -42,6 +42,8 @@ typedef int socklen_t;
 #include <fcntl.h>
 #include <signal.h>
 #include <string.h>
+#include <pwd.h>
+#include <grp.h>
 #ifdef HAVE_STROPTS_H
 #include <stropts.h>
 #endif /* HAVE_STROPTS_H */
@@ -70,6 +72,10 @@ typedef int socklen_t;
 #ifdef HAVE_RUSAGE
 #include <sys/resource.h>
 #endif /* HAVE_RUSAGE */
+#ifdef HAVE_LCAPS
+#include <sys/capability.h>
+#include <sys/prctl.h>
+#endif /* HAVE_LCAPS */
 
 /* machine dependent includes */
 #ifdef SUNOS_5

ospf6d/Makefile.am

@@ -28,7 +28,7 @@ noinst_HEADERS = \
 ospf6d_SOURCES = \
 	ospf6_main.c $(libospf6_a_SOURCES)
 
-ospf6d_LDADD = -L../lib -lzebra
+ospf6d_LDADD = -L../lib -lzebra @LIBCAP@
 
 sysconf_DATA = ospf6d.conf.sample