matthieu/frr
1
0
Fork 0
forked from Mirror/frr
Code Pull requests Activity

*: frr_elevate_privs -> frr_with_privs

Browse source 
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This commit is contained in:
David Lamparter 2019-08-13 15:47:23 +02:00
parent ba28659f1c
commit 0cf6db21ec
41 changed files with 96 additions and 103 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.clang-format
View file

@ -29,7 +29,7 @@ ForEachMacros:
- frr_each_safe
- frr_each_from
- frr_with_mutex
- frr_elevate_privs
- frr_with_privs
- LIST_FOREACH
- LIST_FOREACH_SAFE
- SLIST_FOREACH

16
bfdd/bfd_packet.c
View file

@ -894,7 +894,7 @@ int bp_udp_shop(vrf_id_t vrf_id)
{
int sd;
frr_elevate_privs(&bglobal.bfdd_privs) {
frr_with_privs(&bglobal.bfdd_privs) {
sd = vrf_socket(AF_INET, SOCK_DGRAM, PF_UNSPEC, vrf_id, NULL);
}
if (sd == -1)
@ -909,7 +909,7 @@ int bp_udp_mhop(vrf_id_t vrf_id)
{
int sd;
frr_elevate_privs(&bglobal.bfdd_privs) {
frr_with_privs(&bglobal.bfdd_privs) {
sd = vrf_socket(AF_INET, SOCK_DGRAM, PF_UNSPEC, vrf_id, NULL);
}
if (sd == -1)
@ -934,7 +934,7 @@ int bp_peer_socket(const struct bfd_session *bs)
&& bs->key.vrfname[0])
device_to_bind = (const char *)bs->key.vrfname;
frr_elevate_privs(&bglobal.bfdd_privs) {
frr_with_privs(&bglobal.bfdd_privs) {
sd = vrf_socket(AF_INET, SOCK_DGRAM, PF_UNSPEC,
bs->vrf->vrf_id, device_to_bind);
}
@ -1001,7 +1001,7 @@ int bp_peer_socketv6(const struct bfd_session *bs)
&& bs->key.vrfname[0])
device_to_bind = (const char *)bs->key.vrfname;
frr_elevate_privs(&bglobal.bfdd_privs) {
frr_with_privs(&bglobal.bfdd_privs) {
sd = vrf_socket(AF_INET6, SOCK_DGRAM, PF_UNSPEC,
bs->vrf->vrf_id, device_to_bind);
}
@ -1121,7 +1121,7 @@ int bp_udp6_shop(vrf_id_t vrf_id)
{
int sd;
frr_elevate_privs(&bglobal.bfdd_privs) {
frr_with_privs(&bglobal.bfdd_privs) {
sd = vrf_socket(AF_INET6, SOCK_DGRAM, PF_UNSPEC, vrf_id, NULL);
}
if (sd == -1)
@ -1137,7 +1137,7 @@ int bp_udp6_mhop(vrf_id_t vrf_id)
{
int sd;
frr_elevate_privs(&bglobal.bfdd_privs) {
frr_with_privs(&bglobal.bfdd_privs) {
sd = vrf_socket(AF_INET6, SOCK_DGRAM, PF_UNSPEC, vrf_id, NULL);
}
if (sd == -1)
@ -1153,7 +1153,7 @@ int bp_echo_socket(vrf_id_t vrf_id)
{
int s;
frr_elevate_privs(&bglobal.bfdd_privs) {
frr_with_privs(&bglobal.bfdd_privs) {
s = vrf_socket(AF_INET, SOCK_DGRAM, 0, vrf_id, NULL);
}
if (s == -1)
@ -1169,7 +1169,7 @@ int bp_echov6_socket(vrf_id_t vrf_id)
{
int s;
frr_elevate_privs(&bglobal.bfdd_privs) {
frr_with_privs(&bglobal.bfdd_privs) {
s = vrf_socket(AF_INET6, SOCK_DGRAM, 0, vrf_id, NULL);
}
if (s == -1)

18
bgpd/bgp_network.c
View file

@ -122,7 +122,7 @@ static int bgp_md5_set_connect(int socket, union sockunion *su,
int ret = -1;
#if HAVE_DECL_TCP_MD5SIG
frr_elevate_privs(&bgpd_privs) {
frr_with_privs(&bgpd_privs) {
ret = bgp_md5_set_socket(socket, su, prefixlen, password);
}
#endif /* HAVE_TCP_MD5SIG */
@ -140,8 +140,7 @@ static int bgp_md5_set_password(struct peer *peer, const char *password)
* Set or unset the password on the listen socket(s). Outbound
* connections are taken care of in bgp_connect() below.
*/
frr_elevate_privs(&bgpd_privs)
{
frr_with_privs(&bgpd_privs) {
for (ALL_LIST_ELEMENTS_RO(bm->listen_sockets, node, listener))
if (listener->su.sa.sa_family
== peer->su.sa.sa_family) {
@ -167,8 +166,7 @@ int bgp_md5_set_prefix(struct prefix *p, const char *password)
struct bgp_listener *listener;
/* Set or unset the password on the listen socket(s). */
frr_elevate_privs(&bgpd_privs)
{
frr_with_privs(&bgpd_privs) {
for (ALL_LIST_ELEMENTS_RO(bm->listen_sockets, node, listener))
if (listener->su.sa.sa_family == p->family) {
prefix2sockunion(p, &su);
@ -610,7 +608,7 @@ int bgp_connect(struct peer *peer)
zlog_debug("Peer address not learnt: Returning from connect");
return 0;
}
frr_elevate_privs(&bgpd_privs) {
frr_with_privs(&bgpd_privs) {
/* Make socket for the peer. */
peer->fd = vrf_sockunion_socket(&peer->su, peer->bgp->vrf_id,
bgp_get_bound_name(peer));
@ -630,7 +628,7 @@ int bgp_connect(struct peer *peer)
sockopt_reuseport(peer->fd);
#ifdef IPTOS_PREC_INTERNETCONTROL
frr_elevate_privs(&bgpd_privs) {
frr_with_privs(&bgpd_privs) {
if (sockunion_family(&peer->su) == AF_INET)
setsockopt_ipv4_tos(peer->fd,
IPTOS_PREC_INTERNETCONTROL);
@ -708,7 +706,7 @@ static int bgp_listener(int sock, struct sockaddr *sa, socklen_t salen,
sockopt_reuseaddr(sock);
sockopt_reuseport(sock);
frr_elevate_privs(&bgpd_privs) {
frr_with_privs(&bgpd_privs) {
#ifdef IPTOS_PREC_INTERNETCONTROL
if (sa->sa_family == AF_INET)
@ -767,7 +765,7 @@ int bgp_socket(struct bgp *bgp, unsigned short port, const char *address)
snprintf(port_str, sizeof(port_str), "%d", port);
port_str[sizeof(port_str) - 1] = '\0';
frr_elevate_privs(&bgpd_privs) {
frr_with_privs(&bgpd_privs) {
ret = vrf_getaddrinfo(address, port_str, &req, &ainfo_save,
bgp->vrf_id);
}
@ -788,7 +786,7 @@ int bgp_socket(struct bgp *bgp, unsigned short port, const char *address)
if (ainfo->ai_family != AF_INET && ainfo->ai_family != AF_INET6)
continue;
frr_elevate_privs(&bgpd_privs) {
frr_with_privs(&bgpd_privs) {
sock = vrf_socket(ainfo->ai_family,
ainfo->ai_socktype,
ainfo->ai_protocol, bgp->vrf_id,

2
eigrpd/eigrp_network.c
View file

@ -61,7 +61,7 @@ int eigrp_sock_init(struct vrf *vrf)
int hincl = 1;
#endif
frr_elevate_privs(&eigrpd_privs) {
frr_with_privs(&eigrpd_privs) {
eigrp_sock = vrf_socket(
AF_INET, SOCK_RAW, IPPROTO_EIGRPIGP, vrf->vrf_id,
vrf->vrf_id != VRF_DEFAULT ? vrf->name : NULL);

2
isisd/isis_bpf.c
View file

@ -187,7 +187,7 @@ int isis_sock_init(struct isis_circuit *circuit)
{
int retval = ISIS_OK;
frr_elevate_privs(&isisd_privs) {
frr_with_privs(&isisd_privs) {
retval = open_bpf_dev(circuit);

2
isisd/isis_dlpi.c
View file

@ -467,7 +467,7 @@ int isis_sock_init(struct isis_circuit *circuit)
{
int retval = ISIS_OK;
frr_elevate_privs(&isisd_privs) {
frr_with_privs(&isisd_privs) {
retval = open_dlpi_dev(circuit);

2
isisd/isis_pfpacket.c
View file

@ -183,7 +183,7 @@ int isis_sock_init(struct isis_circuit *circuit)
{
int retval = ISIS_OK;
frr_elevate_privs(&isisd_privs) {
frr_with_privs(&isisd_privs) {
retval = open_packet_socket(circuit);

8
ldpd/socket.c
View file

@ -79,7 +79,7 @@ ldp_create_socket(int af, enum socket_type type)
sock_set_bindany(fd, 1);
break;
}
frr_elevate_privs(&ldpd_privs) {
frr_with_privs(&ldpd_privs) {
if (sock_set_reuse(fd, 1) == -1) {
close(fd);
return (-1);
@ -254,7 +254,7 @@ int
sock_set_bindany(int fd, int enable)
{
#ifdef HAVE_SO_BINDANY
frr_elevate_privs(&ldpd_privs) {
frr_with_privs(&ldpd_privs) {
if (setsockopt(fd, SOL_SOCKET, SO_BINDANY, &enable,
sizeof(int)) < 0) {
log_warn("%s: error setting SO_BINDANY", __func__);
@ -269,7 +269,7 @@ sock_set_bindany(int fd, int enable)
}
return (0);
#elif defined(IP_BINDANY)
frr_elevate_privs(&ldpd_privs) {
frr_with_privs(&ldpd_privs) {
if (setsockopt(fd, IPPROTO_IP, IP_BINDANY, &enable, sizeof(int))
< 0) {
log_warn("%s: error setting IP_BINDANY", __func__);
@ -304,7 +304,7 @@ sock_set_md5sig(int fd, int af, union ldpd_addr *addr, const char *password)
#if HAVE_DECL_TCP_MD5SIG
addr2sa(af, addr, 0, &su);
frr_elevate_privs(&ldpe_privs) {
frr_with_privs(&ldpe_privs) {
ret = sockopt_tcp_signature(fd, &su, password);
save_errno = errno;
}

8
lib/privs.h
View file

@ -109,16 +109,16 @@ extern void zprivs_get_ids(struct zprivs_ids_t *);
/*
* Wrapper around zprivs, to be used as:
* frr_elevate_privs(&privs) {
* frr_with_privs(&privs) {
* ... code ...
* if (error)
* break; -- break can be used to get out of the block
* ... code ...
* }
*
* The argument to frr_elevate_privs() can be NULL to leave privileges as-is
* The argument to frr_with_privs() can be NULL to leave privileges as-is
* (mostly useful for conditional privilege-raising, i.e.:)
* frr_elevate_privs(cond ? &privs : NULL) {}
* frr_with_privs(cond ? &privs : NULL) {}
*
* NB: The code block is always executed, regardless of whether privileges
* could be raised or not, or whether NULL was given or not. This is fully
@ -138,7 +138,7 @@ extern struct zebra_privs_t *_zprivs_raise(struct zebra_privs_t *privs,
const char *funcname);
extern void _zprivs_lower(struct zebra_privs_t **privs);
#define frr_elevate_privs(privs) \
#define frr_with_privs(privs) \
for (struct zebra_privs_t *_once = NULL, \
*_privs __attribute__( \
(unused, cleanup(_zprivs_lower))) = \

2
lib/vrf.c
View file

@ -755,7 +755,7 @@ DEFUN_NOSH (vrf_netns,
if (!pathname)
return CMD_WARNING_CONFIG_FAILED;
frr_elevate_privs(vrf_daemon_privs) {
frr_with_privs(vrf_daemon_privs) {
ret = vrf_netns_handler_create(vty, vrf, pathname,
NS_UNKNOWN, NS_UNKNOWN);
}

2
ospf6d/ospf6_network.c
View file

@ -85,7 +85,7 @@ void ospf6_serv_close(void)
/* Make ospf6d's server socket. */
int ospf6_serv_sock(void)
{
frr_elevate_privs(&ospf6d_privs) {
frr_with_privs(&ospf6d_privs) {
ospf6_sock = socket(AF_INET6, SOCK_RAW, IPPROTO_OSPFIGP);
if (ospf6_sock < 0) {

2
ospfd/ospf_network.c
View file

@ -190,7 +190,7 @@ int ospf_sock_init(struct ospf *ospf)
/* silently return since VRF is not ready */
return -1;
}
frr_elevate_privs(&ospfd_privs) {
frr_with_privs(&ospfd_privs) {
ospf_sock = vrf_socket(AF_INET, SOCK_RAW, IPPROTO_OSPFIGP,
ospf->vrf_id, ospf->name);
if (ospf_sock < 0) {

2
ospfd/ospfd.c
View file

@ -2097,7 +2097,7 @@ static int ospf_vrf_enable(struct vrf *vrf)
old_vrf_id);
if (old_vrf_id != ospf->vrf_id) {
frr_elevate_privs(&ospfd_privs) {
frr_with_privs(&ospfd_privs) {
/* stop zebra redist to us for old vrf */
zclient_send_dereg_requests(zclient,
old_vrf_id);

6
pimd/pim_mroute.c
View file

@ -57,7 +57,7 @@ static int pim_mroute_set(struct pim_instance *pim, int enable)
* We need to create the VRF table for the pim mroute_socket
*/
if (pim->vrf_id != VRF_DEFAULT) {
frr_elevate_privs(&pimd_privs) {
frr_with_privs(&pimd_privs) {
data = pim->vrf->data.l.table_id;
err = setsockopt(pim->mroute_socket, IPPROTO_IP,
@ -75,7 +75,7 @@ static int pim_mroute_set(struct pim_instance *pim, int enable)
}
}
frr_elevate_privs(&pimd_privs) {
frr_with_privs(&pimd_privs) {
opt = enable ? MRT_INIT : MRT_DONE;
/*
* *BSD *cares* about what value we pass down
@ -735,7 +735,7 @@ int pim_mroute_socket_enable(struct pim_instance *pim)
{
int fd;
frr_elevate_privs(&pimd_privs) {
frr_with_privs(&pimd_privs) {
fd = socket(AF_INET, SOCK_RAW, IPPROTO_IGMP);

2
pimd/pim_msdp_socket.c
View file

@ -175,7 +175,7 @@ int pim_msdp_sock_listen(struct pim_instance *pim)
}
}
frr_elevate_privs(&pimd_privs) {
frr_with_privs(&pimd_privs) {
/* bind to well known TCP port */
rc = bind(sock, (struct sockaddr *)&sin, socklen);
}

6
pimd/pim_sock.c
View file

@ -46,7 +46,7 @@ int pim_socket_raw(int protocol)
{
int fd;
frr_elevate_privs(&pimd_privs) {
frr_with_privs(&pimd_privs) {
fd = socket(AF_INET, SOCK_RAW, protocol);
@ -65,7 +65,7 @@ void pim_socket_ip_hdr(int fd)
{
const int on = 1;
frr_elevate_privs(&pimd_privs) {
frr_with_privs(&pimd_privs) {
if (setsockopt(fd, IPPROTO_IP, IP_HDRINCL, &on, sizeof(on)))
zlog_err("%s: Could not turn on IP_HDRINCL option: %s",
@ -83,7 +83,7 @@ int pim_socket_bind(int fd, struct interface *ifp)
int ret = 0;
#ifdef SO_BINDTODEVICE
frr_elevate_privs(&pimd_privs) {
frr_with_privs(&pimd_privs) {
ret = setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, ifp->name,
strlen(ifp->name));

4
ripd/ripd.c
View file

@ -1395,7 +1395,7 @@ int rip_create_socket(struct vrf *vrf)
/* Make datagram socket. */
if (vrf->vrf_id != VRF_DEFAULT)
vrf_dev = vrf->name;
frr_elevate_privs(&ripd_privs) {
frr_with_privs(&ripd_privs) {
sock = vrf_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, vrf->vrf_id,
vrf_dev);
if (sock < 0) {
@ -1415,7 +1415,7 @@ int rip_create_socket(struct vrf *vrf)
#endif
setsockopt_so_recvbuf(sock, RIP_UDP_RCV_BUF);
frr_elevate_privs(&ripd_privs) {
frr_with_privs(&ripd_privs) {
if ((ret = bind(sock, (struct sockaddr *)&addr, sizeof(addr)))
< 0) {
zlog_err("%s: Can't bind socket %d to %s port %d: %s",

2
ripngd/ripng_interface.c
View file

@ -75,7 +75,7 @@ static int ripng_multicast_join(struct interface *ifp, int sock)
* While this is bogus, privs are available and easy to use
* for this call as a workaround.
*/
frr_elevate_privs(&ripngd_privs) {
frr_with_privs(&ripngd_privs) {
ret = setsockopt(sock, IPPROTO_IPV6, IPV6_JOIN_GROUP,
(char *)&mreq, sizeof(mreq));

5
ripngd/ripngd.c
View file

@ -120,8 +120,7 @@ int ripng_make_socket(struct vrf *vrf)
/* Make datagram socket. */
if (vrf->vrf_id != VRF_DEFAULT)
vrf_dev = vrf->name;
frr_elevate_privs(&ripngd_privs)
{
frr_with_privs(&ripngd_privs) {
sock = vrf_socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP,
vrf->vrf_id, vrf_dev);
if (sock < 0) {
@ -160,7 +159,7 @@ int ripng_make_socket(struct vrf *vrf)
#endif /* SIN6_LEN */
ripaddr.sin6_port = htons(RIPNG_PORT_DEFAULT);
frr_elevate_privs(&ripngd_privs) {
frr_with_privs(&ripngd_privs) {
ret = bind(sock, (struct sockaddr *)&ripaddr, sizeof(ripaddr));
if (ret < 0) {
zlog_err("Can't bind ripng socket: %s.",

4
tests/lib/test_privs.c
View file

@ -113,7 +113,7 @@ int main(int argc, char **argv)
((test_privs.current_state() == ZPRIVS_RAISED) ? "Raised" : "Lowered")
printf("%s\n", PRIV_STATE());
frr_elevate_privs(&test_privs) {
frr_with_privs(&test_privs) {
printf("%s\n", PRIV_STATE());
}
@ -125,7 +125,7 @@ int main(int argc, char **argv)
/* but these should continue to work... */
printf("%s\n", PRIV_STATE());
frr_elevate_privs(&test_privs) {
frr_with_privs(&test_privs) {
printf("%s\n", PRIV_STATE());
}

12
tools/coccinelle/zprivs.cocci
View file

@ -2,12 +2,12 @@
identifier change;
identifier end;
expression E, f, g;
iterator name frr_elevate_privs;
iterator name frr_with_privs;
@@
- if (E.change(ZPRIVS_RAISE))
- f;
+ frr_elevate_privs(&E) {
+ frr_with_privs(&E) {
<+...
- goto end;
+ break;
@ -20,7 +20,7 @@ iterator name frr_elevate_privs;
@@
identifier change, errno, safe_strerror, exit;
expression E, f1, f2, f3, ret, fn;
iterator name frr_elevate_privs;
iterator name frr_with_privs;
@@
if (E.change(ZPRIVS_RAISE))
@ -44,7 +44,7 @@ iterator name frr_elevate_privs;
@@
identifier change;
expression E, f1, f2, f3, ret;
iterator name frr_elevate_privs;
iterator name frr_with_privs;
@@
if (E.change(ZPRIVS_RAISE))
@ -64,12 +64,12 @@ iterator name frr_elevate_privs;
@@
identifier change;
expression E, f, g;
iterator name frr_elevate_privs;
iterator name frr_with_privs;
@@
- if (E.change(ZPRIVS_RAISE))
- f;
+ frr_elevate_privs(&E) {
+ frr_with_privs(&E) {
...
- if (E.change(ZPRIVS_LOWER))
- g;

9
vrrpd/vrrp.c
View file

@ -1065,8 +1065,7 @@ static int vrrp_socket(struct vrrp_router *r)
int ret;
bool failed = false;
frr_elevate_privs(&vrrp_privs)
{
frr_with_privs(&vrrp_privs) {
r->sock_rx = socket(r->family, SOCK_RAW, IPPROTO_VRRP);
r->sock_tx = socket(r->family, SOCK_RAW, IPPROTO_VRRP);
}
@ -1102,8 +1101,7 @@ static int vrrp_socket(struct vrrp_router *r)
setsockopt_ipv4_multicast_loop(r->sock_tx, 0);
/* Bind Rx socket to exact interface */
frr_elevate_privs(&vrrp_privs)
{
frr_with_privs(&vrrp_privs) {
ret = setsockopt(r->sock_rx, SOL_SOCKET,
SO_BINDTODEVICE, r->vr->ifp->name,
strlen(r->vr->ifp->name));
@ -1213,8 +1211,7 @@ static int vrrp_socket(struct vrrp_router *r)
setsockopt_ipv6_multicast_loop(r->sock_tx, 0);
/* Bind Rx socket to exact interface */
frr_elevate_privs(&vrrp_privs)
{
frr_with_privs(&vrrp_privs) {
ret = setsockopt(r->sock_rx, SOL_SOCKET,
SO_BINDTODEVICE, r->vr->ifp->name,
strlen(r->vr->ifp->name));

2
vrrpd/vrrp_arp.c
View file

@ -188,7 +188,7 @@ void vrrp_garp_init(void)
/* Create the socket descriptor */
/* FIXME: why ETH_P_RARP? */
errno = 0;
frr_elevate_privs(&vrrp_privs) {
frr_with_privs(&vrrp_privs) {
garp_fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC,
htons(ETH_P_RARP));
}

3
vrrpd/vrrp_ndisc.c
View file

@ -214,8 +214,7 @@ int vrrp_ndisc_una_send_all(struct vrrp_router *r)
void vrrp_ndisc_init(void)
{
frr_elevate_privs(&vrrp_privs)
{
frr_with_privs(&vrrp_privs) {
ndisc_fd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_IPV6));
}

6
zebra/if_ioctl_solaris.c
View file

@ -60,7 +60,7 @@ static int interface_list_ioctl(int af)
size_t needed, lastneeded = 0;
char *buf = NULL;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
sock = socket(af, SOCK_DGRAM, 0);
}
@ -72,7 +72,7 @@ static int interface_list_ioctl(int af)
}
calculate_lifc_len:
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
lifn.lifn_family = af;
lifn.lifn_flags = LIFC_NOXMIT;
/* we want NOXMIT interfaces too */
@ -107,7 +107,7 @@ calculate_lifc_len:
lifconf.lifc_len = needed;
lifconf.lifc_buf = buf;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
ret = ioctl(sock, SIOCGLIFCONF, &lifconf);
}

2
zebra/if_netlink.c
View file

@ -385,7 +385,7 @@ static int get_iflink_speed(struct interface *interface)
ifdata.ifr_data = (caddr_t)&ecmd;
/* use ioctl to get IP address of an interface */
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
sd = vrf_socket(PF_INET, SOCK_DGRAM, IPPROTO_IP,
interface->vrf_id,
NULL);

6
zebra/ioctl.c
View file

@ -57,7 +57,7 @@ int if_ioctl(unsigned long request, caddr_t buffer)
int ret;
int err = 0;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
sock = socket(AF_INET, SOCK_DGRAM, 0);
if (sock < 0) {
zlog_err("Cannot create UDP socket: %s",
@ -83,7 +83,7 @@ int vrf_if_ioctl(unsigned long request, caddr_t buffer, vrf_id_t vrf_id)
int ret;
int err = 0;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
sock = vrf_socket(AF_INET, SOCK_DGRAM, 0, vrf_id, NULL);
if (sock < 0) {
zlog_err("Cannot create UDP socket: %s",
@ -110,7 +110,7 @@ static int if_ioctl_ipv6(unsigned long request, caddr_t buffer)
int ret;
int err = 0;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
sock = socket(AF_INET6, SOCK_DGRAM, 0);
if (sock < 0) {
zlog_err("Cannot create IPv6 datagram socket: %s",

4
zebra/ioctl_solaris.c
View file

@ -66,7 +66,7 @@ int if_ioctl(unsigned long request, caddr_t buffer)
int ret;
int err;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
sock = socket(AF_INET, SOCK_DGRAM, 0);
if (sock < 0) {
@ -96,7 +96,7 @@ int if_ioctl_ipv6(unsigned long request, caddr_t buffer)
int ret;
int err;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
sock = socket(AF_INET6, SOCK_DGRAM, 0);
if (sock < 0) {

8
zebra/ipforward_proc.c
View file

@ -76,7 +76,7 @@ int ipforward_on(void)
{
FILE *fp;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
fp = fopen(proc_ipv4_forwarding, "w");
@ -97,7 +97,7 @@ int ipforward_off(void)
{
FILE *fp;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
fp = fopen(proc_ipv4_forwarding, "w");
@ -143,7 +143,7 @@ int ipforward_ipv6_on(void)
{
FILE *fp;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
fp = fopen(proc_ipv6_forwarding, "w");
@ -165,7 +165,7 @@ int ipforward_ipv6_off(void)
{
FILE *fp;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
fp = fopen(proc_ipv6_forwarding, "w");

2
zebra/ipforward_solaris.c
View file

@ -83,7 +83,7 @@ static int solaris_nd(const int cmd, const char *parameter, const int value)
strioctl.ic_len = ND_BUFFER_SIZE;
strioctl.ic_dp = nd_buf;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
if ((fd = open(device, O_RDWR)) < 0) {
flog_err_sys(EC_LIB_SYSTEM_CALL,
"failed to open device %s - %s", device,

10
zebra/ipforward_sysctl.c
View file

@ -56,7 +56,7 @@ int ipforward_on(void)
int ipforwarding = 1;
len = sizeof ipforwarding;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
if (sysctl(mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) {
flog_err_sys(EC_LIB_SYSTEM_CALL,
"Can't set ipforwarding on");
@ -72,7 +72,7 @@ int ipforward_off(void)
int ipforwarding = 0;
len = sizeof ipforwarding;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
if (sysctl(mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) {
flog_err_sys(EC_LIB_SYSTEM_CALL,
"Can't set ipforwarding on");
@ -97,7 +97,7 @@ int ipforward_ipv6(void)
int ip6forwarding = 0;
len = sizeof ip6forwarding;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
if (sysctl(mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0) {
flog_err_sys(EC_LIB_SYSTEM_CALL,
"can't get ip6forwarding value");
@ -113,7 +113,7 @@ int ipforward_ipv6_on(void)
int ip6forwarding = 1;
len = sizeof ip6forwarding;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
if (sysctl(mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len)
< 0) {
flog_err_sys(EC_LIB_SYSTEM_CALL,
@ -130,7 +130,7 @@ int ipforward_ipv6_off(void)
int ip6forwarding = 0;
len = sizeof ip6forwarding;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
if (sysctl(mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len)
< 0) {
flog_err_sys(EC_LIB_SYSTEM_CALL,

2
zebra/irdp_main.c
View file

@ -82,7 +82,7 @@ int irdp_sock_init(void)
int save_errno;
int sock;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
save_errno = errno;

12
zebra/kernel_netlink.c
View file

@ -183,7 +183,7 @@ static int netlink_recvbuf(struct nlsock *nl, uint32_t newsize)
}
/* Try force option (linux >= 2.6.14) and fall back to normal set */
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
ret = setsockopt(nl->sock, SOL_SOCKET, SO_RCVBUFFORCE,
&nl_rcvbufsize,
sizeof(nl_rcvbufsize));
@ -220,7 +220,7 @@ static int netlink_socket(struct nlsock *nl, unsigned long groups,
int sock;
int namelen;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
sock = ns_socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE, ns_id);
if (sock < 0) {
zlog_err("Can't open %s socket: %s", nl->name,
@ -352,7 +352,7 @@ static void netlink_write_incoming(const char *buf, const unsigned int size,
FILE *f;
snprintf(fname, MAXPATHLEN, "%s/%s_%u", frr_vtydir, "netlink", counter);
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
f = fopen(fname, "w");
}
if (f) {
@ -373,7 +373,7 @@ static long netlink_read_file(char *buf, const char *fname)
FILE *f;
long file_bytes = -1;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
f = fopen(fname, "r");
}
if (f) {
@ -989,7 +989,7 @@ int netlink_talk_info(int (*filter)(struct nlmsghdr *, ns_id_t, int startup),
n->nlmsg_flags);
/* Send message to netlink interface. */
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
status = sendmsg(nl->sock, &msg, 0);
save_errno = errno;
}
@ -1056,7 +1056,7 @@ int netlink_request(struct nlsock *nl, struct nlmsghdr *n)
snl.nl_family = AF_NETLINK;
/* Raise capabilities and send message, then lower capabilities. */
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
ret = sendto(nl->sock, (void *)n, n->nlmsg_len, 0,
(struct sockaddr *)&snl, sizeof snl);
}

2
zebra/kernel_socket.c
View file

@ -1426,7 +1426,7 @@ static int kernel_read(struct thread *thread)
/* Make routing socket. */
static void routing_socket(struct zebra_ns *zns)
{
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
routing_sock = ns_socket(AF_ROUTE, SOCK_RAW, 0, zns->ns_id);
dplane_routing_sock =

2
zebra/rt_socket.c
View file

@ -314,7 +314,7 @@ enum zebra_dplane_result kernel_route_update(struct zebra_dplane_ctx *ctx)
type = dplane_ctx_get_type(ctx);
old_type = dplane_ctx_get_old_type(ctx);
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
if (dplane_ctx_get_op(ctx) == DPLANE_OP_ROUTE_DELETE) {
if (!RSYSTEM_ROUTE(type))

2
zebra/rtadv.c
View file

@ -760,7 +760,7 @@ static int rtadv_make_socket(ns_id_t ns_id)
int ret = 0;
struct icmp6_filter filter;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
sock = ns_socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6, ns_id);

2
zebra/zapi_msg.c
View file

@ -2507,7 +2507,7 @@ static void zserv_write_incoming(struct stream *orig, uint16_t command)
snprintf(fname, MAXPATHLEN, "%s/%u", frr_vtydir, command);
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
fd = open(fname, O_CREAT | O_WRONLY | O_EXCL, 0644);
}
stream_flush(copy, fd);

4
zebra/zebra_mpls_openbsd.c
View file

@ -119,7 +119,7 @@ static int kernel_send_rtmsg_v4(int action, mpls_label_t in_label,
hdr.rtm_mpls = MPLS_OP_SWAP;
}
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
ret = writev(kr_state.fd, iov, iovcnt);
}
@ -226,7 +226,7 @@ static int kernel_send_rtmsg_v6(int action, mpls_label_t in_label,
hdr.rtm_mpls = MPLS_OP_SWAP;
}
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
ret = writev(kr_state.fd, iov, iovcnt);
}

8
zebra/zebra_netns_notify.c
View file

@ -77,7 +77,7 @@ static void zebra_ns_notify_create_context_from_entry_name(const char *name)
if (netnspath == NULL)
return;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
ns_id = zebra_ns_id_get(netnspath);
}
if (ns_id == NS_UNKNOWN)
@ -97,7 +97,7 @@ static void zebra_ns_notify_create_context_from_entry_name(const char *name)
ns_map_nsid_with_external(ns_id, false);
return;
}
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
ret = vrf_netns_handler_create(NULL, vrf, netnspath,
ns_id_external, ns_id);
}
@ -202,14 +202,14 @@ static int zebra_ns_ready_read(struct thread *t)
netnspath = zns_info->netnspath;
if (--zns_info->retries == 0)
stop_retry = 1;
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
err = ns_switch_to_netns(netnspath);
}
if (err < 0)
return zebra_ns_continue_read(zns_info, stop_retry);
/* go back to default ns */
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
err = ns_switchback_to_initial();
}
if (err < 0)

2
zebra/zebra_ns.c
View file

@ -180,7 +180,7 @@ int zebra_ns_init(const char *optional_default_name)
dzns = zebra_ns_alloc();
frr_elevate_privs(&zserv_privs) {
frr_with_privs(&zserv_privs) {
ns_id = zebra_ns_id_get_default();
}
ns_id_external = ns_map_nsid_with_external(ns_id, true);

2
zebra/zserv.c
View file

@ -782,7 +782,7 @@ void zserv_start(char *path)
setsockopt_so_recvbuf(zsock, 1048576);
setsockopt_so_sendbuf(zsock, 1048576);
frr_elevate_privs((sa.ss_family != AF_UNIX) ? &zserv_privs : NULL) {
frr_with_privs((sa.ss_family != AF_UNIX) ? &zserv_privs : NULL) {
ret = bind(zsock, (struct sockaddr *)&sa, sa_len);
}
if (ret < 0) {