#ifdef __OpenBSD__
int opt;
#endif
- int save_errno;
/* create socket */
switch (type) {
sock_set_bindany(fd, 1);
break;
}
- if (ldpd_privs.change(ZPRIVS_RAISE))
- log_warn("%s: could not raise privs", __func__);
- if (sock_set_reuse(fd, 1) == -1) {
- if (ldpd_privs.change(ZPRIVS_LOWER))
- log_warn("%s: could not lower privs", __func__);
- close(fd);
- return (-1);
- }
- if (bind(fd, &local_su.sa, sockaddr_len(&local_su.sa)) == -1) {
- save_errno = errno;
- if (ldpd_privs.change(ZPRIVS_LOWER))
- log_warn("%s: could not lower privs", __func__);
- log_warnx("%s: error binding socket: %s", __func__,
- safe_strerror(save_errno));
- close(fd);
- return (-1);
+ frr_with_privs(&ldpd_privs) {
+ if (sock_set_reuse(fd, 1) == -1) {
+ close(fd);
+ return (-1);
+ }
+ if (bind(fd, &local_su.sa, sockaddr_len(&local_su.sa)) == -1) {
+ log_warnx("%s: error binding socket: %s", __func__,
+ safe_strerror(errno));
+ close(fd);
+ return (-1);
+ }
}
- if (ldpd_privs.change(ZPRIVS_LOWER))
- log_warn("%s: could not lower privs", __func__);
/* set options */
switch (af) {
sock_set_bindany(int fd, int enable)
{
#ifdef HAVE_SO_BINDANY
- frr_elevate_privs(&ldpd_privs) {
+ frr_with_privs(&ldpd_privs) {
if (setsockopt(fd, SOL_SOCKET, SO_BINDANY, &enable,
sizeof(int)) < 0) {
log_warn("%s: error setting SO_BINDANY", __func__);
return (-1);
}
return (0);
+#elif defined(IP_BINDANY)
+ frr_with_privs(&ldpd_privs) {
+ if (setsockopt(fd, IPPROTO_IP, IP_BINDANY, &enable, sizeof(int))
+ < 0) {
+ log_warn("%s: error setting IP_BINDANY", __func__);
+ return (-1);
+ }
+ }
+ return (0);
#else
- log_warnx("%s: missing SO_BINDANY and IP_FREEBIND, unable to bind "
- "to a nonlocal IP address", __func__);
+ log_warnx(
+ "%s: missing SO_BINDANY, IP_FREEBIND and IP_BINDANY, unable to bind to a nonlocal IP address",
+ __func__);
return (-1);
#endif /* HAVE_SO_BINDANY */
}
#if HAVE_DECL_TCP_MD5SIG
addr2sa(af, addr, 0, &su);
- if (ldpe_privs.change(ZPRIVS_RAISE)) {
- log_warn("%s: could not raise privs", __func__);
- return (-1);
+ frr_with_privs(&ldpe_privs) {
+ ret = sockopt_tcp_signature(fd, &su, password);
+ save_errno = errno;
}
- ret = sockopt_tcp_signature(fd, &su, password);
- save_errno = errno;
- if (ldpe_privs.change(ZPRIVS_LOWER))
- log_warn("%s: could not lower privs", __func__);
#endif /* HAVE_TCP_MD5SIG */
if (ret < 0)
log_warnx("%s: can't set TCP_MD5SIG option on fd %d: %s",