{
int fd, domain, proto;
union ldpd_addr addr;
- struct sockaddr_storage local_sa;
+ union sockunion local_su;
#ifdef __OpenBSD__
int opt;
#endif
- int save_errno;
/* create socket */
switch (type) {
case LDP_SOCKET_DISC:
/* listen on all addresses */
memset(&addr, 0, sizeof(addr));
- memcpy(&local_sa, addr2sa(af, &addr, LDP_PORT),
- sizeof(local_sa));
+ addr2sa(af, &addr, LDP_PORT, &local_su);
break;
case LDP_SOCKET_EDISC:
case LDP_SOCKET_SESSION:
addr = (ldp_af_conf_get(ldpd_conf, af))->trans_addr;
- memcpy(&local_sa, addr2sa(af, &addr, LDP_PORT),
- sizeof(local_sa));
+ addr2sa(af, &addr, LDP_PORT, &local_su);
/* ignore any possible error */
sock_set_bindany(fd, 1);
break;
}
- if (ldpd_privs.change(ZPRIVS_RAISE))
- log_warn("%s: could not raise privs", __func__);
- if (sock_set_reuse(fd, 1) == -1) {
- close(fd);
- return (-1);
- }
- if (bind(fd, (struct sockaddr *)&local_sa,
- sockaddr_len((struct sockaddr *)&local_sa)) == -1) {
- save_errno = errno;
- if (ldpd_privs.change(ZPRIVS_LOWER))
- log_warn("%s: could not lower privs", __func__);
- log_warnx("%s: error binding socket: %s", __func__,
- safe_strerror(save_errno));
- close(fd);
- return (-1);
+ frr_elevate_privs(&ldpd_privs) {
+ if (sock_set_reuse(fd, 1) == -1) {
+ close(fd);
+ return (-1);
+ }
+ if (bind(fd, &local_su.sa, sockaddr_len(&local_su.sa)) == -1) {
+ log_warnx("%s: error binding socket: %s", __func__,
+ safe_strerror(errno));
+ close(fd);
+ return (-1);
+ }
}
- if (ldpd_privs.change(ZPRIVS_LOWER))
- log_warn("%s: could not lower privs", __func__);
/* set options */
switch (af) {
sock_set_bindany(int fd, int enable)
{
#ifdef HAVE_SO_BINDANY
- if (ldpd_privs.change(ZPRIVS_RAISE))
- log_warn("%s: could not raise privs", __func__);
- if (setsockopt(fd, SOL_SOCKET, SO_BINDANY, &enable,
- sizeof(int)) < 0) {
- if (ldpd_privs.change(ZPRIVS_LOWER))
- log_warn("%s: could not lower privs", __func__);
- log_warn("%s: error setting SO_BINDANY", __func__);
- return (-1);
+ frr_elevate_privs(&ldpd_privs) {
+ if (setsockopt(fd, SOL_SOCKET, SO_BINDANY, &enable,
+ sizeof(int)) < 0) {
+ log_warn("%s: error setting SO_BINDANY", __func__);
+ return (-1);
+ }
}
- if (ldpd_privs.change(ZPRIVS_LOWER))
- log_warn("%s: could not lower privs", __func__);
return (0);
#elif defined(HAVE_IP_FREEBIND)
if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &enable, sizeof(int)) < 0) {
if (fd == -1)
return (0);
#if HAVE_DECL_TCP_MD5SIG
- memcpy(&su, addr2sa(af, addr, 0), sizeof(su));
+ addr2sa(af, addr, 0, &su);
- if (ldpe_privs.change(ZPRIVS_RAISE)) {
- log_warn("%s: could not raise privs", __func__);
- return (-1);
+ frr_elevate_privs(&ldpe_privs) {
+ ret = sockopt_tcp_signature(fd, &su, password);
+ save_errno = errno;
}
- ret = sockopt_tcp_signature(fd, &su, password);
- save_errno = errno;
- if (ldpe_privs.change(ZPRIVS_LOWER))
- log_warn("%s: could not lower privs", __func__);
#endif /* HAVE_TCP_MD5SIG */
if (ret < 0)
log_warnx("%s: can't set TCP_MD5SIG option on fd %d: %s",
projects / mirror_frr.git / blobdiff