From 01b9e3fd0d354d7d4c60b1c0240f269a4fd08990 Mon Sep 17 00:00:00 2001 From: David Lamparter Date: Fri, 10 Aug 2018 18:36:43 +0200 Subject: [PATCH] *: use frr_elevate_privs() (1/2: coccinelle) Signed-off-by: David Lamparter --- bgpd/bgp_network.c | 73 ++++++++++++----------------- eigrpd/eigrp_network.c | 26 +++++------ isisd/isis_bpf.c | 35 ++++++-------- isisd/isis_dlpi.c | 35 ++++++-------- isisd/isis_pfpacket.c | 41 +++++++--------- ldpd/socket.c | 16 +++---- ospf6d/ospf6_network.c | 21 +++------ pimd/pim_mroute.c | 74 ++++++++++++----------------- pimd/pim_sock.c | 39 +++++----------- ripd/ripd.c | 38 ++++++--------- ripngd/ripng_interface.c | 17 +++---- ripngd/ripngd.c | 20 +++----- tools/zprivs.cocci | 76 ++++++++++++++++++++++++++++++ zebra/if_ioctl_solaris.c | 31 ++++++------ zebra/if_netlink.c | 25 +++++----- zebra/ioctl.c | 77 ++++++++++++------------------ zebra/ioctl_solaris.c | 55 +++++++++------------- zebra/ipforward_proc.c | 96 +++++++++++++------------------------- zebra/ipforward_solaris.c | 36 ++++++-------- zebra/ipforward_sysctl.c | 70 ++++++++++----------------- zebra/irdp_main.c | 14 ++---- zebra/kernel_netlink.c | 23 ++++----- zebra/rt_socket.c | 14 +++--- zebra/rtadv.c | 12 ++--- zebra/zebra_mpls_openbsd.c | 16 +++---- zebra/zebra_netns_notify.c | 34 ++++++-------- zebra/zebra_ns.c | 8 ++-- 27 files changed, 438 insertions(+), 584 deletions(-) create mode 100644 tools/zprivs.cocci diff --git a/bgpd/bgp_network.c b/bgpd/bgp_network.c index 666cc5bb8..f0d4305ba 100644 --- a/bgpd/bgp_network.c +++ b/bgpd/bgp_network.c @@ -559,13 +559,11 @@ int bgp_connect(struct peer *peer) zlog_debug("Peer address not learnt: Returning from connect"); return 0; } - if (bgpd_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); + frr_elevate_privs(&bgpd_privs) { /* Make socket for the peer. */ - peer->fd = vrf_sockunion_socket(&peer->su, peer->bgp->vrf_id, - bgp_get_bound_name(peer)); - if (bgpd_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); + peer->fd = vrf_sockunion_socket(&peer->su, peer->bgp->vrf_id, + bgp_get_bound_name(peer)); + } if (peer->fd < 0) return -1; @@ -584,16 +582,12 @@ int bgp_connect(struct peer *peer) peer->host, safe_strerror(errno)); #ifdef IPTOS_PREC_INTERNETCONTROL - if (bgpd_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "%s: could not raise privs", - __func__); - if (sockunion_family(&peer->su) == AF_INET) - setsockopt_ipv4_tos(peer->fd, IPTOS_PREC_INTERNETCONTROL); - else if (sockunion_family(&peer->su) == AF_INET6) - setsockopt_ipv6_tclass(peer->fd, IPTOS_PREC_INTERNETCONTROL); - if (bgpd_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "%s: could not lower privs", - __func__); + frr_elevate_privs(&bgpd_privs) { + if (sockunion_family(&peer->su) == AF_INET) + setsockopt_ipv4_tos(peer->fd, IPTOS_PREC_INTERNETCONTROL); + else if (sockunion_family(&peer->su) == AF_INET6) + setsockopt_ipv6_tclass(peer->fd, IPTOS_PREC_INTERNETCONTROL); + } #endif if (peer->password) @@ -661,24 +655,20 @@ static int bgp_listener(int sock, struct sockaddr *sa, socklen_t salen, sockopt_reuseaddr(sock); sockopt_reuseport(sock); - if (bgpd_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "%s: could not raise privs", - __func__); + frr_elevate_privs(&bgpd_privs) { #ifdef IPTOS_PREC_INTERNETCONTROL - if (sa->sa_family == AF_INET) - setsockopt_ipv4_tos(sock, IPTOS_PREC_INTERNETCONTROL); - else if (sa->sa_family == AF_INET6) - setsockopt_ipv6_tclass(sock, IPTOS_PREC_INTERNETCONTROL); + if (sa->sa_family == AF_INET) + setsockopt_ipv4_tos(sock, IPTOS_PREC_INTERNETCONTROL); + else if (sa->sa_family == AF_INET6) + setsockopt_ipv6_tclass(sock, IPTOS_PREC_INTERNETCONTROL); #endif - sockopt_v6only(sa->sa_family, sock); + sockopt_v6only(sa->sa_family, sock); - ret = bind(sock, sa, salen); - en = errno; - if (bgpd_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "%s: could not lower privs", - __func__); + ret = bind(sock, sa, salen); + en = errno; + } if (ret < 0) { flog_err_sys(LIB_ERR_SOCKET, "bind: %s", safe_strerror(en)); @@ -724,12 +714,10 @@ int bgp_socket(struct bgp *bgp, unsigned short port, const char *address) snprintf(port_str, sizeof(port_str), "%d", port); port_str[sizeof(port_str) - 1] = '\0'; - if (bgpd_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - ret = vrf_getaddrinfo(address, port_str, &req, &ainfo_save, - bgp->vrf_id); - if (bgpd_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); + frr_elevate_privs(&bgpd_privs) { + ret = vrf_getaddrinfo(address, port_str, &req, &ainfo_save, + bgp->vrf_id); + } if (ret != 0) { flog_err_sys(LIB_ERR_SOCKET, "getaddrinfo: %s", gai_strerror(ret)); @@ -743,14 +731,13 @@ int bgp_socket(struct bgp *bgp, unsigned short port, const char *address) if (ainfo->ai_family != AF_INET && ainfo->ai_family != AF_INET6) continue; - if (bgpd_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - sock = vrf_socket(ainfo->ai_family, ainfo->ai_socktype, - ainfo->ai_protocol, bgp->vrf_id, - (bgp->inst_type == BGP_INSTANCE_TYPE_VRF ? - bgp->name : NULL)); - if (bgpd_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); + frr_elevate_privs(&bgpd_privs) { + sock = vrf_socket(ainfo->ai_family, + ainfo->ai_socktype, + ainfo->ai_protocol, bgp->vrf_id, + (bgp->inst_type == BGP_INSTANCE_TYPE_VRF ? + bgp->name : NULL)); + } if (sock < 0) { flog_err_sys(LIB_ERR_SOCKET, "socket: %s", safe_strerror(errno)); diff --git a/eigrpd/eigrp_network.c b/eigrpd/eigrp_network.c index 189d85f4b..d778578d8 100644 --- a/eigrpd/eigrp_network.c +++ b/eigrpd/eigrp_network.c @@ -131,9 +131,7 @@ void eigrp_adjust_sndbuflen(struct eigrp *eigrp, unsigned int buflen) /* Check if any work has to be done at all. */ if (eigrp->maxsndbuflen >= buflen) return; - if (eigrpd_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "%s: could not raise privs, %s", - __func__, safe_strerror(errno)); + frr_elevate_privs(&eigrpd_privs) { /* Now we try to set SO_SNDBUF to what our caller has requested * (the MTU of a newly added interface). However, if the OS has @@ -142,18 +140,16 @@ void eigrp_adjust_sndbuflen(struct eigrp *eigrp, unsigned int buflen) * may allocate more buffer space, than requested, this isn't * a error. */ - setsockopt_so_sendbuf(eigrp->fd, buflen); - newbuflen = getsockopt_so_sendbuf(eigrp->fd); - if (newbuflen < 0 || newbuflen < (int)buflen) - zlog_warn("%s: tried to set SO_SNDBUF to %u, but got %d", - __func__, buflen, newbuflen); - if (newbuflen >= 0) - eigrp->maxsndbuflen = (unsigned int)newbuflen; - else - zlog_warn("%s: failed to get SO_SNDBUF", __func__); - if (eigrpd_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "%s: could not lower privs, %s", - __func__, safe_strerror(errno)); + setsockopt_so_sendbuf(eigrp->fd, buflen); + newbuflen = getsockopt_so_sendbuf(eigrp->fd); + if (newbuflen < 0 || newbuflen < (int)buflen) + zlog_warn("%s: tried to set SO_SNDBUF to %u, but got %d", + __func__, buflen, newbuflen); + if (newbuflen >= 0) + eigrp->maxsndbuflen = (unsigned int)newbuflen; + else + zlog_warn("%s: failed to get SO_SNDBUF", __func__); + } } int eigrp_if_ipmulticast(struct eigrp *top, struct prefix *p, diff --git a/isisd/isis_bpf.c b/isisd/isis_bpf.c index fc0432979..cd7a090f7 100644 --- a/isisd/isis_bpf.c +++ b/isisd/isis_bpf.c @@ -187,30 +187,25 @@ int isis_sock_init(struct isis_circuit *circuit) { int retval = ISIS_OK; - if (isisd_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "%s: could not raise privs, %s", - __func__, safe_strerror(errno)); + frr_elevate_privs(&isisd_privs) { - retval = open_bpf_dev(circuit); + retval = open_bpf_dev(circuit); - if (retval != ISIS_OK) { - zlog_warn("%s: could not initialize the socket", __func__); - goto end; - } + if (retval != ISIS_OK) { + zlog_warn("%s: could not initialize the socket", __func__); + break; + } - if (if_is_broadcast(circuit->interface)) { - circuit->tx = isis_send_pdu_bcast; - circuit->rx = isis_recv_pdu_bcast; - } else { - zlog_warn("isis_sock_init(): unknown circuit type"); - retval = ISIS_WARNING; - goto end; - } + if (if_is_broadcast(circuit->interface)) { + circuit->tx = isis_send_pdu_bcast; + circuit->rx = isis_recv_pdu_bcast; + } else { + zlog_warn("isis_sock_init(): unknown circuit type"); + retval = ISIS_WARNING; + break; + } -end: - if (isisd_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "%s: could not lower privs, %s", - __func__, safe_strerror(errno)); +} return retval; } diff --git a/isisd/isis_dlpi.c b/isisd/isis_dlpi.c index bb3a0c045..a06d68cbd 100644 --- a/isisd/isis_dlpi.c +++ b/isisd/isis_dlpi.c @@ -468,30 +468,25 @@ int isis_sock_init(struct isis_circuit *circuit) { int retval = ISIS_OK; - if (isisd_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "%s: could not raise privs, %s", - __func__, safe_strerror(errno)); + frr_elevate_privs(&isisd_privs) { - retval = open_dlpi_dev(circuit); + retval = open_dlpi_dev(circuit); - if (retval != ISIS_OK) { - zlog_warn("%s: could not initialize the socket", __func__); - goto end; - } + if (retval != ISIS_OK) { + zlog_warn("%s: could not initialize the socket", __func__); + break; + } - if (circuit->circ_type == CIRCUIT_T_BROADCAST) { - circuit->tx = isis_send_pdu_bcast; - circuit->rx = isis_recv_pdu_bcast; - } else { - zlog_warn("isis_sock_init(): unknown circuit type"); - retval = ISIS_WARNING; - goto end; - } + if (circuit->circ_type == CIRCUIT_T_BROADCAST) { + circuit->tx = isis_send_pdu_bcast; + circuit->rx = isis_recv_pdu_bcast; + } else { + zlog_warn("isis_sock_init(): unknown circuit type"); + retval = ISIS_WARNING; + break; + } -end: - if (isisd_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "%s: could not lower privs, %s", - __func__, safe_strerror(errno)); +} return retval; } diff --git a/isisd/isis_pfpacket.c b/isisd/isis_pfpacket.c index f38354cca..e0d8e4d8f 100644 --- a/isisd/isis_pfpacket.c +++ b/isisd/isis_pfpacket.c @@ -185,34 +185,29 @@ int isis_sock_init(struct isis_circuit *circuit) { int retval = ISIS_OK; - if (isisd_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "%s: could not raise privs, %s", - __func__, safe_strerror(errno)); + frr_elevate_privs(&isisd_privs) { - retval = open_packet_socket(circuit); + retval = open_packet_socket(circuit); - if (retval != ISIS_OK) { - zlog_warn("%s: could not initialize the socket", __func__); - goto end; - } + if (retval != ISIS_OK) { + zlog_warn("%s: could not initialize the socket", __func__); + break; + } /* Assign Rx and Tx callbacks are based on real if type */ - if (if_is_broadcast(circuit->interface)) { - circuit->tx = isis_send_pdu_bcast; - circuit->rx = isis_recv_pdu_bcast; - } else if (if_is_pointopoint(circuit->interface)) { - circuit->tx = isis_send_pdu_p2p; - circuit->rx = isis_recv_pdu_p2p; - } else { - zlog_warn("isis_sock_init(): unknown circuit type"); - retval = ISIS_WARNING; - goto end; - } + if (if_is_broadcast(circuit->interface)) { + circuit->tx = isis_send_pdu_bcast; + circuit->rx = isis_recv_pdu_bcast; + } else if (if_is_pointopoint(circuit->interface)) { + circuit->tx = isis_send_pdu_p2p; + circuit->rx = isis_recv_pdu_p2p; + } else { + zlog_warn("isis_sock_init(): unknown circuit type"); + retval = ISIS_WARNING; + break; + } -end: - if (isisd_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "%s: could not lower privs, %s", - __func__, safe_strerror(errno)); +} return retval; } diff --git a/ldpd/socket.c b/ldpd/socket.c index aefa3461a..1cdef8372 100644 --- a/ldpd/socket.c +++ b/ldpd/socket.c @@ -262,17 +262,13 @@ int sock_set_bindany(int fd, int enable) { #ifdef HAVE_SO_BINDANY - if (ldpd_privs.change(ZPRIVS_RAISE)) - log_warn("%s: could not raise privs", __func__); - if (setsockopt(fd, SOL_SOCKET, SO_BINDANY, &enable, - sizeof(int)) < 0) { - if (ldpd_privs.change(ZPRIVS_LOWER)) - log_warn("%s: could not lower privs", __func__); - log_warn("%s: error setting SO_BINDANY", __func__); - return (-1); + frr_elevate_privs(&ldpd_privs) { + if (setsockopt(fd, SOL_SOCKET, SO_BINDANY, &enable, + sizeof(int)) < 0) { + log_warn("%s: error setting SO_BINDANY", __func__); + return (-1); + } } - if (ldpd_privs.change(ZPRIVS_LOWER)) - log_warn("%s: could not lower privs", __func__); return (0); #elif defined(HAVE_IP_FREEBIND) if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &enable, sizeof(int)) < 0) { diff --git a/ospf6d/ospf6_network.c b/ospf6d/ospf6_network.c index bf0387aab..8988a53e5 100644 --- a/ospf6d/ospf6_network.c +++ b/ospf6d/ospf6_network.c @@ -76,21 +76,14 @@ static void ospf6_set_checksum(void) /* Make ospf6d's server socket. */ int ospf6_serv_sock(void) { - if (ospf6d_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, - "ospf6_serv_sock: could not raise privs"); - - ospf6_sock = socket(AF_INET6, SOCK_RAW, IPPROTO_OSPFIGP); - if (ospf6_sock < 0) { - zlog_warn("Network: can't create OSPF6 socket."); - if (ospf6d_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, - "ospf6_sock_init: could not lower privs"); - return -1; + frr_elevate_privs(&ospf6d_privs) { + + ospf6_sock = socket(AF_INET6, SOCK_RAW, IPPROTO_OSPFIGP); + if (ospf6_sock < 0) { + zlog_warn("Network: can't create OSPF6 socket."); + return -1; + } } - if (ospf6d_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, - "ospf6_sock_init: could not lower privs"); /* set socket options */ #if 1 diff --git a/pimd/pim_mroute.c b/pimd/pim_mroute.c index 6028e5ba1..d3f13b38e 100644 --- a/pimd/pim_mroute.c +++ b/pimd/pim_mroute.c @@ -56,29 +56,22 @@ static int pim_mroute_set(struct pim_instance *pim, int enable) * We need to create the VRF table for the pim mroute_socket */ if (pim->vrf_id != VRF_DEFAULT) { - if (pimd_privs.change(ZPRIVS_RAISE)) - flog_err( - LIB_ERR_PRIVILEGES, - "pim_mroute_socket_enable: could not raise privs, %s", - safe_strerror(errno)); + frr_elevate_privs(&pimd_privs) { - opt = pim->vrf->data.l.table_id; - err = setsockopt(pim->mroute_socket, IPPROTO_IP, MRT_TABLE, - &opt, opt_len); - if (err) { - zlog_warn( - "%s %s: failure: setsockopt(fd=%d,IPPROTO_IP, MRT_TABLE=%d): errno=%d: %s", - __FILE__, __PRETTY_FUNCTION__, - pim->mroute_socket, opt, errno, - safe_strerror(errno)); - return -1; - } + opt = pim->vrf->data.l.table_id; + err = setsockopt(pim->mroute_socket, IPPROTO_IP, + MRT_TABLE, + &opt, opt_len); + if (err) { + zlog_warn( + "%s %s: failure: setsockopt(fd=%d,IPPROTO_IP, MRT_TABLE=%d): errno=%d: %s", + __FILE__, __PRETTY_FUNCTION__, + pim->mroute_socket, opt, errno, + safe_strerror(errno)); + return -1; + } - if (pimd_privs.change(ZPRIVS_LOWER)) - flog_err( - LIB_ERR_PRIVILEGES, - "pim_mroute_socket_enable: could not lower privs, %s", - safe_strerror(errno)); + } } opt = enable ? MRT_INIT : MRT_DONE; @@ -711,34 +704,29 @@ int pim_mroute_socket_enable(struct pim_instance *pim) { int fd; - if (pimd_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, - "pim_mroute_socket_enable: could not raise privs, %s", - safe_strerror(errno)); + frr_elevate_privs(&pimd_privs) { - fd = socket(AF_INET, SOCK_RAW, IPPROTO_IGMP); + fd = socket(AF_INET, SOCK_RAW, IPPROTO_IGMP); - if (fd < 0) { - zlog_warn("Could not create mroute socket: errno=%d: %s", errno, - safe_strerror(errno)); - return -2; - } + if (fd < 0) { + zlog_warn("Could not create mroute socket: errno=%d: %s", + errno, + safe_strerror(errno)); + return -2; + } #ifdef SO_BINDTODEVICE - if (pim->vrf->vrf_id != VRF_DEFAULT - && setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, pim->vrf->name, - strlen(pim->vrf->name))) { - zlog_warn("Could not setsockopt SO_BINDTODEVICE: %s", - safe_strerror(errno)); - close(fd); - return -3; - } + if (pim->vrf->vrf_id != VRF_DEFAULT + && setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, pim->vrf->name, + strlen(pim->vrf->name))) { + zlog_warn("Could not setsockopt SO_BINDTODEVICE: %s", + safe_strerror(errno)); + close(fd); + return -3; + } #endif - if (pimd_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, - "pim_mroute_socket_enable: could not lower privs, %s", - safe_strerror(errno)); + } pim->mroute_socket = fd; if (pim_mroute_set(pim, 1)) { diff --git a/pimd/pim_sock.c b/pimd/pim_sock.c index 976bf3d10..1f584a2f9 100644 --- a/pimd/pim_sock.c +++ b/pimd/pim_sock.c @@ -46,17 +46,11 @@ int pim_socket_raw(int protocol) { int fd; - if (pimd_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, - "pim_sockek_raw: could not raise privs, %s", - safe_strerror(errno)); + frr_elevate_privs(&pimd_privs) { - fd = socket(AF_INET, SOCK_RAW, protocol); + fd = socket(AF_INET, SOCK_RAW, protocol); - if (pimd_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, - "pim_socket_raw: could not lower privs, %s", - safe_strerror(errno)); + } if (fd < 0) { zlog_warn("Could not create raw socket: errno=%d: %s", errno, @@ -71,18 +65,13 @@ void pim_socket_ip_hdr(int fd) { const int on = 1; - if (pimd_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "%s: could not raise privs, %s", - __PRETTY_FUNCTION__, safe_strerror(errno)); + frr_elevate_privs(&pimd_privs) { - if (setsockopt(fd, IPPROTO_IP, IP_HDRINCL, &on, sizeof(on))) - flog_err_sys(LIB_ERR_SOCKET, - "%s: Could not turn on IP_HDRINCL option: %s", - __PRETTY_FUNCTION__, safe_strerror(errno)); + if (setsockopt(fd, IPPROTO_IP, IP_HDRINCL, &on, sizeof(on))) + zlog_err("%s: Could not turn on IP_HDRINCL option: %s", + __PRETTY_FUNCTION__, safe_strerror(errno)); - if (pimd_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "%s: could not lower privs, %s", - __PRETTY_FUNCTION__, safe_strerror(errno)); + } } /* @@ -94,16 +83,12 @@ int pim_socket_bind(int fd, struct interface *ifp) int ret = 0; #ifdef SO_BINDTODEVICE - if (pimd_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "%s: could not raise privs, %s", - __PRETTY_FUNCTION__, safe_strerror(errno)); + frr_elevate_privs(&pimd_privs) { - ret = setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, ifp->name, - strlen(ifp->name)); + ret = setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, ifp->name, + strlen(ifp->name)); - if (pimd_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "%s: could not lower privs, %s", - __PRETTY_FUNCTION__, safe_strerror(errno)); + } #endif return ret; diff --git a/ripd/ripd.c b/ripd/ripd.c index 274b9540b..8ee165967 100644 --- a/ripd/ripd.c +++ b/ripd/ripd.c @@ -1357,31 +1357,23 @@ static int rip_create_socket(void) setsockopt_ipv4_tos(sock, IPTOS_PREC_INTERNETCONTROL); #endif - if (ripd_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, - "rip_create_socket: could not raise privs"); - setsockopt_so_recvbuf(sock, RIP_UDP_RCV_BUF); - if ((ret = bind(sock, (struct sockaddr *)&addr, sizeof(addr))) < 0) + frr_elevate_privs(&ripd_privs) { + setsockopt_so_recvbuf(sock, RIP_UDP_RCV_BUF); + if ((ret = bind(sock, (struct sockaddr *)&addr, sizeof(addr))) < 0) - { - int save_errno = errno; - if (ripd_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, - "rip_create_socket: could not lower privs"); - - flog_err_sys(LIB_ERR_SOCKET, - "%s: Can't bind socket %d to %s port %d: %s", - __func__, sock, inet_ntoa(addr.sin_addr), - (int)ntohs(addr.sin_port), - safe_strerror(save_errno)); - - close(sock); - return ret; - } + { + int save_errno = errno; + + zlog_err("%s: Can't bind socket %d to %s port %d: %s", + __func__, + sock, inet_ntoa(addr.sin_addr), + (int)ntohs(addr.sin_port), safe_strerror(save_errno)); - if (ripd_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, - "rip_create_socket: could not lower privs"); + close(sock); + return ret; + } + + } return sock; } diff --git a/ripngd/ripng_interface.c b/ripngd/ripng_interface.c index 006389302..ef324b001 100644 --- a/ripngd/ripng_interface.c +++ b/ripngd/ripng_interface.c @@ -72,19 +72,14 @@ static int ripng_multicast_join(struct interface *ifp) * While this is bogus, privs are available and easy to use * for this call as a workaround. */ - if (ripngd_privs.change(ZPRIVS_RAISE)) - flog_err( - LIB_ERR_PRIVILEGES, - "ripng_multicast_join: could not raise privs"); + frr_elevate_privs(&ripngd_privs) { - ret = setsockopt(ripng->sock, IPPROTO_IPV6, IPV6_JOIN_GROUP, - (char *)&mreq, sizeof(mreq)); - save_errno = errno; + ret = setsockopt(ripng->sock, IPPROTO_IPV6, + IPV6_JOIN_GROUP, + (char *)&mreq, sizeof(mreq)); + save_errno = errno; - if (ripngd_privs.change(ZPRIVS_LOWER)) - flog_err( - LIB_ERR_PRIVILEGES, - "ripng_multicast_join: could not lower privs"); + } if (ret < 0 && save_errno == EADDRINUSE) { /* diff --git a/ripngd/ripngd.c b/ripngd/ripngd.c index 80e0047ff..925b3f137 100644 --- a/ripngd/ripngd.c +++ b/ripngd/ripngd.c @@ -125,22 +125,14 @@ static int ripng_make_socket(void) #endif /* SIN6_LEN */ ripaddr.sin6_port = htons(RIPNG_PORT_DEFAULT); - if (ripngd_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, - "ripng_make_socket: could not raise privs"); + frr_elevate_privs(&ripngd_privs) { - ret = bind(sock, (struct sockaddr *)&ripaddr, sizeof(ripaddr)); - if (ret < 0) { - flog_err_sys(LIB_ERR_SOCKET, "Can't bind ripng socket: %s.", - safe_strerror(errno)); - if (ripngd_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, - "ripng_make_socket: could not lower privs"); - goto error; + ret = bind(sock, (struct sockaddr *)&ripaddr, sizeof(ripaddr)); + if (ret < 0) { + zlog_err("Can't bind ripng socket: %s.", safe_strerror(errno)); + goto error; + } } - if (ripngd_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, - "ripng_make_socket: could not lower privs"); return sock; error: diff --git a/tools/zprivs.cocci b/tools/zprivs.cocci new file mode 100644 index 000000000..76d13c3f0 --- /dev/null +++ b/tools/zprivs.cocci @@ -0,0 +1,76 @@ +@@ +identifier change; +identifier end; +expression E, f, g; +iterator name frr_elevate_privs; +@@ + +- if (E.change(ZPRIVS_RAISE)) +- f; ++ frr_elevate_privs(&E) { + <+... +- goto end; ++ break; + ...+> +- end: +- if (E.change(ZPRIVS_LOWER)) +- g; ++ } + +@@ +identifier change, errno, safe_strerror, exit; +expression E, f1, f2, f3, ret, fn; +iterator name frr_elevate_privs; +@@ + + if (E.change(ZPRIVS_RAISE)) + f1; + ... + if (...) { +- int save_errno = errno; + ... +- if (E.change(ZPRIVS_LOWER)) +- f2; + ... +- safe_strerror(save_errno) ++ safe_strerror(errno) + ... + \( return ret; \| exit(ret); \) + } + ... + if (E.change(ZPRIVS_LOWER)) + f3; + +@@ +identifier change; +expression E, f1, f2, f3, ret; +iterator name frr_elevate_privs; +@@ + + if (E.change(ZPRIVS_RAISE)) + f1; + ... + if (...) { + ... +- if (E.change(ZPRIVS_LOWER)) +- f2; + ... + return ret; + } + ... + if (E.change(ZPRIVS_LOWER)) + f3; + +@@ +identifier change; +expression E, f, g; +iterator name frr_elevate_privs; +@@ + +- if (E.change(ZPRIVS_RAISE)) +- f; ++ frr_elevate_privs(&E) { + ... +- if (E.change(ZPRIVS_LOWER)) +- g; ++ } diff --git a/zebra/if_ioctl_solaris.c b/zebra/if_ioctl_solaris.c index 3b3064490..ee7f22e78 100644 --- a/zebra/if_ioctl_solaris.c +++ b/zebra/if_ioctl_solaris.c @@ -59,29 +59,24 @@ static int interface_list_ioctl(int af) size_t needed, lastneeded = 0; char *buf = NULL; - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - - sock = socket(af, SOCK_DGRAM, 0); - if (sock < 0) { - zlog_warn("Can't make %s socket stream: %s", - (af == AF_INET ? "AF_INET" : "AF_INET6"), - safe_strerror(errno)); + frr_elevate_privs(&zserv_privs) { - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); + sock = socket(af, SOCK_DGRAM, 0); + if (sock < 0) { + zlog_warn("Can't make %s socket stream: %s", + (af == AF_INET ? "AF_INET" : "AF_INET6"), + safe_strerror(errno)); - return -1; - } + return -1; + } calculate_lifc_len: /* must hold privileges to enter here */ - lifn.lifn_family = af; - lifn.lifn_flags = LIFC_NOXMIT; /* we want NOXMIT interfaces too */ - ret = ioctl(sock, SIOCGLIFNUM, &lifn); - save_errno = errno; + lifn.lifn_family = af; + lifn.lifn_flags = LIFC_NOXMIT; /* we want NOXMIT interfaces too */ + ret = ioctl(sock, SIOCGLIFNUM, &lifn); + save_errno = errno; - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); + } if (ret < 0) { zlog_warn("interface_list_ioctl: SIOCGLIFNUM failed %s", diff --git a/zebra/if_netlink.c b/zebra/if_netlink.c index e09d30a20..c0da066aa 100644 --- a/zebra/if_netlink.c +++ b/zebra/if_netlink.c @@ -375,20 +375,19 @@ static int get_iflink_speed(struct interface *interface) ifdata.ifr_data = (caddr_t)&ecmd; /* use ioctl to get IP address of an interface */ - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - sd = vrf_socket(PF_INET, SOCK_DGRAM, IPPROTO_IP, interface->vrf_id, - NULL); - if (sd < 0) { - if (IS_ZEBRA_DEBUG_KERNEL) - zlog_debug("Failure to read interface %s speed: %d %s", - ifname, errno, safe_strerror(errno)); - return 0; - } + frr_elevate_privs(&zserv_privs) { + sd = vrf_socket(PF_INET, SOCK_DGRAM, IPPROTO_IP, + interface->vrf_id, + NULL); + if (sd < 0) { + if (IS_ZEBRA_DEBUG_KERNEL) + zlog_debug("Failure to read interface %s speed: %d %s", + ifname, errno, safe_strerror(errno)); + return 0; + } /* Get the current link state for the interface */ - rc = vrf_ioctl(interface->vrf_id, sd, SIOCETHTOOL, (char *)&ifdata); - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); + rc = vrf_ioctl(interface->vrf_id, sd, SIOCETHTOOL, (char *)&ifdata); + } if (rc < 0) { if (IS_ZEBRA_DEBUG_KERNEL) zlog_debug( diff --git a/zebra/ioctl.c b/zebra/ioctl.c index 4804d42fd..0469bc38c 100644 --- a/zebra/ioctl.c +++ b/zebra/ioctl.c @@ -55,22 +55,16 @@ int if_ioctl(unsigned long request, caddr_t buffer) int ret; int err = 0; - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - sock = socket(AF_INET, SOCK_DGRAM, 0); - if (sock < 0) { - int save_errno = errno; - - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); - flog_err_sys(LIB_ERR_SOCKET, "Cannot create UDP socket: %s", - safe_strerror(save_errno)); - exit(1); + frr_elevate_privs(&zserv_privs) { + sock = socket(AF_INET, SOCK_DGRAM, 0); + if (sock < 0) { + zlog_err("Cannot create UDP socket: %s", + safe_strerror(errno)); + exit(1); + } + if ((ret = ioctl(sock, request, buffer)) < 0) + err = errno; } - if ((ret = ioctl(sock, request, buffer)) < 0) - err = errno; - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); close(sock); if (ret < 0) { @@ -87,23 +81,17 @@ int vrf_if_ioctl(unsigned long request, caddr_t buffer, vrf_id_t vrf_id) int ret; int err = 0; - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - sock = vrf_socket(AF_INET, SOCK_DGRAM, 0, vrf_id, NULL); - if (sock < 0) { - int save_errno = errno; - - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); - flog_err_sys(LIB_ERR_SOCKET, "Cannot create UDP socket: %s", - safe_strerror(save_errno)); - exit(1); + frr_elevate_privs(&zserv_privs) { + sock = vrf_socket(AF_INET, SOCK_DGRAM, 0, vrf_id, NULL); + if (sock < 0) { + zlog_err("Cannot create UDP socket: %s", + safe_strerror(errno)); + exit(1); + } + ret = vrf_ioctl(vrf_id, sock, request, buffer); + if (ret < 0) + err = errno; } - ret = vrf_ioctl(vrf_id, sock, request, buffer); - if (ret < 0) - err = errno; - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); close(sock); if (ret < 0) { @@ -120,24 +108,17 @@ static int if_ioctl_ipv6(unsigned long request, caddr_t buffer) int ret; int err = 0; - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - sock = socket(AF_INET6, SOCK_DGRAM, 0); - if (sock < 0) { - int save_errno = errno; - - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); - flog_err_sys(LIB_ERR_SOCKET, - "Cannot create IPv6 datagram socket: %s", - safe_strerror(save_errno)); - exit(1); - } + frr_elevate_privs(&zserv_privs) { + sock = socket(AF_INET6, SOCK_DGRAM, 0); + if (sock < 0) { + zlog_err("Cannot create IPv6 datagram socket: %s", + safe_strerror(errno)); + exit(1); + } - if ((ret = ioctl(sock, request, buffer)) < 0) - err = errno; - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); + if ((ret = ioctl(sock, request, buffer)) < 0) + err = errno; + } close(sock); if (ret < 0) { diff --git a/zebra/ioctl_solaris.c b/zebra/ioctl_solaris.c index 1ba37f2db..260911ce6 100644 --- a/zebra/ioctl_solaris.c +++ b/zebra/ioctl_solaris.c @@ -58,24 +58,19 @@ int if_ioctl(unsigned long request, caddr_t buffer) int ret; int err; - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - - sock = socket(AF_INET, SOCK_DGRAM, 0); - if (sock < 0) { - int save_errno = errno; - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); - flog_err_sys(LIB_ERR_SOCKET, "Cannot create UDP socket: %s", - safe_strerror(save_errno)); - exit(1); - } + frr_elevate_privs(&zserv_privs) { + + sock = socket(AF_INET, SOCK_DGRAM, 0); + if (sock < 0) { + zlog_err("Cannot create UDP socket: %s", + safe_strerror(errno)); + exit(1); + } - if ((ret = ioctl(sock, request, buffer)) < 0) - err = errno; + if ((ret = ioctl(sock, request, buffer)) < 0) + err = errno; - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); + } close(sock); @@ -93,25 +88,19 @@ int if_ioctl_ipv6(unsigned long request, caddr_t buffer) int ret; int err; - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - - sock = socket(AF_INET6, SOCK_DGRAM, 0); - if (sock < 0) { - int save_errno = errno; - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); - flog_err_sys(LIB_ERR_SOCKET, - "Cannot create IPv6 datagram socket: %s", - safe_strerror(save_errno)); - exit(1); - } + frr_elevate_privs(&zserv_privs) { + + sock = socket(AF_INET6, SOCK_DGRAM, 0); + if (sock < 0) { + zlog_err("Cannot create IPv6 datagram socket: %s", + safe_strerror(errno)); + exit(1); + } - if ((ret = ioctl(sock, request, buffer)) < 0) - err = errno; + if ((ret = ioctl(sock, request, buffer)) < 0) + err = errno; - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); + } close(sock); diff --git a/zebra/ipforward_proc.c b/zebra/ipforward_proc.c index fc2762441..3a766b1ea 100644 --- a/zebra/ipforward_proc.c +++ b/zebra/ipforward_proc.c @@ -77,27 +77,19 @@ int ipforward_on(void) { FILE *fp; - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges, %s", - safe_strerror(errno)); + frr_elevate_privs(&zserv_privs) { - fp = fopen(proc_ipv4_forwarding, "w"); + fp = fopen(proc_ipv4_forwarding, "w"); - if (fp == NULL) { - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, - "Can't lower privileges, %s", - safe_strerror(errno)); - return -1; - } + if (fp == NULL) { + return -1; + } - fprintf(fp, "1\n"); + fprintf(fp, "1\n"); - fclose(fp); + fclose(fp); - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges, %s", - safe_strerror(errno)); + } return ipforward(); } @@ -106,27 +98,19 @@ int ipforward_off(void) { FILE *fp; - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges, %s", - safe_strerror(errno)); + frr_elevate_privs(&zserv_privs) { - fp = fopen(proc_ipv4_forwarding, "w"); + fp = fopen(proc_ipv4_forwarding, "w"); - if (fp == NULL) { - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, - "Can't lower privileges, %s", - safe_strerror(errno)); - return -1; - } + if (fp == NULL) { + return -1; + } - fprintf(fp, "0\n"); + fprintf(fp, "0\n"); - fclose(fp); + fclose(fp); - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges, %s", - safe_strerror(errno)); + } return ipforward(); } @@ -160,27 +144,19 @@ int ipforward_ipv6_on(void) { FILE *fp; - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges, %s", - safe_strerror(errno)); + frr_elevate_privs(&zserv_privs) { - fp = fopen(proc_ipv6_forwarding, "w"); + fp = fopen(proc_ipv6_forwarding, "w"); - if (fp == NULL) { - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, - "Can't lower privileges, %s", - safe_strerror(errno)); - return -1; - } + if (fp == NULL) { + return -1; + } - fprintf(fp, "1\n"); + fprintf(fp, "1\n"); - fclose(fp); + fclose(fp); - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges, %s", - safe_strerror(errno)); + } return ipforward_ipv6(); } @@ -190,27 +166,19 @@ int ipforward_ipv6_off(void) { FILE *fp; - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges, %s", - safe_strerror(errno)); + frr_elevate_privs(&zserv_privs) { - fp = fopen(proc_ipv6_forwarding, "w"); + fp = fopen(proc_ipv6_forwarding, "w"); - if (fp == NULL) { - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, - "Can't lower privileges, %s", - safe_strerror(errno)); - return -1; - } + if (fp == NULL) { + return -1; + } - fprintf(fp, "0\n"); + fprintf(fp, "0\n"); - fclose(fp); + fclose(fp); - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges, %s", - safe_strerror(errno)); + } return ipforward_ipv6(); } diff --git a/zebra/ipforward_solaris.c b/zebra/ipforward_solaris.c index c44a1fb9c..b06baa04a 100644 --- a/zebra/ipforward_solaris.c +++ b/zebra/ipforward_solaris.c @@ -82,31 +82,21 @@ static int solaris_nd(const int cmd, const char *parameter, const int value) strioctl.ic_len = ND_BUFFER_SIZE; strioctl.ic_dp = nd_buf; - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, - "solaris_nd: Can't raise privileges"); - if ((fd = open(device, O_RDWR)) < 0) { - zlog_warn("failed to open device %s - %s", device, - safe_strerror(errno)); - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, - "solaris_nd: Can't lower privileges"); - return -1; - } - if (ioctl(fd, I_STR, &strioctl) < 0) { - int save_errno = errno; - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, - "solaris_nd: Can't lower privileges"); + frr_elevate_privs(&zserv_privs) { + if ((fd = open(device, O_RDWR)) < 0) { + zlog_warn("failed to open device %s - %s", device, + safe_strerror(errno)); + return -1; + } + if (ioctl(fd, I_STR, &strioctl) < 0) { + close(fd); + zlog_warn("ioctl I_STR failed on device %s - %s", + device, + safe_strerror(errno)); + return -1; + } close(fd); - zlog_warn("ioctl I_STR failed on device %s - %s", device, - safe_strerror(save_errno)); - return -1; } - close(fd); - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, - "solaris_nd: Can't lower privileges"); if (cmd == ND_GET) { errno = 0; diff --git a/zebra/ipforward_sysctl.c b/zebra/ipforward_sysctl.c index f0eaa1ace..9fa636641 100644 --- a/zebra/ipforward_sysctl.c +++ b/zebra/ipforward_sysctl.c @@ -54,16 +54,12 @@ int ipforward_on(void) int ipforwarding = 1; len = sizeof ipforwarding; - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - if (sysctl(mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) { - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); - zlog_warn("Can't set ipforwarding on"); - return -1; + frr_elevate_privs(&zserv_privs) { + if (sysctl(mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) { + zlog_warn("Can't set ipforwarding on"); + return -1; + } } - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); return ipforwarding; } @@ -73,16 +69,12 @@ int ipforward_off(void) int ipforwarding = 0; len = sizeof ipforwarding; - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - if (sysctl(mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) { - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); - zlog_warn("Can't set ipforwarding on"); - return -1; + frr_elevate_privs(&zserv_privs) { + if (sysctl(mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) { + zlog_warn("Can't set ipforwarding on"); + return -1; + } } - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); return ipforwarding; } @@ -101,16 +93,12 @@ int ipforward_ipv6(void) int ip6forwarding = 0; len = sizeof ip6forwarding; - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - if (sysctl(mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0) { - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); - zlog_warn("can't get ip6forwarding value"); - return -1; + frr_elevate_privs(&zserv_privs) { + if (sysctl(mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0) { + zlog_warn("can't get ip6forwarding value"); + return -1; + } } - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); return ip6forwarding; } @@ -120,16 +108,12 @@ int ipforward_ipv6_on(void) int ip6forwarding = 1; len = sizeof ip6forwarding; - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - if (sysctl(mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) { - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); - zlog_warn("can't get ip6forwarding value"); - return -1; + frr_elevate_privs(&zserv_privs) { + if (sysctl(mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) { + zlog_warn("can't get ip6forwarding value"); + return -1; + } } - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); return ip6forwarding; } @@ -139,16 +123,12 @@ int ipforward_ipv6_off(void) int ip6forwarding = 0; len = sizeof ip6forwarding; - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - if (sysctl(mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) { - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); - zlog_warn("can't get ip6forwarding value"); - return -1; + frr_elevate_privs(&zserv_privs) { + if (sysctl(mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) { + zlog_warn("can't get ip6forwarding value"); + return -1; + } } - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); return ip6forwarding; } diff --git a/zebra/irdp_main.c b/zebra/irdp_main.c index 630eee592..771ae796e 100644 --- a/zebra/irdp_main.c +++ b/zebra/irdp_main.c @@ -81,18 +81,12 @@ int irdp_sock_init(void) int save_errno; int sock; - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, - "irdp_sock_init: could not raise privs, %s", - safe_strerror(errno)); + frr_elevate_privs(&zserv_privs) { - sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); - save_errno = errno; + sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); + save_errno = errno; - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, - "irdp_sock_init: could not lower privs, %s", - safe_strerror(errno)); + } if (sock < 0) { zlog_warn("IRDP: can't create irdp socket %s", diff --git a/zebra/kernel_netlink.c b/zebra/kernel_netlink.c index 57a7f5273..b397e9595 100644 --- a/zebra/kernel_netlink.c +++ b/zebra/kernel_netlink.c @@ -170,14 +170,11 @@ static int netlink_recvbuf(struct nlsock *nl, uint32_t newsize) } /* Try force option (linux >= 2.6.14) and fall back to normal set */ - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, - "routing_socket: Can't raise privileges"); - ret = setsockopt(nl->sock, SOL_SOCKET, SO_RCVBUFFORCE, &nl_rcvbufsize, - sizeof(nl_rcvbufsize)); - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, - "routing_socket: Can't lower privileges"); + frr_elevate_privs(&zserv_privs) { + ret = setsockopt(nl->sock, SOL_SOCKET, SO_RCVBUFFORCE, + &nl_rcvbufsize, + sizeof(nl_rcvbufsize)); + } if (ret < 0) ret = setsockopt(nl->sock, SOL_SOCKET, SO_RCVBUF, &nl_rcvbufsize, sizeof(nl_rcvbufsize)); @@ -957,12 +954,10 @@ int netlink_talk(int (*filter)(struct nlmsghdr *, ns_id_t, int startup), n->nlmsg_flags); /* Send message to netlink interface. */ - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - status = sendmsg(nl->sock, &msg, 0); - save_errno = errno; - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); + frr_elevate_privs(&zserv_privs) { + status = sendmsg(nl->sock, &msg, 0); + save_errno = errno; + } if (IS_ZEBRA_DEBUG_KERNEL_MSGDUMP_SEND) { zlog_debug("%s: >> netlink message dump [sent]", __func__); diff --git a/zebra/rt_socket.c b/zebra/rt_socket.c index 8910aa8f6..c0ad87ce3 100644 --- a/zebra/rt_socket.c +++ b/zebra/rt_socket.c @@ -403,17 +403,15 @@ enum dp_req_result kernel_route_rib(struct route_node *rn, return DP_REQUEST_FAILURE; } - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); + frr_elevate_privs(&zserv_privs) { - if (old) - route |= kernel_rtm(RTM_DELETE, p, old); + if (old) + route |= kernel_rtm(RTM_DELETE, p, old); - if (new) - route |= kernel_rtm(RTM_ADD, p, new); + if (new) + route |= kernel_rtm(RTM_ADD, p, new); - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); + } if (new) { kernel_route_rib_pass_fail( diff --git a/zebra/rtadv.c b/zebra/rtadv.c index c8c66853a..4f89b5e76 100644 --- a/zebra/rtadv.c +++ b/zebra/rtadv.c @@ -630,17 +630,11 @@ static int rtadv_make_socket(ns_id_t ns_id) int ret = 0; struct icmp6_filter filter; - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, - "rtadv_make_socket: could not raise privs, %s", - safe_strerror(errno)); + frr_elevate_privs(&zserv_privs) { - sock = ns_socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6, ns_id); + sock = ns_socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6, ns_id); - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, - "rtadv_make_socket: could not lower privs, %s", - safe_strerror(errno)); + } if (sock < 0) { return -1; diff --git a/zebra/zebra_mpls_openbsd.c b/zebra/zebra_mpls_openbsd.c index 04c42f1ee..542de27e8 100644 --- a/zebra/zebra_mpls_openbsd.c +++ b/zebra/zebra_mpls_openbsd.c @@ -117,11 +117,9 @@ static int kernel_send_rtmsg_v4(int action, mpls_label_t in_label, hdr.rtm_mpls = MPLS_OP_SWAP; } - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - ret = writev(kr_state.fd, iov, iovcnt); - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); + frr_elevate_privs(&zserv_privs) { + ret = writev(kr_state.fd, iov, iovcnt); + } if (ret == -1) flog_err_sys(LIB_ERR_SOCKET, "%s: %s", __func__, @@ -226,11 +224,9 @@ static int kernel_send_rtmsg_v6(int action, mpls_label_t in_label, hdr.rtm_mpls = MPLS_OP_SWAP; } - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - ret = writev(kr_state.fd, iov, iovcnt); - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); + frr_elevate_privs(&zserv_privs) { + ret = writev(kr_state.fd, iov, iovcnt); + } if (ret == -1) flog_err_sys(LIB_ERR_SOCKET, "%s: %s", __func__, diff --git a/zebra/zebra_netns_notify.c b/zebra/zebra_netns_notify.c index 2b2da599a..2b7bf04ec 100644 --- a/zebra/zebra_netns_notify.c +++ b/zebra/zebra_netns_notify.c @@ -76,11 +76,9 @@ static void zebra_ns_notify_create_context_from_entry_name(const char *name) if (netnspath == NULL) return; - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - ns_id = zebra_ns_id_get(netnspath); - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); + frr_elevate_privs(&zserv_privs) { + ns_id = zebra_ns_id_get(netnspath); + } if (ns_id == NS_UNKNOWN) return; ns_id_external = ns_map_nsid_with_external(ns_id, true); @@ -97,12 +95,10 @@ static void zebra_ns_notify_create_context_from_entry_name(const char *name) ns_map_nsid_with_external(ns_id, false); return; } - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - ret = vrf_netns_handler_create(NULL, vrf, netnspath, - ns_id_external, ns_id); - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); + frr_elevate_privs(&zserv_privs) { + ret = vrf_netns_handler_create(NULL, vrf, netnspath, + ns_id_external, ns_id); + } if (ret != CMD_SUCCESS) { zlog_warn("NS notify : failed to create NS %s", netnspath); ns_map_nsid_with_external(ns_id, false); @@ -169,20 +165,16 @@ static int zebra_ns_ready_read(struct thread *t) netnspath = zns_info->netnspath; if (--zns_info->retries == 0) stop_retry = 1; - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - err = ns_switch_to_netns(netnspath); - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); + frr_elevate_privs(&zserv_privs) { + err = ns_switch_to_netns(netnspath); + } if (err < 0) return zebra_ns_continue_read(zns_info, stop_retry); /* go back to default ns */ - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - err = ns_switchback_to_initial(); - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); + frr_elevate_privs(&zserv_privs) { + err = ns_switchback_to_initial(); + } if (err < 0) return zebra_ns_continue_read(zns_info, stop_retry); diff --git a/zebra/zebra_ns.c b/zebra/zebra_ns.c index 7bf5ced93..456253cc3 100644 --- a/zebra/zebra_ns.c +++ b/zebra/zebra_ns.c @@ -315,11 +315,9 @@ int zebra_ns_init(void) dzns = zebra_ns_alloc(); - if (zserv_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, "Can't raise privileges"); - ns_id = zebra_ns_id_get_default(); - if (zserv_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, "Can't lower privileges"); + frr_elevate_privs(&zserv_privs) { + ns_id = zebra_ns_id_get_default(); + } ns_id_external = ns_map_nsid_with_external(ns_id, true); ns_init_management(ns_id_external, ns_id); -- 2.39.2