- frr_each_safe
- frr_each_from
- frr_with_mutex
- - frr_elevate_privs
+ - frr_with_privs
- LIST_FOREACH
- LIST_FOREACH_SAFE
- SLIST_FOREACH
{
int sd;
- frr_elevate_privs(&bglobal.bfdd_privs) {
+ frr_with_privs(&bglobal.bfdd_privs) {
sd = vrf_socket(AF_INET, SOCK_DGRAM, PF_UNSPEC, vrf_id, NULL);
}
if (sd == -1)
{
int sd;
- frr_elevate_privs(&bglobal.bfdd_privs) {
+ frr_with_privs(&bglobal.bfdd_privs) {
sd = vrf_socket(AF_INET, SOCK_DGRAM, PF_UNSPEC, vrf_id, NULL);
}
if (sd == -1)
&& bs->key.vrfname[0])
device_to_bind = (const char *)bs->key.vrfname;
- frr_elevate_privs(&bglobal.bfdd_privs) {
+ frr_with_privs(&bglobal.bfdd_privs) {
sd = vrf_socket(AF_INET, SOCK_DGRAM, PF_UNSPEC,
bs->vrf->vrf_id, device_to_bind);
}
&& bs->key.vrfname[0])
device_to_bind = (const char *)bs->key.vrfname;
- frr_elevate_privs(&bglobal.bfdd_privs) {
+ frr_with_privs(&bglobal.bfdd_privs) {
sd = vrf_socket(AF_INET6, SOCK_DGRAM, PF_UNSPEC,
bs->vrf->vrf_id, device_to_bind);
}
{
int sd;
- frr_elevate_privs(&bglobal.bfdd_privs) {
+ frr_with_privs(&bglobal.bfdd_privs) {
sd = vrf_socket(AF_INET6, SOCK_DGRAM, PF_UNSPEC, vrf_id, NULL);
}
if (sd == -1)
{
int sd;
- frr_elevate_privs(&bglobal.bfdd_privs) {
+ frr_with_privs(&bglobal.bfdd_privs) {
sd = vrf_socket(AF_INET6, SOCK_DGRAM, PF_UNSPEC, vrf_id, NULL);
}
if (sd == -1)
{
int s;
- frr_elevate_privs(&bglobal.bfdd_privs) {
+ frr_with_privs(&bglobal.bfdd_privs) {
s = vrf_socket(AF_INET, SOCK_DGRAM, 0, vrf_id, NULL);
}
if (s == -1)
{
int s;
- frr_elevate_privs(&bglobal.bfdd_privs) {
+ frr_with_privs(&bglobal.bfdd_privs) {
s = vrf_socket(AF_INET6, SOCK_DGRAM, 0, vrf_id, NULL);
}
if (s == -1)
int ret = -1;
#if HAVE_DECL_TCP_MD5SIG
- frr_elevate_privs(&bgpd_privs) {
+ frr_with_privs(&bgpd_privs) {
ret = bgp_md5_set_socket(socket, su, prefixlen, password);
}
#endif /* HAVE_TCP_MD5SIG */
* Set or unset the password on the listen socket(s). Outbound
* connections are taken care of in bgp_connect() below.
*/
- frr_elevate_privs(&bgpd_privs)
- {
+ frr_with_privs(&bgpd_privs) {
for (ALL_LIST_ELEMENTS_RO(bm->listen_sockets, node, listener))
if (listener->su.sa.sa_family
== peer->su.sa.sa_family) {
struct bgp_listener *listener;
/* Set or unset the password on the listen socket(s). */
- frr_elevate_privs(&bgpd_privs)
- {
+ frr_with_privs(&bgpd_privs) {
for (ALL_LIST_ELEMENTS_RO(bm->listen_sockets, node, listener))
if (listener->su.sa.sa_family == p->family) {
prefix2sockunion(p, &su);
zlog_debug("Peer address not learnt: Returning from connect");
return 0;
}
- frr_elevate_privs(&bgpd_privs) {
+ frr_with_privs(&bgpd_privs) {
/* Make socket for the peer. */
peer->fd = vrf_sockunion_socket(&peer->su, peer->bgp->vrf_id,
bgp_get_bound_name(peer));
sockopt_reuseport(peer->fd);
#ifdef IPTOS_PREC_INTERNETCONTROL
- frr_elevate_privs(&bgpd_privs) {
+ frr_with_privs(&bgpd_privs) {
if (sockunion_family(&peer->su) == AF_INET)
setsockopt_ipv4_tos(peer->fd,
IPTOS_PREC_INTERNETCONTROL);
sockopt_reuseaddr(sock);
sockopt_reuseport(sock);
- frr_elevate_privs(&bgpd_privs) {
+ frr_with_privs(&bgpd_privs) {
#ifdef IPTOS_PREC_INTERNETCONTROL
if (sa->sa_family == AF_INET)
snprintf(port_str, sizeof(port_str), "%d", port);
port_str[sizeof(port_str) - 1] = '\0';
- frr_elevate_privs(&bgpd_privs) {
+ frr_with_privs(&bgpd_privs) {
ret = vrf_getaddrinfo(address, port_str, &req, &ainfo_save,
bgp->vrf_id);
}
if (ainfo->ai_family != AF_INET && ainfo->ai_family != AF_INET6)
continue;
- frr_elevate_privs(&bgpd_privs) {
+ frr_with_privs(&bgpd_privs) {
sock = vrf_socket(ainfo->ai_family,
ainfo->ai_socktype,
ainfo->ai_protocol, bgp->vrf_id,
int hincl = 1;
#endif
- frr_elevate_privs(&eigrpd_privs) {
+ frr_with_privs(&eigrpd_privs) {
eigrp_sock = vrf_socket(
AF_INET, SOCK_RAW, IPPROTO_EIGRPIGP, vrf->vrf_id,
vrf->vrf_id != VRF_DEFAULT ? vrf->name : NULL);
{
int retval = ISIS_OK;
- frr_elevate_privs(&isisd_privs) {
+ frr_with_privs(&isisd_privs) {
retval = open_bpf_dev(circuit);
{
int retval = ISIS_OK;
- frr_elevate_privs(&isisd_privs) {
+ frr_with_privs(&isisd_privs) {
retval = open_dlpi_dev(circuit);
{
int retval = ISIS_OK;
- frr_elevate_privs(&isisd_privs) {
+ frr_with_privs(&isisd_privs) {
retval = open_packet_socket(circuit);
sock_set_bindany(fd, 1);
break;
}
- frr_elevate_privs(&ldpd_privs) {
+ frr_with_privs(&ldpd_privs) {
if (sock_set_reuse(fd, 1) == -1) {
close(fd);
return (-1);
sock_set_bindany(int fd, int enable)
{
#ifdef HAVE_SO_BINDANY
- frr_elevate_privs(&ldpd_privs) {
+ frr_with_privs(&ldpd_privs) {
if (setsockopt(fd, SOL_SOCKET, SO_BINDANY, &enable,
sizeof(int)) < 0) {
log_warn("%s: error setting SO_BINDANY", __func__);
}
return (0);
#elif defined(IP_BINDANY)
- frr_elevate_privs(&ldpd_privs) {
+ frr_with_privs(&ldpd_privs) {
if (setsockopt(fd, IPPROTO_IP, IP_BINDANY, &enable, sizeof(int))
< 0) {
log_warn("%s: error setting IP_BINDANY", __func__);
#if HAVE_DECL_TCP_MD5SIG
addr2sa(af, addr, 0, &su);
- frr_elevate_privs(&ldpe_privs) {
+ frr_with_privs(&ldpe_privs) {
ret = sockopt_tcp_signature(fd, &su, password);
save_errno = errno;
}
/*
* Wrapper around zprivs, to be used as:
- * frr_elevate_privs(&privs) {
+ * frr_with_privs(&privs) {
* ... code ...
* if (error)
* break; -- break can be used to get out of the block
* ... code ...
* }
*
- * The argument to frr_elevate_privs() can be NULL to leave privileges as-is
+ * The argument to frr_with_privs() can be NULL to leave privileges as-is
* (mostly useful for conditional privilege-raising, i.e.:)
- * frr_elevate_privs(cond ? &privs : NULL) {}
+ * frr_with_privs(cond ? &privs : NULL) {}
*
* NB: The code block is always executed, regardless of whether privileges
* could be raised or not, or whether NULL was given or not. This is fully
const char *funcname);
extern void _zprivs_lower(struct zebra_privs_t **privs);
-#define frr_elevate_privs(privs) \
+#define frr_with_privs(privs) \
for (struct zebra_privs_t *_once = NULL, \
*_privs __attribute__( \
(unused, cleanup(_zprivs_lower))) = \
if (!pathname)
return CMD_WARNING_CONFIG_FAILED;
- frr_elevate_privs(vrf_daemon_privs) {
+ frr_with_privs(vrf_daemon_privs) {
ret = vrf_netns_handler_create(vty, vrf, pathname,
NS_UNKNOWN, NS_UNKNOWN);
}
/* Make ospf6d's server socket. */
int ospf6_serv_sock(void)
{
- frr_elevate_privs(&ospf6d_privs) {
+ frr_with_privs(&ospf6d_privs) {
ospf6_sock = socket(AF_INET6, SOCK_RAW, IPPROTO_OSPFIGP);
if (ospf6_sock < 0) {
/* silently return since VRF is not ready */
return -1;
}
- frr_elevate_privs(&ospfd_privs) {
+ frr_with_privs(&ospfd_privs) {
ospf_sock = vrf_socket(AF_INET, SOCK_RAW, IPPROTO_OSPFIGP,
ospf->vrf_id, ospf->name);
if (ospf_sock < 0) {
old_vrf_id);
if (old_vrf_id != ospf->vrf_id) {
- frr_elevate_privs(&ospfd_privs) {
+ frr_with_privs(&ospfd_privs) {
/* stop zebra redist to us for old vrf */
zclient_send_dereg_requests(zclient,
old_vrf_id);
* We need to create the VRF table for the pim mroute_socket
*/
if (pim->vrf_id != VRF_DEFAULT) {
- frr_elevate_privs(&pimd_privs) {
+ frr_with_privs(&pimd_privs) {
data = pim->vrf->data.l.table_id;
err = setsockopt(pim->mroute_socket, IPPROTO_IP,
}
}
- frr_elevate_privs(&pimd_privs) {
+ frr_with_privs(&pimd_privs) {
opt = enable ? MRT_INIT : MRT_DONE;
/*
* *BSD *cares* about what value we pass down
{
int fd;
- frr_elevate_privs(&pimd_privs) {
+ frr_with_privs(&pimd_privs) {
fd = socket(AF_INET, SOCK_RAW, IPPROTO_IGMP);
}
}
- frr_elevate_privs(&pimd_privs) {
+ frr_with_privs(&pimd_privs) {
/* bind to well known TCP port */
rc = bind(sock, (struct sockaddr *)&sin, socklen);
}
{
int fd;
- frr_elevate_privs(&pimd_privs) {
+ frr_with_privs(&pimd_privs) {
fd = socket(AF_INET, SOCK_RAW, protocol);
{
const int on = 1;
- frr_elevate_privs(&pimd_privs) {
+ frr_with_privs(&pimd_privs) {
if (setsockopt(fd, IPPROTO_IP, IP_HDRINCL, &on, sizeof(on)))
zlog_err("%s: Could not turn on IP_HDRINCL option: %s",
int ret = 0;
#ifdef SO_BINDTODEVICE
- frr_elevate_privs(&pimd_privs) {
+ frr_with_privs(&pimd_privs) {
ret = setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, ifp->name,
strlen(ifp->name));
/* Make datagram socket. */
if (vrf->vrf_id != VRF_DEFAULT)
vrf_dev = vrf->name;
- frr_elevate_privs(&ripd_privs) {
+ frr_with_privs(&ripd_privs) {
sock = vrf_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, vrf->vrf_id,
vrf_dev);
if (sock < 0) {
#endif
setsockopt_so_recvbuf(sock, RIP_UDP_RCV_BUF);
- frr_elevate_privs(&ripd_privs) {
+ frr_with_privs(&ripd_privs) {
if ((ret = bind(sock, (struct sockaddr *)&addr, sizeof(addr)))
< 0) {
zlog_err("%s: Can't bind socket %d to %s port %d: %s",
* While this is bogus, privs are available and easy to use
* for this call as a workaround.
*/
- frr_elevate_privs(&ripngd_privs) {
+ frr_with_privs(&ripngd_privs) {
ret = setsockopt(sock, IPPROTO_IPV6, IPV6_JOIN_GROUP,
(char *)&mreq, sizeof(mreq));
/* Make datagram socket. */
if (vrf->vrf_id != VRF_DEFAULT)
vrf_dev = vrf->name;
- frr_elevate_privs(&ripngd_privs)
- {
+ frr_with_privs(&ripngd_privs) {
sock = vrf_socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP,
vrf->vrf_id, vrf_dev);
if (sock < 0) {
#endif /* SIN6_LEN */
ripaddr.sin6_port = htons(RIPNG_PORT_DEFAULT);
- frr_elevate_privs(&ripngd_privs) {
+ frr_with_privs(&ripngd_privs) {
ret = bind(sock, (struct sockaddr *)&ripaddr, sizeof(ripaddr));
if (ret < 0) {
zlog_err("Can't bind ripng socket: %s.",
((test_privs.current_state() == ZPRIVS_RAISED) ? "Raised" : "Lowered")
printf("%s\n", PRIV_STATE());
- frr_elevate_privs(&test_privs) {
+ frr_with_privs(&test_privs) {
printf("%s\n", PRIV_STATE());
}
/* but these should continue to work... */
printf("%s\n", PRIV_STATE());
- frr_elevate_privs(&test_privs) {
+ frr_with_privs(&test_privs) {
printf("%s\n", PRIV_STATE());
}
identifier change;
identifier end;
expression E, f, g;
-iterator name frr_elevate_privs;
+iterator name frr_with_privs;
@@
- if (E.change(ZPRIVS_RAISE))
- f;
-+ frr_elevate_privs(&E) {
++ frr_with_privs(&E) {
<+...
- goto end;
+ break;
@@
identifier change, errno, safe_strerror, exit;
expression E, f1, f2, f3, ret, fn;
-iterator name frr_elevate_privs;
+iterator name frr_with_privs;
@@
if (E.change(ZPRIVS_RAISE))
@@
identifier change;
expression E, f1, f2, f3, ret;
-iterator name frr_elevate_privs;
+iterator name frr_with_privs;
@@
if (E.change(ZPRIVS_RAISE))
@@
identifier change;
expression E, f, g;
-iterator name frr_elevate_privs;
+iterator name frr_with_privs;
@@
- if (E.change(ZPRIVS_RAISE))
- f;
-+ frr_elevate_privs(&E) {
++ frr_with_privs(&E) {
...
- if (E.change(ZPRIVS_LOWER))
- g;
int ret;
bool failed = false;
- frr_elevate_privs(&vrrp_privs)
- {
+ frr_with_privs(&vrrp_privs) {
r->sock_rx = socket(r->family, SOCK_RAW, IPPROTO_VRRP);
r->sock_tx = socket(r->family, SOCK_RAW, IPPROTO_VRRP);
}
setsockopt_ipv4_multicast_loop(r->sock_tx, 0);
/* Bind Rx socket to exact interface */
- frr_elevate_privs(&vrrp_privs)
- {
+ frr_with_privs(&vrrp_privs) {
ret = setsockopt(r->sock_rx, SOL_SOCKET,
SO_BINDTODEVICE, r->vr->ifp->name,
strlen(r->vr->ifp->name));
setsockopt_ipv6_multicast_loop(r->sock_tx, 0);
/* Bind Rx socket to exact interface */
- frr_elevate_privs(&vrrp_privs)
- {
+ frr_with_privs(&vrrp_privs) {
ret = setsockopt(r->sock_rx, SOL_SOCKET,
SO_BINDTODEVICE, r->vr->ifp->name,
strlen(r->vr->ifp->name));
/* Create the socket descriptor */
/* FIXME: why ETH_P_RARP? */
errno = 0;
- frr_elevate_privs(&vrrp_privs) {
+ frr_with_privs(&vrrp_privs) {
garp_fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC,
htons(ETH_P_RARP));
}
void vrrp_ndisc_init(void)
{
- frr_elevate_privs(&vrrp_privs)
- {
+ frr_with_privs(&vrrp_privs) {
ndisc_fd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_IPV6));
}
size_t needed, lastneeded = 0;
char *buf = NULL;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
sock = socket(af, SOCK_DGRAM, 0);
}
}
calculate_lifc_len:
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
lifn.lifn_family = af;
lifn.lifn_flags = LIFC_NOXMIT;
/* we want NOXMIT interfaces too */
lifconf.lifc_len = needed;
lifconf.lifc_buf = buf;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
ret = ioctl(sock, SIOCGLIFCONF, &lifconf);
}
ifdata.ifr_data = (caddr_t)&ecmd;
/* use ioctl to get IP address of an interface */
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
sd = vrf_socket(PF_INET, SOCK_DGRAM, IPPROTO_IP,
interface->vrf_id,
NULL);
int ret;
int err = 0;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
sock = socket(AF_INET, SOCK_DGRAM, 0);
if (sock < 0) {
zlog_err("Cannot create UDP socket: %s",
int ret;
int err = 0;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
sock = vrf_socket(AF_INET, SOCK_DGRAM, 0, vrf_id, NULL);
if (sock < 0) {
zlog_err("Cannot create UDP socket: %s",
int ret;
int err = 0;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
sock = socket(AF_INET6, SOCK_DGRAM, 0);
if (sock < 0) {
zlog_err("Cannot create IPv6 datagram socket: %s",
int ret;
int err;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
sock = socket(AF_INET, SOCK_DGRAM, 0);
if (sock < 0) {
int ret;
int err;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
sock = socket(AF_INET6, SOCK_DGRAM, 0);
if (sock < 0) {
{
FILE *fp;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
fp = fopen(proc_ipv4_forwarding, "w");
{
FILE *fp;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
fp = fopen(proc_ipv4_forwarding, "w");
{
FILE *fp;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
fp = fopen(proc_ipv6_forwarding, "w");
{
FILE *fp;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
fp = fopen(proc_ipv6_forwarding, "w");
strioctl.ic_len = ND_BUFFER_SIZE;
strioctl.ic_dp = nd_buf;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
if ((fd = open(device, O_RDWR)) < 0) {
flog_err_sys(EC_LIB_SYSTEM_CALL,
"failed to open device %s - %s", device,
int ipforwarding = 1;
len = sizeof ipforwarding;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
if (sysctl(mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) {
flog_err_sys(EC_LIB_SYSTEM_CALL,
"Can't set ipforwarding on");
int ipforwarding = 0;
len = sizeof ipforwarding;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
if (sysctl(mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) {
flog_err_sys(EC_LIB_SYSTEM_CALL,
"Can't set ipforwarding on");
int ip6forwarding = 0;
len = sizeof ip6forwarding;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
if (sysctl(mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0) {
flog_err_sys(EC_LIB_SYSTEM_CALL,
"can't get ip6forwarding value");
int ip6forwarding = 1;
len = sizeof ip6forwarding;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
if (sysctl(mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len)
< 0) {
flog_err_sys(EC_LIB_SYSTEM_CALL,
int ip6forwarding = 0;
len = sizeof ip6forwarding;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
if (sysctl(mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len)
< 0) {
flog_err_sys(EC_LIB_SYSTEM_CALL,
int save_errno;
int sock;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
save_errno = errno;
}
/* Try force option (linux >= 2.6.14) and fall back to normal set */
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
ret = setsockopt(nl->sock, SOL_SOCKET, SO_RCVBUFFORCE,
&nl_rcvbufsize,
sizeof(nl_rcvbufsize));
int sock;
int namelen;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
sock = ns_socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE, ns_id);
if (sock < 0) {
zlog_err("Can't open %s socket: %s", nl->name,
FILE *f;
snprintf(fname, MAXPATHLEN, "%s/%s_%u", frr_vtydir, "netlink", counter);
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
f = fopen(fname, "w");
}
if (f) {
FILE *f;
long file_bytes = -1;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
f = fopen(fname, "r");
}
if (f) {
n->nlmsg_flags);
/* Send message to netlink interface. */
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
status = sendmsg(nl->sock, &msg, 0);
save_errno = errno;
}
snl.nl_family = AF_NETLINK;
/* Raise capabilities and send message, then lower capabilities. */
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
ret = sendto(nl->sock, (void *)n, n->nlmsg_len, 0,
(struct sockaddr *)&snl, sizeof snl);
}
/* Make routing socket. */
static void routing_socket(struct zebra_ns *zns)
{
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
routing_sock = ns_socket(AF_ROUTE, SOCK_RAW, 0, zns->ns_id);
dplane_routing_sock =
type = dplane_ctx_get_type(ctx);
old_type = dplane_ctx_get_old_type(ctx);
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
if (dplane_ctx_get_op(ctx) == DPLANE_OP_ROUTE_DELETE) {
if (!RSYSTEM_ROUTE(type))
int ret = 0;
struct icmp6_filter filter;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
sock = ns_socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6, ns_id);
snprintf(fname, MAXPATHLEN, "%s/%u", frr_vtydir, command);
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
fd = open(fname, O_CREAT | O_WRONLY | O_EXCL, 0644);
}
stream_flush(copy, fd);
hdr.rtm_mpls = MPLS_OP_SWAP;
}
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
ret = writev(kr_state.fd, iov, iovcnt);
}
hdr.rtm_mpls = MPLS_OP_SWAP;
}
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
ret = writev(kr_state.fd, iov, iovcnt);
}
if (netnspath == NULL)
return;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
ns_id = zebra_ns_id_get(netnspath);
}
if (ns_id == NS_UNKNOWN)
ns_map_nsid_with_external(ns_id, false);
return;
}
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
ret = vrf_netns_handler_create(NULL, vrf, netnspath,
ns_id_external, ns_id);
}
netnspath = zns_info->netnspath;
if (--zns_info->retries == 0)
stop_retry = 1;
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
err = ns_switch_to_netns(netnspath);
}
if (err < 0)
return zebra_ns_continue_read(zns_info, stop_retry);
/* go back to default ns */
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
err = ns_switchback_to_initial();
}
if (err < 0)
dzns = zebra_ns_alloc();
- frr_elevate_privs(&zserv_privs) {
+ frr_with_privs(&zserv_privs) {
ns_id = zebra_ns_id_get_default();
}
ns_id_external = ns_map_nsid_with_external(ns_id, true);
setsockopt_so_recvbuf(zsock, 1048576);
setsockopt_so_sendbuf(zsock, 1048576);
- frr_elevate_privs((sa.ss_family != AF_UNIX) ? &zserv_privs : NULL) {
+ frr_with_privs((sa.ss_family != AF_UNIX) ? &zserv_privs : NULL) {
ret = bind(zsock, (struct sockaddr *)&sa, sa_len);
}
if (ret < 0) {
projects / matthieu / frr.git / commitdiff