From: Renato Westphal <renato@opensourcerouting.org>
Date: Sat, 12 Aug 2017 19:02:42 +0000 (-0300)
Subject: zebra: don't raise privileges when creating unix zserv socket
X-Git-Tag: frr-4.0-dev~418^2
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=e6c1975af8497f50f484d0dc019e6fa9c97a84c8;p=mirror%2Ffrr.git

zebra: don't raise privileges when creating unix zserv socket

Raising privileges is only necessary when binding to a TCP/UDP privileged
port (< 1024).

This solves a problem where the zserv.api socket was being created with
root ownership, preventing the client daemons to connect to zebra.

Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
---

diff --git a/zebra/zserv.c b/zebra/zserv.c
index 5ee6c6d1f3..5a62cc3e81 100644
--- a/zebra/zserv.c
+++ b/zebra/zserv.c
@@ -2645,7 +2645,7 @@ void zebra_zserv_socket_init(char *path)
 			unlink(suna->sun_path);
 	}
 
-	if (zserv_privs.change(ZPRIVS_RAISE))
+	if (sa.ss_family != AF_UNIX && zserv_privs.change(ZPRIVS_RAISE))
 		zlog_err("Can't raise privileges");
 
 	ret = bind(sock, (struct sockaddr *)&sa, sa_len);
@@ -2657,7 +2657,7 @@ void zebra_zserv_socket_init(char *path)
 		close(sock);
 		return;
 	}
-	if (zserv_privs.change(ZPRIVS_LOWER))
+	if (sa.ss_family != AF_UNIX && zserv_privs.change(ZPRIVS_LOWER))
 		zlog_err("Can't lower privileges");
 
 	ret = listen(sock, 5);