3 files changed, 39 insertions, 77 deletions

diff --git a/ldpd/ldp_vty_cmds.c b/ldpd/ldp_vty_cmds.c
index d77a3e7e93..8eed089900 100644
--- a/ldpd/ldp_vty_cmds.c
+++ b/ldpd/ldp_vty_cmds.c
@@ -29,7 +29,7 @@
 #include "ldpd/ldp_vty_cmds_clippy.c"
 #endif
 
-DEFUN_NOSH(ldp_mpls_ldp,
+DEFPY_NOSH(ldp_mpls_ldp,
 	ldp_mpls_ldp_cmd,
 	"mpls ldp",
 	"Global MPLS configuration subcommands\n"
@@ -48,21 +48,15 @@ DEFPY  (no_ldp_mpls_ldp,
 	return (ldp_vty_mpls_ldp(vty, "no"));
 }
 
-DEFUN_NOSH(ldp_l2vpn,
+DEFPY_NOSH(ldp_l2vpn,
 	ldp_l2vpn_cmd,
-	"l2vpn WORD type vpls",
+	"l2vpn WORD$l2vpn_name type vpls",
 	"Configure l2vpn commands\n"
 	"L2VPN name\n"
 	"L2VPN type\n"
 	"Virtual Private LAN Service\n")
 {
-	int		 idx = 0;
-	const char	*name;
-
-	argv_find(argv, argc, "WORD", &idx);
-	name = argv[idx]->arg;
-
-	return (ldp_vty_l2vpn(vty, 0, name));
+	return (ldp_vty_l2vpn(vty, NULL, l2vpn_name));
 }
 
 DEFPY  (no_ldp_l2vpn,
@@ -77,20 +71,14 @@ DEFPY  (no_ldp_l2vpn,
 	return (ldp_vty_l2vpn(vty, "no", l2vpn_name));
 }
 
-DEFUN_NOSH(ldp_address_family,
+DEFPY_NOSH(ldp_address_family,
 	ldp_address_family_cmd,
-	"address-family <ipv4|ipv6>",
+	"address-family <ipv4|ipv6>$af",
 	"Configure Address Family and its parameters\n"
 	"IPv4\n"
 	"IPv6\n")
 {
-	int		 idx = 0;
-	const char	*af;
-
-	argv_find(argv, argc, "address-family", &idx);
-	af = argv[idx + 1]->text;
-
-	return (ldp_vty_address_family(vty, 0, af));
+	return (ldp_vty_address_family(vty, NULL, af));
 }
 
 DEFPY  (no_ldp_address_family,
@@ -104,7 +92,7 @@ DEFPY  (no_ldp_address_family,
 	return (ldp_vty_address_family(vty, "no", af));
 }
 
-DEFUN_NOSH(ldp_exit_address_family,
+DEFPY_NOSH(ldp_exit_address_family,
        ldp_exit_address_family_cmd,
        "exit-address-family",
        "Exit from Address Family configuration mode\n")
@@ -361,19 +349,13 @@ DEFPY  (ldp_session_holdtime,
 	return (ldp_vty_af_session_holdtime(vty, no, holdtime));
 }
 
-DEFUN_NOSH(ldp_interface,
+DEFPY_NOSH(ldp_interface,
 	ldp_interface_cmd,
-	"interface IFNAME",
+	"interface IFNAME$ifname",
 	"Enable LDP on an interface and enter interface submode\n"
 	"Interface's name\n")
 {
-	int		 idx = 0;
-	const char	*ifname;
-
-	argv_find(argv, argc, "IFNAME", &idx);
-	ifname = argv[idx]->arg;
-
-	return (ldp_vty_interface(vty, 0, ifname));
+	return (ldp_vty_interface(vty, NULL, ifname));
 }
 
 DEFPY  (no_ldp_interface,
@@ -439,20 +421,14 @@ DEFPY  (ldp_member_interface,
 	return (ldp_vty_l2vpn_interface(vty, no, ifname));
 }
 
-DEFUN_NOSH(ldp_member_pseudowire,
+DEFPY_NOSH(ldp_member_pseudowire,
 	ldp_member_pseudowire_cmd,
-	"member pseudowire IFNAME",
+	"member pseudowire IFNAME$ifname",
 	"L2VPN member configuration\n"
 	"Pseudowire interface\n"
 	"Interface's name\n")
 {
-	int		 idx = 0;
-	const char	*ifname;
-
-	argv_find(argv, argc, "IFNAME", &idx);
-	ifname = argv[idx]->arg;
-
-	return (ldp_vty_l2vpn_pseudowire(vty, 0, ifname));
+	return (ldp_vty_l2vpn_pseudowire(vty, NULL, ifname));
 }
 
 DEFPY  (no_ldp_member_pseudowire,
@@ -759,7 +735,7 @@ DEFPY  (ldp_show_l2vpn_atom_vc,
 	return (ldp_vty_show_atom_vc(vty, peer_str, ifname, vcid_str, json));
 }
 
-DEFUN_NOSH (ldp_show_debugging_mpls_ldp,
+DEFPY_NOSH (ldp_show_debugging_mpls_ldp,
 	    ldp_show_debugging_mpls_ldp_cmd,
 	    "show debugging [mpls ldp]",
 	    "Show running system information\n"
diff --git a/ldpd/ldpd.c b/ldpd/ldpd.c
index b51ff82cea..e830263ded 100644
--- a/ldpd/ldpd.c
+++ b/ldpd/ldpd.c
@@ -42,6 +42,7 @@
 #include "filter.h"
 #include "qobj.h"
 #include "libfrr.h"
+#include "lib_errors.h"
 
 static void		 ldpd_shutdown(void);
 static pid_t		 start_child(enum ldpd_process, char *, int, int);
@@ -483,8 +484,9 @@ start_child(enum ldpd_process p, char *argv0, int fd_async, int fd_sync)
 
 	nullfd = open("/dev/null", O_RDONLY | O_NOCTTY);
 	if (nullfd == -1) {
-		zlog_err("%s: failed to open /dev/null: %s", __func__,
-			 safe_strerror(errno));
+		flog_err_sys(LIB_ERR_SYSTEM_CALL,
+			     "%s: failed to open /dev/null: %s", __func__,
+			     safe_strerror(errno));
 	} else {
 		dup2(nullfd, 0);
 		dup2(nullfd, 1);
diff --git a/ldpd/socket.c b/ldpd/socket.c
index aefa3461a8..bebd7a7d61 100644
--- a/ldpd/socket.c
+++ b/ldpd/socket.c
@@ -41,7 +41,6 @@ ldp_create_socket(int af, enum socket_type type)
 #ifdef __OpenBSD__
 	int			 opt;
 #endif
-	int			 save_errno;
 
 	/* create socket */
 	switch (type) {
@@ -80,25 +79,18 @@ ldp_create_socket(int af, enum socket_type type)
 		sock_set_bindany(fd, 1);
 		break;
 	}
-	if (ldpd_privs.change(ZPRIVS_RAISE))
-		log_warn("%s: could not raise privs", __func__);
-	if (sock_set_reuse(fd, 1) == -1) {
-		if (ldpd_privs.change(ZPRIVS_LOWER))
-			log_warn("%s: could not lower privs", __func__);
-		close(fd);
-		return (-1);
-	}
-	if (bind(fd, &local_su.sa, sockaddr_len(&local_su.sa)) == -1) {
-		save_errno = errno;
-		if (ldpd_privs.change(ZPRIVS_LOWER))
-			log_warn("%s: could not lower privs", __func__);
-		log_warnx("%s: error binding socket: %s", __func__,
-		    safe_strerror(save_errno));
-		close(fd);
-		return (-1);
+	frr_elevate_privs(&ldpd_privs) {
+		if (sock_set_reuse(fd, 1) == -1) {
+			close(fd);
+			return (-1);
+		}
+		if (bind(fd, &local_su.sa, sockaddr_len(&local_su.sa)) == -1) {
+			log_warnx("%s: error binding socket: %s", __func__,
+			    safe_strerror(errno));
+			close(fd);
+			return (-1);
+		}
 	}
-	if (ldpd_privs.change(ZPRIVS_LOWER))
-		log_warn("%s: could not lower privs", __func__);
 
 	/* set options */
 	switch (af) {
@@ -262,17 +254,13 @@ int
 sock_set_bindany(int fd, int enable)
 {
 #ifdef HAVE_SO_BINDANY
-	if (ldpd_privs.change(ZPRIVS_RAISE))
-		log_warn("%s: could not raise privs", __func__);
-	if (setsockopt(fd, SOL_SOCKET, SO_BINDANY, &enable,
-	    sizeof(int)) < 0) {
-		if (ldpd_privs.change(ZPRIVS_LOWER))
-			log_warn("%s: could not lower privs", __func__);
-		log_warn("%s: error setting SO_BINDANY", __func__);
-		return (-1);
+	frr_elevate_privs(&ldpd_privs) {
+		if (setsockopt(fd, SOL_SOCKET, SO_BINDANY, &enable,
+			       sizeof(int)) < 0) {
+			log_warn("%s: error setting SO_BINDANY", __func__);
+			return (-1);
+		}
 	}
-	if (ldpd_privs.change(ZPRIVS_LOWER))
-		log_warn("%s: could not lower privs", __func__);
 	return (0);
 #elif defined(HAVE_IP_FREEBIND)
 	if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &enable, sizeof(int)) < 0) {
@@ -306,14 +294,10 @@ sock_set_md5sig(int fd, int af, union ldpd_addr *addr, const char *password)
 #if HAVE_DECL_TCP_MD5SIG
 	addr2sa(af, addr, 0, &su);
 
-	if (ldpe_privs.change(ZPRIVS_RAISE)) {
-		log_warn("%s: could not raise privs", __func__);
-		return (-1);
+	frr_elevate_privs(&ldpe_privs) {
+		ret = sockopt_tcp_signature(fd, &su, password);
+		save_errno = errno;
 	}
-	ret = sockopt_tcp_signature(fd, &su, password);
-	save_errno = errno;
-	if (ldpe_privs.change(ZPRIVS_LOWER))
-		log_warn("%s: could not lower privs", __func__);
 #endif /* HAVE_TCP_MD5SIG */
 	if (ret < 0)
 		log_warnx("%s: can't set TCP_MD5SIG option on fd %d: %s",