Skip to content

Commit

Permalink
bgpd, lib, zebra: Convert LIB_ERR_PRIVILEGES
Browse files Browse the repository at this point in the history
For all the places we zlog_err about raising/lowering privileges, use
zlog_ferr.

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
  • Loading branch information
donaldsharp authored and qlyoung committed Jun 14, 2018
1 parent faa0857 commit 43afe00
Show file tree
Hide file tree
Showing 18 changed files with 151 additions and 114 deletions.
13 changes: 7 additions & 6 deletions bgpd/bgp_network.c
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
#include "hash.h"
#include "filter.h"
#include "ns.h"
#include "lib_errors.h"

#include "bgpd/bgpd.h"
#include "bgpd/bgp_open.h"
Expand Down Expand Up @@ -544,12 +545,12 @@ int bgp_connect(struct peer *peer)
return 0;
}
if (bgpd_privs.change(ZPRIVS_RAISE))
zlog_err("Can't raise privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges");
/* Make socket for the peer. */
peer->fd = vrf_sockunion_socket(&peer->su, peer->bgp->vrf_id,
bgp_get_bound_name(peer));
if (bgpd_privs.change(ZPRIVS_LOWER))
zlog_err("Can't lower privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges");
if (peer->fd < 0)
return -1;

Expand Down Expand Up @@ -703,11 +704,11 @@ int bgp_socket(struct bgp *bgp, unsigned short port, const char *address)
port_str[sizeof(port_str) - 1] = '\0';

if (bgpd_privs.change(ZPRIVS_RAISE))
zlog_err("Can't raise privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges");
ret = vrf_getaddrinfo(address, port_str, &req, &ainfo_save,
bgp->vrf_id);
if (bgpd_privs.change(ZPRIVS_LOWER))
zlog_err("Can't lower privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges");
if (ret != 0) {
zlog_err("getaddrinfo: %s", gai_strerror(ret));
return -1;
Expand All @@ -721,13 +722,13 @@ int bgp_socket(struct bgp *bgp, unsigned short port, const char *address)
continue;

if (bgpd_privs.change(ZPRIVS_RAISE))
zlog_err("Can't raise privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges");
sock = vrf_socket(ainfo->ai_family, ainfo->ai_socktype,
ainfo->ai_protocol, bgp->vrf_id,
(bgp->inst_type == BGP_INSTANCE_TYPE_VRF ?
bgp->name : NULL));
if (bgpd_privs.change(ZPRIVS_LOWER))
zlog_err("Can't lower privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges");
if (sock < 0) {
zlog_err("socket: %s", safe_strerror(errno));
continue;
Expand Down
22 changes: 11 additions & 11 deletions lib/lib_errors.c
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ static struct ferr_ref ferr_lib_err[] = {
{
.code = LIB_ERR_PRIVILEGES,
.title = "Failure to raise or lower privileges",
.description = "FRR attempted to raise or lower it's privileges and was unable to do so",
.description = "FRR attempted to raise or lower its privileges and was unable to do so",
.suggestion = "Ensure that you are running FRR as the frr user and that the user has\nSufficient privileges to properly access root privileges"
},
{
Expand All @@ -38,41 +38,41 @@ static struct ferr_ref ferr_lib_err[] = {
.code = LIB_ERR_SOCKET,
.title = "Socket Error",
.description = "When attempting to access a socket a system error has occured\nand we were unable to properly complete the request",
.suggestion = "Ensure that there is sufficient system resources available and\nensure that the frr user has sufficient permisions to work",
.suggestion = "Ensure that there are sufficient system resources available and\nensure that the frr user has sufficient permisions to work",
},
{
.code = LIB_ERR_ZAPI_MISSMATCH,
.title = "Zapi Error",
.title = "ZAPI Error",
.description = "A version miss-match has been detected between zebra and client protocol",
.suggestion = "Two different versions of FRR have been installed and the install is\nnot properly setup. Completely stop FRR, remove it from the system and\nreinstall. Typically only developers should see this issue"
.suggestion = "Two different versions of FRR have been installed and the install is\nnot properly setup. Completely stop FRR, remove it from the system and\nreinstall. Typically only developers should see this issue."
},
{
.code = LIB_ERR_ZAPI_ENCODE,
.title = "Zapi Error",
.description = "The Zapi subsystem has detected an encoding issue, between zebra and a client protocol",
.title = "ZAPI Error",
.description = "The ZAPI subsystem has detected an encoding issue, between zebra and a client protocol",
.suggestion = "Restart FRR"
},
{
.code = LIB_ERR_ZAPI_SOCKET,
.title = "Zapi Error",
.description = "The Zapi subsystem has detected a socket error between zebra and a client",
.title = "ZAPI Error",
.description = "The ZAPI subsystem has detected a socket error between zebra and a client",
.suggestion = "Restart FRR"
},
{
.code = LIB_ERR_SYSTEM_CALL,
.title = "System Call Error",
.description = "FRR has detected a error from using a vital system call and has probably\nalready exited",
.suggestion = "Ensure permissions are correct for FRR and FRR user and groups are correct\nAdditionally check that system resources are still available"
.suggestion = "Ensure permissions are correct for FRR files, users and groups are correct.\nAdditionally check that sufficient system resources are available."
},
{
.code = LIB_ERR_VTY,
.title = "VTY subsystem Error",
.title = "VTY Subsystem Error",
.description = "FRR has detected a problem with the specified configuration file",
.suggestion = "Ensure configuration file exists and has correct permissions for operations\nAdditionally ensure that all config lines are correct as well",
},
{
.code = LIB_ERR_SNMP,
.title = "SNMP subsystem Error",
.title = "SNMP Subsystem Error",
.description = "FRR has detected a problem with the snmp library it uses\nA callback from this subsystem has indicated some error",
.suggestion = "Examine callback message and ensure snmp is properly setup and working"
},
Expand Down
7 changes: 5 additions & 2 deletions lib/sockunion.c
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
#include "memory.h"
#include "log.h"
#include "jhash.h"
#include "lib_errors.h"

DEFINE_MTYPE_STATIC(LIB, SOCKUNION, "Socket union")

Expand Down Expand Up @@ -363,12 +364,14 @@ int sockopt_mark_default(int sock, int mark, struct zebra_privs_t *cap)
int ret;

if (cap->change(ZPRIVS_RAISE))
zlog_err("routing_socket: Can't raise privileges");
zlog_ferr(LIB_ERR_PRIVILEGES,
"routing_socket: Can't raise privileges");

ret = setsockopt(sock, SOL_SOCKET, SO_MARK, &mark, sizeof(mark));

if (cap->change(ZPRIVS_LOWER))
zlog_err("routing_socket: Can't lower privileges");
zlog_ferr(LIB_ERR_PRIVILEGES,
"routing_socket: Can't lower privileges");

return ret;
#else
Expand Down
14 changes: 6 additions & 8 deletions lib/vrf.c
Original file line number Diff line number Diff line change
Expand Up @@ -729,18 +729,16 @@ DEFUN (vrf_netns,
if (!pathname)
return CMD_WARNING_CONFIG_FAILED;

if (vrf_daemon_privs &&
vrf_daemon_privs->change(ZPRIVS_RAISE))
zlog_ferr(LIB_ERR_PRIVILEGES,
"%s: Can't raise privileges", __func__);
if (vrf_daemon_privs && vrf_daemon_privs->change(ZPRIVS_RAISE))
zlog_ferr(LIB_ERR_PRIVILEGES, "%s: Can't raise privileges",
__func__);

ret = vrf_netns_handler_create(vty, vrf, pathname,
NS_UNKNOWN, NS_UNKNOWN);

if (vrf_daemon_privs &&
vrf_daemon_privs->change(ZPRIVS_LOWER))
zlog_ferr(LIB_ERR_PRIVILEGES,
"%s: Can't lower privileges", __func__);
if (vrf_daemon_privs && vrf_daemon_privs->change(ZPRIVS_LOWER))
zlog_ferr(LIB_ERR_PRIVILEGES, "%s: Can't lower privileges",
__func__);
return ret;
}

Expand Down
13 changes: 7 additions & 6 deletions zebra/if_ioctl_solaris.c
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
#include "privs.h"
#include "vrf.h"
#include "vty.h"
#include "lib_errors.h"

#include "zebra/interface.h"
#include "zebra/ioctl_solaris.h"
Expand All @@ -59,7 +60,7 @@ static int interface_list_ioctl(int af)
char *buf = NULL;

if (zserv_privs.change(ZPRIVS_RAISE))
zlog_err("Can't raise privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges");

sock = socket(af, SOCK_DGRAM, 0);
if (sock < 0) {
Expand All @@ -68,7 +69,7 @@ static int interface_list_ioctl(int af)
safe_strerror(errno));

if (zserv_privs.change(ZPRIVS_LOWER))
zlog_err("Can't lower privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges");

return -1;
}
Expand All @@ -80,7 +81,7 @@ static int interface_list_ioctl(int af)
save_errno = errno;

if (zserv_privs.change(ZPRIVS_LOWER))
zlog_err("Can't lower privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges");

if (ret < 0) {
zlog_warn("interface_list_ioctl: SIOCGLIFNUM failed %s",
Expand Down Expand Up @@ -110,7 +111,7 @@ static int interface_list_ioctl(int af)
lifconf.lifc_buf = buf;

if (zserv_privs.change(ZPRIVS_RAISE))
zlog_err("Can't raise privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges");

ret = ioctl(sock, SIOCGLIFCONF, &lifconf);

Expand All @@ -122,13 +123,13 @@ static int interface_list_ioctl(int af)
zlog_warn("SIOCGLIFCONF: %s", safe_strerror(errno));

if (zserv_privs.change(ZPRIVS_LOWER))
zlog_err("Can't lower privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges");

goto end;
}

if (zserv_privs.change(ZPRIVS_LOWER))
zlog_err("Can't lower privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges");

/* Allocate interface. */
lifreq = lifconf.lifc_req;
Expand Down
5 changes: 3 additions & 2 deletions zebra/if_netlink.c
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@
#include "vrf.h"
#include "vrf_int.h"
#include "mpls.h"
#include "lib_errors.h"

#include "vty.h"
#include "zebra/zserv.h"
Expand Down Expand Up @@ -374,7 +375,7 @@ static int get_iflink_speed(struct interface *interface)

/* use ioctl to get IP address of an interface */
if (zserv_privs.change(ZPRIVS_RAISE))
zlog_err("Can't raise privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges");
sd = vrf_socket(PF_INET, SOCK_DGRAM, IPPROTO_IP, interface->vrf_id,
NULL);
if (sd < 0) {
Expand All @@ -386,7 +387,7 @@ static int get_iflink_speed(struct interface *interface)
/* Get the current link state for the interface */
rc = vrf_ioctl(interface->vrf_id, sd, SIOCETHTOOL, (char *)&ifdata);
if (zserv_privs.change(ZPRIVS_LOWER))
zlog_err("Can't lower privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges");
if (rc < 0) {
if (IS_ZEBRA_DEBUG_KERNEL)
zlog_debug(
Expand Down
19 changes: 10 additions & 9 deletions zebra/ioctl.c
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
#include "ioctl.h"
#include "log.h"
#include "privs.h"
#include "lib_errors.h"

#include "vty.h"
#include "zebra/rib.h"
Expand Down Expand Up @@ -55,21 +56,21 @@ int if_ioctl(unsigned long request, caddr_t buffer)
int err = 0;

if (zserv_privs.change(ZPRIVS_RAISE))
zlog_err("Can't raise privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges");
sock = socket(AF_INET, SOCK_DGRAM, 0);
if (sock < 0) {
int save_errno = errno;

if (zserv_privs.change(ZPRIVS_LOWER))
zlog_err("Can't lower privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges");
zlog_err("Cannot create UDP socket: %s",
safe_strerror(save_errno));
exit(1);
}
if ((ret = ioctl(sock, request, buffer)) < 0)
err = errno;
if (zserv_privs.change(ZPRIVS_LOWER))
zlog_err("Can't lower privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges");
close(sock);

if (ret < 0) {
Expand All @@ -87,13 +88,13 @@ int vrf_if_ioctl(unsigned long request, caddr_t buffer, vrf_id_t vrf_id)
int err = 0;

if (zserv_privs.change(ZPRIVS_RAISE))
zlog_err("Can't raise privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges");
sock = vrf_socket(AF_INET, SOCK_DGRAM, 0, vrf_id, NULL);
if (sock < 0) {
int save_errno = errno;

if (zserv_privs.change(ZPRIVS_LOWER))
zlog_err("Can't lower privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges");
zlog_err("Cannot create UDP socket: %s",
safe_strerror(save_errno));
exit(1);
Expand All @@ -102,7 +103,7 @@ int vrf_if_ioctl(unsigned long request, caddr_t buffer, vrf_id_t vrf_id)
if (ret < 0)
err = errno;
if (zserv_privs.change(ZPRIVS_LOWER))
zlog_err("Can't lower privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges");
close(sock);

if (ret < 0) {
Expand All @@ -120,13 +121,13 @@ static int if_ioctl_ipv6(unsigned long request, caddr_t buffer)
int err = 0;

if (zserv_privs.change(ZPRIVS_RAISE))
zlog_err("Can't raise privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges");
sock = socket(AF_INET6, SOCK_DGRAM, 0);
if (sock < 0) {
int save_errno = errno;

if (zserv_privs.change(ZPRIVS_LOWER))
zlog_err("Can't lower privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges");
zlog_err("Cannot create IPv6 datagram socket: %s",
safe_strerror(save_errno));
exit(1);
Expand All @@ -135,7 +136,7 @@ static int if_ioctl_ipv6(unsigned long request, caddr_t buffer)
if ((ret = ioctl(sock, request, buffer)) < 0)
err = errno;
if (zserv_privs.change(ZPRIVS_LOWER))
zlog_err("Can't lower privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges");
close(sock);

if (ret < 0) {
Expand Down
13 changes: 7 additions & 6 deletions zebra/ioctl_solaris.c
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
#include "privs.h"
#include "vty.h"
#include "vrf.h"
#include "lib_errors.h"

#include "zebra/rib.h"
#include "zebra/rt.h"
Expand Down Expand Up @@ -58,13 +59,13 @@ int if_ioctl(unsigned long request, caddr_t buffer)
int err;

if (zserv_privs.change(ZPRIVS_RAISE))
zlog_err("Can't raise privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges");

sock = socket(AF_INET, SOCK_DGRAM, 0);
if (sock < 0) {
int save_errno = errno;
if (zserv_privs.change(ZPRIVS_LOWER))
zlog_err("Can't lower privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges");
zlog_err("Cannot create UDP socket: %s",
safe_strerror(save_errno));
exit(1);
Expand All @@ -74,7 +75,7 @@ int if_ioctl(unsigned long request, caddr_t buffer)
err = errno;

if (zserv_privs.change(ZPRIVS_LOWER))
zlog_err("Can't lower privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges");

close(sock);

Expand All @@ -93,13 +94,13 @@ int if_ioctl_ipv6(unsigned long request, caddr_t buffer)
int err;

if (zserv_privs.change(ZPRIVS_RAISE))
zlog_err("Can't raise privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges");

sock = socket(AF_INET6, SOCK_DGRAM, 0);
if (sock < 0) {
int save_errno = errno;
if (zserv_privs.change(ZPRIVS_LOWER))
zlog_err("Can't lower privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges");
zlog_err("Cannot create IPv6 datagram socket: %s",
safe_strerror(save_errno));
exit(1);
Expand All @@ -109,7 +110,7 @@ int if_ioctl_ipv6(unsigned long request, caddr_t buffer)
err = errno;

if (zserv_privs.change(ZPRIVS_LOWER))
zlog_err("Can't lower privileges");
zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges");

close(sock);

Expand Down
Loading

0 comments on commit 43afe00

Please sign in to comment.