From 508f9997f271c066b0ffc4fe0d5861ef20430317 Mon Sep 17 00:00:00 2001 From: Lou Berger Date: Sun, 2 Apr 2017 13:55:58 -0400 Subject: [PATCH 1/3] bgp: fix a couple of instances of bm being used before init'ed Signed-off-by: Lou Berger --- bgpd/bgp_main.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/bgpd/bgp_main.c b/bgpd/bgp_main.c index 423c9453eb..55bf410628 100644 --- a/bgpd/bgp_main.c +++ b/bgpd/bgp_main.c @@ -363,6 +363,7 @@ main (int argc, char **argv) int bgp_port = BGP_PORT_DEFAULT; char *bgp_address = NULL; + int no_fib_flag = 0; frr_preinit(&bgpd_di, argc, argv); frr_opt_add("p:l:rne:", longopts, @@ -389,7 +390,7 @@ main (int argc, char **argv) if (tmp_port <= 0 || tmp_port > 0xffff) bgp_port = BGP_PORT_DEFAULT; else - bm->port = tmp_port; + bgp_port = tmp_port; break; case 'e': multipath_num = atoi (optarg); @@ -406,7 +407,7 @@ main (int argc, char **argv) bgp_address = optarg; /* listenon implies -n */ case 'n': - bgp_option_set (BGP_OPT_NO_FIB); + no_fib_flag = 1; break; default: frr_help_exit (1); @@ -418,6 +419,8 @@ main (int argc, char **argv) bgp_master_init (frr_init ()); bm->port = bgp_port; bm->address = bgp_address; + if (no_fib_flag) + bgp_option_set (BGP_OPT_NO_FIB); /* Initializations. */ bgp_vrf_init (); From c888ea16473ea3b0c69f59d62030d7c678b64b63 Mon Sep 17 00:00:00 2001 From: Lou Berger Date: Sun, 2 Apr 2017 13:57:10 -0400 Subject: [PATCH 2/3] lib/frr: fix reference to zsuid before it is set Signed-off-by: Lou Berger --- lib/privs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/privs.c b/lib/privs.c index 376d6f3365..87ad074f1b 100644 --- a/lib/privs.c +++ b/lib/privs.c @@ -769,6 +769,7 @@ zprivs_init(struct zebra_privs_t *zprivs) } } + zprivs_state.zsuid = geteuid(); /* initial uid */ /* add groups only if we changed uid - otherwise skip */ if ((ngroups) && (zprivs_state.zsuid != zprivs_state.zuid)) { From 3135834e1f8c4b3a13d2cd43f30e30313980112e Mon Sep 17 00:00:00 2001 From: Lou Berger Date: Sun, 2 Apr 2017 15:34:55 -0400 Subject: [PATCH 3/3] bgpd: restore -S, --skip_runas options Signed-off-by: Lou Berger --- bgpd/bgp_main.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/bgpd/bgp_main.c b/bgpd/bgp_main.c index 55bf410628..1773070fe3 100644 --- a/bgpd/bgp_main.c +++ b/bgpd/bgp_main.c @@ -66,6 +66,7 @@ static const struct option longopts[] = { "listenon", required_argument, NULL, 'l'}, { "retain", no_argument, NULL, 'r'}, { "no_kernel", no_argument, NULL, 'n'}, + { "skip_runas", no_argument, NULL, 'S'}, { "ecmp", required_argument, NULL, 'e'}, { 0 } }; @@ -151,7 +152,8 @@ sigint (void) if (! retain_mode) { bgp_terminate (); - zprivs_terminate (&bgpd_privs); + if (bgpd_privs.user) /* NULL if skip_runas flag set */ + zprivs_terminate (&bgpd_privs); } bgp_exit (0); @@ -364,6 +366,7 @@ main (int argc, char **argv) int bgp_port = BGP_PORT_DEFAULT; char *bgp_address = NULL; int no_fib_flag = 0; + int skip_runas = 0; frr_preinit(&bgpd_di, argc, argv); frr_opt_add("p:l:rne:", longopts, @@ -371,6 +374,7 @@ main (int argc, char **argv) " -l, --listenon Listen on specified address (implies -n)\n" " -r, --retain When program terminates, retain added route by bgpd.\n" " -n, --no_kernel Do not install route to kernel.\n" + " -S, --skip_runas Skip capabilities checks, and changing user and group IDs.\n" " -e, --ecmp Specify ECMP to use.\n"); /* Command line argument treatment. */ @@ -409,11 +413,16 @@ main (int argc, char **argv) case 'n': no_fib_flag = 1; break; + case 'S': + skip_runas = 1; + break; default: frr_help_exit (1); break; } } + if (skip_runas) + memset (&bgpd_privs, 0, sizeof (bgpd_privs)); /* BGP master init. */ bgp_master_init (frr_init ());