Remove SUID and OpenBSD limits from SO_BINDANY support

Apparently OpenBSD 5.x do not require enter_suid/leave_suid to test for
SO_BINDANY support.

Also, FreeBSD does support SO_BINDANY in a fashion. Remove the OpenBSD
build requirement and rely solely on the option being present.

diff --git a/src/comm.cc b/src/comm.cc
index e0f5528487706f05744b4fb9df2289d8e13944d5..bc57cca228ba71fc7a9e52d15f3bc149c8885b67 100644 (file)
--- a/src/comm.cc
+++ b/src/comm.cc
@@ -495,7 +495,8 @@ comm_set_v6only(int fd, int tos)
 }
 
 /**
- * Set the socket IP_TRANSPARENT option for Linux TPROXY v4 support.
+ * Set the socket IP_TRANSPARENT option for Linux TPROXY v4 support,
+ * or set the socket SO_BINDANY option for BSD divert-to support.
  */
 void
 comm_set_transparent(int fd)
@@ -509,7 +510,7 @@ comm_set_transparent(int fd)
         fd_table[fd].flags.transparent = true;
     }
 
-#elif _SQUID_OPENBSD_ && defined(SO_BINDANY)
+#elif defined(SO_BINDANY)
     int tos = 1;
     enter_suid();
     if (setsockopt(fd, SOL_SOCKET, SO_BINDANY, (char *) &tos, sizeof(int)) < 0) {

diff --git a/src/ip/Intercept.cc b/src/ip/Intercept.cc
index 3d6517cbda3ce9e75bcdbc642d79e0f12d1811cf..182b1f6c61150e9b120564f43a41bed481f86b54 100644 (file)
--- a/src/ip/Intercept.cc
+++ b/src/ip/Intercept.cc
@@ -464,12 +464,10 @@ Ip::Intercept::ProbeForTproxy(Ip::Address &test)
         tmp.SetPort(0);
         tmp.GetSockAddr(tmp_ip6);
 
-        enter_suid();
         if ((tmp_sock = socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP)) >=0 &&
                 (setsockopt(tmp_sock, SOL_SOCKET, SO_BINDANY, (char *)&tos,
                             sizeof(tos)) == 0) &&
                 (bind(tmp_sock, (struct sockaddr*)&tmp_ip6, sizeof(struct sockaddr_in6)) == 0)) {
-            leave_suid();
             debugs(3, 3, "IPv6 BINDANY support detected. Using.");
             close(tmp_sock);
             return true;
@@ -484,12 +482,10 @@ Ip::Intercept::ProbeForTproxy(Ip::Address &test)
         tmp.SetPort(0);
         tmp.GetSockAddr(tmp_ip4);
 
-        enter_suid();
         if ((tmp_sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) >=0 &&
                 (setsockopt(tmp_sock, SOL_SOCKET, SO_BINDANY, (char *)&tos,
                             sizeof(tos)) == 0) &&
                 (bind(tmp_sock, (struct sockaddr*)&tmp_ip4, sizeof(struct sockaddr_in)) == 0)) {
-            leave_suid();
             debugs(3, 3, "IPv4 BINDANY support detected. Using.");
             close(tmp_sock);
             return true;