From: Amos Jeffries <squid3@treenet.co.nz>
Date: Mon, 1 Apr 2013 09:54:22 +0000 (-0600)
Subject: Remove SUID and OpenBSD limits from SO_BINDANY support
X-Git-Tag: SQUID_3_4_0_1~213
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=32e88dedafe25f6d115364e9ecf7f0bad0e1aae1;p=thirdparty%2Fsquid.git

Remove SUID and OpenBSD limits from SO_BINDANY support

Apparently OpenBSD 5.x do not require enter_suid/leave_suid to test for
SO_BINDANY support.

Also, FreeBSD does support SO_BINDANY in a fashion. Remove the OpenBSD
build requirement and rely solely on the option being present.
---

diff --git a/src/comm.cc b/src/comm.cc
index e0f5528487..bc57cca228 100644
--- a/src/comm.cc
+++ b/src/comm.cc
@@ -495,7 +495,8 @@ comm_set_v6only(int fd, int tos)
 }
 
 /**
- * Set the socket IP_TRANSPARENT option for Linux TPROXY v4 support.
+ * Set the socket IP_TRANSPARENT option for Linux TPROXY v4 support,
+ * or set the socket SO_BINDANY option for BSD divert-to support.
  */
 void
 comm_set_transparent(int fd)
@@ -509,7 +510,7 @@ comm_set_transparent(int fd)
         fd_table[fd].flags.transparent = true;
     }
 
-#elif _SQUID_OPENBSD_ && defined(SO_BINDANY)
+#elif defined(SO_BINDANY)
     int tos = 1;
     enter_suid();
     if (setsockopt(fd, SOL_SOCKET, SO_BINDANY, (char *) &tos, sizeof(int)) < 0) {
diff --git a/src/ip/Intercept.cc b/src/ip/Intercept.cc
index 3d6517cbda..182b1f6c61 100644
--- a/src/ip/Intercept.cc
+++ b/src/ip/Intercept.cc
@@ -464,12 +464,10 @@ Ip::Intercept::ProbeForTproxy(Ip::Address &test)
         tmp.SetPort(0);
         tmp.GetSockAddr(tmp_ip6);
 
-        enter_suid();
         if ((tmp_sock = socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP)) >=0 &&
                 (setsockopt(tmp_sock, SOL_SOCKET, SO_BINDANY, (char *)&tos,
                             sizeof(tos)) == 0) &&
                 (bind(tmp_sock, (struct sockaddr*)&tmp_ip6, sizeof(struct sockaddr_in6)) == 0)) {
-            leave_suid();
             debugs(3, 3, "IPv6 BINDANY support detected. Using.");
             close(tmp_sock);
             return true;
@@ -484,12 +482,10 @@ Ip::Intercept::ProbeForTproxy(Ip::Address &test)
         tmp.SetPort(0);
         tmp.GetSockAddr(tmp_ip4);
 
-        enter_suid();
         if ((tmp_sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) >=0 &&
                 (setsockopt(tmp_sock, SOL_SOCKET, SO_BINDANY, (char *)&tos,
                             sizeof(tos)) == 0) &&
                 (bind(tmp_sock, (struct sockaddr*)&tmp_ip4, sizeof(struct sockaddr_in)) == 0)) {
-            leave_suid();
             debugs(3, 3, "IPv4 BINDANY support detected. Using.");
             close(tmp_sock);
             return true;