faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sys_netbsd: add support for dropping root privileges on FreeBSD

Browse source 
On FreeBSD, use the privops helper for the adjtime(), ntp_adjtime(),
settimeofday(), and bind() system calls.
This commit is contained in:
Miroslav Lichvar 2015-12-10 09:33:56 +01:00
parent 12ee4bf6ac
commit 82510e6b1f
3 changed files with 15 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
configure vendored
View file

@ -376,10 +376,13 @@ case $OPERATINGSYSTEM in
add_def LINUX add_def LINUX
echo "Configuring for " $SYSTEM echo "Configuring for " $SYSTEM
;; ;;
FreeBSD) FreeBSD)
EXTRA_OBJECTS="sys_generic.o sys_netbsd.o sys_timex.o" EXTRA_OBJECTS="sys_generic.o sys_netbsd.o sys_timex.o"
add_def FREEBSD add_def FREEBSD
if [ $feat_droproot = "1" ]; then
add_def FEAT_PRIVDROP
priv_ops="ADJUSTTIME ADJUSTTIMEX SETTIME BINDSOCKET"
fi
echo "Configuring for $SYSTEM" echo "Configuring for $SYSTEM"
;; ;;
NetBSD) NetBSD)

2
sys.c
View file

@ -90,7 +90,7 @@ void SYS_DropRoot(uid_t uid, gid_t gid)
{ {
#if defined(LINUX) && defined (FEAT_PRIVDROP) #if defined(LINUX) && defined (FEAT_PRIVDROP)
SYS_Linux_DropRoot(uid, gid); SYS_Linux_DropRoot(uid, gid);
#elif defined(NETBSD) && defined(FEAT_PRIVDROP) #elif (defined(NETBSD) || defined(FREEBSD)) && defined(FEAT_PRIVDROP)
SYS_NetBSD_DropRoot(uid, gid); SYS_NetBSD_DropRoot(uid, gid);
#elif defined(MACOSX) && defined(FEAT_PRIVDROP) #elif defined(MACOSX) && defined(FEAT_PRIVDROP)
SYS_MacOSX_DropRoot(uid, gid); SYS_MacOSX_DropRoot(uid, gid);

14
sys_netbsd.c
View file

@ -23,7 +23,7 @@
======================================================================= =======================================================================
Driver file for the NetBSD operating system. Driver file for the NetBSD and FreeBSD operating system.
*/ */
#include "config.h" #include "config.h"
@ -63,14 +63,14 @@ accrue_offset(double offset, double corr_rate)
UTI_DoubleToTimeval(-offset, &newadj); UTI_DoubleToTimeval(-offset, &newadj);
if (adjtime(&newadj, &oldadj) < 0) if (PRV_AdjustTime(&newadj, &oldadj) < 0)
LOG_FATAL(LOGF_SysNetBSD, "adjtime() failed"); LOG_FATAL(LOGF_SysNetBSD, "adjtime() failed");
/* Add the old remaining adjustment if not zero */ /* Add the old remaining adjustment if not zero */
UTI_TimevalToDouble(&oldadj, &offset); UTI_TimevalToDouble(&oldadj, &offset);
if (offset != 0.0) { if (offset != 0.0) {
UTI_AddDoubleToTimeval(&newadj, offset, &newadj); UTI_AddDoubleToTimeval(&newadj, offset, &newadj);
if (adjtime(&newadj, NULL) < 0) if (PRV_AdjustTime(&newadj, NULL) < 0)
LOG_FATAL(LOGF_SysNetBSD, "adjtime() failed"); LOG_FATAL(LOGF_SysNetBSD, "adjtime() failed");
} }
} }
@ -84,7 +84,7 @@ get_offset_correction(struct timeval *raw,
struct timeval remadj; struct timeval remadj;
double adjustment_remaining; double adjustment_remaining;
if (adjtime(NULL, &remadj) < 0) if (PRV_AdjustTime(NULL, &remadj) < 0)
LOG_FATAL(LOGF_SysNetBSD, "adjtime() failed"); LOG_FATAL(LOGF_SysNetBSD, "adjtime() failed");
UTI_TimevalToDouble(&remadj, &adjustment_remaining); UTI_TimevalToDouble(&remadj, &adjustment_remaining);
@ -123,16 +123,22 @@ SYS_NetBSD_Finalise(void)
void void
SYS_NetBSD_DropRoot(uid_t uid, gid_t gid) SYS_NetBSD_DropRoot(uid_t uid, gid_t gid)
{ {
#ifdef NETBSD
int fd; int fd;
#endif
/* On NetBSD the helper is used only for socket binding, but on FreeBSD
it's used also for setting and adjusting the system clock */
PRV_StartHelper(); PRV_StartHelper();
UTI_DropRoot(uid, gid); UTI_DropRoot(uid, gid);
#ifdef NETBSD
/* Check if we have write access to /dev/clockctl */ /* Check if we have write access to /dev/clockctl */
fd = open("/dev/clockctl", O_WRONLY); fd = open("/dev/clockctl", O_WRONLY);
if (fd < 0) if (fd < 0)
LOG_FATAL(LOGF_SysNetBSD, "Can't write to /dev/clockctl"); LOG_FATAL(LOGF_SysNetBSD, "Can't write to /dev/clockctl");
close(fd); close(fd);
#endif
} }
#endif #endif