Add TrustedBSD MAC(4) support to ntpd.

These changes add support for running ntpd as non-root, and improve support
for the --jaildir (chroot) option when running on freebsd. These correspond
to the changes made in the base system with r336525.

The new patches in this change are exactly what was submitted upstream in
https://bugs.ntp.org/show_bug.cgi?id=3509

Approved by:	cy@
Differential Revision:	https://reviews.freebsd.org/D16396
This commit is contained in:
Ian Lepore 2018-07-23 00:32:59 +00:00
parent a6e1ae9107
commit fdc7af6999
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=475132
3 changed files with 80 additions and 2 deletions

View file

@ -3,7 +3,7 @@
PORTNAME= ntp
PORTVERSION= 4.2.8p11
PORTREVISION= 1
PORTREVISION= 2
CATEGORIES= net ipv6
MASTER_SITES= http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ \
http://archive.ntp.org/ntp4/ntp-4.2/ \
@ -19,9 +19,10 @@ CONFLICTS= ntp-devel-* openntpd-*
USES= cpe pathfix shebangfix libedit libtool localbase:ldflags \
pkgconfig
USES+= autoreconf # until trustedbsd-mac changes accepted upstream
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --enable-leap-smear
CONFIGURE_ARGS= --enable-leap-smear --enable-trustedbsd-mac
TEST_TARGET= check

View file

@ -0,0 +1,45 @@
--- ntpd/ntpd.c.orig 2018-02-27 15:15:48 UTC
+++ ntpd/ntpd.c
@@ -123,6 +123,9 @@
#if defined(HAVE_PRIV_H) && defined(HAVE_SOLARIS_PRIVS)
# include <priv.h>
#endif /* HAVE_PRIV_H */
+#if defined(HAVE_TRUSTEDBSD_MAC)
+# include <sys/mac.h>
+#endif /* HAVE_TRUSTEDBSD_MAC */
#endif /* HAVE_DROPROOT */
#if defined (LIBSECCOMP) && (KERN_SECCOMP)
@@ -634,7 +637,12 @@ ntpdmain(
/* MPE lacks the concept of root */
# if defined(HAVE_GETUID) && !defined(MPE)
uid = getuid();
- if (uid && !HAVE_OPT( SAVECONFIGQUIT )) {
+ if (uid && !HAVE_OPT( SAVECONFIGQUIT )
+# if defined(HAVE_TRUSTEDBSD_MAC)
+ /* We can run as non-root if the mac_ntpd policy is enabled. */
+ && mac_is_present("ntpd") != 1
+# endif
+ ) {
msyslog_term = TRUE;
msyslog(LOG_ERR,
"must be run as root, not uid %ld", (long)uid);
@@ -1082,7 +1090,17 @@ getgroup:
exit (-1);
}
-# if !defined(HAVE_LINUX_CAPABILITIES) && !defined(HAVE_SOLARIS_PRIVS)
+# if defined(HAVE_TRUSTEDBSD_MAC)
+ /*
+ * To manipulate system time and (re-)bind to NTP_PORT as needed
+ * following interface changes, we must either run as uid 0 or
+ * the mac_ntpd policy module must be enabled.
+ */
+ if (sw_uid != 0 && mac_is_present("ntpd") != 1) {
+ msyslog(LOG_ERR, "Need MAC 'ntpd' policy enabled to drop root privileges");
+ exit (-1);
+ }
+# elif !defined(HAVE_LINUX_CAPABILITIES) && !defined(HAVE_SOLARIS_PRIVS)
/*
* for now assume that the privilege to bind to privileged ports
* is associated with running with uid 0 - should be refined on

View file

@ -0,0 +1,32 @@
--- sntp/m4/ntp_libntp.m4.orig 2017-02-01 09:47:13 UTC
+++ sntp/m4/ntp_libntp.m4
@@ -693,7 +693,28 @@ esac
AC_MSG_RESULT([$ntp_have_solarisprivs])
-case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs" in
+AC_CHECK_HEADERS([sys/mac.h])
+
+AC_ARG_ENABLE(
+ [trustedbsd_mac],
+ [AS_HELP_STRING(
+ [--enable-trustedbsd-mac],
+ [- Use TrustedBSD MAC policy for non-root clock control]
+ )],
+ [ntp_use_trustedbsd_mac=$enableval]
+)
+
+AC_MSG_CHECKING([if we should use TrustedBSD MAC privileges])
+
+case "$ntp_use_trustedbsd_mac$ac_cv_header_sys_mac_h" in
+ yesyes)
+ AC_DEFINE([HAVE_TRUSTEDBSD_MAC], [1],
+ [Are TrustedBSD MAC policy privileges available?])
+esac
+
+AC_MSG_RESULT([$ntp_use_trustedbsd_mac])
+
+case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs$ntp_use_trustedbsd_mac" in
*yes*)
AC_DEFINE([HAVE_DROPROOT], [1],
[Can we drop root privileges?])