[people/teissler/ipfire-2.x.git] / src / patches / ntp-4.2.0-linuxcaps.patch

diff -u -r ntp-4.2.0/config.h.in ntp-4.2.0-linux-droproot/config.h.in
--- ntp-4.2.0/config.h.in	2003-10-15 11:02:22.000000000 +0200
+++ ntp-4.2.0-linux-droproot/config.h.in	2003-12-02 10:30:34.000000000 +0100
@@ -300,9 +300,12 @@
 /* Do we have the CIOGETEV ioctl (SunOS, Linux)? */
 #undef HAVE_CIOGETEV
 
-/* [Use], [/dev/clockctl?] */
+/* Do we have non-root clock control (via Linux capabilities or NetBSD /dev/clockctl)? */
 #undef HAVE_CLOCKCTL
 
+/* Do we get clock access via Linux capabilities? */
+#undef HAVE_LINUX_CAPABILITIES
+
 /* Define to 1 if you have the `clock_gettime' function. */
 #undef HAVE_CLOCK_GETTIME
 
diff -u -r ntp-4.2.0/configure.in ntp-4.2.0-linux-droproot/configure.in
--- ntp-4.2.0/configure.in	2003-10-15 10:52:44.000000000 +0200
+++ ntp-4.2.0-linux-droproot/configure.in	2003-12-01 09:53:21.000000000 +0100
@@ -48,7 +48,7 @@
 
 AC_CACHE_CHECK(if we should use /dev/clockctl, ac_clockctl,
 [AC_ARG_ENABLE(clockctl,
-   AC_HELP_STRING([--enable-clockctl], [Use /dev/clockctl for non-root time control]),
+   AC_HELP_STRING([--enable-clockctl], [Use NetBSD /dev/clockctl for non-root clock control]),
     [ans=$enableval],
     [case "$target" in
       *-*-netbsd*)
@@ -63,10 +63,27 @@
 AC_CHECK_HEADERS(sys/clockctl.h)
 case "$ac_clockctl$ac_cv_header_sys_clockctl_h" in
  yesyes)
-    AC_DEFINE(HAVE_CLOCKCTL, ,[[Use /dev/clockctl?]])
+    AC_DEFINE(HAVE_CLOCKCTL, ,[Non-root clock control allowed via NetBSD /dev/clockctl?])
     ;;
 esac
 
+AC_CACHE_CHECK(if we have linux capabilities (libcap), ac_linuxcaps,
+[AC_ARG_ENABLE(linuxcaps,
+   AC_HELP_STRING([--enable-linuxcaps], [Use Linux capabilities for non-root clock control]),
+    [ans=$enableval],
+    [ans=no])
+ac_linuxcaps=$ans])
+# End of AC_CACHE_CHECK for linuxcaps
+AC_CHECK_HEADERS(sys/capability.h)
+case "$ac_linuxcaps$ac_cv_header_sys_capability_h" in
+ yesyes)
+    AC_DEFINE(HAVE_LINUX_CAPABILITIES, ,[Do we have Linux capabilities?])
+    AC_DEFINE(HAVE_CLOCKCTL, ,[Non-root clock control allowed via Linux capabilities?])
+    LIBS="$LIBS -lcap"
+    ;;
+esac
+
+
 case "$build" in
  $host)
     ;;
diff -u -r ntp-4.2.0/ntpd/ntpd.c ntp-4.2.0-linux-droproot/ntpd/ntpd.c
--- ntp-4.2.0/ntpd/ntpd.c	2003-07-17 12:27:28.000000000 +0200
+++ ntp-4.2.0-linux-droproot/ntpd/ntpd.c	2003-12-02 11:11:09.000000000 +0100
@@ -108,6 +108,10 @@
 # include <ctype.h>
 # include <grp.h>
 # include <pwd.h>
+#ifdef HAVE_LINUX_CAPABILITIES
+# include <sys/capability.h>
+# include <sys/prctl.h>
+#endif
 #endif
 
 /*
@@ -837,8 +841,18 @@
 #ifdef HAVE_CLOCKCTL
 	/* 
 	 * Drop super-user privileges and chroot now if the OS supports
-	 * non root clock control (only NetBSD for now).
+	 * non root clock control (only NetBSD and Linux for now).
 	 */
+
+#ifdef HAVE_LINUX_CAPABILITIES
+	/* set flag: keep privileges accross setuid() call (we only really need cap_sys_time): */
+	if( prctl( PR_SET_KEEPCAPS, 1L, 0L, 0L, 0L ) == -1 ) {
+		msyslog( LOG_ERR, "prctl( PR_SET_KEEPCAPS, 1L ) failed: %m" );
+		exit(-1);
+	}
+#endif /* HAVE_LINUX_CAPABILITIES */
+	
+	
 	if (user != NULL) {
 	        if (isdigit((unsigned char)*user)) {
 	                sw_uid = (uid_t)strtoul(user, &endp, 0);
@@ -871,9 +885,17 @@
 	                }
 	        }
 	}
-	if (chrootdir && chroot(chrootdir)) {
-		msyslog(LOG_ERR, "Cannot chroot to `%s': %m", chrootdir);
-		exit (-1);
+	
+	if( chrootdir ) {
+		/* make sure cwd is inside the jail: */
+		if( chdir(chrootdir) ) {
+			msyslog(LOG_ERR, "Cannot chdir() to `%s': %m", chrootdir);
+			exit (-1);
+		}
+		if( chroot(chrootdir) ) {
+			msyslog(LOG_ERR, "Cannot chroot() to `%s': %m", chrootdir);
+			exit (-1);
+		}
 	}
 	if (group && setgid(sw_gid)) {
 		msyslog(LOG_ERR, "Cannot setgid() to group `%s': %m", group);
@@ -891,6 +913,25 @@
 		msyslog(LOG_ERR, "Cannot seteuid() to user `%s': %m", user);
 		exit (-1);
 	}
+
+#ifdef HAVE_LINUX_CAPABILITIES
+	{
+		/*  We may be running under non-root uid now, but we still hold full root privileges!
+		 *  Let's get rid of most of them; we only keep cap_sys_time:
+		 */
+		cap_t caps;
+		if( ! ( caps = cap_from_text( "cap_sys_time=ipe" ) ) ) {
+			msyslog( LOG_ERR, "cap_from_text() failed: %m" );
+			exit(-1);
+		}
+		if( cap_set_proc( caps ) == -1 ) {
+			msyslog( LOG_ERR, "cap_set_proc() failed to drop root privileges: %m" );
+			exit(-1);
+		}
+		cap_free( caps );
+	}
+#endif /* HAVE_LINUX_CAPABILITIES */
+
 #endif
 	/*
 	 * Report that we're up to any trappers
Commit	Line	Data
cd1a2927 MT	1	diff -u -r ntp-4.2.0/config.h.in ntp-4.2.0-linux-droproot/config.h.in
	2	--- ntp-4.2.0/config.h.in 2003-10-15 11:02:22.000000000 +0200
	3	+++ ntp-4.2.0-linux-droproot/config.h.in 2003-12-02 10:30:34.000000000 +0100
	4	@@ -300,9 +300,12 @@
	5	/* Do we have the CIOGETEV ioctl (SunOS, Linux)? */
	6	#undef HAVE_CIOGETEV
	7
	8	-/* [Use], [/dev/clockctl?] */
	9	+/* Do we have non-root clock control (via Linux capabilities or NetBSD /dev/clockctl)? */
	10	#undef HAVE_CLOCKCTL
	11
	12	+/* Do we get clock access via Linux capabilities? */
	13	+#undef HAVE_LINUX_CAPABILITIES
	14	+
	15	/* Define to 1 if you have the `clock_gettime' function. */
	16	#undef HAVE_CLOCK_GETTIME
	17
	18	diff -u -r ntp-4.2.0/configure.in ntp-4.2.0-linux-droproot/configure.in
	19	--- ntp-4.2.0/configure.in 2003-10-15 10:52:44.000000000 +0200
	20	+++ ntp-4.2.0-linux-droproot/configure.in 2003-12-01 09:53:21.000000000 +0100
	21	@@ -48,7 +48,7 @@
	22
	23	AC_CACHE_CHECK(if we should use /dev/clockctl, ac_clockctl,
	24	[AC_ARG_ENABLE(clockctl,
	25	- AC_HELP_STRING([--enable-clockctl], [Use /dev/clockctl for non-root time control]),
	26	+ AC_HELP_STRING([--enable-clockctl], [Use NetBSD /dev/clockctl for non-root clock control]),
	27	[ans=$enableval],
	28	[case "$target" in
	29	--netbsd*)
	30	@@ -63,10 +63,27 @@
	31	AC_CHECK_HEADERS(sys/clockctl.h)
	32	case "$ac_clockctl$ac_cv_header_sys_clockctl_h" in
	33	yesyes)
	34	- AC_DEFINE(HAVE_CLOCKCTL, ,[[Use /dev/clockctl?]])
	35	+ AC_DEFINE(HAVE_CLOCKCTL, ,[Non-root clock control allowed via NetBSD /dev/clockctl?])
	36	;;
	37	esac
	38
	39	+AC_CACHE_CHECK(if we have linux capabilities (libcap), ac_linuxcaps,
	40	+[AC_ARG_ENABLE(linuxcaps,
	41	+ AC_HELP_STRING([--enable-linuxcaps], [Use Linux capabilities for non-root clock control]),
	42	+ [ans=$enableval],
	43	+ [ans=no])
	44	+ac_linuxcaps=$ans])
	45	+# End of AC_CACHE_CHECK for linuxcaps
	46	+AC_CHECK_HEADERS(sys/capability.h)
	47	+case "$ac_linuxcaps$ac_cv_header_sys_capability_h" in
	48	+ yesyes)
	49	+ AC_DEFINE(HAVE_LINUX_CAPABILITIES, ,[Do we have Linux capabilities?])
	50	+ AC_DEFINE(HAVE_CLOCKCTL, ,[Non-root clock control allowed via Linux capabilities?])
	51	+ LIBS="$LIBS -lcap"
	52	+ ;;
	53	+esac
	54	+
	55	+
	56	case "$build" in
	57	$host)
	58	;;
	59	diff -u -r ntp-4.2.0/ntpd/ntpd.c ntp-4.2.0-linux-droproot/ntpd/ntpd.c
	60	--- ntp-4.2.0/ntpd/ntpd.c 2003-07-17 12:27:28.000000000 +0200
	61	+++ ntp-4.2.0-linux-droproot/ntpd/ntpd.c 2003-12-02 11:11:09.000000000 +0100
	62	@@ -108,6 +108,10 @@
	63	# include <ctype.h>
	64	# include <grp.h>
65	# include <pwd.h>
66	+#ifdef HAVE_LINUX_CAPABILITIES
67	+# include <sys/capability.h>
68	+# include <sys/prctl.h>
69	+#endif
70	#endif
71
72	/*
73	@@ -837,8 +841,18 @@
74	#ifdef HAVE_CLOCKCTL
75	/*
76	* Drop super-user privileges and chroot now if the OS supports
77	- * non root clock control (only NetBSD for now).
78	+ * non root clock control (only NetBSD and Linux for now).
79	*/
80	+
81	+#ifdef HAVE_LINUX_CAPABILITIES
82	+ /* set flag: keep privileges accross setuid() call (we only really need cap_sys_time): */
83	+ if( prctl( PR_SET_KEEPCAPS, 1L, 0L, 0L, 0L ) == -1 ) {
84	+ msyslog( LOG_ERR, "prctl( PR_SET_KEEPCAPS, 1L ) failed: %m" );
85	+ exit(-1);
86	+ }
87	+#endif /* HAVE_LINUX_CAPABILITIES */
88	+
89	+
90	if (user != NULL) {
91	if (isdigit((unsigned char)*user)) {
92	sw_uid = (uid_t)strtoul(user, &endp, 0);
93	@@ -871,9 +885,17 @@
94	}
95	}
96	}
97	- if (chrootdir && chroot(chrootdir)) {
98	- msyslog(LOG_ERR, "Cannot chroot to `%s': %m", chrootdir);
99	- exit (-1);
100	+
101	+ if( chrootdir ) {
102	+ /* make sure cwd is inside the jail: */
103	+ if( chdir(chrootdir) ) {
104	+ msyslog(LOG_ERR, "Cannot chdir() to `%s': %m", chrootdir);
105	+ exit (-1);
106	+ }
107	+ if( chroot(chrootdir) ) {
108	+ msyslog(LOG_ERR, "Cannot chroot() to `%s': %m", chrootdir);
109	+ exit (-1);
110	+ }
111	}
112	if (group && setgid(sw_gid)) {
113	msyslog(LOG_ERR, "Cannot setgid() to group `%s': %m", group);
114	@@ -891,6 +913,25 @@
115	msyslog(LOG_ERR, "Cannot seteuid() to user `%s': %m", user);
116	exit (-1);
117	}
118	+
119	+#ifdef HAVE_LINUX_CAPABILITIES
120	+ {
121	+ /* We may be running under non-root uid now, but we still hold full root privileges!
122	+ * Let's get rid of most of them; we only keep cap_sys_time:
123	+ */
124	+ cap_t caps;
125	+ if( ! ( caps = cap_from_text( "cap_sys_time=ipe" ) ) ) {
126	+ msyslog( LOG_ERR, "cap_from_text() failed: %m" );
127	+ exit(-1);
128	+ }
129	+ if( cap_set_proc( caps ) == -1 ) {
130	+ msyslog( LOG_ERR, "cap_set_proc() failed to drop root privileges: %m" );
131	+ exit(-1);
132	+ }
133	+ cap_free( caps );
134	+ }
135	+#endif /* HAVE_LINUX_CAPABILITIES */
136	+
137	#endif
138	/*
139	* Report that we're up to any trappers