# include <apollo/base.h>
#endif /* SYS_DOMAINOS */
+
#include "recvbuff.h"
#include "ntp_cmdargs.h"
#ifdef HAVE_LINUX_CAPABILITIES
# include <sys/capability.h>
# include <sys/prctl.h>
-#endif
-#endif
+#endif /* HAVE_LINUX_CAPABILITIES */
+#if defined(HAVE_PRIV_H) && defined(HAVE_SOLARIS_PRIVS)
+# include <priv.h>
+#endif /* HAVE_PRIV_H */
+#endif /* HAVE_DROPROOT */
#ifdef HAVE_DNSREGISTRATION
#include <dns_sd.h>
#define ntp_setpgrp(x, y) setpgrp(x, y)
#endif
+#ifdef HAVE_SOLARIS_PRIVS
+#define LOWPRIVS "basic,sys_time,net_privaddr,proc_setid,!proc_info,!proc_session,!proc_exec"
+static priv_set_t *lowprivs = NULL;
+static priv_set_t *highprivs = NULL;
+#endif /* HAVE_SOLARIS_PRIVS */
/*
* Scheduling priority we run at
*/
msyslog( LOG_ERR, "prctl( PR_SET_KEEPCAPS, 1L ) failed: %m" );
exit(-1);
}
+# elif HAVE_SOLARIS_PRIVS
+ (void) setpflags(PRIV_AWARE_RESET, 1);
# else
/* we need a user to switch to */
if (user == NULL) {
msyslog(LOG_ERR, "Need user name to drop root privileges (see -u flag!)" );
exit(-1);
}
-# endif /* HAVE_LINUX_CAPABILITIES */
+# endif /* HAVE_LINUX_CAPABILITIES || HAVE_SOLARIS_PRIVS */
if (user != NULL) {
if (isdigit((unsigned char)*user)) {
exit (-1);
}
}
+# ifdef HAVE_SOLARIS_PRIVS
+ if ((lowprivs = priv_str_to_set(LOWPRIVS, ",", NULL)) == NULL) {
+ msyslog(LOG_ERR, "priv_str_to_set() failed:%m");
+ exit(-1);
+ }
+ if ((highprivs = priv_allocset()) == NULL) {
+ msyslog(LOG_ERR, "priv_allocset() failed:%m");
+ exit(-1);
+ }
+ (void) getppriv(PRIV_PERMITTED, highprivs);
+ (void) priv_intersect(highprivs, lowprivs);
+ if (setppriv(PRIV_SET, PRIV_PERMITTED, lowprivs) == -1) {
+ msyslog(LOG_ERR, "setppriv() failed:%m");
+ exit(-1);
+ }
+# endif /* HAVE_SOLARIS_PRIVS */
if (user && initgroups(user, sw_gid)) {
msyslog(LOG_ERR, "Cannot initgroups() to user `%s': %m", user);
exit (-1);
exit (-1);
}
-# ifndef HAVE_LINUX_CAPABILITIES
+# if !defined(HAVE_LINUX_CAPABILITIES) && !defined(HAVE_SOLARIS_PRIVS)
/*
* for now assume that the privilege to bind to privileged ports
* is associated with running with uid 0 - should be refined on
* ports that allow binding to NTP_PORT with uid != 0
*/
disable_dynamic_updates |= (sw_uid != 0); /* also notifies routing message listener */
-# endif
+# endif /* !HAVE_LINUX_CAPABILITIES && !HAVE_SOLARIS_PRIVS */
if (disable_dynamic_updates && interface_interval) {
interface_interval = 0;
cap_free(caps);
}
# endif /* HAVE_LINUX_CAPABILITIES */
+# ifdef HAVE_SOLARIS_PRIVS
+ if (priv_delset(lowprivs, "proc_setid") == -1) {
+ msyslog(LOG_ERR, "priv_delset() failed:%m");
+ exit(-1);
+ }
+ if (setppriv(PRIV_SET, PRIV_PERMITTED, lowprivs) == -1) {
+ msyslog(LOG_ERR, "setppriv() failed:%m");
+ exit(-1);
+ }
+ priv_freeset(lowprivs);
+ priv_freeset(highprivs);
+# endif /* HAVE_SOLARIS_PRIVS */
root_dropped = TRUE;
fork_deferred_worker();
} /* if (droproot) */
value = i;
arg-type = string;
descrip = "Jail directory";
- omitted-usage = "built without --enable-clockctl or --enable-linuxcaps";
+ omitted-usage = "built without --enable-clockctl or --enable-linuxcaps or --enable-solarisprivs";
doc = <<- _EndOfDoc_
Chroot the server to the directory
@kbd{jaildir}
This option is only available if the OS supports adjusting the clock
without full root privileges.
This option is supported under NetBSD (configure with
- @code{--enable-clockctl}) and Linux (configure with
- @code{--enable-linuxcaps}).
+ @code{--enable-clockctl}) or Linux (configure with
+ @code{--enable-linuxcaps}) or Solaris (configure with @code{--enable-solarisprivs}).
_EndOfDoc_;
};
value = u;
arg-type = string;
descrip = "Run as userid (or userid:groupid)";
- omitted-usage = "built without --enable-clockctl or --enable-linuxcaps";
+ omitted-usage = "built without --enable-clockctl or --enable-linuxcaps or --enable-solarisprivs";
doc = <<- _EndOfDoc_
Specify a user, and optionally a group, to switch to.
This option is only available if the OS supports adjusting the clock
without full root privileges.
This option is supported under NetBSD (configure with
- @code{--enable-clockctl}) and Linux (configure with
- @code{--enable-linuxcaps}).
+ @code{--enable-clockctl}) or Linux (configure with
+ @code{--enable-linuxcaps}) or Solaris (configure with @code{--enable-solarisprivs}).
_EndOfDoc_;
};
;;
esac
-case "$ntp_use_dev_clockctl$ntp_have_linuxcaps" in
+
+AC_CHECK_HEADERS([priv.h])
+
+AC_MSG_CHECKING([if we have solaris privileges])
+
+case "$ac_cv_header_priv_h" in
+ yes)
+ case "$host" in
+ *-solaris*)
+ AC_CHECK_FUNC(
+ [setppriv],
+ [ntp_have_solarisprivs=yes],
+ [ntp_have_solarisprivs=no]
+ )
+ ;;
+ esac
+esac
+
+AC_ARG_ENABLE(
+ [solarisprivs],
+ [AS_HELP_STRING(
+ [--enable-solarisprivs],
+ [+ Use Solaris privileges for non-root clock control]
+ )],
+ [ntp_have_solarisprivs=$enableval]
+)
+
+
+case "$ntp_have_solarisprivs" in
+ yes)
+ AC_DEFINE([HAVE_SOLARIS_PRIVS], [1],
+ [Are Solaris privileges available?])
+esac
+
+AC_MSG_RESULT([$ntp_have_solarisprivs])
+
+case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs" in
*yes*)
AC_DEFINE([HAVE_DROPROOT], [1],
[Can we drop root privileges?])
projects / thirdparty / ntp.git / commitdiff
