try_rtc=0
feat_droproot=1
try_libcap=0
+try_clockctl=0
readline_lib=""
readline_inc=""
ncurses_lib=""
NetBSD-* )
EXTRA_OBJECTS="sys_netbsd.o"
EXTRA_LIBS="-lkvm"
+ try_clockctl=1
add_def NETBSD
echo "Configuring for $SYSTEM"
;;
EXTRA_LIBS="$EXTRA_LIBS -lcap"
fi
+if [ $feat_droproot = "1" ] && [ $try_clockctl = "1" ] && \
+ test_code '<sys/clockctl.h>' 'sys/clockctl.h' '' '' ''
+then
+ add_def FEAT_PRIVDROP
+fi
+
if [ $feat_rtc = "1" ] && [ $try_rtc = "1" ] && \
test_code '<linux/rtc.h>' 'sys/ioctl.h linux/rtc.h' '' '' \
'ioctl(1, RTC_UIE_ON&RTC_UIE_OFF&RTC_RD_TIME&RTC_SET_TIME, 0&RTC_UF);'
{
#if defined(LINUX) && defined (FEAT_PRIVDROP)
SYS_Linux_DropRoot(uid, gid);
+#elif defined(NETBSD) && defined(FEAT_PRIVDROP)
+ SYS_NetBSD_DropRoot(uid, gid);
#else
LOG_FATAL(LOGF_Sys, "dropping root privileges not supported");
#endif
/* ================================================== */
+#ifdef FEAT_PRIVDROP
+void
+SYS_NetBSD_DropRoot(uid_t uid, gid_t gid)
+{
+ int fd;
+
+ if (setgroups(0, NULL))
+ LOG_FATAL(LOGF_SysNetBSD, "setgroups() failed : %s", strerror(errno));
+
+ if (setgid(gid))
+ LOG_FATAL(LOGF_SysNetBSD, "setgid(%d) failed : %s", gid, strerror(errno));
+
+ if (setuid(uid))
+ LOG_FATAL(LOGF_SysNetBSD, "setuid(%d) failed : %s", uid, strerror(errno));
+
+ DEBUG_LOG(LOGF_SysNetBSD, "Root dropped to uid %d gid %d", uid, gid);
+
+ /* Check if we have write access to /dev/clockctl */
+ fd = open("/dev/clockctl", O_WRONLY);
+ if (fd < 0)
+ LOG_FATAL(LOGF_SysNetBSD, "Can't write to /dev/clockctl");
+ close(fd);
+}
+#endif
#endif /* NETBSD */
void SYS_NetBSD_Finalise(void);
+void SYS_NetBSD_DropRoot(uid_t uid, gid_t gid);
+
#endif
projects / thirdparty / chrony.git / commitdiff
