sys_netbsd: add support for dropping root privileges on FreeBSD

On FreeBSD, use the privops helper for the adjtime(), ntp_adjtime(),
settimeofday(), and bind() system calls.

diff --git a/configure b/configure
index df4f80a3eefc7c1002a6ebc7fb807ae826fc7253..24f52c46953928a215e9ed781acd22a4edadbc42 100755 (executable)
--- a/configure
+++ b/configure
@@ -376,10 +376,13 @@ case $OPERATINGSYSTEM in
         add_def LINUX
         echo "Configuring for " $SYSTEM
     ;;
-
     FreeBSD)
         EXTRA_OBJECTS="sys_generic.o sys_netbsd.o sys_timex.o"
         add_def FREEBSD
+        if [ $feat_droproot = "1" ]; then
+          add_def FEAT_PRIVDROP
+          priv_ops="ADJUSTTIME ADJUSTTIMEX SETTIME BINDSOCKET"
+        fi
         echo "Configuring for $SYSTEM"
     ;;
     NetBSD)

diff --git a/sys.c b/sys.c
index f3844c64060a49ad6f0a21c65b34fde1ce91c802..bd3441edaa14f90c1f95cba39e979733f3f748c7 100644 (file)
--- a/sys.c
+++ b/sys.c
@@ -90,7 +90,7 @@ void SYS_DropRoot(uid_t uid, gid_t gid)
 {
 #if defined(LINUX) && defined (FEAT_PRIVDROP)
   SYS_Linux_DropRoot(uid, gid);
-#elif defined(NETBSD) && defined(FEAT_PRIVDROP)
+#elif (defined(NETBSD) || defined(FREEBSD)) && defined(FEAT_PRIVDROP)
   SYS_NetBSD_DropRoot(uid, gid);
 #elif defined(MACOSX) && defined(FEAT_PRIVDROP)
   SYS_MacOSX_DropRoot(uid, gid);

diff --git a/sys_netbsd.c b/sys_netbsd.c
index e0b5b5016bc5a9d417bfec0e9b2ca9f796bd5077..407be84d856c5a150bdc4b163d92de5135882231 100644 (file)
--- a/sys_netbsd.c
+++ b/sys_netbsd.c
@@ -23,7 +23,7 @@
 
   =======================================================================
 
-  Driver file for the NetBSD operating system.
+  Driver file for the NetBSD and FreeBSD operating system.
   */
 
 #include "config.h"
@@ -63,14 +63,14 @@ accrue_offset(double offset, double corr_rate)
 
   UTI_DoubleToTimeval(-offset, &newadj);
 
-  if (adjtime(&newadj, &oldadj) < 0)
+  if (PRV_AdjustTime(&newadj, &oldadj) < 0)
     LOG_FATAL(LOGF_SysNetBSD, "adjtime() failed");
 
   /* Add the old remaining adjustment if not zero */
   UTI_TimevalToDouble(&oldadj, &offset);
   if (offset != 0.0) {
     UTI_AddDoubleToTimeval(&newadj, offset, &newadj);
-    if (adjtime(&newadj, NULL) < 0)
+    if (PRV_AdjustTime(&newadj, NULL) < 0)
       LOG_FATAL(LOGF_SysNetBSD, "adjtime() failed");
   }
 }
@@ -84,7 +84,7 @@ get_offset_correction(struct timeval *raw,
   struct timeval remadj;
   double adjustment_remaining;
 
-  if (adjtime(NULL, &remadj) < 0)
+  if (PRV_AdjustTime(NULL, &remadj) < 0)
     LOG_FATAL(LOGF_SysNetBSD, "adjtime() failed");
 
   UTI_TimevalToDouble(&remadj, &adjustment_remaining);
@@ -123,16 +123,22 @@ SYS_NetBSD_Finalise(void)
 void
 SYS_NetBSD_DropRoot(uid_t uid, gid_t gid)
 {
+#ifdef NETBSD
   int fd;
+#endif
 
+  /* On NetBSD the helper is used only for socket binding, but on FreeBSD
+     it's used also for setting and adjusting the system clock */
   PRV_StartHelper();
 
   UTI_DropRoot(uid, gid);
 
+#ifdef NETBSD
   /* Check if we have write access to /dev/clockctl */
   fd = open("/dev/clockctl", O_WRONLY);
   if (fd < 0)
     LOG_FATAL(LOGF_SysNetBSD, "Can't write to /dev/clockctl");
   close(fd);
+#endif
 }
 #endif