[Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max

bk: 56fbaa736fBSWeY_7EVlGfQoDwKz3g

diff --git a/ChangeLog b/ChangeLog
index 276732f74e7cd060ce54715b7ae7249e2e076756..4fb749765ddca577b2a66f0bfcb7f2d796c9863e 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 ---
 
+* [Bug 2960] async name resolution fixes for chroot() environments.
+  Reinhard Max.
 * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org
 * [Bug 2995] Fixes to compile on Windows
 * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org

diff --git a/libntp/work_fork.c b/libntp/work_fork.c
index 96c550e98594369a022ec26f359699e592d93af4..1bbf6401d0c4f2d1cc3829a17d6d8c9276703bb9 100644 (file)
--- a/libntp/work_fork.c
+++ b/libntp/work_fork.c
@@ -451,7 +451,7 @@ fork_blocking_child(
                }
        }
 
-#ifdef HAVE_DROPROOT
+#if defined(HAVE_DROPROOT) && !defined(NEED_EARLY_FORK)
        /* defer the fork until after root is dropped */
        if (droproot && !root_dropped)
                return;

diff --git a/ntpd/ntp_timer.c b/ntpd/ntp_timer.c
index 78c81b620b1889b9af0859836ea1dde2a843e1e0..9ee35f812d48636ec2c492e57cf5f03fdc92e254 100644 (file)
--- a/ntpd/ntp_timer.c
+++ b/ntpd/ntp_timer.c
@@ -276,6 +276,12 @@ intres_timeout_req(
        u_int   seconds         /* 0 cancels */
        )
 {
+#if defined(HAVE_DROPROOT) && defined(NEED_EARLY_FORK)
+       if (droproot) {
+               worker_idle_timer = 0;
+               return;
+       }
+#endif
        if (0 == seconds) {
                worker_idle_timer = 0;
                return;

diff --git a/ntpd/ntpd.c b/ntpd/ntpd.c
index 2c7f02ec5d6ffd3e5a65b39ff0079efc8c58df84..9c6f94740c06cf04aa60a1268c802684a3b0f900 100644 (file)
--- a/ntpd/ntpd.c
+++ b/ntpd/ntpd.c
@@ -332,6 +332,16 @@ my_pthread_warmup(void)
 
 #endif /*defined(NEED_PTHREAD_WARMUP)*/
 
+#ifdef NEED_EARLY_FORK
+static void
+dummy_callback(void) { return; }
+
+static void
+fork_nonchroot_worker(void) {
+       getaddrinfo_sometime("localhost", "ntp", NULL, INITIAL_DNS_RETRY,
+                            (gai_sometime_callback)&dummy_callback, NULL);
+}
+#endif /* NEED_EARLY_FORK */
 
 void
 parse_cmdline_opts(
@@ -931,6 +941,11 @@ ntpdmain(
 
 # ifdef HAVE_DROPROOT
        if (droproot) {
+
+#ifdef NEED_EARLY_FORK
+               fork_nonchroot_worker();
+#endif
+
                /* Drop super-user privileges and chroot now if the OS supports this */
 
 #  ifdef HAVE_LINUX_CAPABILITIES

diff --git a/sntp/m4/ntp_libntp.m4 b/sntp/m4/ntp_libntp.m4
index 01d82fcd5504318f19bb45272e3a121b09ce52dc..1263423eda03f76f6cdfacb759826806c3b7cbf4 100644 (file)
--- a/sntp/m4/ntp_libntp.m4
+++ b/sntp/m4/ntp_libntp.m4
@@ -163,6 +163,7 @@ case "$host" in
        # include <sys/socket.h>
        #endif
     ])
+    AC_DEFINE([NEED_EARLY_FORK], [1], [having to fork the DNS worker early when doing chroot?])
 esac
 
 AC_CHECK_HEADERS([arpa/nameser.h sys/param.h sys/time.h sys/timers.h])