From: Frank Kardel Date: Sat, 23 Sep 2006 17:23:36 +0000 (+0000) Subject: ntpd.h, ntpd.c, ntp_timer.c, ntp_io.c, cmd_args.c: X-Git-Tag: NTP_4_2_3P50~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=12d5306b38e6f974e400489f42748a3050ff7c1d;p=thirdparty%2Fntp.git ntpd.h, ntpd.c, ntp_timer.c, ntp_io.c, cmd_args.c: disable dynamic update when giving up the root privilege bk: 45156d98_LKtm_adWalp1HX2GnFPOA --- diff --git a/include/ntpd.h b/include/ntpd.h index d51ddf74f..3495cc85d 100644 --- a/include/ntpd.h +++ b/include/ntpd.h @@ -70,6 +70,8 @@ typedef struct interface_info { typedef void (*interface_receiver_t)(void *, interface_info_t *); +extern volatile int disable_dynamic_updates; + extern void interface_enumerate P((interface_receiver_t, void *)); extern struct interface *findinterface P((struct sockaddr_storage *)); extern struct interface *findbcastinter P((struct sockaddr_storage *)); @@ -220,6 +222,7 @@ extern void reinit_timer P((void)); extern void timer P((void)); extern void timer_clr_stats P((void)); extern void timer_interfacetimeout P((u_long)); +extern volatile int interface_interval; #ifdef OPENSSL extern char *sys_hostname; diff --git a/ntpd/cmd_args.c b/ntpd/cmd_args.c index f89e37be0..c71167ec1 100644 --- a/ntpd/cmd_args.c +++ b/ntpd/cmd_args.c @@ -184,7 +184,6 @@ getCmdOpts( if (HAVE_OPT( UPDATEINTERVAL )) { long val = OPT_VALUE_UPDATEINTERVAL; - extern int interface_interval; if ((val >= 60) || (val == 0)) interface_interval = val; diff --git a/ntpd/ntp_io.c b/ntpd/ntp_io.c index 8027dd9b9..b3b70ae3f 100644 --- a/ntpd/ntp_io.c +++ b/ntpd/ntp_io.c @@ -132,6 +132,8 @@ struct interface *loopback_interface; /* loopback ipv4 interface */ int ninterfaces; /* Total number of interfaces */ +volatile int disable_dynamic_updates; /* when set to != 0 dynamic updates won't happen */ + #ifdef REFCLOCK /* * Refclock stuff. We keep a chain of structures with data concerning @@ -1034,9 +1036,11 @@ refresh_interface(struct interface * interface) void interface_update(interface_receiver_t receiver, void *data) { - BLOCKIO(); - update_interfaces(htons(NTP_PORT), receiver, data); - UNBLOCKIO(); + if (!disable_dynamic_updates) { + BLOCKIO(); + update_interfaces(htons(NTP_PORT), receiver, data); + UNBLOCKIO(); + } } /* @@ -1060,6 +1064,7 @@ is_wildcard_addr(struct sockaddr_storage *sas) return 0; } +#ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND /* * enable/disable re-use of wildcard address socket */ @@ -1100,6 +1105,7 @@ set_wildcard_reuse(int family, int on) &any_interface->sin : &any6_interface->sin))); } } +#endif /* OS_NEEDS_REUSEADDR_FOR_IFADDRBIND */ /* * update_interface strategy @@ -1115,7 +1121,7 @@ set_wildcard_reuse(int family, int on) * attempt to create a new interface entry * * Phase 2: - * forall currently known interfaces + * forall currently known non MCAST and WILDCARD interfaces * if interface does not match configuration phase (not seen in phase 1): * remove interface from known interface list * forall peers associated with this interface @@ -1996,6 +2002,7 @@ io_multicast_add( htonl(~(u_int32)0); DPRINT_INTERFACE(2, (interface, "multicast add ", "\n")); add_interface(interface); + list_if_listening(interface, NTP_PORT); } else { @@ -3686,6 +3693,16 @@ process_routing_msgs(struct asyncio_reader *reader) int cnt; + if (disable_dynamic_updates) { + /* + * discard ourselves if we are not need any more + * usually happens when running unprivileged + */ + remove_asyncio_reader(reader); + delete_asyncio_reader(reader); + return; + } + cnt = read(reader->fd, buffer, sizeof(buffer)); if (cnt < 0) { @@ -3776,7 +3793,7 @@ init_async_notifications() reader->fd = fd; reader->receiver = process_routing_msgs; - add_asyncio_reader(reader, FD_TYPE_FILE); + add_asyncio_reader(reader, FD_TYPE_SOCKET); msyslog(LOG_INFO, "Listening on routing socket on fd #%d for interface updates", fd); } else { msyslog(LOG_ERR, "unable to open routing socket (%m) - using polled interface update"); diff --git a/ntpd/ntp_timer.c b/ntpd/ntp_timer.c index bd01745b0..fb6de702a 100644 --- a/ntpd/ntp_timer.c +++ b/ntpd/ntp_timer.c @@ -34,7 +34,7 @@ * procedure to do cleanup and print a message. */ -volatile u_long interface_interval = 300; /* update interface every 5 minutes as default */ +volatile int interface_interval = 300; /* update interface every 5 minutes as default */ /* * Alarm flag. The mainline code imports this. diff --git a/ntpd/ntpd.c b/ntpd/ntpd.c index 29feb2f43..6b01881c0 100644 --- a/ntpd/ntpd.c +++ b/ntpd/ntpd.c @@ -930,6 +930,18 @@ getgroup: exit (-1); } + /* + * for now assume that the privilege to bind to privileged ports + * is associated with running with uid 0 - should be refined on + * ports that allow binding to NTP_PORT with uid != 0 + */ + disable_dynamic_updates |= (sw_uid != 0); /* also notifies routing message listener */ + + if (disable_dynamic_updates && interface_interval) { + interface_interval = 0; + msyslog(LOG_INFO, "running in unprivileged mode disables dynamic interface tracking"); + } + #ifdef HAVE_LINUX_CAPABILITIES do { /* We may be running under non-root uid now, but we still hold full root privileges!