From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Thu, 10 Dec 2015 10:39:40 +0000 (+0100)
Subject: sys_solaris: add support for dropping root privileges
X-Git-Tag: 2.3-pre1~51
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=67b108d1ce45e9363d04a6fd68aa2279e3dd4d5c;p=thirdparty%2Fchrony.git

sys_solaris: add support for dropping root privileges

On Solaris, use the privops helper for the ntp_adjtime(),
settimeofday(), and bind() system calls.
---

diff --git a/configure b/configure
index 24f52c46..9869f557 100755
--- a/configure
+++ b/configure
@@ -411,6 +411,10 @@ case $OPERATINGSYSTEM in
         add_def __EXTENSIONS__
         add_def _XOPEN_SOURCE 1
         add_def _XOPEN_SOURCE_EXTENDED 1
+        if [ $feat_droproot = "1" ]; then
+          add_def FEAT_PRIVDROP
+          priv_ops="ADJUSTTIMEX SETTIME BINDSOCKET"
+        fi
         echo "Configuring for Solaris (" $SYSTEM "SunOS version" $VERSION ")" 
     ;;                                                                        
     * )
diff --git a/sys.c b/sys.c
index bd3441ed..9375af62 100644
--- a/sys.c
+++ b/sys.c
@@ -90,6 +90,8 @@ void SYS_DropRoot(uid_t uid, gid_t gid)
 {
 #if defined(LINUX) && defined (FEAT_PRIVDROP)
   SYS_Linux_DropRoot(uid, gid);
+#elif defined(SOLARIS) && defined(FEAT_PRIVDROP)
+  SYS_Solaris_DropRoot(uid, gid);
 #elif (defined(NETBSD) || defined(FREEBSD)) && defined(FEAT_PRIVDROP)
   SYS_NetBSD_DropRoot(uid, gid);
 #elif defined(MACOSX) && defined(FEAT_PRIVDROP)
diff --git a/sys_solaris.c b/sys_solaris.c
index afd693e6..21197b93 100644
--- a/sys_solaris.c
+++ b/sys_solaris.c
@@ -28,8 +28,10 @@
 
 #include "sysincl.h"
 
+#include "privops.h"
 #include "sys_solaris.h"
 #include "sys_timex.h"
+#include "util.h"
 
 /* ================================================== */
 
@@ -48,3 +50,14 @@ SYS_Solaris_Finalise(void)
 {
   SYS_Timex_Finalise();
 }
+
+/* ================================================== */
+
+#ifdef FEAT_PRIVDROP
+void
+SYS_Solaris_DropRoot(uid_t uid, gid_t gid)
+{
+  PRV_StartHelper();
+  UTI_DropRoot(uid, gid);
+}
+#endif
diff --git a/sys_solaris.h b/sys_solaris.h
index 0cce7b34..46015ba8 100644
--- a/sys_solaris.h
+++ b/sys_solaris.h
@@ -31,4 +31,6 @@ void SYS_Solaris_Initialise(void);
 
 void SYS_Solaris_Finalise(void);
 
+void SYS_Solaris_DropRoot(uid_t uid, gid_t gid);
+
 #endif