From fdc7af699914060f54cb3223036ed79c9fa43587 Mon Sep 17 00:00:00 2001 From: Ian Lepore Date: Mon, 23 Jul 2018 00:32:59 +0000 Subject: [PATCH] Add TrustedBSD MAC(4) support to ntpd. These changes add support for running ntpd as non-root, and improve support for the --jaildir (chroot) option when running on freebsd. These correspond to the changes made in the base system with r336525. The new patches in this change are exactly what was submitted upstream in https://bugs.ntp.org/show_bug.cgi?id=3509 Approved by: cy@ Differential Revision: https://reviews.freebsd.org/D16396 --- net/ntp/Makefile | 5 ++- net/ntp/files/patch-ntpd_ntpd.c | 45 ++++++++++++++++++++++ net/ntp/files/patch-sntp_m4_ntp__libntp.m4 | 32 +++++++++++++++ 3 files changed, 80 insertions(+), 2 deletions(-) create mode 100644 net/ntp/files/patch-ntpd_ntpd.c create mode 100644 net/ntp/files/patch-sntp_m4_ntp__libntp.m4 diff --git a/net/ntp/Makefile b/net/ntp/Makefile index 9937311e9d46..e22f7f841ce5 100644 --- a/net/ntp/Makefile +++ b/net/ntp/Makefile @@ -3,7 +3,7 @@ PORTNAME= ntp PORTVERSION= 4.2.8p11 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= net ipv6 MASTER_SITES= http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ \ http://archive.ntp.org/ntp4/ntp-4.2/ \ @@ -19,9 +19,10 @@ CONFLICTS= ntp-devel-* openntpd-* USES= cpe pathfix shebangfix libedit libtool localbase:ldflags \ pkgconfig +USES+= autoreconf # until trustedbsd-mac changes accepted upstream GNU_CONFIGURE= yes -CONFIGURE_ARGS= --enable-leap-smear +CONFIGURE_ARGS= --enable-leap-smear --enable-trustedbsd-mac TEST_TARGET= check diff --git a/net/ntp/files/patch-ntpd_ntpd.c b/net/ntp/files/patch-ntpd_ntpd.c new file mode 100644 index 000000000000..4e0f18e7f056 --- /dev/null +++ b/net/ntp/files/patch-ntpd_ntpd.c @@ -0,0 +1,45 @@ +--- ntpd/ntpd.c.orig 2018-02-27 15:15:48 UTC ++++ ntpd/ntpd.c +@@ -123,6 +123,9 @@ + #if defined(HAVE_PRIV_H) && defined(HAVE_SOLARIS_PRIVS) + # include + #endif /* HAVE_PRIV_H */ ++#if defined(HAVE_TRUSTEDBSD_MAC) ++# include ++#endif /* HAVE_TRUSTEDBSD_MAC */ + #endif /* HAVE_DROPROOT */ + + #if defined (LIBSECCOMP) && (KERN_SECCOMP) +@@ -634,7 +637,12 @@ ntpdmain( + /* MPE lacks the concept of root */ + # if defined(HAVE_GETUID) && !defined(MPE) + uid = getuid(); +- if (uid && !HAVE_OPT( SAVECONFIGQUIT )) { ++ if (uid && !HAVE_OPT( SAVECONFIGQUIT ) ++# if defined(HAVE_TRUSTEDBSD_MAC) ++ /* We can run as non-root if the mac_ntpd policy is enabled. */ ++ && mac_is_present("ntpd") != 1 ++# endif ++ ) { + msyslog_term = TRUE; + msyslog(LOG_ERR, + "must be run as root, not uid %ld", (long)uid); +@@ -1082,7 +1090,17 @@ getgroup: + exit (-1); + } + +-# if !defined(HAVE_LINUX_CAPABILITIES) && !defined(HAVE_SOLARIS_PRIVS) ++# if defined(HAVE_TRUSTEDBSD_MAC) ++ /* ++ * To manipulate system time and (re-)bind to NTP_PORT as needed ++ * following interface changes, we must either run as uid 0 or ++ * the mac_ntpd policy module must be enabled. ++ */ ++ if (sw_uid != 0 && mac_is_present("ntpd") != 1) { ++ msyslog(LOG_ERR, "Need MAC 'ntpd' policy enabled to drop root privileges"); ++ exit (-1); ++ } ++# elif !defined(HAVE_LINUX_CAPABILITIES) && !defined(HAVE_SOLARIS_PRIVS) + /* + * for now assume that the privilege to bind to privileged ports + * is associated with running with uid 0 - should be refined on diff --git a/net/ntp/files/patch-sntp_m4_ntp__libntp.m4 b/net/ntp/files/patch-sntp_m4_ntp__libntp.m4 new file mode 100644 index 000000000000..b55e70993583 --- /dev/null +++ b/net/ntp/files/patch-sntp_m4_ntp__libntp.m4 @@ -0,0 +1,32 @@ +--- sntp/m4/ntp_libntp.m4.orig 2017-02-01 09:47:13 UTC ++++ sntp/m4/ntp_libntp.m4 +@@ -693,7 +693,28 @@ esac + + AC_MSG_RESULT([$ntp_have_solarisprivs]) + +-case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs" in ++AC_CHECK_HEADERS([sys/mac.h]) ++ ++AC_ARG_ENABLE( ++ [trustedbsd_mac], ++ [AS_HELP_STRING( ++ [--enable-trustedbsd-mac], ++ [- Use TrustedBSD MAC policy for non-root clock control] ++ )], ++ [ntp_use_trustedbsd_mac=$enableval] ++) ++ ++AC_MSG_CHECKING([if we should use TrustedBSD MAC privileges]) ++ ++case "$ntp_use_trustedbsd_mac$ac_cv_header_sys_mac_h" in ++ yesyes) ++ AC_DEFINE([HAVE_TRUSTEDBSD_MAC], [1], ++ [Are TrustedBSD MAC policy privileges available?]) ++esac ++ ++AC_MSG_RESULT([$ntp_use_trustedbsd_mac]) ++ ++case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs$ntp_use_trustedbsd_mac" in + *yes*) + AC_DEFINE([HAVE_DROPROOT], [1], + [Can we drop root privileges?])