| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: ntpd.c,v 1.13 2008/08/23 09:10:31 kardel Exp $ */ | | 1 | /* $NetBSD: ntpd.c,v 1.14 2009/02/03 12:51:13 drochner Exp $ */ |
2 | | | 2 | |
3 | /* | | 3 | /* |
4 | * ntpd.c - main program for the fixed point NTP daemon | | 4 | * ntpd.c - main program for the fixed point NTP daemon |
5 | */ | | 5 | */ |
6 | | | 6 | |
7 | #ifdef HAVE_CONFIG_H | | 7 | #ifdef HAVE_CONFIG_H |
8 | # include <config.h> | | 8 | # include <config.h> |
9 | #endif | | 9 | #endif |
10 | | | 10 | |
11 | #include "ntp_machine.h" | | 11 | #include "ntp_machine.h" |
12 | #include "ntpd.h" | | 12 | #include "ntpd.h" |
13 | #include "ntp_io.h" | | 13 | #include "ntp_io.h" |
14 | #include "ntp_stdlib.h" | | 14 | #include "ntp_stdlib.h" |
| @@ -160,28 +160,28 @@ volatile int debug = 0; /* No debugging | | | @@ -160,28 +160,28 @@ volatile int debug = 0; /* No debugging |
160 | int listen_to_virtual_ips = 1; | | 160 | int listen_to_virtual_ips = 1; |
161 | const char *specific_interface = NULL; /* interface name or IP address to bind to */ | | 161 | const char *specific_interface = NULL; /* interface name or IP address to bind to */ |
162 | | | 162 | |
163 | /* | | 163 | /* |
164 | * No-fork flag. If set, we do not become a background daemon. | | 164 | * No-fork flag. If set, we do not become a background daemon. |
165 | */ | | 165 | */ |
166 | int nofork = 0; /* Fork by default */ | | 166 | int nofork = 0; /* Fork by default */ |
167 | | | 167 | |
168 | #ifdef HAVE_DROPROOT | | 168 | #ifdef HAVE_DROPROOT |
169 | int droproot = 0; | | 169 | int droproot = 0; |
170 | char *user = NULL; /* User to switch to */ | | 170 | char *user = NULL; /* User to switch to */ |
171 | char *group = NULL; /* group to switch to */ | | 171 | char *group = NULL; /* group to switch to */ |
172 | char *chrootdir = NULL; /* directory to chroot to */ | | 172 | char *chrootdir = NULL; /* directory to chroot to */ |
173 | int sw_uid; | | 173 | uid_t sw_uid; |
174 | int sw_gid; | | 174 | gid_t sw_gid; |
175 | char *endp; | | 175 | char *endp; |
176 | struct group *gr; | | 176 | struct group *gr; |
177 | struct passwd *pw; | | 177 | struct passwd *pw; |
178 | #endif /* HAVE_DROPROOT */ | | 178 | #endif /* HAVE_DROPROOT */ |
179 | | | 179 | |
180 | /* | | 180 | /* |
181 | * Initializing flag. All async routines watch this and only do their | | 181 | * Initializing flag. All async routines watch this and only do their |
182 | * thing when it is clear. | | 182 | * thing when it is clear. |
183 | */ | | 183 | */ |
184 | int initializing; | | 184 | int initializing; |
185 | | | 185 | |
186 | /* | | 186 | /* |
187 | * Version declaration | | 187 | * Version declaration |
| @@ -913,26 +913,30 @@ getgroup: | | | @@ -913,26 +913,30 @@ getgroup: |
913 | if( chroot(chrootdir) ) { | | 913 | if( chroot(chrootdir) ) { |
914 | msyslog(LOG_ERR, "Cannot chroot() to `%s': %m", chrootdir); | | 914 | msyslog(LOG_ERR, "Cannot chroot() to `%s': %m", chrootdir); |
915 | exit (-1); | | 915 | exit (-1); |
916 | } | | 916 | } |
917 | } | | 917 | } |
918 | if (group && setgid(sw_gid)) { | | 918 | if (group && setgid(sw_gid)) { |
919 | msyslog(LOG_ERR, "Cannot setgid() to group `%s': %m", group); | | 919 | msyslog(LOG_ERR, "Cannot setgid() to group `%s': %m", group); |
920 | exit (-1); | | 920 | exit (-1); |
921 | } | | 921 | } |
922 | if (group && setegid(sw_gid)) { | | 922 | if (group && setegid(sw_gid)) { |
923 | msyslog(LOG_ERR, "Cannot setegid() to group `%s': %m", group); | | 923 | msyslog(LOG_ERR, "Cannot setegid() to group `%s': %m", group); |
924 | exit (-1); | | 924 | exit (-1); |
925 | } | | 925 | } |
| | | 926 | if (group) |
| | | 927 | setgroups(1, &sw_gid); |
| | | 928 | else |
| | | 929 | initgroups(pw->pw_name, pw->pw_gid); |
926 | if (user && setuid(sw_uid)) { | | 930 | if (user && setuid(sw_uid)) { |
927 | msyslog(LOG_ERR, "Cannot setuid() to user `%s': %m", user); | | 931 | msyslog(LOG_ERR, "Cannot setuid() to user `%s': %m", user); |
928 | exit (-1); | | 932 | exit (-1); |
929 | } | | 933 | } |
930 | if (user && seteuid(sw_uid)) { | | 934 | if (user && seteuid(sw_uid)) { |
931 | msyslog(LOG_ERR, "Cannot seteuid() to user `%s': %m", user); | | 935 | msyslog(LOG_ERR, "Cannot seteuid() to user `%s': %m", user); |
932 | exit (-1); | | 936 | exit (-1); |
933 | } | | 937 | } |
934 | | | 938 | |
935 | #ifndef HAVE_LINUX_CAPABILITIES | | 939 | #ifndef HAVE_LINUX_CAPABILITIES |
936 | /* | | 940 | /* |
937 | * for now assume that the privilege to bind to privileged ports | | 941 | * for now assume that the privilege to bind to privileged ports |
938 | * is associated with running with uid 0 - should be refined on | | 942 | * is associated with running with uid 0 - should be refined on |