Mon Dec 14 00:42:47 2009 UTC ()
use initgroups/setgroups
proper types for uid and gid.


(christos)
diff -r1.1.1.1 -r1.2 src/external/bsd/ntp/dist/ntpd/ntpd.c
cvs diff -r1.1.1.1 -r1.2 src/external/bsd/ntp/dist/ntpd/ntpd.c (expand / switch to unified diff)

--- src/external/bsd/ntp/dist/ntpd/ntpd.c 2009/12/13 16:56:15 1.1.1.1
+++ src/external/bsd/ntp/dist/ntpd/ntpd.c 2009/12/14 00:42:47 1.2
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: ntpd.c,v 1.1.1.1 2009/12/13 16:56:15 kardel Exp $ */ 1/* $NetBSD: ntpd.c,v 1.2 2009/12/14 00:42:47 christos Exp $ */
2 2
3/* 3/*
4 * ntpd.c - main program for the fixed point NTP daemon 4 * ntpd.c - main program for the fixed point NTP daemon
5 */ 5 */
6 6
7#ifdef HAVE_CONFIG_H 7#ifdef HAVE_CONFIG_H
8# include <config.h> 8# include <config.h>
9#endif 9#endif
10 10
11#include "ntp_machine.h" 11#include "ntp_machine.h"
12#include "ntpd.h" 12#include "ntpd.h"
13#include "ntp_io.h" 13#include "ntp_io.h"
14#include "ntp_stdlib.h" 14#include "ntp_stdlib.h"
@@ -167,28 +167,28 @@ int nofork = 0; /* Fork by default */ @@ -167,28 +167,28 @@ int nofork = 0; /* Fork by default */
167 * mDNS registration flag. If set, we attempt to register with the mDNS system, but only 167 * mDNS registration flag. If set, we attempt to register with the mDNS system, but only
168 * after we have synched the first time. If the attempt fails, then try again once per  168 * after we have synched the first time. If the attempt fails, then try again once per
169 * minute for up to 5 times. After all, we may be starting before mDNS. 169 * minute for up to 5 times. After all, we may be starting before mDNS.
170 */ 170 */
171int mdnsreg = 1; 171int mdnsreg = 1;
172int mdnstries = 5; 172int mdnstries = 5;
173#endif /* HAVE_DNSREGISTRATION */ 173#endif /* HAVE_DNSREGISTRATION */
174 174
175#ifdef HAVE_DROPROOT 175#ifdef HAVE_DROPROOT
176int droproot = 0; 176int droproot = 0;
177char *user = NULL; /* User to switch to */ 177char *user = NULL; /* User to switch to */
178char *group = NULL; /* group to switch to */ 178char *group = NULL; /* group to switch to */
179const char *chrootdir = NULL; /* directory to chroot to */ 179const char *chrootdir = NULL; /* directory to chroot to */
180int sw_uid; 180uid_t sw_uid;
181int sw_gid; 181gid_t sw_gid;
182char *endp; 182char *endp;
183struct group *gr; 183struct group *gr;
184struct passwd *pw; 184struct passwd *pw;
185#endif /* HAVE_DROPROOT */ 185#endif /* HAVE_DROPROOT */
186 186
187/* 187/*
188 * Initializing flag. All async routines watch this and only do their 188 * Initializing flag. All async routines watch this and only do their
189 * thing when it is clear. 189 * thing when it is clear.
190 */ 190 */
191int initializing; 191int initializing;
192 192
193/* 193/*
194 * Version declaration 194 * Version declaration
@@ -952,26 +952,30 @@ getgroup: @@ -952,26 +952,30 @@ getgroup:
952 } 952 }
953 if (user && initgroups(user, sw_gid)) { 953 if (user && initgroups(user, sw_gid)) {
954 msyslog(LOG_ERR, "Cannot initgroups() to user `%s': %m", user); 954 msyslog(LOG_ERR, "Cannot initgroups() to user `%s': %m", user);
955 exit (-1); 955 exit (-1);
956 } 956 }
957 if (group && setgid(sw_gid)) { 957 if (group && setgid(sw_gid)) {
958 msyslog(LOG_ERR, "Cannot setgid() to group `%s': %m", group); 958 msyslog(LOG_ERR, "Cannot setgid() to group `%s': %m", group);
959 exit (-1); 959 exit (-1);
960 } 960 }
961 if (group && setegid(sw_gid)) { 961 if (group && setegid(sw_gid)) {
962 msyslog(LOG_ERR, "Cannot setegid() to group `%s': %m", group); 962 msyslog(LOG_ERR, "Cannot setegid() to group `%s': %m", group);
963 exit (-1); 963 exit (-1);
964 } 964 }
 965 if (group)
 966 setgroups(1, &sw_gid);
 967 else
 968 initgroups(pw->pw_name, pw->pw_gid);
965 if (user && setuid(sw_uid)) { 969 if (user && setuid(sw_uid)) {
966 msyslog(LOG_ERR, "Cannot setuid() to user `%s': %m", user); 970 msyslog(LOG_ERR, "Cannot setuid() to user `%s': %m", user);
967 exit (-1); 971 exit (-1);
968 } 972 }
969 if (user && seteuid(sw_uid)) { 973 if (user && seteuid(sw_uid)) {
970 msyslog(LOG_ERR, "Cannot seteuid() to user `%s': %m", user); 974 msyslog(LOG_ERR, "Cannot seteuid() to user `%s': %m", user);
971 exit (-1); 975 exit (-1);
972 } 976 }
973 977
974#ifndef HAVE_LINUX_CAPABILITIES 978#ifndef HAVE_LINUX_CAPABILITIES
975 /* 979 /*
976 * for now assume that the privilege to bind to privileged ports 980 * for now assume that the privilege to bind to privileged ports
977 * is associated with running with uid 0 - should be refined on 981 * is associated with running with uid 0 - should be refined on