Browse Source

support --privsep-user, overriding file paths

Allow overriding the user and the config file paths for ntpd.
This also adds back --privsep-path from OpenNTPD, which really only
changes the installation instructions from 'make install', since ntpd
always uses the home directory of the ntpd user.
This borrows from the Darren's portable OpenNTPD and from OpenSSL, add
credits and a license.
OPENBSD_5_7
Brent Cook 10 years ago
committed by Brent Cook
parent
commit
4e94afcafe
3 changed files with 138 additions and 2 deletions
  1. +59
    -2
      Makefile.am
  2. +37
    -0
      configure.ac
  3. +42
    -0
      patches/0015-allow-overriding-default-user-and-file-locations.patch

+ 59
- 2
Makefile.am View File

@ -1,3 +1,20 @@
#
# Copyright (c) 2014 Brent Cook
# Parts based on Makefile.in from Portable OpenNTPD:
# Copyright (c) 2004-2008 Darren Tucker.
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AM_CPPFLAGS = -I$(top_srcdir)/include AM_CPPFLAGS = -I$(top_srcdir)/include
SUBDIRS = include SUBDIRS = include
@ -10,6 +27,9 @@ noinst_LTLIBRARIES = libcompat.la libcompatnoopt.la
dist_man_MANS = ntpctl.8 ntpd.8 ntpd.conf.5 dist_man_MANS = ntpctl.8 ntpd.8 ntpd.conf.5
ntpd_CFLAGS = $(CFLAGS) $(USER_CFLAGS) ntpd_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
ntpd_CFLAGS += -DSYSCONFDIR=\"$(sysconfdir)\"
ntpd_CFLAGS += -DLOCALSTATEDIR=\"$(localstatedir)\"
ntpd_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD) libcompat.la libcompatnoopt.la ntpd_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD) libcompat.la libcompatnoopt.la
ntpd_SOURCES = client.c ntpd_SOURCES = client.c
@ -32,9 +52,46 @@ ntpd_SOURCES += server.c
ntpd_SOURCES += util.c ntpd_SOURCES += util.c
install-exec-hook: install-exec-hook:
ln -f $(DESTDIR)$(sbindir)/ntpd $(DESTDIR)$(sbindir)/ntpctl
@ln -f "$(DESTDIR)$(sbindir)/ntpd" "$(DESTDIR)$(sbindir)/ntpctl"
@if [ ! -d "$(DESTDIR)$(sysconfdir)" ]; then \
$(INSTALL) -m 755 -d "$(DESTDIR)$(sysconfdir)"; \
fi
@if [ ! -f "$(DESTDIR)$(sysconfdir)/ntpd.conf" ]; then \
$(INSTALL) -m 644 "$(srcdir)/ntpd.conf" "$(DESTDIR)$(sysconfdir)/ntpd.conf"; \
else \
echo "$(DESTDIR)$(sysconfdir)/ntpd.conf already exists, install will not overwrite"; \
fi
@if [ ! -d "$(PRIVSEP_PATH)" ]; then \
echo; \
echo " Please created a privilege separation directory for ntpd." ; \
echo " # mkdir -p \"$(PRIVSEP_PATH)\"" ; \
echo " # chown 0 \"$(PRIVSEP_PATH)\"" ; \
echo " # chgrp 0 \"$(PRIVSEP_PATH)\"" ; \
echo " # chmod 0755 "$(PRIVSEP_PATH)\""" ; \
fi
@if egrep "^$(PRIVSEP_USER):" /etc/group >/dev/null; then \
: ; \
else \
echo; \
echo " Please create a dedicated group for ntpd." ; \
echo " This is system-dependant, possibly:" ; \
echo " # groupadd $(PRIVSEP_USER)" ; \
fi
@if egrep "^$(PRIVSEP_USER):" /etc/passwd >/dev/null; then \
: ; \
else \
echo; \
echo " Please create a dedicated user for ntpd and ensure it can" ; \
echo " not be used to log in. This is system-dependant, possibly:" ; \
echo " # useradd -g $(PRIVSEP_USER) -s /sbin/nologin -d $(PRIVSEP_PATH) -c 'OpenNTP daemon' $(PRIVSEP_USER)" ; \
fi
echo
uninstall-local: uninstall-local:
-rm -f $(DESTDIR)$(sbindir)/ntpctl
@if cmp -s "$(DESTDIR)$(sysconfdir)/ntpd.conf" "$(srcdir)/ntpd.conf"; then \
rm -f "$(DESTDIR)$(sysconfdir)/ntpd.conf"; \
fi
@rm -f "$(DESTDIR)$(sbindir)/ntpctl"
# compatibility functions that need to be built without optimizations # compatibility functions that need to be built without optimizations
libcompatnoopt_la_CFLAGS = -O0 libcompatnoopt_la_CFLAGS = -O0


+ 37
- 0
configure.ac View File

@ -1,3 +1,22 @@
#
# Copyright (c) 2014 Brent Cook
# Parts based on configure.ac from Portable OpenNTPD:
# Copyright (c) 2004-2008 Darren Tucker
# which itself was based on configure.ac from OpenSSH:
# Copyright (c) 1999-2004 Damien Miller
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT([OpenNTPD], m4_esyscmd([tr -d '\n' < VERSION])) AC_INIT([OpenNTPD], m4_esyscmd([tr -d '\n' < VERSION]))
AC_CANONICAL_HOST AC_CANONICAL_HOST
@ -151,6 +170,24 @@ AC_CHECK_HEADERS([sys/sensors.h],
AM_CONDITIONAL(HAVE_SENSORS, false) AM_CONDITIONAL(HAVE_SENSORS, false)
) )
AC_ARG_WITH(privsep-user,
[ --with-privsep-user=user Specify privilege separation user],
[ AC_DEFINE_UNQUOTED(NTPD_USER, "$withval",
[Unprivileged userid])
PRIVSEP_USER=$withval ],
[ PRIVSEP_USER=_ntp ]
)
AC_SUBST(PRIVSEP_USER)
AC_ARG_WITH(privsep-path,
[ --with-privsep-path=path Specify privilege separation chroot path],
[ AC_DEFINE_UNQUOTED(NTPD_CHROOT_DIR, "$withval",
[Privilege separation chroot path])
PRIVSEP_PATH=$withval ],
[ PRIVSEP_PATH=/var/empty ]
)
AC_SUBST(PRIVSEP_PATH)
AC_CONFIG_FILES([ AC_CONFIG_FILES([
Makefile Makefile
include/Makefile include/Makefile


+ 42
- 0
patches/0015-allow-overriding-default-user-and-file-locations.patch View File

@ -0,0 +1,42 @@
From b427630990b65377a7369b3d61e51ce02be1ec93 Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Thu, 1 Jan 2015 07:18:11 -0600
Subject: [PATCH 15/15] allow overriding default user and file locations
Allow the build process to override the default ntpd file paths and
default user.
---
src/usr.sbin/ntpd/ntpd.h | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h
index 5ac0bbb..136bdd2 100644
--- a/src/usr.sbin/ntpd/ntpd.h
+++ b/src/usr.sbin/ntpd/ntpd.h
@@ -33,10 +33,20 @@
#include "ntp.h"
#include <imsg.h>
+#ifndef NTPD_USER
#define NTPD_USER "_ntp"
-#define CONFFILE "/etc/ntpd.conf"
-#define DRIFTFILE "/var/db/ntpd.drift"
-#define CTLSOCKET "/var/run/ntpd.sock"
+#endif
+
+#ifndef SYSCONFDIR
+#define SYSCONFDIR "/etc"
+#endif
+#define CONFFILE SYSCONFDIR "/ntpd.conf"
+
+#ifndef LOCALSTATEDIR
+#define LOCALSTATEDIR "/var"
+#endif
+#define DRIFTFILE LOCALSTATEDIR "/db/ntpd.drift"
+#define CTLSOCKET LOCALSTATEDIR "/run/ntpd.sock"
#define INTERVAL_QUERY_NORMAL 30 /* sync to peers every n secs */
#define INTERVAL_QUERY_PATHETIC 60
--
1.9.1

Loading…
Cancel
Save