13496c981SIan Lepore /*-
23496c981SIan Lepore * SPDX-License-Identifier: BSD-2-Clause
33496c981SIan Lepore *
43496c981SIan Lepore * Copyright (c) 2018 Ian Lepore <ian@FreeBSD.org>
53496c981SIan Lepore *
63496c981SIan Lepore * Redistribution and use in source and binary forms, with or without
73496c981SIan Lepore * modification, are permitted provided that the following conditions
83496c981SIan Lepore * are met:
93496c981SIan Lepore * 1. Redistributions of source code must retain the above copyright
103496c981SIan Lepore * notice, this list of conditions and the following disclaimer.
113496c981SIan Lepore * 2. Redistributions in binary form must reproduce the above copyright
123496c981SIan Lepore * notice, this list of conditions and the following disclaimer in the
133496c981SIan Lepore * documentation and/or other materials provided with the distribution.
143496c981SIan Lepore *
153496c981SIan Lepore * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
163496c981SIan Lepore * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
173496c981SIan Lepore * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
183496c981SIan Lepore * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
193496c981SIan Lepore * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
203496c981SIan Lepore * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
213496c981SIan Lepore * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
223496c981SIan Lepore * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
233496c981SIan Lepore * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
243496c981SIan Lepore * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
253496c981SIan Lepore * SUCH DAMAGE.
263496c981SIan Lepore */
273496c981SIan Lepore
283496c981SIan Lepore #include <sys/param.h>
293496c981SIan Lepore #include <sys/kernel.h>
303496c981SIan Lepore #include <sys/module.h>
313496c981SIan Lepore #include <sys/priv.h>
323496c981SIan Lepore #include <sys/sysctl.h>
333496c981SIan Lepore #include <sys/ucred.h>
343496c981SIan Lepore
353496c981SIan Lepore #include <security/mac/mac_policy.h>
363496c981SIan Lepore
37*7029da5cSPawel Biernacki static SYSCTL_NODE(_security_mac, OID_AUTO, ntpd,
38*7029da5cSPawel Biernacki CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
393496c981SIan Lepore "mac_ntpd policy controls");
403496c981SIan Lepore
413496c981SIan Lepore static int ntpd_enabled = 1;
423496c981SIan Lepore SYSCTL_INT(_security_mac_ntpd, OID_AUTO, enabled, CTLFLAG_RWTUN,
433496c981SIan Lepore &ntpd_enabled, 0, "Enable mac_ntpd policy");
443496c981SIan Lepore
453496c981SIan Lepore static int ntpd_uid = 123;
463496c981SIan Lepore SYSCTL_INT(_security_mac_ntpd, OID_AUTO, uid, CTLFLAG_RWTUN,
473496c981SIan Lepore &ntpd_uid, 0, "User id for ntpd user");
483496c981SIan Lepore
493496c981SIan Lepore static int
ntpd_priv_grant(struct ucred * cred,int priv)503496c981SIan Lepore ntpd_priv_grant(struct ucred *cred, int priv)
513496c981SIan Lepore {
523496c981SIan Lepore
533496c981SIan Lepore if (ntpd_enabled && cred->cr_uid == ntpd_uid) {
543496c981SIan Lepore switch (priv) {
553496c981SIan Lepore case PRIV_ADJTIME:
563496c981SIan Lepore case PRIV_CLOCK_SETTIME:
573496c981SIan Lepore case PRIV_NTP_ADJTIME:
583496c981SIan Lepore case PRIV_NETINET_RESERVEDPORT:
593496c981SIan Lepore case PRIV_NETINET_REUSEPORT:
603496c981SIan Lepore return (0);
613496c981SIan Lepore default:
623496c981SIan Lepore break;
633496c981SIan Lepore }
643496c981SIan Lepore }
653496c981SIan Lepore return (EPERM);
663496c981SIan Lepore }
673496c981SIan Lepore
683496c981SIan Lepore static struct mac_policy_ops ntpd_ops =
693496c981SIan Lepore {
703496c981SIan Lepore .mpo_priv_grant = ntpd_priv_grant,
713496c981SIan Lepore };
723496c981SIan Lepore
733496c981SIan Lepore MAC_POLICY_SET(&ntpd_ops, mac_ntpd, "MAC/ntpd",
743496c981SIan Lepore MPC_LOADTIME_FLAG_UNLOADOK, NULL);
75