3 files changed, 80 insertions, 2 deletions

diff --git a/net/ntp/Makefile b/net/ntp/Makefile
index 9937311e9d46..e22f7f841ce5 100644
--- a/net/ntp/Makefile
+++ b/net/ntp/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	ntp
 PORTVERSION=	4.2.8p11
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	net ipv6
 MASTER_SITES=	http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ \
 		http://archive.ntp.org/ntp4/ntp-4.2/ \
@@ -19,9 +19,10 @@ CONFLICTS=	ntp-devel-* openntpd-*
 
 USES=		cpe pathfix shebangfix libedit libtool localbase:ldflags \
 		pkgconfig
+USES+=		autoreconf # until trustedbsd-mac changes accepted upstream
 
 GNU_CONFIGURE=	yes
-CONFIGURE_ARGS=	--enable-leap-smear
+CONFIGURE_ARGS=	--enable-leap-smear --enable-trustedbsd-mac
 
 TEST_TARGET=	check
 
diff --git a/net/ntp/files/patch-ntpd_ntpd.c b/net/ntp/files/patch-ntpd_ntpd.c
new file mode 100644
index 000000000000..4e0f18e7f056
--- /dev/null
+++ b/net/ntp/files/patch-ntpd_ntpd.c
@@ -0,0 +1,45 @@
+--- ntpd/ntpd.c.orig	2018-02-27 15:15:48 UTC
++++ ntpd/ntpd.c
+@@ -123,6 +123,9 @@
+ #if defined(HAVE_PRIV_H) && defined(HAVE_SOLARIS_PRIVS)
+ # include <priv.h>
+ #endif /* HAVE_PRIV_H */
++#if defined(HAVE_TRUSTEDBSD_MAC)
++# include <sys/mac.h>
++#endif /* HAVE_TRUSTEDBSD_MAC */
+ #endif /* HAVE_DROPROOT */
+ 
+ #if defined (LIBSECCOMP) && (KERN_SECCOMP)
+@@ -634,7 +637,12 @@ ntpdmain(
+ 	/* MPE lacks the concept of root */
+ # if defined(HAVE_GETUID) && !defined(MPE)
+ 	uid = getuid();
+-	if (uid && !HAVE_OPT( SAVECONFIGQUIT )) {
++	if (uid && !HAVE_OPT( SAVECONFIGQUIT )
++#  if defined(HAVE_TRUSTEDBSD_MAC)
++	    /* We can run as non-root if the mac_ntpd policy is enabled. */
++	    && mac_is_present("ntpd") != 1
++#  endif
++	    ) {
+ 		msyslog_term = TRUE;
+ 		msyslog(LOG_ERR,
+ 			"must be run as root, not uid %ld", (long)uid);
+@@ -1082,7 +1090,17 @@ getgroup:
+ 			exit (-1);
+ 		}
+ 
+-#  if !defined(HAVE_LINUX_CAPABILITIES) && !defined(HAVE_SOLARIS_PRIVS)
++#  if defined(HAVE_TRUSTEDBSD_MAC)
++		/*
++		 * To manipulate system time and (re-)bind to NTP_PORT as needed
++		 * following interface changes, we must either run as uid 0 or
++		 * the mac_ntpd policy module must be enabled.
++		 */
++		if (sw_uid != 0 && mac_is_present("ntpd") != 1) {
++			msyslog(LOG_ERR, "Need MAC 'ntpd' policy enabled to drop root privileges");
++			exit (-1);
++		}
++#  elif !defined(HAVE_LINUX_CAPABILITIES) && !defined(HAVE_SOLARIS_PRIVS)
+ 		/*
+ 		 * for now assume that the privilege to bind to privileged ports
+ 		 * is associated with running with uid 0 - should be refined on
diff --git a/net/ntp/files/patch-sntp_m4_ntp__libntp.m4 b/net/ntp/files/patch-sntp_m4_ntp__libntp.m4
new file mode 100644
index 000000000000..b55e70993583
--- /dev/null
+++ b/net/ntp/files/patch-sntp_m4_ntp__libntp.m4
@@ -0,0 +1,32 @@
+--- sntp/m4/ntp_libntp.m4.orig	2017-02-01 09:47:13 UTC
++++ sntp/m4/ntp_libntp.m4
+@@ -693,7 +693,28 @@ esac
+ 
+ AC_MSG_RESULT([$ntp_have_solarisprivs])
+ 
+-case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs" in
++AC_CHECK_HEADERS([sys/mac.h])
++
++AC_ARG_ENABLE(
++    [trustedbsd_mac],
++    [AS_HELP_STRING(
++	[--enable-trustedbsd-mac],
++	[- Use TrustedBSD MAC policy for non-root clock control]
++    )],
++    [ntp_use_trustedbsd_mac=$enableval]
++)
++
++AC_MSG_CHECKING([if we should use TrustedBSD MAC privileges])
++
++case "$ntp_use_trustedbsd_mac$ac_cv_header_sys_mac_h" in
++ yesyes)
++    AC_DEFINE([HAVE_TRUSTEDBSD_MAC], [1],
++	[Are TrustedBSD MAC policy privileges available?])
++esac
++
++AC_MSG_RESULT([$ntp_use_trustedbsd_mac])
++
++case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs$ntp_use_trustedbsd_mac" in
+  *yes*)
+     AC_DEFINE([HAVE_DROPROOT], [1],
+ 	[Can we drop root privileges?])