Browse Source

Also implement "trusted" for sensors; do not do constraint validation

for these. ok deraadt@
OPENBSD_6_7
otto 5 years ago
parent
commit
00f92e8d8c
5 changed files with 22 additions and 10 deletions
  1. +3
    -2
      src/usr.sbin/ntpd/ntp.c
  2. +3
    -3
      src/usr.sbin/ntpd/ntpd.c
  3. +4
    -1
      src/usr.sbin/ntpd/ntpd.h
  4. +9
    -2
      src/usr.sbin/ntpd/parse.y
  5. +3
    -2
      src/usr.sbin/ntpd/sensors.c

+ 3
- 2
src/usr.sbin/ntpd/ntp.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: ntp.c,v 1.161 2019/11/10 19:24:47 otto Exp $ */
/* $OpenBSD: ntp.c,v 1.162 2019/11/11 06:32:52 otto Exp $ */
/* /*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -300,7 +300,8 @@ ntp_main(struct ntpd_conf *nconf, struct passwd *pw, int argc, char **argv)
idx_clients = i; idx_clients = i;
if (!TAILQ_EMPTY(&conf->ntp_conf_sensors) && if (!TAILQ_EMPTY(&conf->ntp_conf_sensors) &&
(constraint_cnt == 0 || conf->constraint_median != 0)) {
(conf->trusted_sensors || constraint_cnt == 0 ||
conf->constraint_median != 0)) {
if (last_sensor_scan == 0 || if (last_sensor_scan == 0 ||
last_sensor_scan + SENSOR_SCAN_INTERVAL <= getmonotime()) { last_sensor_scan + SENSOR_SCAN_INTERVAL <= getmonotime()) {
sensors_cnt = sensor_scan(); sensors_cnt = sensor_scan();


+ 3
- 3
src/usr.sbin/ntpd/ntpd.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: ntpd.c,v 1.127 2019/11/11 01:04:55 deraadt Exp $ */
/* $OpenBSD: ntpd.c,v 1.128 2019/11/11 06:32:52 otto Exp $ */
/* /*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -114,8 +114,8 @@ auto_preconditions(const struct ntpd_conf *cnf)
if (sysctl(mib, 2, &securelevel, &sz, NULL, 0) == -1) if (sysctl(mib, 2, &securelevel, &sz, NULL, 0) == -1)
err(1, "sysctl"); err(1, "sysctl");
constraints = !TAILQ_EMPTY(&cnf->constraints); constraints = !TAILQ_EMPTY(&cnf->constraints);
return !cnf->settime && (constraints || cnf->trusted_peers) &&
securelevel == 0;
return !cnf->settime && (constraints || cnf->trusted_peers ||
conf->trusted_sensors) && securelevel == 0;
} }
#define POLL_MAX 8 #define POLL_MAX 8


+ 4
- 1
src/usr.sbin/ntpd/ntpd.h View File

@ -1,4 +1,4 @@
/* $OpenBSD: ntpd.h,v 1.147 2019/11/10 19:24:47 otto Exp $ */
/* $OpenBSD: ntpd.h,v 1.148 2019/11/11 06:32:52 otto Exp $ */
/* /*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -189,6 +189,7 @@ struct ntp_sensor {
u_int8_t stratum; u_int8_t stratum;
u_int8_t weight; u_int8_t weight;
u_int8_t shift; u_int8_t shift;
u_int8_t trusted;
}; };
struct constraint { struct constraint {
@ -213,6 +214,7 @@ struct ntp_conf_sensor {
int correction; int correction;
u_int8_t stratum; u_int8_t stratum;
u_int8_t weight; u_int8_t weight;
u_int8_t trusted;
}; };
struct ntp_freq { struct ntp_freq {
@ -242,6 +244,7 @@ struct ntpd_conf {
u_int8_t noaction; u_int8_t noaction;
u_int8_t filters; u_int8_t filters;
u_int8_t trusted_peers; u_int8_t trusted_peers;
u_int8_t trusted_sensors;
time_t constraint_last; time_t constraint_last;
time_t constraint_median; time_t constraint_median;
u_int constraint_errors; u_int constraint_errors;


+ 9
- 2
src/usr.sbin/ntpd/parse.y View File

@ -1,4 +1,4 @@
/* $OpenBSD: parse.y,v 1.75 2019/11/10 19:24:47 otto Exp $ */
/* $OpenBSD: parse.y,v 1.76 2019/11/11 06:32:52 otto Exp $ */
/* /*
* Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -183,6 +183,8 @@ main : LISTEN ON address listen_opts {
p = new_peer(); p = new_peer();
p->weight = $3.weight; p->weight = $3.weight;
p->trusted = $3.trusted; p->trusted = $3.trusted;
conf->trusted_peers = conf->trusted_peers ||
$3.trusted;
p->query_addr4 = query_addr4; p->query_addr4 = query_addr4;
p->query_addr6 = query_addr6; p->query_addr6 = query_addr6;
p->addr = h; p->addr = h;
@ -223,6 +225,8 @@ main : LISTEN ON address listen_opts {
p->weight = $3.weight; p->weight = $3.weight;
p->trusted = $3.trusted; p->trusted = $3.trusted;
conf->trusted_peers = conf->trusted_peers ||
$3.trusted;
p->query_addr4 = query_addr4; p->query_addr4 = query_addr4;
p->query_addr6 = query_addr6; p->query_addr6 = query_addr6;
p->addr_head.a = p->addr; p->addr_head.a = p->addr;
@ -319,6 +323,9 @@ main : LISTEN ON address listen_opts {
s->correction = $3.correction; s->correction = $3.correction;
s->refstr = $3.refstr; s->refstr = $3.refstr;
s->stratum = $3.stratum; s->stratum = $3.stratum;
s->trusted = $3.trusted;
conf->trusted_sensors = conf->trusted_sensors ||
$3.trusted;
free($2); free($2);
TAILQ_INSERT_TAIL(&conf->ntp_conf_sensors, s, entry); TAILQ_INSERT_TAIL(&conf->ntp_conf_sensors, s, entry);
} }
@ -428,6 +435,7 @@ sensor_opt : correction
| refid | refid
| stratum | stratum
| weight | weight
| trusted
; ;
correction : CORRECTION NUMBER { correction : CORRECTION NUMBER {
@ -481,7 +489,6 @@ rtable : RTABLE NUMBER {
trusted : TRUSTED { trusted : TRUSTED {
opts.trusted = 1; opts.trusted = 1;
conf->trusted_peers = 1;
} }
%% %%


+ 3
- 2
src/usr.sbin/ntpd/sensors.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: sensors.c,v 1.53 2019/11/10 07:32:58 otto Exp $ */
/* $OpenBSD: sensors.c,v 1.54 2019/11/11 06:32:52 otto Exp $ */
/* /*
* Copyright (c) 2006 Henning Brauer <henning@openbsd.org> * Copyright (c) 2006 Henning Brauer <henning@openbsd.org>
@ -134,6 +134,7 @@ sensor_add(int sensordev, char *dxname)
s->weight = cs->weight; s->weight = cs->weight;
s->correction = cs->correction; s->correction = cs->correction;
s->stratum = cs->stratum - 1; s->stratum = cs->stratum - 1;
s->trusted = cs->trusted;
if ((s->device = strdup(dxname)) == NULL) if ((s->device = strdup(dxname)) == NULL)
fatal("sensor_add strdup"); fatal("sensor_add strdup");
s->sensordevid = sensordev; s->sensordevid = sensordev;
@ -195,7 +196,7 @@ sensor_query(struct ntp_sensor *s)
s->last = sensor.tv.tv_sec; s->last = sensor.tv.tv_sec;
if (!TAILQ_EMPTY(&conf->constraints)) {
if (!s->trusted && !TAILQ_EMPTY(&conf->constraints)) {
if (conf->constraint_median == 0) { if (conf->constraint_median == 0) {
return; return;
} }


Loading…
Cancel
Save