From 21c48e24ae1e73d79edb559379c81ad6ca32a1dc Mon Sep 17 00:00:00 2001 From: otto <> Date: Sun, 10 Nov 2019 19:24:47 +0000 Subject: [PATCH] Introduce a "trusted" modifier, for peers that should be on a local net used in situations where https constraints cannot be used and we still want auto settime. Result of discussion with and ok deraadt@ --- src/usr.sbin/ntpd/client.c | 12 ++++++------ src/usr.sbin/ntpd/ntp.c | 5 +++-- src/usr.sbin/ntpd/ntpd.c | 5 +++-- src/usr.sbin/ntpd/ntpd.h | 4 +++- src/usr.sbin/ntpd/parse.y | 15 +++++++++++++-- 5 files changed, 28 insertions(+), 13 deletions(-) diff --git a/src/usr.sbin/ntpd/client.c b/src/usr.sbin/ntpd/client.c index 83614dff..67ce852f 100644 --- a/src/usr.sbin/ntpd/client.c +++ b/src/usr.sbin/ntpd/client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: client.c,v 1.111 2019/11/10 16:56:30 deraadt Exp $ */ +/* $OpenBSD: client.c,v 1.112 2019/11/10 19:24:47 otto Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -30,7 +30,7 @@ int client_update(struct ntp_peer *); int auto_cmp(const void *, const void *); -void handle_auto(double); +void handle_auto(u_int8_t, double); void set_deadline(struct ntp_peer *, time_t); void @@ -233,7 +233,7 @@ auto_cmp(const void *a, const void *b) } void -handle_auto(double offset) +handle_auto(uint8_t trusted, double offset) { static int count; static double v[AUTO_REPLIES]; @@ -242,7 +242,7 @@ handle_auto(double offset) * It happens the (constraint) resolves initially fail, don't give up * but see if we get validated replies later. */ - if (conf->constraint_median == 0) + if (!trusted && conf->constraint_median == 0) return; if (offset < AUTO_THRESHOLD) { @@ -386,7 +386,7 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime, u_int8_t automatic) } /* Detect liars */ - if (conf->constraint_median != 0 && + if (!p->trusted && conf->constraint_median != 0 && (constraint_check(T2) != 0 || constraint_check(T3) != 0)) { log_info("reply from %s: constraint check failed", log_sockaddr((struct sockaddr *)&p->addr->ss)); @@ -464,7 +464,7 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime, u_int8_t automatic) client_update(p); if (settime) { if (automatic) - handle_auto(p->reply[p->shift].offset); + handle_auto(p->trusted, p->reply[p->shift].offset); else priv_settime(p->reply[p->shift].offset, ""); } diff --git a/src/usr.sbin/ntpd/ntp.c b/src/usr.sbin/ntpd/ntp.c index d8bb26e9..f3f50413 100644 --- a/src/usr.sbin/ntpd/ntp.c +++ b/src/usr.sbin/ntpd/ntp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ntp.c,v 1.160 2019/11/10 07:32:58 otto Exp $ */ +/* $OpenBSD: ntp.c,v 1.161 2019/11/10 19:24:47 otto Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -246,7 +246,8 @@ ntp_main(struct ntpd_conf *nconf, struct passwd *pw, int argc, char **argv) idx_peers = i; sent_cnt = trial_cnt = 0; TAILQ_FOREACH(p, &conf->ntp_peers, entry) { - if (constraint_cnt && conf->constraint_median == 0) + if (!p->trusted && constraint_cnt && + conf->constraint_median == 0) continue; if (p->next > 0 && p->next <= getmonotime()) { diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c index e3bd30ab..f6e37edf 100644 --- a/src/usr.sbin/ntpd/ntpd.c +++ b/src/usr.sbin/ntpd/ntpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ntpd.c,v 1.125 2019/11/10 07:32:58 otto Exp $ */ +/* $OpenBSD: ntpd.c,v 1.126 2019/11/10 19:24:47 otto Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -114,7 +114,8 @@ auto_preconditions(const struct ntpd_conf *cnf) if (sysctl(mib, 2, &securelevel, &sz, NULL, 0) == -1) err(1, "sysctl"); constraints = !TAILQ_EMPTY(&cnf->constraints); - return !cnf->settime && constraints && securelevel == 0; + return !cnf->settime && (constraints || cnf->trusted_peers) && + securelevel == 0; } #define POLL_MAX 8 diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h index d6d8d80b..3f1ffbf7 100644 --- a/src/usr.sbin/ntpd/ntpd.h +++ b/src/usr.sbin/ntpd/ntpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ntpd.h,v 1.146 2019/07/16 14:15:40 otto Exp $ */ +/* $OpenBSD: ntpd.h,v 1.147 2019/11/10 19:24:47 otto Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -171,6 +171,7 @@ struct ntp_peer { u_int8_t shift; u_int8_t trustlevel; u_int8_t weight; + u_int8_t trusted; int lasterror; int senderrors; }; @@ -240,6 +241,7 @@ struct ntpd_conf { u_int8_t automatic; u_int8_t noaction; u_int8_t filters; + u_int8_t trusted_peers; time_t constraint_last; time_t constraint_median; u_int constraint_errors; diff --git a/src/usr.sbin/ntpd/parse.y b/src/usr.sbin/ntpd/parse.y index 51379ae3..51f1ddb0 100644 --- a/src/usr.sbin/ntpd/parse.y +++ b/src/usr.sbin/ntpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.74 2019/11/06 13:35:25 otto Exp $ */ +/* $OpenBSD: parse.y,v 1.75 2019/11/10 19:24:47 otto Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer @@ -67,6 +67,7 @@ struct opts { int correction; int stratum; int rtable; + int trusted; char *refstr; } opts; void opts_default(void); @@ -83,7 +84,7 @@ typedef struct { %} -%token LISTEN ON CONSTRAINT CONSTRAINTS FROM QUERY +%token LISTEN ON CONSTRAINT CONSTRAINTS FROM QUERY TRUSTED %token SERVER SERVERS SENSOR CORRECTION RTABLE REFID STRATUM WEIGHT %token ERROR %token STRING @@ -97,6 +98,7 @@ typedef struct { %type refid %type stratum %type weight +%type trusted %% grammar : /* empty */ @@ -180,6 +182,7 @@ main : LISTEN ON address listen_opts { p = new_peer(); p->weight = $3.weight; + p->trusted = $3.trusted; p->query_addr4 = query_addr4; p->query_addr6 = query_addr6; p->addr = h; @@ -219,6 +222,7 @@ main : LISTEN ON address listen_opts { } p->weight = $3.weight; + p->trusted = $3.trusted; p->query_addr4 = query_addr4; p->query_addr6 = query_addr6; p->addr_head.a = p->addr; @@ -409,6 +413,7 @@ server_opts_l : server_opts_l server_opt | server_opt ; server_opt : weight + | trusted ; sensor_opts : { opts_default(); } @@ -474,6 +479,11 @@ rtable : RTABLE NUMBER { } ; +trusted : TRUSTED { + opts.trusted = 1; + conf->trusted_peers = 1; + } + %% void @@ -529,6 +539,7 @@ lookup(char *s) { "server", SERVER}, { "servers", SERVERS}, { "stratum", STRATUM}, + { "trusted", TRUSTED}, { "weight", WEIGHT} }; const struct keywords *p;