Browse Source

A step in solving the bootstrap problem in a dnssec environement.

If the time is wrong, we cannot validate dnssec, leading to failed
DNS lookups, so we cannot adjust or set the time.  Work around this
by repeating a failed DNS lookup with a lookup with the DC (check
disabled) bit set. ok florian@
OPENBSD_6_6
otto 5 years ago
parent
commit
89bf75c4ef
6 changed files with 56 additions and 13 deletions
  1. +23
    -2
      src/usr.sbin/ntpd/config.c
  2. +5
    -2
      src/usr.sbin/ntpd/constraint.c
  3. +7
    -3
      src/usr.sbin/ntpd/control.c
  4. +6
    -2
      src/usr.sbin/ntpd/ntp.c
  5. +13
    -3
      src/usr.sbin/ntpd/ntp_dns.c
  6. +2
    -1
      src/usr.sbin/ntpd/ntpd.h

+ 23
- 2
src/usr.sbin/ntpd/config.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: config.c,v 1.29 2018/09/07 20:31:39 kn Exp $ */
/* $OpenBSD: config.c,v 1.30 2019/05/28 06:49:46 otto Exp $ */
/* /*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -25,11 +25,13 @@
#include <errno.h> #include <errno.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <resolv.h>
#include <unistd.h> #include <unistd.h>
#include "ntpd.h" #include "ntpd.h"
struct ntp_addr *host_ip(const char *); struct ntp_addr *host_ip(const char *);
int host_dns1(const char *, struct ntp_addr **, int);
static u_int32_t maxid = 0; static u_int32_t maxid = 0;
static u_int32_t constraint_maxid = 0; static u_int32_t constraint_maxid = 0;
@ -85,7 +87,7 @@ host_dns_free(struct ntp_addr *hn)
} }
int int
host_dns(const char *s, struct ntp_addr **hn)
host_dns1(const char *s, struct ntp_addr **hn, int notauth)
{ {
struct addrinfo hints, *res0, *res; struct addrinfo hints, *res0, *res;
int error, cnt = 0; int error, cnt = 0;
@ -111,6 +113,7 @@ host_dns(const char *s, struct ntp_addr **hn)
if ((h = calloc(1, sizeof(*h))) == NULL) if ((h = calloc(1, sizeof(*h))) == NULL)
fatal(NULL); fatal(NULL);
memcpy(&h->ss, res->ai_addr, res->ai_addrlen); memcpy(&h->ss, res->ai_addr, res->ai_addrlen);
h->notauth = notauth;
h->next = hh; h->next = hh;
hh = h; hh = h;
@ -122,6 +125,24 @@ host_dns(const char *s, struct ntp_addr **hn)
return (cnt); return (cnt);
} }
int
host_dns(const char *s, struct ntp_addr **hn)
{
int error, save_opts;
log_debug("trying to resolve %s", s);
error = host_dns1(s, hn, 0);
if (error <= 0) {
log_debug("no luck, trying to resolve %s without checking", s);
save_opts = _res.options;
_res.options |= RES_USE_CD;
error = host_dns1(s, hn, 1);
_res.options = save_opts;
}
log_debug("resolve %s done: %d", s, error);
return error;
}
struct ntp_peer * struct ntp_peer *
new_peer(void) new_peer(void)
{ {


+ 5
- 2
src/usr.sbin/ntpd/constraint.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: constraint.c,v 1.42 2019/01/21 11:08:37 jsing Exp $ */
/* $OpenBSD: constraint.c,v 1.43 2019/05/28 06:49:46 otto Exp $ */
/* /*
* Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org> * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@ -723,7 +723,7 @@ constraint_msg_dns(u_int32_t id, u_int8_t *data, size_t len)
return; return;
} }
if ((len % sizeof(struct sockaddr_storage)) != 0)
if (len % (sizeof(struct sockaddr_storage) + sizeof(int)) != 0)
fatalx("IMSG_CONSTRAINT_DNS len"); fatalx("IMSG_CONSTRAINT_DNS len");
p = data; p = data;
@ -733,6 +733,9 @@ constraint_msg_dns(u_int32_t id, u_int8_t *data, size_t len)
memcpy(&h->ss, p, sizeof(h->ss)); memcpy(&h->ss, p, sizeof(h->ss));
p += sizeof(h->ss); p += sizeof(h->ss);
len -= sizeof(h->ss); len -= sizeof(h->ss);
memcpy(&h->notauth, p, sizeof(int));
p += sizeof(int);
len -= sizeof(int);
if (ncstr == NULL || cstr->addr_head.pool) { if (ncstr == NULL || cstr->addr_head.pool) {
ncstr = new_constraint(); ncstr = new_constraint();


+ 7
- 3
src/usr.sbin/ntpd/control.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: control.c,v 1.14 2019/01/14 16:30:21 florian Exp $ */
/* $OpenBSD: control.c,v 1.15 2019/05/28 06:49:46 otto Exp $ */
/* /*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -339,13 +339,17 @@ build_show_peer(struct ctl_show_peer *cp, struct ntp_peer *p)
{ {
const char *a = "not resolved"; const char *a = "not resolved";
const char *pool = "", *addr_head_name = ""; const char *pool = "", *addr_head_name = "";
const char *auth = "";
u_int8_t shift, best, validdelaycnt, jittercnt; u_int8_t shift, best, validdelaycnt, jittercnt;
time_t now; time_t now;
now = getmonotime(); now = getmonotime();
if (p->addr)
if (p->addr) {
a = log_sockaddr((struct sockaddr *)&p->addr->ss); a = log_sockaddr((struct sockaddr *)&p->addr->ss);
if (p->addr->notauth)
auth = " (non-dnssec lookup)";
}
if (p->addr_head.pool) if (p->addr_head.pool)
pool = "from pool "; pool = "from pool ";
@ -353,7 +357,7 @@ build_show_peer(struct ctl_show_peer *cp, struct ntp_peer *p)
addr_head_name = p->addr_head.name; addr_head_name = p->addr_head.name;
snprintf(cp->peer_desc, sizeof(cp->peer_desc), snprintf(cp->peer_desc, sizeof(cp->peer_desc),
"%s %s%s", a, pool, addr_head_name);
"%s %s%s%s", a, pool, addr_head_name, auth);
validdelaycnt = best = 0; validdelaycnt = best = 0;
cp->offset = cp->delay = 0.0; cp->offset = cp->delay = 0.0;


+ 6
- 2
src/usr.sbin/ntpd/ntp.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: ntp.c,v 1.149 2019/01/07 20:33:40 tedu Exp $ */
/* $OpenBSD: ntp.c,v 1.150 2019/05/28 06:49:46 otto Exp $ */
/* /*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -512,13 +512,17 @@ ntp_dispatch_imsg_dns(void)
} }
p = (u_char *)imsg.data; p = (u_char *)imsg.data;
while (dlen >= sizeof(struct sockaddr_storage)) {
while (dlen >= sizeof(struct sockaddr_storage) +
sizeof(int)) {
if ((h = calloc(1, sizeof(struct ntp_addr))) == if ((h = calloc(1, sizeof(struct ntp_addr))) ==
NULL) NULL)
fatal(NULL); fatal(NULL);
memcpy(&h->ss, p, sizeof(h->ss)); memcpy(&h->ss, p, sizeof(h->ss));
p += sizeof(h->ss); p += sizeof(h->ss);
dlen -= sizeof(h->ss); dlen -= sizeof(h->ss);
memcpy(&h->notauth, p, sizeof(int));
p += sizeof(int);
dlen -= sizeof(int);
if (peer->addr_head.pool) { if (peer->addr_head.pool) {
npeer = new_peer(); npeer = new_peer();
npeer->weight = peer->weight; npeer->weight = peer->weight;


+ 13
- 3
src/usr.sbin/ntpd/ntp_dns.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: ntp_dns.c,v 1.20 2017/04/17 16:03:15 otto Exp $ */
/* $OpenBSD: ntp_dns.c,v 1.21 2019/05/28 06:49:46 otto Exp $ */
/* /*
* Copyright (c) 2003-2008 Henning Brauer <henning@openbsd.org> * Copyright (c) 2003-2008 Henning Brauer <henning@openbsd.org>
@ -20,6 +20,8 @@
#include <sys/resource.h> #include <sys/resource.h>
#include <sys/time.h> #include <sys/time.h>
#include <netinet/in.h>
#include <err.h> #include <err.h>
#include <errno.h> #include <errno.h>
#include <poll.h> #include <poll.h>
@ -28,6 +30,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <syslog.h> #include <syslog.h>
#include <resolv.h>
#include <unistd.h> #include <unistd.h>
#include "ntpd.h" #include "ntpd.h"
@ -55,6 +58,7 @@ ntp_dns(struct ntpd_conf *nconf, struct passwd *pw)
struct pollfd pfd[1]; struct pollfd pfd[1];
int nfds, nullfd; int nfds, nullfd;
res_init();
if (setpriority(PRIO_PROCESS, 0, 0) == -1) if (setpriority(PRIO_PROCESS, 0, 0) == -1)
log_warn("could not set priority"); log_warn("could not set priority");
@ -164,15 +168,21 @@ dns_dispatch_imsg(void)
break; break;
buf = imsg_create(ibuf_dns, imsg.hdr.type, buf = imsg_create(ibuf_dns, imsg.hdr.type,
imsg.hdr.peerid, 0, imsg.hdr.peerid, 0,
cnt * sizeof(struct sockaddr_storage));
cnt * (sizeof(struct sockaddr_storage) + sizeof(int)));
if (cnt > 0) { if (cnt > 0) {
if (buf) { if (buf) {
for (h = hn; h != NULL; h = h->next)
for (h = hn; h != NULL; h = h->next) {
if (imsg_add(buf, &h->ss, if (imsg_add(buf, &h->ss,
sizeof(h->ss)) == -1) { sizeof(h->ss)) == -1) {
buf = NULL; buf = NULL;
break; break;
} }
if (imsg_add(buf, &h->notauth,
sizeof(int)) == -1) {
buf = NULL;
break;
}
}
} }
host_dns_free(hn); host_dns_free(hn);
hn = NULL; hn = NULL;


+ 2
- 1
src/usr.sbin/ntpd/ntpd.h View File

@ -1,4 +1,4 @@
/* $OpenBSD: ntpd.h,v 1.138 2019/01/14 16:30:21 florian Exp $ */
/* $OpenBSD: ntpd.h,v 1.139 2019/05/28 06:49:46 otto Exp $ */
/* /*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -108,6 +108,7 @@ struct listen_addr {
struct ntp_addr { struct ntp_addr {
struct ntp_addr *next; struct ntp_addr *next;
struct sockaddr_storage ss; struct sockaddr_storage ss;
int notauth;
}; };
struct ntp_addr_wrap { struct ntp_addr_wrap {


Loading…
Cancel
Save