openntpd-openbsd

19 MiB

Branch: master

Author	SHA1	Message	Date
otto	c1869dec59	If constraints are configured but do not work for whatever reason ntpd does not work. Make that more clear in the log and ntpdctl -s status. report by and ok benno@	4 years ago
otto	005e327f50	fix printing when the pool is specified as an IP address; reported by and ok deraadt@	5 years ago
otto	ac3128b975	proper level of two messages, prompted by deraadt@	5 years ago
otto	89bf75c4ef	A step in solving the bootstrap problem in a dnssec environement. If the time is wrong, we cannot validate dnssec, leading to failed DNS lookups, so we cannot adjust or set the time. Work around this by repeating a failed DNS lookup with a lookup with the DC (check disabled) bit set. ok florian@	5 years ago
florian	ea28228b66	Prevent multiple ntpds from tripping over each other. This brings over the logic from bgpd & ospfd. Input & OK deraadt	5 years ago
mestre	7b9d9ca1a6	Revert back previous commit, we have decided that socket files don't cause any harm if not deleted after the daemon is shutdown and at the same time we also tackle another attack surface by not allowing the program to create/delete any more files (by removing "cpath" promise from pledge(2)). Discussion initiated by a question from deraadt@ OK florian@	5 years ago
krw	58841e22f6	Replace hand-rolled for(;;) traversal of ctl_conns TAILQ with TAILQ_FOREACH(). No intentional functional change. ok reyk@	7 years ago
rzalamena	1305c0d5de	Teach ntpd(8) how to fork+exec. ok reyk@, bcook@	7 years ago
krw	846730a3f8	Rename session_socket_blockmode() to session_socket_nonblockmode(), removing its second parameter and the enum() that provided the values for said parameter. The function was only called with the second parameter set to one value (BM_NONBLOCKING) from the enum(). So just do the right thing. Similar to changes made in smtpd. While here remove the pointless third parameter from the fcntl(F_GETFL) call. No functional change. ok guenther@ bcook@ deraadt@	8 years ago
claudio	d6e39ab1f4	EAGAIN handling for imsg_read. OK henning@ benno@	8 years ago
tedu	4c1a084e50	use RMS for jitter. we're linking with enough libraries that libm is tiny. ok deraadt	8 years ago
phessler	e4a72ca09e	Allowing upstream servers of ntp being in multiple routing tables is non-sensical. The dns lookups happened in the process routing table (usually '0'), which is very likely to have different results from the other routing domains. If you do depend on having this behaviour, you'll need to use pf to cross the rtable boundary. "listen on * rtable X" is still supported. Users of "server * rtable X" will need to switch to launching ntpd with "route -T X exec /usr/sbin/ntpd" OK deraadt@	8 years ago
bcook	cdb73978a9	replace bzero with memset ok phessler@ deraadt@	9 years ago
reyk	7433fa0bce	Add support for "constraints": when configured, ntpd(8) will query the time from HTTPS servers, by parsing the Date: header, and use the median constraint time as a boundary to verify NTP responses. This adds some level of authentication and protection against MITM attacks while preserving the accuracy of the NTP protocol; without relying on authentication options for NTP that are basically unavailable at present. This is an initial implementation and the semantics will be improved once it is in the tree. Discussed with deraadt@ and henning@ OK henning@	9 years ago
deraadt	eb02123984	remove excessive/wrong use of sys/param.h peanuts -- but all work has to start somewhere.	9 years ago
bcook	2b0bc47767	rename sockaddr_un variables from 'sun' to the more common 'sa'. This avoids a namespace conflict with Solaris build environments. discussed with deraadt@ and kettenis@	9 years ago
benno	b7644de136	from sthen: handle msgbuf_write() returning EAGAIN ok krw	10 years ago
phessler	36ee6e401f	Add ntpctl(8), which allows us to query the locally running ntpd(8) process diff from Mike Miller <mmiller mgm51 com> (many thanks!) OK phessler@, henning@, todd@	10 years ago

18 Commits (master)