time from HTTPS servers, by parsing the Date: header, and use the
median constraint time as a boundary to verify NTP responses. This
adds some level of authentication and protection against MITM attacks
while preserving the accuracy of the NTP protocol; without relying on
authentication options for NTP that are basically unavailable at
present. This is an initial implementation and the semantics will be
improved once it is in the tree.
Discussed with deraadt@ and henning@
OK henning@
- Nothing seems to free the result of host_dns(), so add host_dns_free() and
call after each query.
- If imsg_add() fails, it frees buf. Avoid subsequently dereferencing the
freed buf in imsg_close().
ok millert@ deraadt@
asking the privileged one to do it. sends back an imsg with the
resulting addresses in a bunch of struct sockaddr_storage in the data
part.
this should fix all remaining issues with dns (non-)availability at
ntpd startup, be it due to named on localhost or something else.
tested by marco@ and Chris Paul <chris.paul@sentinare.com>
to resolve the hostname every 60 seconds
fixes ntpd invocations before e. g. a dialup link is established and such.
as we want ntpd to be a "fire and forget" background daemon it should
cope with such situations.
tested by many
fixes the dns resolves to v4 and v6 addresses bug found by phessler
hacked on the Calgary->Montreal flight that proved that Air Canada _does_
have some modern aircrafts with good seats
struct ntp_addr, which just wraps a sockaddr_storage and a next pointer,
so that host_dns can return more than one entry.
let host_dns do exactly that, return a list of all IPs for that hostname
adjust all callers in the grammar to cope with that
reyk