jmc
a333c4129f
ntpd has been on by default for over two years now, so rework
the text about enabling it;
ok deraadt
7 years ago
naddy
8082e34065
zero out sockaddr_in before use; fixes use of stack garbage as port number
in "query from"; ok phessler@ job@
7 years ago
job
90b075737d
naddy@ reported confusion on why "query from" seemed to be ignored in
some cases.
OK naddy@ henning@
7 years ago
jmc
20dd90153e
tweak previous;
7 years ago
benno
184c157e2f
add option "query from <ip>" to ntpd.conf, to specify a local IP
address for outgoing ntp queries.
From Job Snijders, thanks!
with feedback and ok henning@
7 years ago
otto
9b92ee0342
don't manipulate hdr.len, it's used internally by libutil now; ok florian@
7 years ago
bluhm
21256fb318
From a syslog perspective it does not make sense to log fatal and
warn with the same severity. Switch log_warn() to LOG_ERR and keep
fatal() at LOG_CRIT.
OK reyk@ florian@
7 years ago
gsoares
ef079a5b2e
*nargv[] holds an array of pointers, so it should be
terminated by a null pointer.
ok rzalamena@ reyk@
7 years ago
phessler
af3e6c4339
add logging messages to distinguish which safty check failed
7 years ago
reyk
99d11625c1
Stop accessing verbose and debug variables from log.c directly.
This replaces log_verbose() and "extern int verbose" with the two functions
log_setverbose() and log_getverbose().
Pointed out by benno@
OK krw@ eric@ gilles@ (OK gilles@ for the snmpd bits as well)
7 years ago
krw
58841e22f6
Replace hand-rolled for(;;) traversal of ctl_conns TAILQ with
TAILQ_FOREACH().
No intentional functional change.
ok reyk@
7 years ago
reyk
ccbed53971
Sync log.c with the latest version from vmd/log.c that preserves errno
so it is safe calling log_* after an error without loosing the it.
7 years ago
jmc
e78f38adba
markup from jan stary;
8 years ago
rzalamena
19841ef136
Use the stack to hold the constraint child process variables instead of
using the heap.
ok bcook@
8 years ago
mestre
39fc6c9a98
Remove unused variable which was leaking memory, and while here remove 2 other
variables that were also never used
OK otto@
8 years ago
rzalamena
f8b06a2b6a
Check for EAGAIN on imsg_flush() return otherwise we might be failing
to send message to the child process. Do like we learned in httpd(8).
ok deraadt@
8 years ago
rzalamena
f3735931aa
Save the constraint process pid by getting the start_child() return value,
this should fix the problem with random ntpd(8) deaths.
ok deraadt@
8 years ago
reyk
138484b6d2
copy updated log.c from vmd: for correctness, save errno when doing
additional actions before printing it. OK rzalamena@
8 years ago
rzalamena
c82eb97e2b
Fix a possible bug that will happen with dup2() when oldd == newd. In that
case the dup2() would fail silently and the descriptor would remain with
the CLOEXEC flag causing the exec*()d child process to have unexpected
behavior.
ok guenther@
8 years ago
rzalamena
4c66ab656c
Teach ntpd(8) constraint process to use exec*() instead of just forking,
with this change we get the pledge() ability back to the parent process.
some tweaks from and ok reyk@
8 years ago
rzalamena
4e462f2ebb
Teach ntpd(8) how to use socket status to shutdown the daemon. While at
it, remove some verbose shutdown messages that we had before with pipe
close.
ok reyk@
8 years ago
rzalamena
1305c0d5de
Teach ntpd(8) how to fork+exec.
ok reyk@, bcook@
8 years ago
reyk
5ec8dcba4c
Add clarifications ("comments") to three places where it wasn't
obvious why it is implemented this way. The whole idea of constraints
is to isolate them as much as possible, in a semi-paranoid way.
OK rzalamena@
8 years ago
reyk
d7b0c49beb
Fix copyright disclaimer in util.c.
OK from the original author Alexander Guy
8 years ago
reyk
08ed721594
Remove the oh so funny "LOSS OF MIND" from the diclaimer that was not
part of the original ISC license that we use in OpenBSD. Done for
files were Henning is the original author.
OK henning@ deraadt@
8 years ago
guenther
2f48ecaf36
Pull in <sys/time.h> for struct timespec, timeval, or clockrate
ok deraadt@
8 years ago
jsing
9801e4d851
Adjust existing tls_config_set_cipher() callers for TLS cipher group
changes - map the previous configuration to the equivalent in the new
groups. This will be revisited post release.
Discussed with beck@
8 years ago
deraadt
4bee7f5ac6
ntpd is too aggressive about retrying constraint connections. This
became more visible recently because a log_debug was changed to
log_warnx. Change it back for now.
ok jsing
8 years ago
jsing
f819d84119
Harden TLS for ntpd constraints - stop disabling server name verification,
ensure that we load the CA certificates and use tls_connect_servername()
so that we can verify the server we are connecting to (even though we've
already resolved the hostname). Also add additional warnings for TLS
connect and TLS write failures so that we know what is happening and why.
Lack of server name verification also reported by Luis M. Merino
<luismiguelmerino at gmail dot com> - thanks!
ok deraadt@ reyk@
8 years ago
jsing
74da5f732a
Unconfuse things by renaming variables to match their contents.
ok deraadt@ reyk@
8 years ago
semarie
652935dc64
prepare userland for removing chroot(2) from allowed syscalls under pledge(2).
for ntpd(8), removing the pledge call is a first step: futher redesign will occurs later.
ok reyk@ benno@
8 years ago
krw
846730a3f8
Rename session_socket_blockmode() to session_socket_nonblockmode(),
removing its second parameter and the enum() that provided the
values for said parameter.
The function was only called with the second parameter set to one
value (BM_NONBLOCKING) from the enum(). So just do the right thing.
Similar to changes made in smtpd.
While here remove the pointless third parameter from the fcntl(F_GETFL)
call.
No functional change.
ok guenther@ bcook@ deraadt@
8 years ago
naddy
4cf98f2633
According to RFC7231, section 7.1.1.1, the HTTP date header supports
no other timezone than the fixed string "GMT". Avoid using strptime %Z,
which is nonstandard and can give surprising results on other operating
systems. ok deraadt@ giovanni@ bcook@
8 years ago
sthen
4114667275
Remove setproctitle() for the parent process. Because rc.d(8) uses process
titles (including flags) to distinguish between daemons, this makes it
possible to manage multiple copies of a daemon using the normal infrastructure
by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@
8 years ago
reyk
db00298111
Don't attempt to kill() the constraint in the wrong process. The
process management of the contraint processes has been moved from ntp
to the parent, for better privsep and pledge, but the ntp process
still attempted to kill the constraints on timeout directly. Fix this
regression by introducing a new imsg from ntp to the parent and the
related logic to kill a constraint at the right place.
Reported & tested by bcook@
Ok bcook@
8 years ago
bcook
fade868be3
update ntpd log initialization to work like relayd, fix debug log levels
ok reyk@
8 years ago
deraadt
73313dce7f
sneaky whitespace snuck in again
9 years ago
millert
e33f078c05
Don't assume fprintf() will set the FILE * error condition.
Instead, check the return value of fprintf() and fflush()
and call clearerr() before returning on error. OK jca@
9 years ago
reyk
0dc6f9d6e2
No need for an extra log.h
OK bcook@
9 years ago
reyk
97252e04ad
Switch and sync to the log.c variant from httpd/relayd/iked/snmpd/vmd.
OK bcook@ jung@
9 years ago
reyk
b8496badea
Move log_sockaddr() to from log.c to util.c as it is a local addition
and actually not a "logging" function. No functional change.
9 years ago
claudio
d6e39ab1f4
EAGAIN handling for imsg_read. OK henning@ benno@
9 years ago
deraadt
531d870924
Cache values from getpwnam() done at initialization, which need to be
used by the constraint processes setup later (chroot, setuid...)
[late getpwnam discovered during a further audit]
ok millert
9 years ago
tedu
4c1a084e50
use RMS for jitter. we're linking with enough libraries that libm is tiny.
ok deraadt
9 years ago
mmcc
c3ad325375
Simplify all instances of get_string() and get_data() using malloc() and
strndup().
ok millert@
9 years ago
deraadt
adcf1148c1
fix memory leak; from David CARLIER
9 years ago
naddy
0c7a1d49ed
fully revert some parts introduced with the original server rtable support,
so servers with numeric IP addresses won't be skipped; ok reyk@
9 years ago
naddy
2a9f149211
drop unused define; ok reyk@
9 years ago
reyk
13e2f2c777
Remove support for sending status reports to syslog on SIGINFO;
we have ntpctl now and ntpd doesn't need redundant/obsolete features.
Pointed out by naddy@, with input from zhuk@ (SIGINFO doesn't need SIG_IGN)
OK deraadt@
9 years ago
deraadt
0115cb35e8
the DNS process was not discarding & redirecting stdin/out/err to
/dev/null. copy the code from the ntp engine.
9 years ago