Fincer
/
openntpd-portable
mirror of https://github.com/Fincer/openntpd-portable
1
0
Fork 0
Code Issues 0 Projects 0 Releases 10 Wiki Activity
Portable build framework for OpenNTPD
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
220 Commits
9 Branches
1.1 MiB
Tree: 6448060a5d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6448060a5d'
${ noResults }
openntpd-portable/patches/0009-Notify-the-user-when-c...

72 lines
2.4 KiB
Raw Normal View History

disable broken rdomain support for FreeBSD
3 years ago
add the rest of the rebased patches
8 years ago
update patches
3 years ago
add the rest of the rebased patches
8 years ago
handle constraints in ntpd.conf as a warning rather than fatal error
7 years ago
add the rest of the rebased patches
8 years ago
handle constraints in ntpd.conf as a warning rather than fatal error
7 years ago
add the rest of the rebased patches
8 years ago
update patches
3 years ago
add the rest of the rebased patches
8 years ago
update patches
3 years ago
add the rest of the rebased patches
8 years ago
handle constraints in ntpd.conf as a warning rather than fatal error
7 years ago
add the rest of the rebased patches
8 years ago
rebase patches
4 years ago
add the rest of the rebased patches
8 years ago
rebase patches
4 years ago
rebase patches for latest
7 years ago
add the rest of the rebased patches
8 years ago
rebase patches
8 years ago
add the rest of the rebased patches
8 years ago
update patches
5 years ago
add the rest of the rebased patches
8 years ago
rebase patches
8 years ago
add the rest of the rebased patches
8 years ago
update patches
3 years ago
add the rest of the rebased patches
8 years ago
rebase patches
4 years ago
add the rest of the rebased patches
8 years ago
handle constraints in ntpd.conf as a warning rather than fatal error
7 years ago
add the rest of the rebased patches
8 years ago
handle constraints in ntpd.conf as a warning rather than fatal error
7 years ago
add the rest of the rebased patches
8 years ago
rebase patches
4 years ago
add the rest of the rebased patches
8 years ago
update patches
3 years ago
add the rest of the rebased patches
8 years ago
 
  1. From 49228b4b3b4c49430f93629b75871154e01154f1 Mon Sep 17 00:00:00 2001
  2. From: Brent Cook <busterb@gmail.com>
  3. Date: Fri, 27 Mar 2015 23:14:15 -0500
  4. Subject: [PATCH 09/18] Notify the user when constraint support is disabled.
  5. 

  6. Update the manpage and warn if constraints are
  7. configured but ntpd is built without libtls present.
  8. From Paul B. Henson.
  9. ---

  10.  src/usr.sbin/ntpd/config.c     |  3 +++
  11.  src/usr.sbin/ntpd/constraint.c |  2 ++
  12.  src/usr.sbin/ntpd/ntpd.conf.5  | 11 +++++++++--
  13.  3 files changed, 14 insertions(+), 2 deletions(-)
  14. 

  15. diff --git a/src/usr.sbin/ntpd/config.c b/src/usr.sbin/ntpd/config.c

  16. index e243818c25..856c3147cc 100644

  17. --- a/src/usr.sbin/ntpd/config.c

  18. +++ b/src/usr.sbin/ntpd/config.c

  19. @@ -187,6 +187,9 @@ new_constraint(void)

  20.  	p->id = ++constraint_maxid;
  21.  	p->fd = -1;
  22.  
  23. +#ifndef HAVE_LIBTLS

  24. +	log_warnx("constraint configured without libtls support");

  25. +#endif

  26.  	return (p);
  27.  }
  28.  
  29. diff --git a/src/usr.sbin/ntpd/constraint.c b/src/usr.sbin/ntpd/constraint.c

  30. index 6529070d14..f23d363889 100644

  31. --- a/src/usr.sbin/ntpd/constraint.c

  32. +++ b/src/usr.sbin/ntpd/constraint.c

  33. @@ -354,12 +354,14 @@ priv_constraint_child(const char *pw_dir, uid_t pw_uid, gid_t pw_gid)

  34.  	if (setpriority(PRIO_PROCESS, 0, 0) == -1)
  35.  		log_warn("could not set priority");
  36.  
  37. +#ifdef HAVE_LIBTLS

  38.  	/* Init TLS and load CA certs before chroot() */
  39.  	if (tls_init() == -1)
  40.  		fatalx("tls_init");
  41.  	if ((conf->ca = tls_load_file(tls_default_ca_cert_file(),
  42.  	    &conf->ca_len, NULL)) == NULL)
  43.  		fatalx("failed to load constraint ca");
  44. +#endif

  45.  
  46.  	if (chroot(pw_dir) == -1)
  47.  		fatal("chroot");
  48. diff --git a/src/usr.sbin/ntpd/ntpd.conf.5 b/src/usr.sbin/ntpd/ntpd.conf.5

  49. index 98368d914b..bd7314c63b 100644

  50. --- a/src/usr.sbin/ntpd/ntpd.conf.5

  51. +++ b/src/usr.sbin/ntpd/ntpd.conf.5

  52. @@ -216,8 +216,15 @@ authenticated constraint,

  53.  thereby reducing the impact of unauthenticated NTP
  54.  man-in-the-middle attacks.
  55.  Received NTP packets with time information falling outside of a range
  56. -near the constraint will be discarded and such NTP servers

  57. -will be marked as invalid.

  58. +near the constraint will be discarded and such NTP servers will be marked as

  59. +invalid.

  60. +.Pp

  61. +Support for constraints is only available if

  62. +.Xr ntpd 8

  63. +has been linked with libtls from LibreSSL. Configuring a constraint

  64. +without libtls causes

  65. +.Xr ntpd 8

  66. +to log a warning message on startup.

  67.  .Bl -tag -width Ds
  68.  .It Ic constraint from Ar url [ip...]
  69.  Specify the URL, IP address or the hostname of an HTTPS server to
  70. -- 

  71. 2.27.0
  72.