Portable build framework for OpenNTPD
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

68 lines
2.3 KiB

  1. From 0532e94c831af38d015d3bcd56740403cb391e26 Mon Sep 17 00:00:00 2001
  2. From: Brent Cook <busterb@gmail.com>
  3. Date: Fri, 27 Mar 2015 23:14:15 -0500
  4. Subject: [PATCH 11/11] Notify the user when constraint support is disabled.
  5. Update the manpage and make a constraint line a fatal error if it is
  6. configured but ntpd is built without libtls present.
  7. From Paul B. Henson.
  8. ---
  9. src/usr.sbin/ntpd/config.c | 3 +++
  10. src/usr.sbin/ntpd/ntp.c | 2 ++
  11. src/usr.sbin/ntpd/ntpd.conf.5 | 7 +++++--
  12. 3 files changed, 10 insertions(+), 2 deletions(-)
  13. diff --git a/src/usr.sbin/ntpd/config.c b/src/usr.sbin/ntpd/config.c
  14. index 2e39604..779aed6 100644
  15. --- a/src/usr.sbin/ntpd/config.c
  16. +++ b/src/usr.sbin/ntpd/config.c
  17. @@ -218,6 +218,9 @@ new_constraint(void)
  18. fatal("new_constraint calloc");
  19. p->id = ++constraint_maxid;
  20. +#ifndef HAVE_LIBTLS
  21. + fatal("constraint configured without libtls support");
  22. +#endif
  23. return (p);
  24. }
  25. diff --git a/src/usr.sbin/ntpd/ntp.c b/src/usr.sbin/ntpd/ntp.c
  26. index 0a9b4be..285e30d 100644
  27. --- a/src/usr.sbin/ntpd/ntp.c
  28. +++ b/src/usr.sbin/ntpd/ntp.c
  29. @@ -110,12 +110,14 @@ ntp_main(int pipe_prnt[2], int fd_ctl, struct ntpd_conf *nconf,
  30. return (pid);
  31. }
  32. +#ifdef HAVE_LIBTLS
  33. tls_init();
  34. /* Verification will be turned off if CA is not found */
  35. if ((conf->ca = tls_load_file(CONSTRAINT_CA,
  36. &conf->ca_len, NULL)) == NULL)
  37. log_warnx("constraint certificate verification turned off");
  38. +#endif
  39. /* in this case the parent didn't init logging and didn't daemonize */
  40. if (nconf->settime && !nconf->debug) {
  41. diff --git a/src/usr.sbin/ntpd/ntpd.conf.5 b/src/usr.sbin/ntpd/ntpd.conf.5
  42. index 25efcae..2dee297 100644
  43. --- a/src/usr.sbin/ntpd/ntpd.conf.5
  44. +++ b/src/usr.sbin/ntpd/ntpd.conf.5
  45. @@ -191,8 +191,11 @@ authenticated constraint,
  46. thereby reducing the impact of unauthenticated NTP
  47. man-in-the-middle attacks.
  48. Received NTP packets with time information falling outside of a range
  49. -near the constraint will be discarded and such NTP servers
  50. -will be marked as invalid.
  51. +near the constraint will be discarded and such NTP servers will be marked as
  52. +invalid. Contraints are only available if
  53. +.Xr ntpd 8
  54. +has been compiled with libtls support. Configuring a constraint without libtls
  55. +support will result in a fatal error.
  56. .Bl -tag -width Ds
  57. .It Ic constraint from Ar url
  58. Specify the URL, IP address or the hostname of an HTTPS server to
  59. --
  60. 1.9.1