Fincer
/
openntpd-portable
mirror of https://github.com/Fincer/openntpd-portable
1
0
Fork 0
Code Issues 0 Projects 0 Releases 10 Wiki Activity
Portable build framework for OpenNTPD
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
124 Commits
9 Branches
17 MiB
Tree: ee9bac45b9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ee9bac45b9'
${ noResults }
openntpd-portable/patches/0011-Notify-the-user-when-c...

68 lines
2.3 KiB
Raw Normal View History

move __progname initialization to before first use Thanks to pbhenson for noticing this.
9 years ago
Update patches: remove integer overflow, add constraint helper
9 years ago
rebase patches
9 years ago
Update patches: remove integer overflow, add constraint helper
9 years ago
rebase patches
9 years ago
Update patches: remove integer overflow, add constraint helper
9 years ago
rebase patches
9 years ago
remove unused stub functions, init code
9 years ago
Update patches: remove integer overflow, add constraint helper
9 years ago
remove unused stub functions, init code
9 years ago
Update patches: remove integer overflow, add constraint helper
9 years ago
rebase patches
9 years ago
Update patches: remove integer overflow, add constraint helper
9 years ago
rebase patches on current
9 years ago
Update patches: remove integer overflow, add constraint helper
9 years ago
 
  1. From 12e4fcd674dd852fe8838c60fee6168344df8b5f Mon Sep 17 00:00:00 2001
  2. From: Brent Cook <busterb@gmail.com>
  3. Date: Fri, 27 Mar 2015 23:14:15 -0500
  4. Subject: [PATCH 11/13] Notify the user when constraint support is disabled.
  5. 

  6. Update the manpage and make a constraint line a fatal error if it is
  7. configured but ntpd is built without libtls present.
  8. From Paul B. Henson.
  9. ---

  10.  src/usr.sbin/ntpd/config.c    | 3 +++
  11.  src/usr.sbin/ntpd/ntp.c       | 2 ++
  12.  src/usr.sbin/ntpd/ntpd.conf.5 | 7 +++++--
  13.  3 files changed, 10 insertions(+), 2 deletions(-)
  14. 

  15. diff --git a/src/usr.sbin/ntpd/config.c b/src/usr.sbin/ntpd/config.c

  16. index 2e39604..779aed6 100644

  17. --- a/src/usr.sbin/ntpd/config.c

  18. +++ b/src/usr.sbin/ntpd/config.c

  19. @@ -218,6 +218,9 @@ new_constraint(void)

  20.  		fatal("new_constraint calloc");
  21.  	p->id = ++constraint_maxid;
  22.  
  23. +#ifndef HAVE_LIBTLS

  24. +	fatal("constraint configured without libtls support");

  25. +#endif

  26.  	return (p);
  27.  }
  28.  
  29. diff --git a/src/usr.sbin/ntpd/ntp.c b/src/usr.sbin/ntpd/ntp.c

  30. index 50fc468..566fd74 100644

  31. --- a/src/usr.sbin/ntpd/ntp.c

  32. +++ b/src/usr.sbin/ntpd/ntp.c

  33. @@ -109,12 +109,14 @@ ntp_main(int pipe_prnt[2], int fd_ctl, struct ntpd_conf *nconf,

  34.  		return (pid);
  35.  	}
  36.  
  37. +#ifdef HAVE_LIBTLS

  38.  	tls_init();
  39.  
  40.  	/* Verification will be turned off if CA is not found */
  41.  	if ((conf->ca = tls_load_file(CONSTRAINT_CA,
  42.  	    &conf->ca_len, NULL)) == NULL)
  43.  		log_warnx("constraint certificate verification turned off");
  44. +#endif

  45.  
  46.  	/* in this case the parent didn't init logging and didn't daemonize */
  47.  	if (nconf->settime && !nconf->debug) {
  48. diff --git a/src/usr.sbin/ntpd/ntpd.conf.5 b/src/usr.sbin/ntpd/ntpd.conf.5

  49. index 5dd584d..7b09932 100644

  50. --- a/src/usr.sbin/ntpd/ntpd.conf.5

  51. +++ b/src/usr.sbin/ntpd/ntpd.conf.5

  52. @@ -191,8 +191,11 @@ authenticated constraint,

  53.  thereby reducing the impact of unauthenticated NTP
  54.  man-in-the-middle attacks.
  55.  Received NTP packets with time information falling outside of a range
  56. -near the constraint will be discarded and such NTP servers

  57. -will be marked as invalid.

  58. +near the constraint will be discarded and such NTP servers will be marked as

  59. +invalid. Contraints are only available if

  60. +.Xr ntpd 8

  61. +has been compiled with libtls support. Configuring a constraint without libtls

  62. +support will result in a fatal error.

  63.  .Bl -tag -width Ds
  64.  .It Ic constraint from Ar url
  65.  Specify the URL, IP address or the hostname of an HTTPS server to
  66. -- 

  67. 2.4.5
  68.