@ -1,55 +0,0 @@ | |||
From ec9ba68b495b4d866b3f8542ff054541aaae87fd Mon Sep 17 00:00:00 2001 | |||
From: Brent Cook <busterb@gmail.com> | |||
Date: Mon, 12 Jan 2015 21:16:54 -0600 | |||
Subject: [PATCH 03/12] Use LOG_NTP syslog facility if it is available | |||
FreeBSD PR: 114191 | |||
Submitted by: Robert Archer <freebsd@deathbeforedecaf.net> | |||
--- | |||
src/usr.sbin/ntpd/log.c | 9 ++++++--- | |||
1 file changed, 6 insertions(+), 3 deletions(-) | |||
diff --git a/src/usr.sbin/ntpd/log.c b/src/usr.sbin/ntpd/log.c | |||
index 1d8304b..5d34709 100644 | |||
--- a/src/usr.sbin/ntpd/log.c | |||
+++ b/src/usr.sbin/ntpd/log.c | |||
@@ -17,7 +17,7 @@ | |||
*/ | |||
#include <sys/socket.h> | |||
- | |||
+#include <netinet/in.h> | |||
#include <errno.h> | |||
#include <netdb.h> | |||
#include <pwd.h> | |||
@@ -30,6 +30,10 @@ | |||
#include "log.h" | |||
+#ifndef LOG_NTP | |||
+#define LOG_NTP LOG_DAEMON | |||
+#endif | |||
+ | |||
#define TRACE_DEBUG 0x1 | |||
static int foreground; | |||
@@ -39,7 +43,6 @@ void vlog(int, const char *, va_list); | |||
void logit(int, const char *, ...) | |||
__attribute__((format (printf, 2, 3))); | |||
- | |||
void | |||
log_init(int n_foreground) | |||
{ | |||
@@ -47,7 +50,7 @@ log_init(int n_foreground) | |||
foreground = n_foreground; | |||
if (! foreground) | |||
- openlog(__progname, LOG_PID | LOG_NDELAY, LOG_DAEMON); | |||
+ openlog(__progname, LOG_PID | LOG_NDELAY, LOG_NTP); | |||
tzset(); | |||
} | |||
-- | |||
2.6.3 | |||
@ -1,53 +0,0 @@ | |||
From c936d099934f3d85dae03e3ac54af2056788a96e Mon Sep 17 00:00:00 2001 | |||
From: Brent Cook <busterb@gmail.com> | |||
Date: Tue, 30 Dec 2014 09:02:50 -0600 | |||
Subject: [PATCH 04/12] conditionally fill in sin_len/sin6_len if they exist | |||
--- | |||
src/usr.sbin/ntpd/config.c | 8 ++++++++ | |||
1 file changed, 8 insertions(+) | |||
diff --git a/src/usr.sbin/ntpd/config.c b/src/usr.sbin/ntpd/config.c | |||
index c0a99b1..87de17a 100644 | |||
--- a/src/usr.sbin/ntpd/config.c | |||
+++ b/src/usr.sbin/ntpd/config.c | |||
@@ -72,7 +72,9 @@ host_v4(const char *s) | |||
if ((h = calloc(1, sizeof(struct ntp_addr))) == NULL) | |||
fatal(NULL); | |||
sa_in = (struct sockaddr_in *)&h->ss; | |||
+#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN | |||
sa_in->sin_len = sizeof(struct sockaddr_in); | |||
+#endif | |||
sa_in->sin_family = AF_INET; | |||
sa_in->sin_addr.s_addr = ina.s_addr; | |||
@@ -94,7 +96,9 @@ host_v6(const char *s) | |||
if ((h = calloc(1, sizeof(struct ntp_addr))) == NULL) | |||
fatal(NULL); | |||
sa_in6 = (struct sockaddr_in6 *)&h->ss; | |||
+#ifdef SIN6_LEN | |||
sa_in6->sin6_len = sizeof(struct sockaddr_in6); | |||
+#endif | |||
sa_in6->sin6_family = AF_INET6; | |||
memcpy(&sa_in6->sin6_addr, | |||
&((struct sockaddr_in6 *)res->ai_addr)->sin6_addr, | |||
@@ -156,12 +160,16 @@ host_dns(const char *s, struct ntp_addr **hn) | |||
h->ss.ss_family = res->ai_family; | |||
if (res->ai_family == AF_INET) { | |||
sa_in = (struct sockaddr_in *)&h->ss; | |||
+#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN | |||
sa_in->sin_len = sizeof(struct sockaddr_in); | |||
+#endif | |||
sa_in->sin_addr.s_addr = ((struct sockaddr_in *) | |||
res->ai_addr)->sin_addr.s_addr; | |||
} else { | |||
sa_in6 = (struct sockaddr_in6 *)&h->ss; | |||
+#ifdef SIN6_LEN | |||
sa_in6->sin6_len = sizeof(struct sockaddr_in6); | |||
+#endif | |||
memcpy(&sa_in6->sin6_addr, &((struct sockaddr_in6 *) | |||
res->ai_addr)->sin6_addr, sizeof(struct in6_addr)); | |||
} | |||
-- | |||
2.6.3 | |||
@ -1,116 +0,0 @@ | |||
From 9dcb2008acca9650e4cf05f10a051c1a94bde77e Mon Sep 17 00:00:00 2001 | |||
From: Brent Cook <busterb@gmail.com> | |||
Date: Tue, 30 Dec 2014 09:05:46 -0600 | |||
Subject: [PATCH 05/12] check if rdomain support is available. | |||
Handle FreeBSD's calling rdomain 'FIB'. | |||
- from naddy@openbsd.org | |||
--- | |||
src/usr.sbin/ntpd/ntpd.h | 6 ++++++ | |||
src/usr.sbin/ntpd/parse.y | 2 ++ | |||
src/usr.sbin/ntpd/server.c | 15 ++++++++++++++- | |||
3 files changed, 22 insertions(+), 1 deletion(-) | |||
diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h | |||
index f6507f2..fa2eb7a 100644 | |||
--- a/src/usr.sbin/ntpd/ntpd.h | |||
+++ b/src/usr.sbin/ntpd/ntpd.h | |||
@@ -41,6 +41,12 @@ | |||
#define DRIFTFILE "/var/db/ntpd.drift" | |||
#define CTLSOCKET "/var/run/ntpd.sock" | |||
+#if defined(SO_SETFIB) | |||
+#define SO_RTABLE SO_SETFIB | |||
+#define SIOCGIFRDOMAIN SIOCGIFFIB | |||
+#define ifr_rdomainid ifr_fib | |||
+#endif | |||
+ | |||
#define INTERVAL_QUERY_NORMAL 30 /* sync to peers every n secs */ | |||
#define INTERVAL_QUERY_PATHETIC 60 | |||
#define INTERVAL_QUERY_AGGRESSIVE 5 | |||
diff --git a/src/usr.sbin/ntpd/parse.y b/src/usr.sbin/ntpd/parse.y | |||
index 6d50795..33fe13d 100644 | |||
--- a/src/usr.sbin/ntpd/parse.y | |||
+++ b/src/usr.sbin/ntpd/parse.y | |||
@@ -404,11 +404,13 @@ weight : WEIGHT NUMBER { | |||
opts.weight = $2; | |||
} | |||
rtable : RTABLE NUMBER { | |||
+#ifdef RT_TABLEID_MAX | |||
if ($2 < 0 || $2 > RT_TABLEID_MAX) { | |||
yyerror("rtable must be between 1" | |||
" and RT_TABLEID_MAX"); | |||
YYERROR; | |||
} | |||
+#endif | |||
opts.rtable = $2; | |||
} | |||
; | |||
diff --git a/src/usr.sbin/ntpd/server.c b/src/usr.sbin/ntpd/server.c | |||
index fb297d7..2e28b9b 100644 | |||
--- a/src/usr.sbin/ntpd/server.c | |||
+++ b/src/usr.sbin/ntpd/server.c | |||
@@ -35,11 +35,16 @@ setup_listeners(struct servent *se, struct ntpd_conf *lconf, u_int *cnt) | |||
struct listen_addr *la, *nla, *lap; | |||
struct ifaddrs *ifa, *ifap; | |||
struct sockaddr *sa; | |||
+#ifdef SO_RTABLE | |||
struct if_data *ifd; | |||
+#endif | |||
u_int8_t *a6; | |||
size_t sa6len = sizeof(struct in6_addr); | |||
u_int new_cnt = 0; | |||
- int tos = IPTOS_LOWDELAY, rdomain = 0; | |||
+ int tos = IPTOS_LOWDELAY; | |||
+#ifdef SO_RTABLE | |||
+ int rdomain = 0; | |||
+#endif | |||
TAILQ_FOREACH(lap, &lconf->listen_addrs, entry) { | |||
switch (lap->sa.ss_family) { | |||
@@ -51,15 +56,19 @@ setup_listeners(struct servent *se, struct ntpd_conf *lconf, u_int *cnt) | |||
sa = ifap->ifa_addr; | |||
if (sa == NULL || SA_LEN(sa) == 0) | |||
continue; | |||
+#ifdef SO_RTABLE | |||
if (sa->sa_family == AF_LINK) { | |||
ifd = ifap->ifa_data; | |||
rdomain = ifd->ifi_rdomain; | |||
} | |||
+#endif | |||
if (sa->sa_family != AF_INET && | |||
sa->sa_family != AF_INET6) | |||
continue; | |||
+#ifdef SO_RTABLE | |||
if (lap->rtable != -1 && rdomain != lap->rtable) | |||
continue; | |||
+#endif | |||
if (sa->sa_family == AF_INET && | |||
((struct sockaddr_in *)sa)->sin_addr.s_addr == | |||
@@ -78,7 +87,9 @@ setup_listeners(struct servent *se, struct ntpd_conf *lconf, u_int *cnt) | |||
fatal("setup_listeners calloc"); | |||
memcpy(&la->sa, sa, SA_LEN(sa)); | |||
+#ifdef SO_RTABLE | |||
la->rtable = rdomain; | |||
+#endif | |||
TAILQ_INSERT_TAIL(&lconf->listen_addrs, la, entry); | |||
} | |||
@@ -123,10 +134,12 @@ setup_listeners(struct servent *se, struct ntpd_conf *lconf, u_int *cnt) | |||
IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) == -1) | |||
log_warn("setsockopt IPTOS_LOWDELAY"); | |||
+#ifdef SO_RTABLE | |||
if (la->rtable != -1 && | |||
setsockopt(la->fd, SOL_SOCKET, SO_RTABLE, &la->rtable, | |||
sizeof(la->rtable)) == -1) | |||
fatal("setup_listeners setsockopt SO_RTABLE"); | |||
+#endif | |||
if (bind(la->fd, (struct sockaddr *)&la->sa, | |||
SA_LEN((struct sockaddr *)&la->sa)) == -1) { | |||
-- | |||
2.6.3 | |||
@ -1,53 +0,0 @@ | |||
From 7ff884df5fdca1cf65650db6cc06235f5cc042ef Mon Sep 17 00:00:00 2001 | |||
From: Brent Cook <busterb@gmail.com> | |||
Date: Tue, 30 Dec 2014 09:20:03 -0600 | |||
Subject: [PATCH 06/12] update ntpd.conf to indicate OS-dependent options | |||
Also, clarify listening behavior based on a patch from | |||
Dererk <dererk@debian.org> | |||
Debian bug ID: 575705 | |||
--- | |||
src/usr.sbin/ntpd/ntpd.conf.5 | 11 ++++++++--- | |||
1 file changed, 8 insertions(+), 3 deletions(-) | |||
diff --git a/src/usr.sbin/ntpd/ntpd.conf.5 b/src/usr.sbin/ntpd/ntpd.conf.5 | |||
index af11a7e..87f94e8 100644 | |||
--- a/src/usr.sbin/ntpd/ntpd.conf.5 | |||
+++ b/src/usr.sbin/ntpd/ntpd.conf.5 | |||
@@ -38,9 +38,14 @@ The basic configuration options are as follows: | |||
.It Xo Ic listen on Ar address | |||
.Op Ic rtable Ar table-id | |||
.Xc | |||
+.Xr ntpd 8 | |||
+has the ability to sync the local clock to remote NTP servers and, if | |||
+this directive is specified, can act as NTP server itself, redistributing the | |||
+local clock. | |||
+.Pp | |||
Specify a local IP address or a hostname the | |||
.Xr ntpd 8 | |||
-daemon should listen on. | |||
+daemon should listen on to enable remote clients synchronization. | |||
If it appears multiple times, | |||
.Xr ntpd 8 | |||
will listen on each given address. | |||
@@ -53,7 +58,7 @@ will listen on all local addresses using the specified routing table. | |||
does not listen on any address by default. | |||
The optional | |||
.Ic rtable | |||
-keyword will specify which routing table to listen on. | |||
+keyword will specify which routing table to listen on, if the operating system supports rdomains. | |||
By default | |||
.Xr ntpd 8 | |||
will listen using the current routing table. | |||
@@ -76,7 +81,7 @@ listen on 127.0.0.1 rtable 4 | |||
.Xc | |||
Specify a timedelta sensor device | |||
.Xr ntpd 8 | |||
-should use. | |||
+should use, if the operating system supports sensors. | |||
The sensor can be specified multiple times: | |||
.Xr ntpd 8 | |||
will use each given sensor that actually exists. | |||
-- | |||
2.6.3 | |||
@ -1,52 +0,0 @@ | |||
From eb72af64c3304396f355b54cba266b4ed300b8c9 Mon Sep 17 00:00:00 2001 | |||
From: Brent Cook <busterb@gmail.com> | |||
Date: Thu, 1 Jan 2015 07:18:11 -0600 | |||
Subject: [PATCH 07/12] allow overriding default user and file locations | |||
Allow the build process to override the default ntpd file paths and | |||
default user. | |||
--- | |||
src/usr.sbin/ntpd/ntpd.h | 18 +++++++++++++++--- | |||
1 file changed, 15 insertions(+), 3 deletions(-) | |||
diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h | |||
index fa2eb7a..1383056 100644 | |||
--- a/src/usr.sbin/ntpd/ntpd.h | |||
+++ b/src/usr.sbin/ntpd/ntpd.h | |||
@@ -36,10 +36,20 @@ | |||
#define MAXIMUM(a, b) ((a) > (b) ? (a) : (b)) | |||
+#ifndef NTPD_USER | |||
#define NTPD_USER "_ntp" | |||
-#define CONFFILE "/etc/ntpd.conf" | |||
-#define DRIFTFILE "/var/db/ntpd.drift" | |||
-#define CTLSOCKET "/var/run/ntpd.sock" | |||
+#endif | |||
+ | |||
+#ifndef SYSCONFDIR | |||
+#define SYSCONFDIR "/etc" | |||
+#endif | |||
+#define CONFFILE SYSCONFDIR "/ntpd.conf" | |||
+ | |||
+#ifndef LOCALSTATEDIR | |||
+#define LOCALSTATEDIR "/var" | |||
+#endif | |||
+#define DRIFTFILE LOCALSTATEDIR "/db/ntpd.drift" | |||
+#define CTLSOCKET LOCALSTATEDIR "/run/ntpd.sock" | |||
#if defined(SO_SETFIB) | |||
#define SO_RTABLE SO_SETFIB | |||
@@ -87,7 +97,9 @@ | |||
#define CONSTRAINT_PORT "443" /* HTTPS port */ | |||
#define CONSTRAINT_MAXHEADERLENGTH 8192 | |||
#define CONSTRAINT_PASSFD (STDERR_FILENO + 1) | |||
+#ifndef CONSTRAINT_CA | |||
#define CONSTRAINT_CA "/etc/ssl/cert.pem" | |||
+#endif | |||
enum client_state { | |||
STATE_NONE, | |||
-- | |||
2.6.3 | |||
@ -1,150 +0,0 @@ | |||
From 735b7714af879176149a9861d781b275e7079fb7 Mon Sep 17 00:00:00 2001 | |||
From: Brent Cook <busterb@gmail.com> | |||
Date: Wed, 31 Dec 2014 08:26:41 -0600 | |||
Subject: [PATCH 08/12] add -p option to create a pid file | |||
This is used in both the Gentoo and Debian ports. | |||
Origin: https://bugs.gentoo.org/show_bug.cgi?id=493082 | |||
--- | |||
src/usr.sbin/ntpd/ntpd.8 | 4 ++++ | |||
src/usr.sbin/ntpd/ntpd.c | 33 ++++++++++++++++++++++++++++----- | |||
src/usr.sbin/ntpd/ntpd.h | 1 + | |||
3 files changed, 33 insertions(+), 5 deletions(-) | |||
diff --git a/src/usr.sbin/ntpd/ntpd.8 b/src/usr.sbin/ntpd/ntpd.8 | |||
index dcfb6d2..1b885a1 100644 | |||
--- a/src/usr.sbin/ntpd/ntpd.8 | |||
+++ b/src/usr.sbin/ntpd/ntpd.8 | |||
@@ -25,6 +25,7 @@ | |||
.Bk -words | |||
.Op Fl dnSsv | |||
.Op Fl f Ar file | |||
+.Op Fl p Ar file | |||
.Ek | |||
.Sh DESCRIPTION | |||
The | |||
@@ -59,6 +60,9 @@ instead of the default | |||
.It Fl n | |||
Configtest mode. | |||
Only check the configuration file for validity. | |||
+.It Fl p Ar file | |||
+Write pid to | |||
+.Ar file | |||
.It Fl S | |||
Do not set the time immediately at startup. | |||
This is the default. | |||
diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c | |||
index 83b42ee..40570ee 100644 | |||
--- a/src/usr.sbin/ntpd/ntpd.c | |||
+++ b/src/usr.sbin/ntpd/ntpd.c | |||
@@ -86,6 +86,18 @@ sighdlr(int sig) | |||
} | |||
} | |||
+void | |||
+writepid(struct ntpd_conf *lconf) | |||
+{ | |||
+ if (lconf->pid_file != NULL) { | |||
+ FILE *f = fopen(lconf->pid_file, "w"); | |||
+ if (f == NULL) | |||
+ fatal("couldn't open pid file"); | |||
+ fprintf(f, "%ld\n", (long) getpid()); | |||
+ fclose(f); | |||
+ } | |||
+} | |||
+ | |||
__dead void | |||
usage(void) | |||
{ | |||
@@ -95,7 +107,7 @@ usage(void) | |||
fprintf(stderr, | |||
"usage: ntpctl -s all | peers | Sensors | status\n"); | |||
else | |||
- fprintf(stderr, "usage: %s [-dnSsv] [-f file]\n", | |||
+ fprintf(stderr, "usage: %s [-dnSsv] [-f file] [-p file]\n", | |||
__progname); | |||
exit(1); | |||
} | |||
@@ -133,7 +145,7 @@ main(int argc, char *argv[]) | |||
log_init(1); /* log to stderr until daemonized */ | |||
- while ((ch = getopt(argc, argv, "df:nsSv")) != -1) { | |||
+ while ((ch = getopt(argc, argv, "df:np:sSv")) != -1) { | |||
switch (ch) { | |||
case 'd': | |||
lconf.debug = 1; | |||
@@ -145,6 +157,9 @@ main(int argc, char *argv[]) | |||
case 'n': | |||
lconf.noaction = 1; | |||
break; | |||
+ case 'p': | |||
+ lconf.pid_file = optarg; | |||
+ break; | |||
case 's': | |||
lconf.settime = 1; | |||
break; | |||
@@ -189,9 +204,11 @@ main(int argc, char *argv[]) | |||
reset_adjtime(); | |||
if (!lconf.settime) { | |||
log_init(lconf.debug); | |||
- if (!lconf.debug) | |||
+ if (!lconf.debug) { | |||
if (daemon(1, 0)) | |||
fatal("daemon"); | |||
+ writepid(&lconf); | |||
+ } | |||
} else | |||
timeout = SETTIME_TIMEOUT * 1000; | |||
@@ -269,9 +286,11 @@ main(int argc, char *argv[]) | |||
log_init(lconf.debug); | |||
log_warnx("no reply received in time, skipping initial " | |||
"time setting"); | |||
- if (!lconf.debug) | |||
+ if (!lconf.debug) { | |||
if (daemon(1, 0)) | |||
fatal("daemon"); | |||
+ writepid(&lconf); | |||
+ } | |||
} | |||
if (nfds > 0 && (pfd[PFD_PIPE].revents & POLLOUT)) | |||
@@ -314,6 +333,8 @@ main(int argc, char *argv[]) | |||
msgbuf_clear(&ibuf->w); | |||
free(ibuf); | |||
log_info("Terminating"); | |||
+ if (lconf.pid_file != NULL) | |||
+ unlink(lconf.pid_file); | |||
return (0); | |||
} | |||
@@ -396,9 +417,11 @@ dispatch_imsg(struct ntpd_conf *lconf, const char *pw_dir, | |||
memcpy(&d, imsg.data, sizeof(d)); | |||
ntpd_settime(d); | |||
/* daemonize now */ | |||
- if (!lconf->debug) | |||
+ if (!lconf->debug) { | |||
if (daemon(1, 0)) | |||
fatal("daemon"); | |||
+ writepid(lconf); | |||
+ } | |||
lconf->settime = 0; | |||
timeout = INFTIM; | |||
break; | |||
diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h | |||
index 1383056..e542849 100644 | |||
--- a/src/usr.sbin/ntpd/ntpd.h | |||
+++ b/src/usr.sbin/ntpd/ntpd.h | |||
@@ -242,6 +242,7 @@ struct ntpd_conf { | |||
u_int constraint_errors; | |||
u_int8_t *ca; | |||
size_t ca_len; | |||
+ char *pid_file; | |||
}; | |||
struct ctl_show_status { | |||
-- | |||
2.6.3 | |||
@ -1,60 +0,0 @@ | |||
From 0c286469c195738efc45001b1fcd4f8b4044a141 Mon Sep 17 00:00:00 2001 | |||
From: Brent Cook <busterb@gmail.com> | |||
Date: Mon, 12 Jan 2015 06:18:31 -0600 | |||
Subject: [PATCH 09/12] initialize setproctitle where needed | |||
We need to save a copy of argv and __progname to avoid setproctitle | |||
clobbering them. | |||
--- | |||
src/usr.sbin/ntpd/ntpd.c | 21 ++++++++++++++++++++- | |||
1 file changed, 20 insertions(+), 1 deletion(-) | |||
diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c | |||
index 40570ee..3d0ceb2 100644 | |||
--- a/src/usr.sbin/ntpd/ntpd.c | |||
+++ b/src/usr.sbin/ntpd/ntpd.c | |||
@@ -116,6 +116,13 @@ usage(void) | |||
#define PFD_PIPE 0 | |||
#define PFD_MAX 1 | |||
+/* Saves a copy of argv for setproctitle emulation */ | |||
+#ifndef HAVE_SETPROCTITLE | |||
+static char **saved_argv; | |||
+#endif | |||
+ | |||
+char *get_progname(char *argv0); | |||
+ | |||
int | |||
main(int argc, char *argv[]) | |||
{ | |||
@@ -145,6 +152,18 @@ main(int argc, char *argv[]) | |||
log_init(1); /* log to stderr until daemonized */ | |||
+ __progname = get_progname(argv[0]); | |||
+ | |||
+#ifndef HAVE_SETPROCTITLE | |||
+ /* Prepare for later setproctitle emulation */ | |||
+ saved_argv = calloc(argc + 1, sizeof(*saved_argv)); | |||
+ for (i = 0; i < argc; i++) | |||
+ saved_argv[i] = strdup(argv[i]); | |||
+ saved_argv[i] = NULL; | |||
+ compat_init_setproctitle(argc, argv); | |||
+ argv = saved_argv; | |||
+#endif | |||
+ | |||
while ((ch = getopt(argc, argv, "df:np:sSv")) != -1) { | |||
switch (ch) { | |||
case 'd': | |||
@@ -549,7 +568,7 @@ readfreq(void) | |||
freqfp = fopen(DRIFTFILE, "w"); | |||
return; | |||
} | |||
- | |||
+ | |||
freqfp = fdopen(fd, "r+"); | |||
/* if we're adjusting frequency already, don't override */ | |||
-- | |||
2.6.3 | |||
@ -1,68 +0,0 @@ | |||
From c685d444684c047721ce4c3789aa50eab7ed7a91 Mon Sep 17 00:00:00 2001 | |||
From: Brent Cook <busterb@gmail.com> | |||
Date: Fri, 27 Mar 2015 23:14:15 -0500 | |||
Subject: [PATCH 10/12] Notify the user when constraint support is disabled. | |||
Update the manpage and make a constraint line a fatal error if it is | |||
configured but ntpd is built without libtls present. | |||
From Paul B. Henson. | |||
--- | |||
src/usr.sbin/ntpd/config.c | 3 +++ | |||
src/usr.sbin/ntpd/constraint.c | 2 ++ | |||
src/usr.sbin/ntpd/ntpd.conf.5 | 7 +++++-- | |||
3 files changed, 10 insertions(+), 2 deletions(-) | |||
diff --git a/src/usr.sbin/ntpd/config.c b/src/usr.sbin/ntpd/config.c | |||
index 87de17a..5a75030 100644 | |||
--- a/src/usr.sbin/ntpd/config.c | |||
+++ b/src/usr.sbin/ntpd/config.c | |||
@@ -219,6 +219,9 @@ new_constraint(void) | |||
p->id = ++constraint_maxid; | |||
p->fd = -1; | |||
+#ifndef HAVE_LIBTLS | |||
+ fatal("constraint configured without libtls support"); | |||
+#endif | |||
return (p); | |||
} | |||
diff --git a/src/usr.sbin/ntpd/constraint.c b/src/usr.sbin/ntpd/constraint.c | |||
index 3fc837f..72b3980 100644 | |||
--- a/src/usr.sbin/ntpd/constraint.c | |||
+++ b/src/usr.sbin/ntpd/constraint.c | |||
@@ -288,12 +288,14 @@ priv_constraint_child(struct constraint *cstr, struct ntp_addr_msg *am, | |||
if (setpriority(PRIO_PROCESS, 0, 0) == -1) | |||
log_warn("could not set priority"); | |||
+#ifdef HAVE_LIBTLS | |||
/* Init TLS and load cert before chroot() */ | |||
if (tls_init() == -1) | |||
fatalx("tls_init"); | |||
if ((conf->ca = tls_load_file(CONSTRAINT_CA, | |||
&conf->ca_len, NULL)) == NULL) | |||
log_warnx("constraint certificate verification turned off"); | |||
+#endif | |||
if (chroot(pw_dir) == -1) | |||
fatal("chroot"); | |||
diff --git a/src/usr.sbin/ntpd/ntpd.conf.5 b/src/usr.sbin/ntpd/ntpd.conf.5 | |||
index 87f94e8..7f729d2 100644 | |||
--- a/src/usr.sbin/ntpd/ntpd.conf.5 | |||
+++ b/src/usr.sbin/ntpd/ntpd.conf.5 | |||
@@ -185,8 +185,11 @@ authenticated constraint, | |||
thereby reducing the impact of unauthenticated NTP | |||
man-in-the-middle attacks. | |||
Received NTP packets with time information falling outside of a range | |||
-near the constraint will be discarded and such NTP servers | |||
-will be marked as invalid. | |||
+near the constraint will be discarded and such NTP servers will be marked as | |||
+invalid. Contraints are only available if | |||
+.Xr ntpd 8 | |||
+has been compiled with libtls support. Configuring a constraint without libtls | |||
+support will result in a fatal error. | |||
.Bl -tag -width Ds | |||
.It Ic constraint from Ar url | |||
Specify the URL, IP address or the hostname of an HTTPS server to | |||
-- | |||
2.6.3 | |||
@ -1,33 +0,0 @@ | |||
From 4a446e2cfe1792cd75af53b515fe0b71b6c97b0f Mon Sep 17 00:00:00 2001 | |||
From: Brent Cook <busterb@gmail.com> | |||
Date: Mon, 4 May 2015 04:27:29 -0500 | |||
Subject: [PATCH 11/12] add a method for updating the realtime clock on sync | |||
from Christian Weisgerber | |||
--- | |||
src/usr.sbin/ntpd/ntpd.c | 2 ++ | |||
1 file changed, 2 insertions(+) | |||
diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c | |||
index 3d0ceb2..eef7d2c 100644 | |||
--- a/src/usr.sbin/ntpd/ntpd.c | |||
+++ b/src/usr.sbin/ntpd/ntpd.c | |||
@@ -54,6 +54,7 @@ const char *ctl_lookup_option(char *, const char **); | |||
void show_status_msg(struct imsg *); | |||
void show_peer_msg(struct imsg *, int); | |||
void show_sensor_msg(struct imsg *, int); | |||
+void update_time_sync_status(int); | |||
volatile sig_atomic_t quit = 0; | |||
volatile sig_atomic_t reconfig = 0; | |||
@@ -486,6 +487,7 @@ ntpd_adjtime(double d) | |||
else if (!firstadj && olddelta.tv_sec == 0 && olddelta.tv_usec == 0) | |||
synced = 1; | |||
firstadj = 0; | |||
+ update_time_sync_status(synced); | |||
return (synced); | |||
} | |||
-- | |||
2.6.3 | |||
@ -1,69 +0,0 @@ | |||
From 585ee6ed92a06261aea08b05963789652f32a997 Mon Sep 17 00:00:00 2001 | |||
From: Brent Cook <bcook@openbsd.org> | |||
Date: Sun, 6 Dec 2015 22:35:38 -0600 | |||
Subject: [PATCH 12/12] Deal with missing SO_TIMESTAMP | |||
from Paul B. Henson" <henson@acm.org> | |||
Fall back to the previous client.c implementation when it is not found. | |||
--- | |||
src/usr.sbin/ntpd/client.c | 10 +++++++++- | |||
1 file changed, 9 insertions(+), 1 deletion(-) | |||
diff --git a/src/usr.sbin/ntpd/client.c b/src/usr.sbin/ntpd/client.c | |||
index 7ce3b38..edca87c 100644 | |||
--- a/src/usr.sbin/ntpd/client.c | |||
+++ b/src/usr.sbin/ntpd/client.c | |||
@@ -163,10 +163,12 @@ client_query(struct ntp_peer *p) | |||
if (p->addr->ss.ss_family == AF_INET && setsockopt(p->query->fd, | |||
IPPROTO_IP, IP_TOS, &val, sizeof(val)) == -1) | |||
log_warn("setsockopt IPTOS_LOWDELAY"); | |||
+#ifdef SO_TIMESTAMP | |||
val = 1; | |||
if (setsockopt(p->query->fd, SOL_SOCKET, SO_TIMESTAMP, | |||
&val, sizeof(val)) == -1) | |||
fatal("setsockopt SO_TIMESTAMP"); | |||
+#endif | |||
} | |||
/* | |||
@@ -213,7 +215,9 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime) | |||
struct cmsghdr hdr; | |||
char buf[CMSG_SPACE(sizeof(tv))]; | |||
} cmsgbuf; | |||
+#ifdef SO_TIMESTAMP | |||
struct cmsghdr *cmsg; | |||
+#endif | |||
ssize_t size; | |||
double T1, T2, T3, T4; | |||
time_t interval; | |||
@@ -226,7 +230,6 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime) | |||
somsg.msg_control = cmsgbuf.buf; | |||
somsg.msg_controllen = sizeof(cmsgbuf.buf); | |||
- T4 = getoffset(); | |||
if ((size = recvmsg(p->query->fd, &somsg, 0)) == -1) { | |||
if (errno == EHOSTUNREACH || errno == EHOSTDOWN || | |||
errno == ENETUNREACH || errno == ENETDOWN || | |||
@@ -251,6 +254,8 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime) | |||
return (0); | |||
} | |||
+#ifdef SO_TIMESTAMP | |||
+ T4 = getoffset(); | |||
for (cmsg = CMSG_FIRSTHDR(&somsg); cmsg != NULL; | |||
cmsg = CMSG_NXTHDR(&somsg, cmsg)) { | |||
if (cmsg->cmsg_level == SOL_SOCKET && | |||
@@ -260,6 +265,9 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime) | |||
break; | |||
} | |||
} | |||
+#else | |||
+ T4 = gettime_corrected(); | |||
+#endif | |||
if (T4 < JAN_1970) { | |||
client_log_error(p, "recvmsg control format", EBADF); | |||
-- | |||
2.6.3 | |||