Fincer
/
openntpd-portable
mirror of https://github.com/Fincer/openntpd-portable
1
0
Fork 0
Code Issues 0 Projects 0 Releases 10 Wiki Activity
Browse Source

update and rebase patches, we no longer need the LOG_NTP workaround

OPENBSD_5_9
Brent Cook 8 years ago
parent
2bb74c098b
commit
4575cfbbce
13 changed files with 7 additions and 716 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +3
    -3
      patches/0001-Handle-IPv6-DNS-records-on-IPv4-networks-more-libera.patch
  2. +3
    -3
      patches/0002-EAI_NODATA-does-not-exist-everywhere.patch
  3. +0
    -55
      patches/0003-Use-LOG_NTP-syslog-facility-if-it-is-available.patch
  4. +0
    -53
      patches/0004-conditionally-fill-in-sin_len-sin6_len-if-they-exist.patch
  5. +0
    -116
      patches/0005-check-if-rdomain-support-is-available.patch
  6. +0
    -53
      patches/0006-update-ntpd.conf-to-indicate-OS-dependent-options.patch
  7. +0
    -52
      patches/0007-allow-overriding-default-user-and-file-locations.patch
  8. +0
    -150
      patches/0008-add-p-option-to-create-a-pid-file.patch
  9. +0
    -60
      patches/0009-initialize-setproctitle-where-needed.patch
  10. +0
    -68
      patches/0010-Notify-the-user-when-constraint-support-is-disabled.patch
  11. +0
    -33
      patches/0011-add-a-method-for-updating-the-realtime-clock-on-sync.patch
  12. +0
    -69
      patches/0012-Deal-with-missing-SO_TIMESTAMP.patch
  13. +1
    -1
      update.sh

+ 3
- 3
patches/0001-Handle-IPv6-DNS-records-on-IPv4-networks-more-libera.patch View File

@ -1,7 +1,7 @@
From 7e3c2f022bd8f008d6db389c06b340972d3e0cc8 Mon Sep 17 00:00:00 2001
From 477c93ac049d28361ebe4f194ca710e681c92b14 Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Tue, 30 Dec 2014 09:10:22 -0600
Subject: [PATCH 01/12] Handle IPv6 DNS records on IPv4 networks more liberally
Subject: [PATCH 01/11] Handle IPv6 DNS records on IPv4 networks more liberally
Rather than fail on IPv4 only networks when seeing an IPv6 DNS record,
just give a warning.
@ -37,5 +37,5 @@ index a92382b..7ce3b38 100644
if (connect(p->query->fd, sa, SA_LEN(sa)) == -1) {
if (errno == ECONNREFUSED || errno == ENETUNREACH ||
--
2.6.3
2.6.4

+ 3
- 3
patches/0002-EAI_NODATA-does-not-exist-everywhere.patch View File

@ -1,7 +1,7 @@
From 8fee6e437f4adf331a76c704c8c5cba4df255f19 Mon Sep 17 00:00:00 2001
From 9ecbfcea549e7bcd36b380892240fcd2f671edb7 Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Tue, 30 Dec 2014 09:04:08 -0600
Subject: [PATCH 02/12] EAI_NODATA does not exist everywhere
Subject: [PATCH 02/11] EAI_NODATA does not exist everywhere
FreeBSD says it is deprecated #ifdef's it out.
@ -36,5 +36,5 @@ index b2f688e..c0a99b1 100644
log_warnx("could not parse \"%s\": %s", s,
gai_strerror(error));
--
2.6.3
2.6.4

+ 0
- 55
patches/0003-Use-LOG_NTP-syslog-facility-if-it-is-available.patch View File

@ -1,55 +0,0 @@
From ec9ba68b495b4d866b3f8542ff054541aaae87fd Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Mon, 12 Jan 2015 21:16:54 -0600
Subject: [PATCH 03/12] Use LOG_NTP syslog facility if it is available
FreeBSD PR: 114191
Submitted by: Robert Archer <freebsd@deathbeforedecaf.net>
---
src/usr.sbin/ntpd/log.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/usr.sbin/ntpd/log.c b/src/usr.sbin/ntpd/log.c
index 1d8304b..5d34709 100644
--- a/src/usr.sbin/ntpd/log.c
+++ b/src/usr.sbin/ntpd/log.c
@@ -17,7 +17,7 @@
*/
#include <sys/socket.h>
-
+#include <netinet/in.h>
#include <errno.h>
#include <netdb.h>
#include <pwd.h>
@@ -30,6 +30,10 @@
#include "log.h"
+#ifndef LOG_NTP
+#define LOG_NTP LOG_DAEMON
+#endif
+
#define TRACE_DEBUG 0x1
static int foreground;
@@ -39,7 +43,6 @@ void vlog(int, const char *, va_list);
void logit(int, const char *, ...)
__attribute__((format (printf, 2, 3)));
-
void
log_init(int n_foreground)
{
@@ -47,7 +50,7 @@ log_init(int n_foreground)
foreground = n_foreground;
if (! foreground)
- openlog(__progname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
+ openlog(__progname, LOG_PID | LOG_NDELAY, LOG_NTP);
tzset();
}
--
2.6.3

+ 0
- 53
patches/0004-conditionally-fill-in-sin_len-sin6_len-if-they-exist.patch View File

@ -1,53 +0,0 @@
From c936d099934f3d85dae03e3ac54af2056788a96e Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Tue, 30 Dec 2014 09:02:50 -0600
Subject: [PATCH 04/12] conditionally fill in sin_len/sin6_len if they exist
---
src/usr.sbin/ntpd/config.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/usr.sbin/ntpd/config.c b/src/usr.sbin/ntpd/config.c
index c0a99b1..87de17a 100644
--- a/src/usr.sbin/ntpd/config.c
+++ b/src/usr.sbin/ntpd/config.c
@@ -72,7 +72,9 @@ host_v4(const char *s)
if ((h = calloc(1, sizeof(struct ntp_addr))) == NULL)
fatal(NULL);
sa_in = (struct sockaddr_in *)&h->ss;
+#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
sa_in->sin_len = sizeof(struct sockaddr_in);
+#endif
sa_in->sin_family = AF_INET;
sa_in->sin_addr.s_addr = ina.s_addr;
@@ -94,7 +96,9 @@ host_v6(const char *s)
if ((h = calloc(1, sizeof(struct ntp_addr))) == NULL)
fatal(NULL);
sa_in6 = (struct sockaddr_in6 *)&h->ss;
+#ifdef SIN6_LEN
sa_in6->sin6_len = sizeof(struct sockaddr_in6);
+#endif
sa_in6->sin6_family = AF_INET6;
memcpy(&sa_in6->sin6_addr,
&((struct sockaddr_in6 *)res->ai_addr)->sin6_addr,
@@ -156,12 +160,16 @@ host_dns(const char *s, struct ntp_addr **hn)
h->ss.ss_family = res->ai_family;
if (res->ai_family == AF_INET) {
sa_in = (struct sockaddr_in *)&h->ss;
+#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
sa_in->sin_len = sizeof(struct sockaddr_in);
+#endif
sa_in->sin_addr.s_addr = ((struct sockaddr_in *)
res->ai_addr)->sin_addr.s_addr;
} else {
sa_in6 = (struct sockaddr_in6 *)&h->ss;
+#ifdef SIN6_LEN
sa_in6->sin6_len = sizeof(struct sockaddr_in6);
+#endif
memcpy(&sa_in6->sin6_addr, &((struct sockaddr_in6 *)
res->ai_addr)->sin6_addr, sizeof(struct in6_addr));
}
--
2.6.3

+ 0
- 116
patches/0005-check-if-rdomain-support-is-available.patch View File

@ -1,116 +0,0 @@
From 9dcb2008acca9650e4cf05f10a051c1a94bde77e Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Tue, 30 Dec 2014 09:05:46 -0600
Subject: [PATCH 05/12] check if rdomain support is available.
Handle FreeBSD's calling rdomain 'FIB'.
- from naddy@openbsd.org
---
src/usr.sbin/ntpd/ntpd.h | 6 ++++++
src/usr.sbin/ntpd/parse.y | 2 ++
src/usr.sbin/ntpd/server.c | 15 ++++++++++++++-
3 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h
index f6507f2..fa2eb7a 100644
--- a/src/usr.sbin/ntpd/ntpd.h
+++ b/src/usr.sbin/ntpd/ntpd.h
@@ -41,6 +41,12 @@
#define DRIFTFILE "/var/db/ntpd.drift"
#define CTLSOCKET "/var/run/ntpd.sock"
+#if defined(SO_SETFIB)
+#define SO_RTABLE SO_SETFIB
+#define SIOCGIFRDOMAIN SIOCGIFFIB
+#define ifr_rdomainid ifr_fib
+#endif
+
#define INTERVAL_QUERY_NORMAL 30 /* sync to peers every n secs */
#define INTERVAL_QUERY_PATHETIC 60
#define INTERVAL_QUERY_AGGRESSIVE 5
diff --git a/src/usr.sbin/ntpd/parse.y b/src/usr.sbin/ntpd/parse.y
index 6d50795..33fe13d 100644
--- a/src/usr.sbin/ntpd/parse.y
+++ b/src/usr.sbin/ntpd/parse.y
@@ -404,11 +404,13 @@ weight : WEIGHT NUMBER {
opts.weight = $2;
}
rtable : RTABLE NUMBER {
+#ifdef RT_TABLEID_MAX
if ($2 < 0 || $2 > RT_TABLEID_MAX) {
yyerror("rtable must be between 1"
" and RT_TABLEID_MAX");
YYERROR;
}
+#endif
opts.rtable = $2;
}
;
diff --git a/src/usr.sbin/ntpd/server.c b/src/usr.sbin/ntpd/server.c
index fb297d7..2e28b9b 100644
--- a/src/usr.sbin/ntpd/server.c
+++ b/src/usr.sbin/ntpd/server.c
@@ -35,11 +35,16 @@ setup_listeners(struct servent *se, struct ntpd_conf *lconf, u_int *cnt)
struct listen_addr *la, *nla, *lap;
struct ifaddrs *ifa, *ifap;
struct sockaddr *sa;
+#ifdef SO_RTABLE
struct if_data *ifd;
+#endif
u_int8_t *a6;
size_t sa6len = sizeof(struct in6_addr);
u_int new_cnt = 0;
- int tos = IPTOS_LOWDELAY, rdomain = 0;
+ int tos = IPTOS_LOWDELAY;
+#ifdef SO_RTABLE
+ int rdomain = 0;
+#endif
TAILQ_FOREACH(lap, &lconf->listen_addrs, entry) {
switch (lap->sa.ss_family) {
@@ -51,15 +56,19 @@ setup_listeners(struct servent *se, struct ntpd_conf *lconf, u_int *cnt)
sa = ifap->ifa_addr;
if (sa == NULL || SA_LEN(sa) == 0)
continue;
+#ifdef SO_RTABLE
if (sa->sa_family == AF_LINK) {
ifd = ifap->ifa_data;
rdomain = ifd->ifi_rdomain;
}
+#endif
if (sa->sa_family != AF_INET &&
sa->sa_family != AF_INET6)
continue;
+#ifdef SO_RTABLE
if (lap->rtable != -1 && rdomain != lap->rtable)
continue;
+#endif
if (sa->sa_family == AF_INET &&
((struct sockaddr_in *)sa)->sin_addr.s_addr ==
@@ -78,7 +87,9 @@ setup_listeners(struct servent *se, struct ntpd_conf *lconf, u_int *cnt)
fatal("setup_listeners calloc");
memcpy(&la->sa, sa, SA_LEN(sa));
+#ifdef SO_RTABLE
la->rtable = rdomain;
+#endif
TAILQ_INSERT_TAIL(&lconf->listen_addrs, la, entry);
}
@@ -123,10 +134,12 @@ setup_listeners(struct servent *se, struct ntpd_conf *lconf, u_int *cnt)
IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) == -1)
log_warn("setsockopt IPTOS_LOWDELAY");
+#ifdef SO_RTABLE
if (la->rtable != -1 &&
setsockopt(la->fd, SOL_SOCKET, SO_RTABLE, &la->rtable,
sizeof(la->rtable)) == -1)
fatal("setup_listeners setsockopt SO_RTABLE");
+#endif
if (bind(la->fd, (struct sockaddr *)&la->sa,
SA_LEN((struct sockaddr *)&la->sa)) == -1) {
--
2.6.3

+ 0
- 53
patches/0006-update-ntpd.conf-to-indicate-OS-dependent-options.patch View File

@ -1,53 +0,0 @@
From 7ff884df5fdca1cf65650db6cc06235f5cc042ef Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Tue, 30 Dec 2014 09:20:03 -0600
Subject: [PATCH 06/12] update ntpd.conf to indicate OS-dependent options
Also, clarify listening behavior based on a patch from
Dererk <dererk@debian.org>
Debian bug ID: 575705
---
src/usr.sbin/ntpd/ntpd.conf.5 | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/usr.sbin/ntpd/ntpd.conf.5 b/src/usr.sbin/ntpd/ntpd.conf.5
index af11a7e..87f94e8 100644
--- a/src/usr.sbin/ntpd/ntpd.conf.5
+++ b/src/usr.sbin/ntpd/ntpd.conf.5
@@ -38,9 +38,14 @@ The basic configuration options are as follows:
.It Xo Ic listen on Ar address
.Op Ic rtable Ar table-id
.Xc
+.Xr ntpd 8
+has the ability to sync the local clock to remote NTP servers and, if
+this directive is specified, can act as NTP server itself, redistributing the
+local clock.
+.Pp
Specify a local IP address or a hostname the
.Xr ntpd 8
-daemon should listen on.
+daemon should listen on to enable remote clients synchronization.
If it appears multiple times,
.Xr ntpd 8
will listen on each given address.
@@ -53,7 +58,7 @@ will listen on all local addresses using the specified routing table.
does not listen on any address by default.
The optional
.Ic rtable
-keyword will specify which routing table to listen on.
+keyword will specify which routing table to listen on, if the operating system supports rdomains.
By default
.Xr ntpd 8
will listen using the current routing table.
@@ -76,7 +81,7 @@ listen on 127.0.0.1 rtable 4
.Xc
Specify a timedelta sensor device
.Xr ntpd 8
-should use.
+should use, if the operating system supports sensors.
The sensor can be specified multiple times:
.Xr ntpd 8
will use each given sensor that actually exists.
--
2.6.3

+ 0
- 52
patches/0007-allow-overriding-default-user-and-file-locations.patch View File

@ -1,52 +0,0 @@
From eb72af64c3304396f355b54cba266b4ed300b8c9 Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Thu, 1 Jan 2015 07:18:11 -0600
Subject: [PATCH 07/12] allow overriding default user and file locations
Allow the build process to override the default ntpd file paths and
default user.
---
src/usr.sbin/ntpd/ntpd.h | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h
index fa2eb7a..1383056 100644
--- a/src/usr.sbin/ntpd/ntpd.h
+++ b/src/usr.sbin/ntpd/ntpd.h
@@ -36,10 +36,20 @@
#define MAXIMUM(a, b) ((a) > (b) ? (a) : (b))
+#ifndef NTPD_USER
#define NTPD_USER "_ntp"
-#define CONFFILE "/etc/ntpd.conf"
-#define DRIFTFILE "/var/db/ntpd.drift"
-#define CTLSOCKET "/var/run/ntpd.sock"
+#endif
+
+#ifndef SYSCONFDIR
+#define SYSCONFDIR "/etc"
+#endif
+#define CONFFILE SYSCONFDIR "/ntpd.conf"
+
+#ifndef LOCALSTATEDIR
+#define LOCALSTATEDIR "/var"
+#endif
+#define DRIFTFILE LOCALSTATEDIR "/db/ntpd.drift"
+#define CTLSOCKET LOCALSTATEDIR "/run/ntpd.sock"
#if defined(SO_SETFIB)
#define SO_RTABLE SO_SETFIB
@@ -87,7 +97,9 @@
#define CONSTRAINT_PORT "443" /* HTTPS port */
#define CONSTRAINT_MAXHEADERLENGTH 8192
#define CONSTRAINT_PASSFD (STDERR_FILENO + 1)
+#ifndef CONSTRAINT_CA
#define CONSTRAINT_CA "/etc/ssl/cert.pem"
+#endif
enum client_state {
STATE_NONE,
--
2.6.3

+ 0
- 150
patches/0008-add-p-option-to-create-a-pid-file.patch View File

@ -1,150 +0,0 @@
From 735b7714af879176149a9861d781b275e7079fb7 Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Wed, 31 Dec 2014 08:26:41 -0600
Subject: [PATCH 08/12] add -p option to create a pid file
This is used in both the Gentoo and Debian ports.
Origin: https://bugs.gentoo.org/show_bug.cgi?id=493082
---
src/usr.sbin/ntpd/ntpd.8 | 4 ++++
src/usr.sbin/ntpd/ntpd.c | 33 ++++++++++++++++++++++++++++-----
src/usr.sbin/ntpd/ntpd.h | 1 +
3 files changed, 33 insertions(+), 5 deletions(-)
diff --git a/src/usr.sbin/ntpd/ntpd.8 b/src/usr.sbin/ntpd/ntpd.8
index dcfb6d2..1b885a1 100644
--- a/src/usr.sbin/ntpd/ntpd.8
+++ b/src/usr.sbin/ntpd/ntpd.8
@@ -25,6 +25,7 @@
.Bk -words
.Op Fl dnSsv
.Op Fl f Ar file
+.Op Fl p Ar file
.Ek
.Sh DESCRIPTION
The
@@ -59,6 +60,9 @@ instead of the default
.It Fl n
Configtest mode.
Only check the configuration file for validity.
+.It Fl p Ar file
+Write pid to
+.Ar file
.It Fl S
Do not set the time immediately at startup.
This is the default.
diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c
index 83b42ee..40570ee 100644
--- a/src/usr.sbin/ntpd/ntpd.c
+++ b/src/usr.sbin/ntpd/ntpd.c
@@ -86,6 +86,18 @@ sighdlr(int sig)
}
}
+void
+writepid(struct ntpd_conf *lconf)
+{
+ if (lconf->pid_file != NULL) {
+ FILE *f = fopen(lconf->pid_file, "w");
+ if (f == NULL)
+ fatal("couldn't open pid file");
+ fprintf(f, "%ld\n", (long) getpid());
+ fclose(f);
+ }
+}
+
__dead void
usage(void)
{
@@ -95,7 +107,7 @@ usage(void)
fprintf(stderr,
"usage: ntpctl -s all | peers | Sensors | status\n");
else
- fprintf(stderr, "usage: %s [-dnSsv] [-f file]\n",
+ fprintf(stderr, "usage: %s [-dnSsv] [-f file] [-p file]\n",
__progname);
exit(1);
}
@@ -133,7 +145,7 @@ main(int argc, char *argv[])
log_init(1); /* log to stderr until daemonized */
- while ((ch = getopt(argc, argv, "df:nsSv")) != -1) {
+ while ((ch = getopt(argc, argv, "df:np:sSv")) != -1) {
switch (ch) {
case 'd':
lconf.debug = 1;
@@ -145,6 +157,9 @@ main(int argc, char *argv[])
case 'n':
lconf.noaction = 1;
break;
+ case 'p':
+ lconf.pid_file = optarg;
+ break;
case 's':
lconf.settime = 1;
break;
@@ -189,9 +204,11 @@ main(int argc, char *argv[])
reset_adjtime();
if (!lconf.settime) {
log_init(lconf.debug);
- if (!lconf.debug)
+ if (!lconf.debug) {
if (daemon(1, 0))
fatal("daemon");
+ writepid(&lconf);
+ }
} else
timeout = SETTIME_TIMEOUT * 1000;
@@ -269,9 +286,11 @@ main(int argc, char *argv[])
log_init(lconf.debug);
log_warnx("no reply received in time, skipping initial "
"time setting");
- if (!lconf.debug)
+ if (!lconf.debug) {
if (daemon(1, 0))
fatal("daemon");
+ writepid(&lconf);
+ }
}
if (nfds > 0 && (pfd[PFD_PIPE].revents & POLLOUT))
@@ -314,6 +333,8 @@ main(int argc, char *argv[])
msgbuf_clear(&ibuf->w);
free(ibuf);
log_info("Terminating");
+ if (lconf.pid_file != NULL)
+ unlink(lconf.pid_file);
return (0);
}
@@ -396,9 +417,11 @@ dispatch_imsg(struct ntpd_conf *lconf, const char *pw_dir,
memcpy(&d, imsg.data, sizeof(d));
ntpd_settime(d);
/* daemonize now */
- if (!lconf->debug)
+ if (!lconf->debug) {
if (daemon(1, 0))
fatal("daemon");
+ writepid(lconf);
+ }
lconf->settime = 0;
timeout = INFTIM;
break;
diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h
index 1383056..e542849 100644
--- a/src/usr.sbin/ntpd/ntpd.h
+++ b/src/usr.sbin/ntpd/ntpd.h
@@ -242,6 +242,7 @@ struct ntpd_conf {
u_int constraint_errors;
u_int8_t *ca;
size_t ca_len;
+ char *pid_file;
};
struct ctl_show_status {
--
2.6.3

+ 0
- 60
patches/0009-initialize-setproctitle-where-needed.patch View File

@ -1,60 +0,0 @@
From 0c286469c195738efc45001b1fcd4f8b4044a141 Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Mon, 12 Jan 2015 06:18:31 -0600
Subject: [PATCH 09/12] initialize setproctitle where needed
We need to save a copy of argv and __progname to avoid setproctitle
clobbering them.
---
src/usr.sbin/ntpd/ntpd.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c
index 40570ee..3d0ceb2 100644
--- a/src/usr.sbin/ntpd/ntpd.c
+++ b/src/usr.sbin/ntpd/ntpd.c
@@ -116,6 +116,13 @@ usage(void)
#define PFD_PIPE 0
#define PFD_MAX 1
+/* Saves a copy of argv for setproctitle emulation */
+#ifndef HAVE_SETPROCTITLE
+static char **saved_argv;
+#endif
+
+char *get_progname(char *argv0);
+
int
main(int argc, char *argv[])
{
@@ -145,6 +152,18 @@ main(int argc, char *argv[])
log_init(1); /* log to stderr until daemonized */
+ __progname = get_progname(argv[0]);
+
+#ifndef HAVE_SETPROCTITLE
+ /* Prepare for later setproctitle emulation */
+ saved_argv = calloc(argc + 1, sizeof(*saved_argv));
+ for (i = 0; i < argc; i++)
+ saved_argv[i] = strdup(argv[i]);
+ saved_argv[i] = NULL;
+ compat_init_setproctitle(argc, argv);
+ argv = saved_argv;
+#endif
+
while ((ch = getopt(argc, argv, "df:np:sSv")) != -1) {
switch (ch) {
case 'd':
@@ -549,7 +568,7 @@ readfreq(void)
freqfp = fopen(DRIFTFILE, "w");
return;
}
-
+
freqfp = fdopen(fd, "r+");
/* if we're adjusting frequency already, don't override */
--
2.6.3

+ 0
- 68
patches/0010-Notify-the-user-when-constraint-support-is-disabled.patch View File

@ -1,68 +0,0 @@
From c685d444684c047721ce4c3789aa50eab7ed7a91 Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Fri, 27 Mar 2015 23:14:15 -0500
Subject: [PATCH 10/12] Notify the user when constraint support is disabled.
Update the manpage and make a constraint line a fatal error if it is
configured but ntpd is built without libtls present.
From Paul B. Henson.
---
src/usr.sbin/ntpd/config.c | 3 +++
src/usr.sbin/ntpd/constraint.c | 2 ++
src/usr.sbin/ntpd/ntpd.conf.5 | 7 +++++--
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/usr.sbin/ntpd/config.c b/src/usr.sbin/ntpd/config.c
index 87de17a..5a75030 100644
--- a/src/usr.sbin/ntpd/config.c
+++ b/src/usr.sbin/ntpd/config.c
@@ -219,6 +219,9 @@ new_constraint(void)
p->id = ++constraint_maxid;
p->fd = -1;
+#ifndef HAVE_LIBTLS
+ fatal("constraint configured without libtls support");
+#endif
return (p);
}
diff --git a/src/usr.sbin/ntpd/constraint.c b/src/usr.sbin/ntpd/constraint.c
index 3fc837f..72b3980 100644
--- a/src/usr.sbin/ntpd/constraint.c
+++ b/src/usr.sbin/ntpd/constraint.c
@@ -288,12 +288,14 @@ priv_constraint_child(struct constraint *cstr, struct ntp_addr_msg *am,
if (setpriority(PRIO_PROCESS, 0, 0) == -1)
log_warn("could not set priority");
+#ifdef HAVE_LIBTLS
/* Init TLS and load cert before chroot() */
if (tls_init() == -1)
fatalx("tls_init");
if ((conf->ca = tls_load_file(CONSTRAINT_CA,
&conf->ca_len, NULL)) == NULL)
log_warnx("constraint certificate verification turned off");
+#endif
if (chroot(pw_dir) == -1)
fatal("chroot");
diff --git a/src/usr.sbin/ntpd/ntpd.conf.5 b/src/usr.sbin/ntpd/ntpd.conf.5
index 87f94e8..7f729d2 100644
--- a/src/usr.sbin/ntpd/ntpd.conf.5
+++ b/src/usr.sbin/ntpd/ntpd.conf.5
@@ -185,8 +185,11 @@ authenticated constraint,
thereby reducing the impact of unauthenticated NTP
man-in-the-middle attacks.
Received NTP packets with time information falling outside of a range
-near the constraint will be discarded and such NTP servers
-will be marked as invalid.
+near the constraint will be discarded and such NTP servers will be marked as
+invalid. Contraints are only available if
+.Xr ntpd 8
+has been compiled with libtls support. Configuring a constraint without libtls
+support will result in a fatal error.
.Bl -tag -width Ds
.It Ic constraint from Ar url
Specify the URL, IP address or the hostname of an HTTPS server to
--
2.6.3

+ 0
- 33
patches/0011-add-a-method-for-updating-the-realtime-clock-on-sync.patch View File

@ -1,33 +0,0 @@
From 4a446e2cfe1792cd75af53b515fe0b71b6c97b0f Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Mon, 4 May 2015 04:27:29 -0500
Subject: [PATCH 11/12] add a method for updating the realtime clock on sync
from Christian Weisgerber
---
src/usr.sbin/ntpd/ntpd.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c
index 3d0ceb2..eef7d2c 100644
--- a/src/usr.sbin/ntpd/ntpd.c
+++ b/src/usr.sbin/ntpd/ntpd.c
@@ -54,6 +54,7 @@ const char *ctl_lookup_option(char *, const char **);
void show_status_msg(struct imsg *);
void show_peer_msg(struct imsg *, int);
void show_sensor_msg(struct imsg *, int);
+void update_time_sync_status(int);
volatile sig_atomic_t quit = 0;
volatile sig_atomic_t reconfig = 0;
@@ -486,6 +487,7 @@ ntpd_adjtime(double d)
else if (!firstadj && olddelta.tv_sec == 0 && olddelta.tv_usec == 0)
synced = 1;
firstadj = 0;
+ update_time_sync_status(synced);
return (synced);
}
--
2.6.3

+ 0
- 69
patches/0012-Deal-with-missing-SO_TIMESTAMP.patch View File

@ -1,69 +0,0 @@
From 585ee6ed92a06261aea08b05963789652f32a997 Mon Sep 17 00:00:00 2001
From: Brent Cook <bcook@openbsd.org>
Date: Sun, 6 Dec 2015 22:35:38 -0600
Subject: [PATCH 12/12] Deal with missing SO_TIMESTAMP
from Paul B. Henson" <henson@acm.org>
Fall back to the previous client.c implementation when it is not found.
---
src/usr.sbin/ntpd/client.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/usr.sbin/ntpd/client.c b/src/usr.sbin/ntpd/client.c
index 7ce3b38..edca87c 100644
--- a/src/usr.sbin/ntpd/client.c
+++ b/src/usr.sbin/ntpd/client.c
@@ -163,10 +163,12 @@ client_query(struct ntp_peer *p)
if (p->addr->ss.ss_family == AF_INET && setsockopt(p->query->fd,
IPPROTO_IP, IP_TOS, &val, sizeof(val)) == -1)
log_warn("setsockopt IPTOS_LOWDELAY");
+#ifdef SO_TIMESTAMP
val = 1;
if (setsockopt(p->query->fd, SOL_SOCKET, SO_TIMESTAMP,
&val, sizeof(val)) == -1)
fatal("setsockopt SO_TIMESTAMP");
+#endif
}
/*
@@ -213,7 +215,9 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime)
struct cmsghdr hdr;
char buf[CMSG_SPACE(sizeof(tv))];
} cmsgbuf;
+#ifdef SO_TIMESTAMP
struct cmsghdr *cmsg;
+#endif
ssize_t size;
double T1, T2, T3, T4;
time_t interval;
@@ -226,7 +230,6 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime)
somsg.msg_control = cmsgbuf.buf;
somsg.msg_controllen = sizeof(cmsgbuf.buf);
- T4 = getoffset();
if ((size = recvmsg(p->query->fd, &somsg, 0)) == -1) {
if (errno == EHOSTUNREACH || errno == EHOSTDOWN ||
errno == ENETUNREACH || errno == ENETDOWN ||
@@ -251,6 +254,8 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime)
return (0);
}
+#ifdef SO_TIMESTAMP
+ T4 = getoffset();
for (cmsg = CMSG_FIRSTHDR(&somsg); cmsg != NULL;
cmsg = CMSG_NXTHDR(&somsg, cmsg)) {
if (cmsg->cmsg_level == SOL_SOCKET &&
@@ -260,6 +265,9 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime)
break;
}
}
+#else
+ T4 = gettime_corrected();
+#endif
if (T4 < JAN_1970) {
client_log_error(p, "recvmsg control format", EBADF);
--
2.6.3

+ 1
- 1
update.sh View File

@ -55,7 +55,7 @@ for i in $libcrypto_src/crypto/getentropy_*.c; do
done
$CP $libcrypto_src/crypto/arc4random_*.h compat
for i in client.c config.c constraint.c control.c log.c log.h ntp.c ntp.h \
for i in client.c config.c constraint.c control.c log.c ntp.c ntp.h \
ntp_dns.c ntp_msg.c ntpd.c ntpd.h parse.y sensors.c server.c util.c \
ntpctl.8 ntpd.8 ntpd.conf.5 ; do
file=`basename $i`


Write Preview
Loading…
Cancel
Save