Browse Source

update and rebase patches, we no longer need the LOG_NTP workaround

OPENBSD_5_9
Brent Cook 9 years ago
parent
commit
4575cfbbce
13 changed files with 7 additions and 716 deletions
  1. +3
    -3
      patches/0001-Handle-IPv6-DNS-records-on-IPv4-networks-more-libera.patch
  2. +3
    -3
      patches/0002-EAI_NODATA-does-not-exist-everywhere.patch
  3. +0
    -55
      patches/0003-Use-LOG_NTP-syslog-facility-if-it-is-available.patch
  4. +0
    -53
      patches/0004-conditionally-fill-in-sin_len-sin6_len-if-they-exist.patch
  5. +0
    -116
      patches/0005-check-if-rdomain-support-is-available.patch
  6. +0
    -53
      patches/0006-update-ntpd.conf-to-indicate-OS-dependent-options.patch
  7. +0
    -52
      patches/0007-allow-overriding-default-user-and-file-locations.patch
  8. +0
    -150
      patches/0008-add-p-option-to-create-a-pid-file.patch
  9. +0
    -60
      patches/0009-initialize-setproctitle-where-needed.patch
  10. +0
    -68
      patches/0010-Notify-the-user-when-constraint-support-is-disabled.patch
  11. +0
    -33
      patches/0011-add-a-method-for-updating-the-realtime-clock-on-sync.patch
  12. +0
    -69
      patches/0012-Deal-with-missing-SO_TIMESTAMP.patch
  13. +1
    -1
      update.sh

+ 3
- 3
patches/0001-Handle-IPv6-DNS-records-on-IPv4-networks-more-libera.patch View File

@ -1,7 +1,7 @@
From 7e3c2f022bd8f008d6db389c06b340972d3e0cc8 Mon Sep 17 00:00:00 2001
From 477c93ac049d28361ebe4f194ca710e681c92b14 Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com> From: Brent Cook <busterb@gmail.com>
Date: Tue, 30 Dec 2014 09:10:22 -0600 Date: Tue, 30 Dec 2014 09:10:22 -0600
Subject: [PATCH 01/12] Handle IPv6 DNS records on IPv4 networks more liberally
Subject: [PATCH 01/11] Handle IPv6 DNS records on IPv4 networks more liberally
Rather than fail on IPv4 only networks when seeing an IPv6 DNS record, Rather than fail on IPv4 only networks when seeing an IPv6 DNS record,
just give a warning. just give a warning.
@ -37,5 +37,5 @@ index a92382b..7ce3b38 100644
if (connect(p->query->fd, sa, SA_LEN(sa)) == -1) { if (connect(p->query->fd, sa, SA_LEN(sa)) == -1) {
if (errno == ECONNREFUSED || errno == ENETUNREACH || if (errno == ECONNREFUSED || errno == ENETUNREACH ||
-- --
2.6.3
2.6.4

+ 3
- 3
patches/0002-EAI_NODATA-does-not-exist-everywhere.patch View File

@ -1,7 +1,7 @@
From 8fee6e437f4adf331a76c704c8c5cba4df255f19 Mon Sep 17 00:00:00 2001
From 9ecbfcea549e7bcd36b380892240fcd2f671edb7 Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com> From: Brent Cook <busterb@gmail.com>
Date: Tue, 30 Dec 2014 09:04:08 -0600 Date: Tue, 30 Dec 2014 09:04:08 -0600
Subject: [PATCH 02/12] EAI_NODATA does not exist everywhere
Subject: [PATCH 02/11] EAI_NODATA does not exist everywhere
FreeBSD says it is deprecated #ifdef's it out. FreeBSD says it is deprecated #ifdef's it out.
@ -36,5 +36,5 @@ index b2f688e..c0a99b1 100644
log_warnx("could not parse \"%s\": %s", s, log_warnx("could not parse \"%s\": %s", s,
gai_strerror(error)); gai_strerror(error));
-- --
2.6.3
2.6.4

+ 0
- 55
patches/0003-Use-LOG_NTP-syslog-facility-if-it-is-available.patch View File

@ -1,55 +0,0 @@
From ec9ba68b495b4d866b3f8542ff054541aaae87fd Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Mon, 12 Jan 2015 21:16:54 -0600
Subject: [PATCH 03/12] Use LOG_NTP syslog facility if it is available
FreeBSD PR: 114191
Submitted by: Robert Archer <freebsd@deathbeforedecaf.net>
---
src/usr.sbin/ntpd/log.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/usr.sbin/ntpd/log.c b/src/usr.sbin/ntpd/log.c
index 1d8304b..5d34709 100644
--- a/src/usr.sbin/ntpd/log.c
+++ b/src/usr.sbin/ntpd/log.c
@@ -17,7 +17,7 @@
*/
#include <sys/socket.h>
-
+#include <netinet/in.h>
#include <errno.h>
#include <netdb.h>
#include <pwd.h>
@@ -30,6 +30,10 @@
#include "log.h"
+#ifndef LOG_NTP
+#define LOG_NTP LOG_DAEMON
+#endif
+
#define TRACE_DEBUG 0x1
static int foreground;
@@ -39,7 +43,6 @@ void vlog(int, const char *, va_list);
void logit(int, const char *, ...)
__attribute__((format (printf, 2, 3)));
-
void
log_init(int n_foreground)
{
@@ -47,7 +50,7 @@ log_init(int n_foreground)
foreground = n_foreground;
if (! foreground)
- openlog(__progname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
+ openlog(__progname, LOG_PID | LOG_NDELAY, LOG_NTP);
tzset();
}
--
2.6.3

+ 0
- 53
patches/0004-conditionally-fill-in-sin_len-sin6_len-if-they-exist.patch View File

@ -1,53 +0,0 @@
From c936d099934f3d85dae03e3ac54af2056788a96e Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Tue, 30 Dec 2014 09:02:50 -0600
Subject: [PATCH 04/12] conditionally fill in sin_len/sin6_len if they exist
---
src/usr.sbin/ntpd/config.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/usr.sbin/ntpd/config.c b/src/usr.sbin/ntpd/config.c
index c0a99b1..87de17a 100644
--- a/src/usr.sbin/ntpd/config.c
+++ b/src/usr.sbin/ntpd/config.c
@@ -72,7 +72,9 @@ host_v4(const char *s)
if ((h = calloc(1, sizeof(struct ntp_addr))) == NULL)
fatal(NULL);
sa_in = (struct sockaddr_in *)&h->ss;
+#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
sa_in->sin_len = sizeof(struct sockaddr_in);
+#endif
sa_in->sin_family = AF_INET;
sa_in->sin_addr.s_addr = ina.s_addr;
@@ -94,7 +96,9 @@ host_v6(const char *s)
if ((h = calloc(1, sizeof(struct ntp_addr))) == NULL)
fatal(NULL);
sa_in6 = (struct sockaddr_in6 *)&h->ss;
+#ifdef SIN6_LEN
sa_in6->sin6_len = sizeof(struct sockaddr_in6);
+#endif
sa_in6->sin6_family = AF_INET6;
memcpy(&sa_in6->sin6_addr,
&((struct sockaddr_in6 *)res->ai_addr)->sin6_addr,
@@ -156,12 +160,16 @@ host_dns(const char *s, struct ntp_addr **hn)
h->ss.ss_family = res->ai_family;
if (res->ai_family == AF_INET) {
sa_in = (struct sockaddr_in *)&h->ss;
+#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
sa_in->sin_len = sizeof(struct sockaddr_in);
+#endif
sa_in->sin_addr.s_addr = ((struct sockaddr_in *)
res->ai_addr)->sin_addr.s_addr;
} else {
sa_in6 = (struct sockaddr_in6 *)&h->ss;
+#ifdef SIN6_LEN
sa_in6->sin6_len = sizeof(struct sockaddr_in6);
+#endif
memcpy(&sa_in6->sin6_addr, &((struct sockaddr_in6 *)
res->ai_addr)->sin6_addr, sizeof(struct in6_addr));
}
--
2.6.3

+ 0
- 116
patches/0005-check-if-rdomain-support-is-available.patch View File

@ -1,116 +0,0 @@
From 9dcb2008acca9650e4cf05f10a051c1a94bde77e Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Tue, 30 Dec 2014 09:05:46 -0600
Subject: [PATCH 05/12] check if rdomain support is available.
Handle FreeBSD's calling rdomain 'FIB'.
- from naddy@openbsd.org
---
src/usr.sbin/ntpd/ntpd.h | 6 ++++++
src/usr.sbin/ntpd/parse.y | 2 ++
src/usr.sbin/ntpd/server.c | 15 ++++++++++++++-
3 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h
index f6507f2..fa2eb7a 100644
--- a/src/usr.sbin/ntpd/ntpd.h
+++ b/src/usr.sbin/ntpd/ntpd.h
@@ -41,6 +41,12 @@
#define DRIFTFILE "/var/db/ntpd.drift"
#define CTLSOCKET "/var/run/ntpd.sock"
+#if defined(SO_SETFIB)
+#define SO_RTABLE SO_SETFIB
+#define SIOCGIFRDOMAIN SIOCGIFFIB
+#define ifr_rdomainid ifr_fib
+#endif
+
#define INTERVAL_QUERY_NORMAL 30 /* sync to peers every n secs */
#define INTERVAL_QUERY_PATHETIC 60
#define INTERVAL_QUERY_AGGRESSIVE 5
diff --git a/src/usr.sbin/ntpd/parse.y b/src/usr.sbin/ntpd/parse.y
index 6d50795..33fe13d 100644
--- a/src/usr.sbin/ntpd/parse.y
+++ b/src/usr.sbin/ntpd/parse.y
@@ -404,11 +404,13 @@ weight : WEIGHT NUMBER {
opts.weight = $2;
}
rtable : RTABLE NUMBER {
+#ifdef RT_TABLEID_MAX
if ($2 < 0 || $2 > RT_TABLEID_MAX) {
yyerror("rtable must be between 1"
" and RT_TABLEID_MAX");
YYERROR;
}
+#endif
opts.rtable = $2;
}
;
diff --git a/src/usr.sbin/ntpd/server.c b/src/usr.sbin/ntpd/server.c
index fb297d7..2e28b9b 100644
--- a/src/usr.sbin/ntpd/server.c
+++ b/src/usr.sbin/ntpd/server.c
@@ -35,11 +35,16 @@ setup_listeners(struct servent *se, struct ntpd_conf *lconf, u_int *cnt)
struct listen_addr *la, *nla, *lap;
struct ifaddrs *ifa, *ifap;
struct sockaddr *sa;
+#ifdef SO_RTABLE
struct if_data *ifd;
+#endif
u_int8_t *a6;
size_t sa6len = sizeof(struct in6_addr);
u_int new_cnt = 0;
- int tos = IPTOS_LOWDELAY, rdomain = 0;
+ int tos = IPTOS_LOWDELAY;
+#ifdef SO_RTABLE
+ int rdomain = 0;
+#endif
TAILQ_FOREACH(lap, &lconf->listen_addrs, entry) {
switch (lap->sa.ss_family) {
@@ -51,15 +56,19 @@ setup_listeners(struct servent *se, struct ntpd_conf *lconf, u_int *cnt)
sa = ifap->ifa_addr;
if (sa == NULL || SA_LEN(sa) == 0)
continue;
+#ifdef SO_RTABLE
if (sa->sa_family == AF_LINK) {
ifd = ifap->ifa_data;
rdomain = ifd->ifi_rdomain;
}
+#endif
if (sa->sa_family != AF_INET &&
sa->sa_family != AF_INET6)
continue;
+#ifdef SO_RTABLE
if (lap->rtable != -1 && rdomain != lap->rtable)
continue;
+#endif
if (sa->sa_family == AF_INET &&
((struct sockaddr_in *)sa)->sin_addr.s_addr ==
@@ -78,7 +87,9 @@ setup_listeners(struct servent *se, struct ntpd_conf *lconf, u_int *cnt)
fatal("setup_listeners calloc");
memcpy(&la->sa, sa, SA_LEN(sa));
+#ifdef SO_RTABLE
la->rtable = rdomain;
+#endif
TAILQ_INSERT_TAIL(&lconf->listen_addrs, la, entry);
}
@@ -123,10 +134,12 @@ setup_listeners(struct servent *se, struct ntpd_conf *lconf, u_int *cnt)
IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) == -1)
log_warn("setsockopt IPTOS_LOWDELAY");
+#ifdef SO_RTABLE
if (la->rtable != -1 &&
setsockopt(la->fd, SOL_SOCKET, SO_RTABLE, &la->rtable,
sizeof(la->rtable)) == -1)
fatal("setup_listeners setsockopt SO_RTABLE");
+#endif
if (bind(la->fd, (struct sockaddr *)&la->sa,
SA_LEN((struct sockaddr *)&la->sa)) == -1) {
--
2.6.3

+ 0
- 53
patches/0006-update-ntpd.conf-to-indicate-OS-dependent-options.patch View File

@ -1,53 +0,0 @@
From 7ff884df5fdca1cf65650db6cc06235f5cc042ef Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Tue, 30 Dec 2014 09:20:03 -0600
Subject: [PATCH 06/12] update ntpd.conf to indicate OS-dependent options
Also, clarify listening behavior based on a patch from
Dererk <dererk@debian.org>
Debian bug ID: 575705
---
src/usr.sbin/ntpd/ntpd.conf.5 | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/usr.sbin/ntpd/ntpd.conf.5 b/src/usr.sbin/ntpd/ntpd.conf.5
index af11a7e..87f94e8 100644
--- a/src/usr.sbin/ntpd/ntpd.conf.5
+++ b/src/usr.sbin/ntpd/ntpd.conf.5
@@ -38,9 +38,14 @@ The basic configuration options are as follows:
.It Xo Ic listen on Ar address
.Op Ic rtable Ar table-id
.Xc
+.Xr ntpd 8
+has the ability to sync the local clock to remote NTP servers and, if
+this directive is specified, can act as NTP server itself, redistributing the
+local clock.
+.Pp
Specify a local IP address or a hostname the
.Xr ntpd 8
-daemon should listen on.
+daemon should listen on to enable remote clients synchronization.
If it appears multiple times,
.Xr ntpd 8
will listen on each given address.
@@ -53,7 +58,7 @@ will listen on all local addresses using the specified routing table.
does not listen on any address by default.
The optional
.Ic rtable
-keyword will specify which routing table to listen on.
+keyword will specify which routing table to listen on, if the operating system supports rdomains.
By default
.Xr ntpd 8
will listen using the current routing table.
@@ -76,7 +81,7 @@ listen on 127.0.0.1 rtable 4
.Xc
Specify a timedelta sensor device
.Xr ntpd 8
-should use.
+should use, if the operating system supports sensors.
The sensor can be specified multiple times:
.Xr ntpd 8
will use each given sensor that actually exists.
--
2.6.3

+ 0
- 52
patches/0007-allow-overriding-default-user-and-file-locations.patch View File

@ -1,52 +0,0 @@
From eb72af64c3304396f355b54cba266b4ed300b8c9 Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Thu, 1 Jan 2015 07:18:11 -0600
Subject: [PATCH 07/12] allow overriding default user and file locations
Allow the build process to override the default ntpd file paths and
default user.
---
src/usr.sbin/ntpd/ntpd.h | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h
index fa2eb7a..1383056 100644
--- a/src/usr.sbin/ntpd/ntpd.h
+++ b/src/usr.sbin/ntpd/ntpd.h
@@ -36,10 +36,20 @@
#define MAXIMUM(a, b) ((a) > (b) ? (a) : (b))
+#ifndef NTPD_USER
#define NTPD_USER "_ntp"
-#define CONFFILE "/etc/ntpd.conf"
-#define DRIFTFILE "/var/db/ntpd.drift"
-#define CTLSOCKET "/var/run/ntpd.sock"
+#endif
+
+#ifndef SYSCONFDIR
+#define SYSCONFDIR "/etc"
+#endif
+#define CONFFILE SYSCONFDIR "/ntpd.conf"
+
+#ifndef LOCALSTATEDIR
+#define LOCALSTATEDIR "/var"
+#endif
+#define DRIFTFILE LOCALSTATEDIR "/db/ntpd.drift"
+#define CTLSOCKET LOCALSTATEDIR "/run/ntpd.sock"
#if defined(SO_SETFIB)
#define SO_RTABLE SO_SETFIB
@@ -87,7 +97,9 @@
#define CONSTRAINT_PORT "443" /* HTTPS port */
#define CONSTRAINT_MAXHEADERLENGTH 8192
#define CONSTRAINT_PASSFD (STDERR_FILENO + 1)
+#ifndef CONSTRAINT_CA
#define CONSTRAINT_CA "/etc/ssl/cert.pem"
+#endif
enum client_state {
STATE_NONE,
--
2.6.3

+ 0
- 150
patches/0008-add-p-option-to-create-a-pid-file.patch View File

@ -1,150 +0,0 @@
From 735b7714af879176149a9861d781b275e7079fb7 Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Wed, 31 Dec 2014 08:26:41 -0600
Subject: [PATCH 08/12] add -p option to create a pid file
This is used in both the Gentoo and Debian ports.
Origin: https://bugs.gentoo.org/show_bug.cgi?id=493082
---
src/usr.sbin/ntpd/ntpd.8 | 4 ++++
src/usr.sbin/ntpd/ntpd.c | 33 ++++++++++++++++++++++++++++-----
src/usr.sbin/ntpd/ntpd.h | 1 +
3 files changed, 33 insertions(+), 5 deletions(-)
diff --git a/src/usr.sbin/ntpd/ntpd.8 b/src/usr.sbin/ntpd/ntpd.8
index dcfb6d2..1b885a1 100644
--- a/src/usr.sbin/ntpd/ntpd.8
+++ b/src/usr.sbin/ntpd/ntpd.8
@@ -25,6 +25,7 @@
.Bk -words
.Op Fl dnSsv
.Op Fl f Ar file
+.Op Fl p Ar file
.Ek
.Sh DESCRIPTION
The
@@ -59,6 +60,9 @@ instead of the default
.It Fl n
Configtest mode.
Only check the configuration file for validity.
+.It Fl p Ar file
+Write pid to
+.Ar file
.It Fl S
Do not set the time immediately at startup.
This is the default.
diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c
index 83b42ee..40570ee 100644
--- a/src/usr.sbin/ntpd/ntpd.c
+++ b/src/usr.sbin/ntpd/ntpd.c
@@ -86,6 +86,18 @@ sighdlr(int sig)
}
}
+void
+writepid(struct ntpd_conf *lconf)
+{
+ if (lconf->pid_file != NULL) {
+ FILE *f = fopen(lconf->pid_file, "w");
+ if (f == NULL)
+ fatal("couldn't open pid file");
+ fprintf(f, "%ld\n", (long) getpid());
+ fclose(f);
+ }
+}
+
__dead void
usage(void)
{
@@ -95,7 +107,7 @@ usage(void)
fprintf(stderr,
"usage: ntpctl -s all | peers | Sensors | status\n");
else
- fprintf(stderr, "usage: %s [-dnSsv] [-f file]\n",
+ fprintf(stderr, "usage: %s [-dnSsv] [-f file] [-p file]\n",
__progname);
exit(1);
}
@@ -133,7 +145,7 @@ main(int argc, char *argv[])
log_init(1); /* log to stderr until daemonized */
- while ((ch = getopt(argc, argv, "df:nsSv")) != -1) {
+ while ((ch = getopt(argc, argv, "df:np:sSv")) != -1) {
switch (ch) {
case 'd':
lconf.debug = 1;
@@ -145,6 +157,9 @@ main(int argc, char *argv[])
case 'n':
lconf.noaction = 1;
break;
+ case 'p':
+ lconf.pid_file = optarg;
+ break;
case 's':
lconf.settime = 1;
break;
@@ -189,9 +204,11 @@ main(int argc, char *argv[])
reset_adjtime();
if (!lconf.settime) {
log_init(lconf.debug);
- if (!lconf.debug)
+ if (!lconf.debug) {
if (daemon(1, 0))
fatal("daemon");
+ writepid(&lconf);
+ }
} else
timeout = SETTIME_TIMEOUT * 1000;
@@ -269,9 +286,11 @@ main(int argc, char *argv[])
log_init(lconf.debug);
log_warnx("no reply received in time, skipping initial "
"time setting");
- if (!lconf.debug)
+ if (!lconf.debug) {
if (daemon(1, 0))
fatal("daemon");
+ writepid(&lconf);
+ }
}
if (nfds > 0 && (pfd[PFD_PIPE].revents & POLLOUT))
@@ -314,6 +333,8 @@ main(int argc, char *argv[])
msgbuf_clear(&ibuf->w);
free(ibuf);
log_info("Terminating");
+ if (lconf.pid_file != NULL)
+ unlink(lconf.pid_file);
return (0);
}
@@ -396,9 +417,11 @@ dispatch_imsg(struct ntpd_conf *lconf, const char *pw_dir,
memcpy(&d, imsg.data, sizeof(d));
ntpd_settime(d);
/* daemonize now */
- if (!lconf->debug)
+ if (!lconf->debug) {
if (daemon(1, 0))
fatal("daemon");
+ writepid(lconf);
+ }
lconf->settime = 0;
timeout = INFTIM;
break;
diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h
index 1383056..e542849 100644
--- a/src/usr.sbin/ntpd/ntpd.h
+++ b/src/usr.sbin/ntpd/ntpd.h
@@ -242,6 +242,7 @@ struct ntpd_conf {
u_int constraint_errors;
u_int8_t *ca;
size_t ca_len;
+ char *pid_file;
};
struct ctl_show_status {
--
2.6.3

+ 0
- 60
patches/0009-initialize-setproctitle-where-needed.patch View File

@ -1,60 +0,0 @@
From 0c286469c195738efc45001b1fcd4f8b4044a141 Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Mon, 12 Jan 2015 06:18:31 -0600
Subject: [PATCH 09/12] initialize setproctitle where needed
We need to save a copy of argv and __progname to avoid setproctitle
clobbering them.
---
src/usr.sbin/ntpd/ntpd.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c
index 40570ee..3d0ceb2 100644
--- a/src/usr.sbin/ntpd/ntpd.c
+++ b/src/usr.sbin/ntpd/ntpd.c
@@ -116,6 +116,13 @@ usage(void)
#define PFD_PIPE 0
#define PFD_MAX 1
+/* Saves a copy of argv for setproctitle emulation */
+#ifndef HAVE_SETPROCTITLE
+static char **saved_argv;
+#endif
+
+char *get_progname(char *argv0);
+
int
main(int argc, char *argv[])
{
@@ -145,6 +152,18 @@ main(int argc, char *argv[])
log_init(1); /* log to stderr until daemonized */
+ __progname = get_progname(argv[0]);
+
+#ifndef HAVE_SETPROCTITLE
+ /* Prepare for later setproctitle emulation */
+ saved_argv = calloc(argc + 1, sizeof(*saved_argv));
+ for (i = 0; i < argc; i++)
+ saved_argv[i] = strdup(argv[i]);
+ saved_argv[i] = NULL;
+ compat_init_setproctitle(argc, argv);
+ argv = saved_argv;
+#endif
+
while ((ch = getopt(argc, argv, "df:np:sSv")) != -1) {
switch (ch) {
case 'd':
@@ -549,7 +568,7 @@ readfreq(void)
freqfp = fopen(DRIFTFILE, "w");
return;
}
-
+
freqfp = fdopen(fd, "r+");
/* if we're adjusting frequency already, don't override */
--
2.6.3

+ 0
- 68
patches/0010-Notify-the-user-when-constraint-support-is-disabled.patch View File

@ -1,68 +0,0 @@
From c685d444684c047721ce4c3789aa50eab7ed7a91 Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Fri, 27 Mar 2015 23:14:15 -0500
Subject: [PATCH 10/12] Notify the user when constraint support is disabled.
Update the manpage and make a constraint line a fatal error if it is
configured but ntpd is built without libtls present.
From Paul B. Henson.
---
src/usr.sbin/ntpd/config.c | 3 +++
src/usr.sbin/ntpd/constraint.c | 2 ++
src/usr.sbin/ntpd/ntpd.conf.5 | 7 +++++--
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/usr.sbin/ntpd/config.c b/src/usr.sbin/ntpd/config.c
index 87de17a..5a75030 100644
--- a/src/usr.sbin/ntpd/config.c
+++ b/src/usr.sbin/ntpd/config.c
@@ -219,6 +219,9 @@ new_constraint(void)
p->id = ++constraint_maxid;
p->fd = -1;
+#ifndef HAVE_LIBTLS
+ fatal("constraint configured without libtls support");
+#endif
return (p);
}
diff --git a/src/usr.sbin/ntpd/constraint.c b/src/usr.sbin/ntpd/constraint.c
index 3fc837f..72b3980 100644
--- a/src/usr.sbin/ntpd/constraint.c
+++ b/src/usr.sbin/ntpd/constraint.c
@@ -288,12 +288,14 @@ priv_constraint_child(struct constraint *cstr, struct ntp_addr_msg *am,
if (setpriority(PRIO_PROCESS, 0, 0) == -1)
log_warn("could not set priority");
+#ifdef HAVE_LIBTLS
/* Init TLS and load cert before chroot() */
if (tls_init() == -1)
fatalx("tls_init");
if ((conf->ca = tls_load_file(CONSTRAINT_CA,
&conf->ca_len, NULL)) == NULL)
log_warnx("constraint certificate verification turned off");
+#endif
if (chroot(pw_dir) == -1)
fatal("chroot");
diff --git a/src/usr.sbin/ntpd/ntpd.conf.5 b/src/usr.sbin/ntpd/ntpd.conf.5
index 87f94e8..7f729d2 100644
--- a/src/usr.sbin/ntpd/ntpd.conf.5
+++ b/src/usr.sbin/ntpd/ntpd.conf.5
@@ -185,8 +185,11 @@ authenticated constraint,
thereby reducing the impact of unauthenticated NTP
man-in-the-middle attacks.
Received NTP packets with time information falling outside of a range
-near the constraint will be discarded and such NTP servers
-will be marked as invalid.
+near the constraint will be discarded and such NTP servers will be marked as
+invalid. Contraints are only available if
+.Xr ntpd 8
+has been compiled with libtls support. Configuring a constraint without libtls
+support will result in a fatal error.
.Bl -tag -width Ds
.It Ic constraint from Ar url
Specify the URL, IP address or the hostname of an HTTPS server to
--
2.6.3

+ 0
- 33
patches/0011-add-a-method-for-updating-the-realtime-clock-on-sync.patch View File

@ -1,33 +0,0 @@
From 4a446e2cfe1792cd75af53b515fe0b71b6c97b0f Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Mon, 4 May 2015 04:27:29 -0500
Subject: [PATCH 11/12] add a method for updating the realtime clock on sync
from Christian Weisgerber
---
src/usr.sbin/ntpd/ntpd.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c
index 3d0ceb2..eef7d2c 100644
--- a/src/usr.sbin/ntpd/ntpd.c
+++ b/src/usr.sbin/ntpd/ntpd.c
@@ -54,6 +54,7 @@ const char *ctl_lookup_option(char *, const char **);
void show_status_msg(struct imsg *);
void show_peer_msg(struct imsg *, int);
void show_sensor_msg(struct imsg *, int);
+void update_time_sync_status(int);
volatile sig_atomic_t quit = 0;
volatile sig_atomic_t reconfig = 0;
@@ -486,6 +487,7 @@ ntpd_adjtime(double d)
else if (!firstadj && olddelta.tv_sec == 0 && olddelta.tv_usec == 0)
synced = 1;
firstadj = 0;
+ update_time_sync_status(synced);
return (synced);
}
--
2.6.3

+ 0
- 69
patches/0012-Deal-with-missing-SO_TIMESTAMP.patch View File

@ -1,69 +0,0 @@
From 585ee6ed92a06261aea08b05963789652f32a997 Mon Sep 17 00:00:00 2001
From: Brent Cook <bcook@openbsd.org>
Date: Sun, 6 Dec 2015 22:35:38 -0600
Subject: [PATCH 12/12] Deal with missing SO_TIMESTAMP
from Paul B. Henson" <henson@acm.org>
Fall back to the previous client.c implementation when it is not found.
---
src/usr.sbin/ntpd/client.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/usr.sbin/ntpd/client.c b/src/usr.sbin/ntpd/client.c
index 7ce3b38..edca87c 100644
--- a/src/usr.sbin/ntpd/client.c
+++ b/src/usr.sbin/ntpd/client.c
@@ -163,10 +163,12 @@ client_query(struct ntp_peer *p)
if (p->addr->ss.ss_family == AF_INET && setsockopt(p->query->fd,
IPPROTO_IP, IP_TOS, &val, sizeof(val)) == -1)
log_warn("setsockopt IPTOS_LOWDELAY");
+#ifdef SO_TIMESTAMP
val = 1;
if (setsockopt(p->query->fd, SOL_SOCKET, SO_TIMESTAMP,
&val, sizeof(val)) == -1)
fatal("setsockopt SO_TIMESTAMP");
+#endif
}
/*
@@ -213,7 +215,9 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime)
struct cmsghdr hdr;
char buf[CMSG_SPACE(sizeof(tv))];
} cmsgbuf;
+#ifdef SO_TIMESTAMP
struct cmsghdr *cmsg;
+#endif
ssize_t size;
double T1, T2, T3, T4;
time_t interval;
@@ -226,7 +230,6 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime)
somsg.msg_control = cmsgbuf.buf;
somsg.msg_controllen = sizeof(cmsgbuf.buf);
- T4 = getoffset();
if ((size = recvmsg(p->query->fd, &somsg, 0)) == -1) {
if (errno == EHOSTUNREACH || errno == EHOSTDOWN ||
errno == ENETUNREACH || errno == ENETDOWN ||
@@ -251,6 +254,8 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime)
return (0);
}
+#ifdef SO_TIMESTAMP
+ T4 = getoffset();
for (cmsg = CMSG_FIRSTHDR(&somsg); cmsg != NULL;
cmsg = CMSG_NXTHDR(&somsg, cmsg)) {
if (cmsg->cmsg_level == SOL_SOCKET &&
@@ -260,6 +265,9 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime)
break;
}
}
+#else
+ T4 = gettime_corrected();
+#endif
if (T4 < JAN_1970) {
client_log_error(p, "recvmsg control format", EBADF);
--
2.6.3

+ 1
- 1
update.sh View File

@ -55,7 +55,7 @@ for i in $libcrypto_src/crypto/getentropy_*.c; do
done done
$CP $libcrypto_src/crypto/arc4random_*.h compat $CP $libcrypto_src/crypto/arc4random_*.h compat
for i in client.c config.c constraint.c control.c log.c log.h ntp.c ntp.h \
for i in client.c config.c constraint.c control.c log.c ntp.c ntp.h \
ntp_dns.c ntp_msg.c ntpd.c ntpd.h parse.y sensors.c server.c util.c \ ntp_dns.c ntp_msg.c ntpd.c ntpd.h parse.y sensors.c server.c util.c \
ntpctl.8 ntpd.8 ntpd.conf.5 ; do ntpctl.8 ntpd.8 ntpd.conf.5 ; do
file=`basename $i` file=`basename $i`


Loading…
Cancel
Save