@ -0,0 +1,53 @@ | |||||
From d75fce3c40a9e24d8af8a568581e1882d21eb520 Mon Sep 17 00:00:00 2001 | |||||
From: Brent Cook <busterb@gmail.com> | |||||
Date: Tue, 30 Dec 2014 09:02:50 -0600 | |||||
Subject: [PATCH 03/11] conditionally fill in sin_len/sin6_len if they exist | |||||
--- | |||||
src/usr.sbin/ntpd/config.c | 8 ++++++++ | |||||
1 file changed, 8 insertions(+) | |||||
diff --git a/src/usr.sbin/ntpd/config.c b/src/usr.sbin/ntpd/config.c | |||||
index c0a99b1..87de17a 100644 | |||||
--- a/src/usr.sbin/ntpd/config.c | |||||
+++ b/src/usr.sbin/ntpd/config.c | |||||
@@ -72,7 +72,9 @@ host_v4(const char *s) | |||||
if ((h = calloc(1, sizeof(struct ntp_addr))) == NULL) | |||||
fatal(NULL); | |||||
sa_in = (struct sockaddr_in *)&h->ss; | |||||
+#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN | |||||
sa_in->sin_len = sizeof(struct sockaddr_in); | |||||
+#endif | |||||
sa_in->sin_family = AF_INET; | |||||
sa_in->sin_addr.s_addr = ina.s_addr; | |||||
@@ -94,7 +96,9 @@ host_v6(const char *s) | |||||
if ((h = calloc(1, sizeof(struct ntp_addr))) == NULL) | |||||
fatal(NULL); | |||||
sa_in6 = (struct sockaddr_in6 *)&h->ss; | |||||
+#ifdef SIN6_LEN | |||||
sa_in6->sin6_len = sizeof(struct sockaddr_in6); | |||||
+#endif | |||||
sa_in6->sin6_family = AF_INET6; | |||||
memcpy(&sa_in6->sin6_addr, | |||||
&((struct sockaddr_in6 *)res->ai_addr)->sin6_addr, | |||||
@@ -156,12 +160,16 @@ host_dns(const char *s, struct ntp_addr **hn) | |||||
h->ss.ss_family = res->ai_family; | |||||
if (res->ai_family == AF_INET) { | |||||
sa_in = (struct sockaddr_in *)&h->ss; | |||||
+#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN | |||||
sa_in->sin_len = sizeof(struct sockaddr_in); | |||||
+#endif | |||||
sa_in->sin_addr.s_addr = ((struct sockaddr_in *) | |||||
res->ai_addr)->sin_addr.s_addr; | |||||
} else { | |||||
sa_in6 = (struct sockaddr_in6 *)&h->ss; | |||||
+#ifdef SIN6_LEN | |||||
sa_in6->sin6_len = sizeof(struct sockaddr_in6); | |||||
+#endif | |||||
memcpy(&sa_in6->sin6_addr, &((struct sockaddr_in6 *) | |||||
res->ai_addr)->sin6_addr, sizeof(struct in6_addr)); | |||||
} | |||||
-- | |||||
2.6.4 | |||||
@ -0,0 +1,116 @@ | |||||
From 222700a524b3466607b84c9a896aa8278c4d1aa9 Mon Sep 17 00:00:00 2001 | |||||
From: Brent Cook <busterb@gmail.com> | |||||
Date: Tue, 30 Dec 2014 09:05:46 -0600 | |||||
Subject: [PATCH 04/11] check if rdomain support is available. | |||||
Handle FreeBSD's calling rdomain 'FIB'. | |||||
- from naddy@openbsd.org | |||||
--- | |||||
src/usr.sbin/ntpd/ntpd.h | 6 ++++++ | |||||
src/usr.sbin/ntpd/parse.y | 2 ++ | |||||
src/usr.sbin/ntpd/server.c | 15 ++++++++++++++- | |||||
3 files changed, 22 insertions(+), 1 deletion(-) | |||||
diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h | |||||
index c93ca20..b007da3 100644 | |||||
--- a/src/usr.sbin/ntpd/ntpd.h | |||||
+++ b/src/usr.sbin/ntpd/ntpd.h | |||||
@@ -40,6 +40,12 @@ | |||||
#define DRIFTFILE "/var/db/ntpd.drift" | |||||
#define CTLSOCKET "/var/run/ntpd.sock" | |||||
+#if defined(SO_SETFIB) | |||||
+#define SO_RTABLE SO_SETFIB | |||||
+#define SIOCGIFRDOMAIN SIOCGIFFIB | |||||
+#define ifr_rdomainid ifr_fib | |||||
+#endif | |||||
+ | |||||
#define INTERVAL_QUERY_NORMAL 30 /* sync to peers every n secs */ | |||||
#define INTERVAL_QUERY_PATHETIC 60 | |||||
#define INTERVAL_QUERY_AGGRESSIVE 5 | |||||
diff --git a/src/usr.sbin/ntpd/parse.y b/src/usr.sbin/ntpd/parse.y | |||||
index 6d50795..33fe13d 100644 | |||||
--- a/src/usr.sbin/ntpd/parse.y | |||||
+++ b/src/usr.sbin/ntpd/parse.y | |||||
@@ -404,11 +404,13 @@ weight : WEIGHT NUMBER { | |||||
opts.weight = $2; | |||||
} | |||||
rtable : RTABLE NUMBER { | |||||
+#ifdef RT_TABLEID_MAX | |||||
if ($2 < 0 || $2 > RT_TABLEID_MAX) { | |||||
yyerror("rtable must be between 1" | |||||
" and RT_TABLEID_MAX"); | |||||
YYERROR; | |||||
} | |||||
+#endif | |||||
opts.rtable = $2; | |||||
} | |||||
; | |||||
diff --git a/src/usr.sbin/ntpd/server.c b/src/usr.sbin/ntpd/server.c | |||||
index fb297d7..2e28b9b 100644 | |||||
--- a/src/usr.sbin/ntpd/server.c | |||||
+++ b/src/usr.sbin/ntpd/server.c | |||||
@@ -35,11 +35,16 @@ setup_listeners(struct servent *se, struct ntpd_conf *lconf, u_int *cnt) | |||||
struct listen_addr *la, *nla, *lap; | |||||
struct ifaddrs *ifa, *ifap; | |||||
struct sockaddr *sa; | |||||
+#ifdef SO_RTABLE | |||||
struct if_data *ifd; | |||||
+#endif | |||||
u_int8_t *a6; | |||||
size_t sa6len = sizeof(struct in6_addr); | |||||
u_int new_cnt = 0; | |||||
- int tos = IPTOS_LOWDELAY, rdomain = 0; | |||||
+ int tos = IPTOS_LOWDELAY; | |||||
+#ifdef SO_RTABLE | |||||
+ int rdomain = 0; | |||||
+#endif | |||||
TAILQ_FOREACH(lap, &lconf->listen_addrs, entry) { | |||||
switch (lap->sa.ss_family) { | |||||
@@ -51,15 +56,19 @@ setup_listeners(struct servent *se, struct ntpd_conf *lconf, u_int *cnt) | |||||
sa = ifap->ifa_addr; | |||||
if (sa == NULL || SA_LEN(sa) == 0) | |||||
continue; | |||||
+#ifdef SO_RTABLE | |||||
if (sa->sa_family == AF_LINK) { | |||||
ifd = ifap->ifa_data; | |||||
rdomain = ifd->ifi_rdomain; | |||||
} | |||||
+#endif | |||||
if (sa->sa_family != AF_INET && | |||||
sa->sa_family != AF_INET6) | |||||
continue; | |||||
+#ifdef SO_RTABLE | |||||
if (lap->rtable != -1 && rdomain != lap->rtable) | |||||
continue; | |||||
+#endif | |||||
if (sa->sa_family == AF_INET && | |||||
((struct sockaddr_in *)sa)->sin_addr.s_addr == | |||||
@@ -78,7 +87,9 @@ setup_listeners(struct servent *se, struct ntpd_conf *lconf, u_int *cnt) | |||||
fatal("setup_listeners calloc"); | |||||
memcpy(&la->sa, sa, SA_LEN(sa)); | |||||
+#ifdef SO_RTABLE | |||||
la->rtable = rdomain; | |||||
+#endif | |||||
TAILQ_INSERT_TAIL(&lconf->listen_addrs, la, entry); | |||||
} | |||||
@@ -123,10 +134,12 @@ setup_listeners(struct servent *se, struct ntpd_conf *lconf, u_int *cnt) | |||||
IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) == -1) | |||||
log_warn("setsockopt IPTOS_LOWDELAY"); | |||||
+#ifdef SO_RTABLE | |||||
if (la->rtable != -1 && | |||||
setsockopt(la->fd, SOL_SOCKET, SO_RTABLE, &la->rtable, | |||||
sizeof(la->rtable)) == -1) | |||||
fatal("setup_listeners setsockopt SO_RTABLE"); | |||||
+#endif | |||||
if (bind(la->fd, (struct sockaddr *)&la->sa, | |||||
SA_LEN((struct sockaddr *)&la->sa)) == -1) { | |||||
-- | |||||
2.6.4 | |||||
@ -0,0 +1,53 @@ | |||||
From f1e8552352638f4214768df629e9020507e4af05 Mon Sep 17 00:00:00 2001 | |||||
From: Brent Cook <busterb@gmail.com> | |||||
Date: Tue, 30 Dec 2014 09:20:03 -0600 | |||||
Subject: [PATCH 05/11] update ntpd.conf to indicate OS-dependent options | |||||
Also, clarify listening behavior based on a patch from | |||||
Dererk <dererk@debian.org> | |||||
Debian bug ID: 575705 | |||||
--- | |||||
src/usr.sbin/ntpd/ntpd.conf.5 | 11 ++++++++--- | |||||
1 file changed, 8 insertions(+), 3 deletions(-) | |||||
diff --git a/src/usr.sbin/ntpd/ntpd.conf.5 b/src/usr.sbin/ntpd/ntpd.conf.5 | |||||
index af11a7e..87f94e8 100644 | |||||
--- a/src/usr.sbin/ntpd/ntpd.conf.5 | |||||
+++ b/src/usr.sbin/ntpd/ntpd.conf.5 | |||||
@@ -38,9 +38,14 @@ The basic configuration options are as follows: | |||||
.It Xo Ic listen on Ar address | |||||
.Op Ic rtable Ar table-id | |||||
.Xc | |||||
+.Xr ntpd 8 | |||||
+has the ability to sync the local clock to remote NTP servers and, if | |||||
+this directive is specified, can act as NTP server itself, redistributing the | |||||
+local clock. | |||||
+.Pp | |||||
Specify a local IP address or a hostname the | |||||
.Xr ntpd 8 | |||||
-daemon should listen on. | |||||
+daemon should listen on to enable remote clients synchronization. | |||||
If it appears multiple times, | |||||
.Xr ntpd 8 | |||||
will listen on each given address. | |||||
@@ -53,7 +58,7 @@ will listen on all local addresses using the specified routing table. | |||||
does not listen on any address by default. | |||||
The optional | |||||
.Ic rtable | |||||
-keyword will specify which routing table to listen on. | |||||
+keyword will specify which routing table to listen on, if the operating system supports rdomains. | |||||
By default | |||||
.Xr ntpd 8 | |||||
will listen using the current routing table. | |||||
@@ -76,7 +81,7 @@ listen on 127.0.0.1 rtable 4 | |||||
.Xc | |||||
Specify a timedelta sensor device | |||||
.Xr ntpd 8 | |||||
-should use. | |||||
+should use, if the operating system supports sensors. | |||||
The sensor can be specified multiple times: | |||||
.Xr ntpd 8 | |||||
will use each given sensor that actually exists. | |||||
-- | |||||
2.6.4 | |||||
@ -0,0 +1,52 @@ | |||||
From fdb958c8a66e32287aa5292200d0777f9f96784a Mon Sep 17 00:00:00 2001 | |||||
From: Brent Cook <busterb@gmail.com> | |||||
Date: Thu, 1 Jan 2015 07:18:11 -0600 | |||||
Subject: [PATCH 06/11] allow overriding default user and file locations | |||||
Allow the build process to override the default ntpd file paths and | |||||
default user. | |||||
--- | |||||
src/usr.sbin/ntpd/ntpd.h | 18 +++++++++++++++--- | |||||
1 file changed, 15 insertions(+), 3 deletions(-) | |||||
diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h | |||||
index b007da3..7e739c4 100644 | |||||
--- a/src/usr.sbin/ntpd/ntpd.h | |||||
+++ b/src/usr.sbin/ntpd/ntpd.h | |||||
@@ -35,10 +35,20 @@ | |||||
#define MAXIMUM(a, b) ((a) > (b) ? (a) : (b)) | |||||
+#ifndef NTPD_USER | |||||
#define NTPD_USER "_ntp" | |||||
-#define CONFFILE "/etc/ntpd.conf" | |||||
-#define DRIFTFILE "/var/db/ntpd.drift" | |||||
-#define CTLSOCKET "/var/run/ntpd.sock" | |||||
+#endif | |||||
+ | |||||
+#ifndef SYSCONFDIR | |||||
+#define SYSCONFDIR "/etc" | |||||
+#endif | |||||
+#define CONFFILE SYSCONFDIR "/ntpd.conf" | |||||
+ | |||||
+#ifndef LOCALSTATEDIR | |||||
+#define LOCALSTATEDIR "/var" | |||||
+#endif | |||||
+#define DRIFTFILE LOCALSTATEDIR "/db/ntpd.drift" | |||||
+#define CTLSOCKET LOCALSTATEDIR "/run/ntpd.sock" | |||||
#if defined(SO_SETFIB) | |||||
#define SO_RTABLE SO_SETFIB | |||||
@@ -86,7 +96,9 @@ | |||||
#define CONSTRAINT_PORT "443" /* HTTPS port */ | |||||
#define CONSTRAINT_MAXHEADERLENGTH 8192 | |||||
#define CONSTRAINT_PASSFD (STDERR_FILENO + 1) | |||||
+#ifndef CONSTRAINT_CA | |||||
#define CONSTRAINT_CA "/etc/ssl/cert.pem" | |||||
+#endif | |||||
enum client_state { | |||||
STATE_NONE, | |||||
-- | |||||
2.6.4 | |||||
@ -0,0 +1,159 @@ | |||||
From b4f723b7fd4c3a56f8b0e08da5998fa31bac5673 Mon Sep 17 00:00:00 2001 | |||||
From: Brent Cook <busterb@gmail.com> | |||||
Date: Wed, 31 Dec 2014 08:26:41 -0600 | |||||
Subject: [PATCH 07/11] add -p option to create a pid file | |||||
This is used in both the Gentoo and Debian ports. | |||||
Origin: https://bugs.gentoo.org/show_bug.cgi?id=493082 | |||||
--- | |||||
src/usr.sbin/ntpd/ntpd.8 | 4 ++++ | |||||
src/usr.sbin/ntpd/ntpd.c | 35 +++++++++++++++++++++++++++++------ | |||||
src/usr.sbin/ntpd/ntpd.h | 1 + | |||||
3 files changed, 34 insertions(+), 6 deletions(-) | |||||
diff --git a/src/usr.sbin/ntpd/ntpd.8 b/src/usr.sbin/ntpd/ntpd.8 | |||||
index dcfb6d2..1b885a1 100644 | |||||
--- a/src/usr.sbin/ntpd/ntpd.8 | |||||
+++ b/src/usr.sbin/ntpd/ntpd.8 | |||||
@@ -25,6 +25,7 @@ | |||||
.Bk -words | |||||
.Op Fl dnSsv | |||||
.Op Fl f Ar file | |||||
+.Op Fl p Ar file | |||||
.Ek | |||||
.Sh DESCRIPTION | |||||
The | |||||
@@ -59,6 +60,9 @@ instead of the default | |||||
.It Fl n | |||||
Configtest mode. | |||||
Only check the configuration file for validity. | |||||
+.It Fl p Ar file | |||||
+Write pid to | |||||
+.Ar file | |||||
.It Fl S | |||||
Do not set the time immediately at startup. | |||||
This is the default. | |||||
diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c | |||||
index 0f43b1f..e31db98 100644 | |||||
--- a/src/usr.sbin/ntpd/ntpd.c | |||||
+++ b/src/usr.sbin/ntpd/ntpd.c | |||||
@@ -87,6 +87,18 @@ sighdlr(int sig) | |||||
} | |||||
} | |||||
+void | |||||
+writepid(struct ntpd_conf *lconf) | |||||
+{ | |||||
+ if (lconf->pid_file != NULL) { | |||||
+ FILE *f = fopen(lconf->pid_file, "w"); | |||||
+ if (f == NULL) | |||||
+ fatal("couldn't open pid file"); | |||||
+ fprintf(f, "%ld\n", (long) getpid()); | |||||
+ fclose(f); | |||||
+ } | |||||
+} | |||||
+ | |||||
__dead void | |||||
usage(void) | |||||
{ | |||||
@@ -96,7 +108,7 @@ usage(void) | |||||
fprintf(stderr, | |||||
"usage: ntpctl -s all | peers | Sensors | status\n"); | |||||
else | |||||
- fprintf(stderr, "usage: %s [-dnSsv] [-f file]\n", | |||||
+ fprintf(stderr, "usage: %s [-dnSsv] [-f file] [-p file]\n", | |||||
__progname); | |||||
exit(1); | |||||
} | |||||
@@ -134,7 +146,7 @@ main(int argc, char *argv[]) | |||||
log_init(1, LOG_DAEMON); /* log to stderr until daemonized */ | |||||
- while ((ch = getopt(argc, argv, "df:nsSv")) != -1) { | |||||
+ while ((ch = getopt(argc, argv, "df:np:sSv")) != -1) { | |||||
switch (ch) { | |||||
case 'd': | |||||
lconf.debug = 1; | |||||
@@ -146,6 +158,9 @@ main(int argc, char *argv[]) | |||||
case 'n': | |||||
lconf.noaction = 1; | |||||
break; | |||||
+ case 'p': | |||||
+ lconf.pid_file = optarg; | |||||
+ break; | |||||
case 's': | |||||
lconf.settime = 1; | |||||
break; | |||||
@@ -190,9 +205,11 @@ main(int argc, char *argv[]) | |||||
reset_adjtime(); | |||||
if (!lconf.settime) { | |||||
log_init(lconf.debug, LOG_DAEMON); | |||||
- if (!lconf.debug) | |||||
+ if (!lconf.debug) { | |||||
if (daemon(1, 0)) | |||||
fatal("daemon"); | |||||
+ writepid(&lconf); | |||||
+ } | |||||
} else | |||||
timeout = SETTIME_TIMEOUT * 1000; | |||||
@@ -271,9 +288,11 @@ main(int argc, char *argv[]) | |||||
log_init(lconf.debug, LOG_DAEMON); | |||||
log_warnx("no reply received in time, skipping initial " | |||||
"time setting"); | |||||
- if (!lconf.debug) | |||||
+ if (!lconf.debug) { | |||||
if (daemon(1, 0)) | |||||
fatal("daemon"); | |||||
+ writepid(&lconf); | |||||
+ } | |||||
} | |||||
if (nfds > 0 && (pfd[PFD_PIPE].revents & POLLOUT)) | |||||
@@ -316,6 +335,8 @@ main(int argc, char *argv[]) | |||||
msgbuf_clear(&ibuf->w); | |||||
free(ibuf); | |||||
log_info("Terminating"); | |||||
+ if (lconf.pid_file != NULL) | |||||
+ unlink(lconf.pid_file); | |||||
return (0); | |||||
} | |||||
@@ -398,9 +419,11 @@ dispatch_imsg(struct ntpd_conf *lconf, const char *pw_dir, | |||||
memcpy(&d, imsg.data, sizeof(d)); | |||||
ntpd_settime(d); | |||||
/* daemonize now */ | |||||
- if (!lconf->debug) | |||||
+ if (!lconf->debug) { | |||||
if (daemon(1, 0)) | |||||
fatal("daemon"); | |||||
+ writepid(lconf); | |||||
+ } | |||||
lconf->settime = 0; | |||||
timeout = INFTIM; | |||||
break; | |||||
@@ -528,7 +551,7 @@ readfreq(void) | |||||
freqfp = fopen(DRIFTFILE, "w"); | |||||
return; | |||||
} | |||||
- | |||||
+ | |||||
freqfp = fdopen(fd, "r+"); | |||||
/* if we're adjusting frequency already, don't override */ | |||||
diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h | |||||
index 7e739c4..864d4c4 100644 | |||||
--- a/src/usr.sbin/ntpd/ntpd.h | |||||
+++ b/src/usr.sbin/ntpd/ntpd.h | |||||
@@ -241,6 +241,7 @@ struct ntpd_conf { | |||||
u_int constraint_errors; | |||||
u_int8_t *ca; | |||||
size_t ca_len; | |||||
+ char *pid_file; | |||||
}; | |||||
struct ctl_show_status { | |||||
-- | |||||
2.6.4 | |||||
@ -0,0 +1,58 @@ | |||||
From f86daab4bb1d41bcdcbdaeb6370c500962a09675 Mon Sep 17 00:00:00 2001 | |||||
From: Brent Cook <busterb@gmail.com> | |||||
Date: Mon, 12 Jan 2015 06:18:31 -0600 | |||||
Subject: [PATCH 08/11] initialize setproctitle where needed | |||||
We need to save a copy of argv and __progname to avoid setproctitle | |||||
clobbering them. | |||||
--- | |||||
src/usr.sbin/ntpd/ntpd.c | 19 +++++++++++++++++++ | |||||
1 file changed, 19 insertions(+) | |||||
diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c | |||||
index e31db98..19720b3 100644 | |||||
--- a/src/usr.sbin/ntpd/ntpd.c | |||||
+++ b/src/usr.sbin/ntpd/ntpd.c | |||||
@@ -117,6 +117,13 @@ usage(void) | |||||
#define PFD_PIPE 0 | |||||
#define PFD_MAX 1 | |||||
+/* Saves a copy of argv for setproctitle emulation */ | |||||
+#ifndef HAVE_SETPROCTITLE | |||||
+static char **saved_argv; | |||||
+#endif | |||||
+ | |||||
+char *get_progname(char *argv0); | |||||
+ | |||||
int | |||||
main(int argc, char *argv[]) | |||||
{ | |||||
@@ -135,6 +142,8 @@ main(int argc, char *argv[]) | |||||
gid_t pw_gid; | |||||
void *newp; | |||||
+ __progname = get_progname(argv[0]); | |||||
+ | |||||
if (strcmp(__progname, "ntpctl") == 0) { | |||||
ctl_main(argc, argv); | |||||
/* NOTREACHED */ | |||||
@@ -146,6 +155,16 @@ main(int argc, char *argv[]) | |||||
log_init(1, LOG_DAEMON); /* log to stderr until daemonized */ | |||||
+#ifndef HAVE_SETPROCTITLE | |||||
+ /* Prepare for later setproctitle emulation */ | |||||
+ saved_argv = calloc(argc + 1, sizeof(*saved_argv)); | |||||
+ for (i = 0; i < argc; i++) | |||||
+ saved_argv[i] = strdup(argv[i]); | |||||
+ saved_argv[i] = NULL; | |||||
+ compat_init_setproctitle(argc, argv); | |||||
+ argv = saved_argv; | |||||
+#endif | |||||
+ | |||||
while ((ch = getopt(argc, argv, "df:np:sSv")) != -1) { | |||||
switch (ch) { | |||||
case 'd': | |||||
-- | |||||
2.6.4 | |||||
@ -0,0 +1,68 @@ | |||||
From 93555bfc44a0eb2039f625ab6a5badde63fa5215 Mon Sep 17 00:00:00 2001 | |||||
From: Brent Cook <busterb@gmail.com> | |||||
Date: Fri, 27 Mar 2015 23:14:15 -0500 | |||||
Subject: [PATCH 09/11] Notify the user when constraint support is disabled. | |||||
Update the manpage and make a constraint line a fatal error if it is | |||||
configured but ntpd is built without libtls present. | |||||
From Paul B. Henson. | |||||
--- | |||||
src/usr.sbin/ntpd/config.c | 3 +++ | |||||
src/usr.sbin/ntpd/constraint.c | 2 ++ | |||||
src/usr.sbin/ntpd/ntpd.conf.5 | 7 +++++-- | |||||
3 files changed, 10 insertions(+), 2 deletions(-) | |||||
diff --git a/src/usr.sbin/ntpd/config.c b/src/usr.sbin/ntpd/config.c | |||||
index 87de17a..5a75030 100644 | |||||
--- a/src/usr.sbin/ntpd/config.c | |||||
+++ b/src/usr.sbin/ntpd/config.c | |||||
@@ -219,6 +219,9 @@ new_constraint(void) | |||||
p->id = ++constraint_maxid; | |||||
p->fd = -1; | |||||
+#ifndef HAVE_LIBTLS | |||||
+ fatal("constraint configured without libtls support"); | |||||
+#endif | |||||
return (p); | |||||
} | |||||
diff --git a/src/usr.sbin/ntpd/constraint.c b/src/usr.sbin/ntpd/constraint.c | |||||
index 84d21a9..97f0cd5 100644 | |||||
--- a/src/usr.sbin/ntpd/constraint.c | |||||
+++ b/src/usr.sbin/ntpd/constraint.c | |||||
@@ -289,12 +289,14 @@ priv_constraint_child(struct constraint *cstr, struct ntp_addr_msg *am, | |||||
if (setpriority(PRIO_PROCESS, 0, 0) == -1) | |||||
log_warn("could not set priority"); | |||||
+#ifdef HAVE_LIBTLS | |||||
/* Init TLS and load cert before chroot() */ | |||||
if (tls_init() == -1) | |||||
fatalx("tls_init"); | |||||
if ((conf->ca = tls_load_file(CONSTRAINT_CA, | |||||
&conf->ca_len, NULL)) == NULL) | |||||
log_warnx("constraint certificate verification turned off"); | |||||
+#endif | |||||
if (chroot(pw_dir) == -1) | |||||
fatal("chroot"); | |||||
diff --git a/src/usr.sbin/ntpd/ntpd.conf.5 b/src/usr.sbin/ntpd/ntpd.conf.5 | |||||
index 87f94e8..7f729d2 100644 | |||||
--- a/src/usr.sbin/ntpd/ntpd.conf.5 | |||||
+++ b/src/usr.sbin/ntpd/ntpd.conf.5 | |||||
@@ -185,8 +185,11 @@ authenticated constraint, | |||||
thereby reducing the impact of unauthenticated NTP | |||||
man-in-the-middle attacks. | |||||
Received NTP packets with time information falling outside of a range | |||||
-near the constraint will be discarded and such NTP servers | |||||
-will be marked as invalid. | |||||
+near the constraint will be discarded and such NTP servers will be marked as | |||||
+invalid. Contraints are only available if | |||||
+.Xr ntpd 8 | |||||
+has been compiled with libtls support. Configuring a constraint without libtls | |||||
+support will result in a fatal error. | |||||
.Bl -tag -width Ds | |||||
.It Ic constraint from Ar url | |||||
Specify the URL, IP address or the hostname of an HTTPS server to | |||||
-- | |||||
2.6.4 | |||||
@ -0,0 +1,33 @@ | |||||
From 340f04a6e14b05803e376c22b0c9170407b6b77d Mon Sep 17 00:00:00 2001 | |||||
From: Brent Cook <busterb@gmail.com> | |||||
Date: Mon, 4 May 2015 04:27:29 -0500 | |||||
Subject: [PATCH 10/11] add a method for updating the realtime clock on sync | |||||
from Christian Weisgerber | |||||
--- | |||||
src/usr.sbin/ntpd/ntpd.c | 2 ++ | |||||
1 file changed, 2 insertions(+) | |||||
diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c | |||||
index 19720b3..d7281c1 100644 | |||||
--- a/src/usr.sbin/ntpd/ntpd.c | |||||
+++ b/src/usr.sbin/ntpd/ntpd.c | |||||
@@ -55,6 +55,7 @@ const char *ctl_lookup_option(char *, const char **); | |||||
void show_status_msg(struct imsg *); | |||||
void show_peer_msg(struct imsg *, int); | |||||
void show_sensor_msg(struct imsg *, int); | |||||
+void update_time_sync_status(int); | |||||
volatile sig_atomic_t quit = 0; | |||||
volatile sig_atomic_t reconfig = 0; | |||||
@@ -488,6 +489,7 @@ ntpd_adjtime(double d) | |||||
else if (!firstadj && olddelta.tv_sec == 0 && olddelta.tv_usec == 0) | |||||
synced = 1; | |||||
firstadj = 0; | |||||
+ update_time_sync_status(synced); | |||||
return (synced); | |||||
} | |||||
-- | |||||
2.6.4 | |||||
@ -0,0 +1,69 @@ | |||||
From 93d09a37b9a3eb129c2d61db505082ca23ca12f1 Mon Sep 17 00:00:00 2001 | |||||
From: Brent Cook <bcook@openbsd.org> | |||||
Date: Sun, 6 Dec 2015 22:35:38 -0600 | |||||
Subject: [PATCH 11/11] Deal with missing SO_TIMESTAMP | |||||
from Paul B. Henson" <henson@acm.org> | |||||
Fall back to the previous client.c implementation when it is not found. | |||||
--- | |||||
src/usr.sbin/ntpd/client.c | 10 +++++++++- | |||||
1 file changed, 9 insertions(+), 1 deletion(-) | |||||
diff --git a/src/usr.sbin/ntpd/client.c b/src/usr.sbin/ntpd/client.c | |||||
index 7ce3b38..edca87c 100644 | |||||
--- a/src/usr.sbin/ntpd/client.c | |||||
+++ b/src/usr.sbin/ntpd/client.c | |||||
@@ -163,10 +163,12 @@ client_query(struct ntp_peer *p) | |||||
if (p->addr->ss.ss_family == AF_INET && setsockopt(p->query->fd, | |||||
IPPROTO_IP, IP_TOS, &val, sizeof(val)) == -1) | |||||
log_warn("setsockopt IPTOS_LOWDELAY"); | |||||
+#ifdef SO_TIMESTAMP | |||||
val = 1; | |||||
if (setsockopt(p->query->fd, SOL_SOCKET, SO_TIMESTAMP, | |||||
&val, sizeof(val)) == -1) | |||||
fatal("setsockopt SO_TIMESTAMP"); | |||||
+#endif | |||||
} | |||||
/* | |||||
@@ -213,7 +215,9 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime) | |||||
struct cmsghdr hdr; | |||||
char buf[CMSG_SPACE(sizeof(tv))]; | |||||
} cmsgbuf; | |||||
+#ifdef SO_TIMESTAMP | |||||
struct cmsghdr *cmsg; | |||||
+#endif | |||||
ssize_t size; | |||||
double T1, T2, T3, T4; | |||||
time_t interval; | |||||
@@ -226,7 +230,6 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime) | |||||
somsg.msg_control = cmsgbuf.buf; | |||||
somsg.msg_controllen = sizeof(cmsgbuf.buf); | |||||
- T4 = getoffset(); | |||||
if ((size = recvmsg(p->query->fd, &somsg, 0)) == -1) { | |||||
if (errno == EHOSTUNREACH || errno == EHOSTDOWN || | |||||
errno == ENETUNREACH || errno == ENETDOWN || | |||||
@@ -251,6 +254,8 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime) | |||||
return (0); | |||||
} | |||||
+#ifdef SO_TIMESTAMP | |||||
+ T4 = getoffset(); | |||||
for (cmsg = CMSG_FIRSTHDR(&somsg); cmsg != NULL; | |||||
cmsg = CMSG_NXTHDR(&somsg, cmsg)) { | |||||
if (cmsg->cmsg_level == SOL_SOCKET && | |||||
@@ -260,6 +265,9 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime) | |||||
break; | |||||
} | |||||
} | |||||
+#else | |||||
+ T4 = gettime_corrected(); | |||||
+#endif | |||||
if (T4 < JAN_1970) { | |||||
client_log_error(p, "recvmsg control format", EBADF); | |||||
-- | |||||
2.6.4 | |||||