d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge NTP 4.2.8p4 into dist.

Browse Source
This commit is contained in:
Gleb Smirnoff 2015-10-21 19:16:13 +00:00
parent 2cf53bda1c
commit 0b0c40a74f
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/vendor/ntp/dist/; revision=289715
467 changed files with 17596 additions and 16364 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

155
ChangeLog
View File

@ -1,4 +1,159 @@
---
(4.2.8p4) 2015/10/21 Released by Harlan Stenn <stenn@ntp.org>
(4.2.8p4-RC1) 2015/10/06 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2899] CVE-2014-9297 perlinger@ntp.org
* [Sec 2901] Drop invalid packet before checking KoD. Check for all KoD's.
Danny Mayer. Log incoming packets that fail TEST2. Harlan Stenn.
* [Sec 2902] configuration directives "pidfile" and "driftfile"
should be local-only. perlinger@ntp.org (patch by Miroslav Lichvar)
* [Sec 2909] added missing call to 'free()' in ntp_crypto.c. perlinger@ntp.org
* [Sec 2913] TALOS-CAN-0052: crash by loop counter underrun. perlinger@ntp.org
* [Sec 2916] TALOS-CAN-0054: memory corruption in password store. JPerlinger
* [Sec 2917] TALOS-CAN-0055: Infinite loop if extended logging enabled and
the logfile and keyfile are the same. perlinger@ntp.org
* [Sec 1918] TALOS-CAN-0062: prevent directory traversal for VMS, too, when
using 'saveconfig' command. perlinger@ntp.org
* [Bug 2919] TALOS-CAN-0063: avoid buffer overrun in ntpq. perlinger@ntp.org
* [Sec 2020] TALOS-CAN-0064: signed/unsiged clash could lead to buffer overun
and memory corruption. perlinger@ntp.org
* [Sec 2921] TALOS-CAN-0065: password length memory corruption. JPerlinger.
* [Sec 2922] decodenetnum() will ASSERT botch instead of returning FAIL
on some bogus values. Harlan Stenn.
* [Sec 2941] NAK to the Future: Symmetric association authentication
bypass via crypto-NAK. Patch applied. perlinger@ntp.org
* [Bug 2332] (reopened) Exercise thread cancellation once before dropping
privileges and limiting resources in NTPD removes the need to link
forcefully against 'libgcc_s' which does not always work. J.Perlinger
* [Bug 2595] ntpdate man page quirks. Hal Murray, Harlan Stenn.
* [Bug 2625] Deprecate flag1 in local refclock. Hal Murray, Harlan Stenn.
* [Bug 2817] Stop locking ntpd into memory by default under Linux. H.Stenn.
* [Bug 2821] minor build issues: fixed refclock_gpsdjson.c. perlinger@ntp.org
* [Bug 2823] ntpsweep with recursive peers option doesn't work. H.Stenn.
* [Bug 2849] Systems with more than one default route may never
synchronize. Brian Utterback. Note that this patch might need to
be reverted once Bug 2043 has been fixed.
* [Bug 2864] 4.2.8p3 fails to compile on Windows. Juergen Perlinger
* [Bug 2866] segmentation fault at initgroups(). Harlan Stenn.
* [Bug 2867] ntpd with autokey active crashed by 'ntpq -crv'. J.Perlinger
* [Bug 2873] libevent should not include .deps/ in the tarball. H.Stenn
* [Bug 2874] Don't distribute generated sntp/tests/fileHandlingTest.h. H.Stenn
* [Bug 2875] sntp/Makefile.am: Get rid of DIST_SUBDIRS. libevent must
be configured for the distribution targets. Harlan Stenn.
* [Bug 2883] ntpd crashes on exit with empty driftfile. Miroslav Lichvar.
* [Bug 2886] Mis-spelling: "outlyer" should be "outlier". dave@horsfall.org
* [Bug 2888] streamline calendar functions. perlinger@ntp.org
* [Bug 2889] ntp-dev-4.3.67 does not build on Windows. perlinger@ntp.org
* [Bug 2890] Ignore ENOBUFS on routing netlink socket. Konstantin Khlebnikov.
* [Bug 2906] make check needs better support for pthreads. Harlan Stenn.
* [Bug 2907] dist* build targets require our libevent/ to be enabled. HStenn.
* [Bug 2912] no munlockall() under Windows. David Taylor, Harlan Stenn.
* libntp/emalloc.c: Remove explicit include of stdint.h. Harlan Stenn.
* Put Unity CPPFLAGS items in unity_config.h. Harlan Stenn.
* tests/ntpd/g_leapsec.cpp typo fix. Harlan Stenn.
* Phase 1 deprecation of google test in sntp/tests/. Harlan Stenn.
* On some versions of HP-UX, inttypes.h does not include stdint.h. H.Stenn.
* top_srcdir can change based on ntp v. sntp. Harlan Stenn.
* sntp/tests/ function parameter list cleanup. Damir Tomić.
* tests/libntp/ function parameter list cleanup. Damir Tomić.
* tests/ntpd/ function parameter list cleanup. Damir Tomić.
* sntp/unity/unity_config.h: handle stdint.h. Harlan Stenn.
* sntp/unity/unity_internals.h: handle *INTPTR_MAX on old Solaris. H.Stenn.
* tests/libntp/timevalops.c and timespecops.c fixed error printing. D.Tomić.
* tests/libntp/ improvements in code and fixed error printing. Damir Tomić.
* tests/libntp: a_md5encrypt.c, authkeys.c, buftvtots.c, calendar.c, caljulian.c,
caltontp.c, clocktime.c, humandate.c, hextolfp.c, decodenetnum.c - fixed
formatting; first declaration, then code (C90); deleted unnecessary comments;
changed from sprintf to snprintf; fixed order of includes. Tomasz Flendrich
* tests/libntp/lfpfunc.c remove unnecessary include, remove old comments,
fix formatting, cleanup. Tomasz Flendrich
* tests/libntp/lfptostr.c remove unnecessary include, add consts, fix formatting.
Tomasz Flendrich
* tests/libntp/statestr.c remove empty functions, remove unnecessary include,
fix formatting. Tomasz Flendrich
* tests/libntp/modetoa.c fixed formatting. Tomasz Flendrich
* tests/libntp/msyslog.c fixed formatting. Tomasz Flendrich
* tests/libntp/numtoa.c deleted unnecessary empty functions, fixed formatting.
Tomasz Flendrich
* tests/libntp/numtohost.c added const, fixed formatting. Tomasz Flendrich
* tests/libntp/refnumtoa.c fixed formatting. Tomasz Flendrich
* tests/libntp/ssl_init.c fixed formatting. Tomasz Flendrich
* tests/libntp/tvtots.c fixed a bug, fixed formatting. Tomasz Flendrich
* tests/libntp/uglydate.c removed an unnecessary include. Tomasz Flendrich
* tests/libntp/vi64ops.c removed an unnecessary comment, fixed formatting.
* tests/libntp/ymd3yd.c removed an empty function and an unnecessary include,
fixed formatting. Tomasz Flendrich
* tests/libntp/timespecops.c fixed formatting, fixed the order of includes,
removed unnecessary comments, cleanup. Tomasz Flendrich
* tests/libntp/timevalops.c fixed the order of includes, deleted unnecessary
comments, cleanup. Tomasz Flendrich
* tests/libntp/sockaddrtest.h making it agree to NTP's conventions of formatting.
Tomasz Flendrich
* tests/libntp/lfptest.h cleanup. Tomasz Flendrich
* tests/libntp/test-libntp.c fix formatting. Tomasz Flendrich
* sntp/tests/crypto.c is now using proper Unity's assertions, fixed formatting.
Tomasz Flendrich
* sntp/tests/kodDatabase.c added consts, deleted empty function,
fixed formatting. Tomasz Flendrich
* sntp/tests/kodFile.c cleanup, fixed formatting. Tomasz Flendrich
* sntp/tests/packetHandling.c is now using proper Unity's assertions,
fixed formatting, deleted unused variable. Tomasz Flendrich
* sntp/tests/keyFile.c is now using proper Unity's assertions, fixed formatting.
Tomasz Flendrich
* sntp/tests/packetProcessing.c changed from sprintf to snprintf,
fixed formatting. Tomasz Flendrich
* sntp/tests/utilities.c is now using proper Unity's assertions, changed
the order of includes, fixed formatting, removed unnecessary comments.
Tomasz Flendrich
* sntp/tests/sntptest.h fixed formatting. Tomasz Flendrich
* sntp/tests/fileHandlingTest.h.in fixed a possible buffer overflow problem,
made one function do its job, deleted unnecessary prints, fixed formatting.
Tomasz Flendrich
* sntp/unity/Makefile.am added a missing header. Tomasz Flendrich
* sntp/unity/unity_config.h: Distribute it. Harlan Stenn.
* sntp/libevent/evconfig-private.h: remove generated filefrom SCM. H.Stenn.
* sntp/unity/Makefile.am: fix some broken paths. Harlan Stenn.
* sntp/unity/unity.c: Clean up a printf(). Harlan Stenn.
* Phase 1 deprecation of google test in tests/libntp/. Harlan Stenn.
* Don't build sntp/libevent/sample/. Harlan Stenn.
* tests/libntp/test_caltontp needs -lpthread. Harlan Stenn.
* br-flock: --enable-local-libevent. Harlan Stenn.
* Wrote tests for ntpd/ntp_prio_q.c. Tomasz Flendrich
* scripts/lib/NTP/Util.pm: stratum output is version-dependent. Harlan Stenn.
* Get rid of the NTP_ prefix on our assertion macros. Harlan Stenn.
* Code cleanup. Harlan Stenn.
* libntp/icom.c: Typo fix. Harlan Stenn.
* util/ntptime.c: initialization nit. Harlan Stenn.
* ntpd/ntp_peer.c:newpeer(): added a DEBUG_REQUIRE(srcadr). Harlan Stenn.
* Add std_unity_tests to various Makefile.am files. Harlan Stenn.
* ntpd/ntp_restrict.c: added a few assertions, created tests for this file.
Tomasz Flendrich
* Changed progname to be const in many files - now it's consistent. Tomasz
Flendrich
* Typo fix for GCC warning suppression. Harlan Stenn.
* Added tests/ntpd/ntp_scanner.c test. Damir Tomić.
* Added declarations to all Unity tests, and did minor fixes to them.
Reduced the number of warnings by half. Damir Tomić.
* Updated generate_test_runner.rb and updated the sntp/unity/auto directory
with the latest Unity updates from Mark. Damir Tomić.
* Retire google test - phase I. Harlan Stenn.
* Unity test cleanup: move declaration of 'initializing'. Harlan Stenn.
* Update the NEWS file. Harlan Stenn.
* Autoconf cleanup. Harlan Stenn.
* Unit test dist cleanup. Harlan Stenn.
* Cleanup various test Makefile.am files. Harlan Stenn.
* Pthread autoconf macro cleanup. Harlan Stenn.
* Fix progname definition in unity runner scripts. Harlan Stenn.
* Clean trailing whitespace in tests/ntpd/Makefile.am. Harlan Stenn.
* Update the patch for bug 2817. Harlan Stenn.
* More updates for bug 2817. Harlan Stenn.
* Fix bugs in tests/ntpd/ntp_prio_q.c. Harlan Stenn.
* gcc on older HPUX may need +allowdups. Harlan Stenn.
* Adding missing MCAST protection. Harlan Stenn.
* Disable certain test programs on certain platforms. Harlan Stenn.
* Implement --enable-problem-tests (on by default). Harlan Stenn.
* build system tweaks. Harlan Stenn.
---
(4.2.8p3) 2015/06/29 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2853] Crafted remote config packet can crash some versions of

4981
CommitLog
View File

File diff suppressed because it is too large Load Diff

2
Makefile.am
View File

@ -23,7 +23,7 @@ SUBDIRS = \
tests \
$(NULL)
DISTCHECK_CONFIGURE_FLAGS = -C --with-sntp
DISTCHECK_CONFIGURE_FLAGS = -C --with-sntp --enable-local-libevent $(NTP_DCF)
EXTRA_DIST = \
$(srcdir)/COPYRIGHT \

6
Makefile.in
View File

@ -115,6 +115,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ntp_locinfo.m4 \
$(top_srcdir)/sntp/m4/ntp_openssl.m4 \
$(top_srcdir)/sntp/m4/ntp_pkg_config.m4 \
$(top_srcdir)/sntp/m4/ntp_problemtests.m4 \
$(top_srcdir)/sntp/m4/ntp_prog_cc.m4 \
$(top_srcdir)/sntp/m4/ntp_rlimit.m4 \
$(top_srcdir)/sntp/m4/ntp_sntp.m4 \
@ -262,6 +263,7 @@ AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
BUILD_THREAD = @BUILD_THREAD@
CALC_TICKADJ_DB = @CALC_TICKADJ_DB@
CALC_TICKADJ_DL = @CALC_TICKADJ_DL@
CALC_TICKADJ_DS = @CALC_TICKADJ_DS@
@ -270,6 +272,7 @@ CALC_TICKADJ_NI = @CALC_TICKADJ_NI@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CFLAGS_LIBEVENT = @CFLAGS_LIBEVENT@
CFLAGS_NTP = @CFLAGS_NTP@
CHUTEST = @CHUTEST@
CONFIG_SHELL = @CONFIG_SHELL@
@ -331,6 +334,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
LIPO = @LIPO@
LN_S = @LN_S@
LSCF = @LSCF@
LTHREAD_LIBS = @LTHREAD_LIBS@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MAKE_ADJTIMED = @MAKE_ADJTIMED@
@ -539,7 +543,7 @@ SUBDIRS = \
tests \
$(NULL)
DISTCHECK_CONFIGURE_FLAGS = -C --with-sntp
DISTCHECK_CONFIGURE_FLAGS = -C --with-sntp --enable-local-libevent $(NTP_DCF)
EXTRA_DIST = \
$(srcdir)/COPYRIGHT \
ChangeLog \

495
NEWS
View File

@ -1,3 +1,498 @@
---
NTP 4.2.8p4
Focus: Security, Bug fies, enhancements.
Severity: MEDIUM
In addition to bug fixes and enhancements, this release fixes the
following 13 low- and medium-severity vulnerabilities:
* Incomplete vallen (value length) checks in ntp_crypto.c, leading
to potential crashes or potential code injection/information leakage.
References: Sec 2899, Sec 2671, CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
Affects: All ntp-4 releases up to, but not including 4.2.8p4,
and 4.3.0 up to, but not including 4.3.77
CVSS: (AV:N/AC:H/Au:M/C:N/I:N/A:C) Base Score: 4.6
Summary: The fix for CVE-2014-9750 was incomplete in that there were
certain code paths where a packet with particular autokey operations
that contained malicious data was not always being completely
validated. Receipt of these packets can cause ntpd to crash.
Mitigation:
Don't use autokey.
Upgrade to 4.2.8p4, or later, from the NTP Project Download
Page or the NTP Public Services Project Download Page
Monitor your ntpd instances.
Credit: This weakness was discovered by Tenable Network Security.
* Clients that receive a KoD should validate the origin timestamp field.
References: Sec 2901 / CVE-2015-7704, CVE-2015-7705
Affects: All ntp-4 releases up to, but not including 4.2.8p4,
and 4.3.0 up to, but not including 4.3.77
CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3-5.0 at worst
Summary: An ntpd client that honors Kiss-of-Death responses will honor
KoD messages that have been forged by an attacker, causing it to
delay or stop querying its servers for time updates. Also, an
attacker can forge packets that claim to be from the target and
send them to servers often enough that a server that implements
KoD rate limiting will send the target machine a KoD response to
attempt to reduce the rate of incoming packets, or it may also
trigger a firewall block at the server for packets from the target
machine. For either of these attacks to succeed, the attacker must
know what servers the target is communicating with. An attacker
can be anywhere on the Internet and can frequently learn the
identity of the target's time source by sending the target a
time query.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p4, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page
If you can't upgrade, restrict who can query ntpd to learn who
its servers are, and what IPs are allowed to ask your system
for the time. This mitigation is heavy-handed.
Monitor your ntpd instances.
Note:
4.2.8p4 protects against the first attack. For the second attack,
all we can do is warn when it is happening, which we do in 4.2.8p4.
Credit: This weakness was discovered by Aanchal Malhotra,
Issac E. Cohen, and Sharon Goldberg of Boston University.
* configuration directives to change "pidfile" and "driftfile" should
only be allowed locally.
References: Sec 2902 / CVE-2015-5196
Affects: All ntp-4 releases up to, but not including 4.2.8p4,
and 4.3.0 up to, but not including 4.3.77
CVSS: (AV:N/AC:H/Au:M/C:N/I:C/A:C) Base Score: 6.2 worst case
Summary: If ntpd is configured to allow for remote configuration,
and if the (possibly spoofed) source IP address is allowed to
send remote configuration requests, and if the attacker knows
the remote configuration password, it's possible for an attacker
to use the "pidfile" or "driftfile" directives to potentially
overwrite other files.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p4, or later, from the NTP Project Download
Page or the NTP Public Services Project Download Page
If you cannot upgrade, don't enable remote configuration.
If you must enable remote configuration and cannot upgrade,
remote configuration of NTF's ntpd requires:
- an explicitly configured trustedkey, and you should also
configure a controlkey.
- access from a permitted IP. You choose the IPs.
- authentication. Don't disable it. Practice secure key safety.
Monitor your ntpd instances.
Credit: This weakness was discovered by Miroslav Lichvar of Red Hat.
* Slow memory leak in CRYPTO_ASSOC
References: Sec 2909 / CVE-2015-7701
Affects: All ntp-4 releases that use autokey up to, but not
including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
CVSS: (AV:N/AC:H/Au:M/C:N/I:N/A:C) Base Score: 0.0 best/usual case,
4.6 otherwise
Summary: If ntpd is configured to use autokey, then an attacker can
send packets to ntpd that will, after several days of ongoing
attack, cause it to run out of memory.
Mitigation:
Don't use autokey.
Upgrade to 4.2.8p4, or later, from the NTP Project Download
Page or the NTP Public Services Project Download Page
Monitor your ntpd instances.
Credit: This weakness was discovered by Tenable Network Security.
* mode 7 loop counter underrun
References: Sec 2913 / CVE-2015-7848 / TALOS-CAN-0052
Affects: All ntp-4 releases up to, but not including 4.2.8p4,
and 4.3.0 up to, but not including 4.3.77
CVSS: (AV:N/AC:H/Au:M/C:N/I:N/A:C) Base Score: 4.6
Summary: If ntpd is configured to enable mode 7 packets, and if the
use of mode 7 packets is not properly protected thru the use of
the available mode 7 authentication and restriction mechanisms,
and if the (possibly spoofed) source IP address is allowed to
send mode 7 queries, then an attacker can send a crafted packet
to ntpd that will cause it to crash.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p4, or later, from the NTP Project Download
Page or the NTP Public Services Project Download Page.
If you are unable to upgrade:
In ntp-4.2.8, mode 7 is disabled by default. Don't enable it.
If you must enable mode 7:
configure the use of a requestkey to control who can issue
mode 7 requests.
configure restrict noquery to further limit mode 7 requests
to trusted sources.
Monitor your ntpd instances.
Credit: This weakness was discovered by Aleksandar Nikolic of Cisco Talos.
* memory corruption in password store
References: Sec 2916 / CVE-2015-7849 / TALOS-CAN-0054
Affects: All ntp-4 releases up to, but not including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
CVSS: (AV:N/AC:H/Au:M/C:N/I:C/A:C) Base Score: 6.8, worst case
Summary: If ntpd is configured to allow remote configuration, and if
the (possibly spoofed) source IP address is allowed to send
remote configuration requests, and if the attacker knows the
remote configuration password or if ntpd was configured to
disable authentication, then an attacker can send a set of
packets to ntpd that may cause a crash or theoretically
perform a code injection attack.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p4, or later, from the NTP Project Download
Page or the NTP Public Services Project Download Page.
If you are unable to upgrade, remote configuration of NTF's
ntpd requires:
an explicitly configured "trusted" key. Only configure
this if you need it.
access from a permitted IP address. You choose the IPs.
authentication. Don't disable it. Practice secure key safety.
Monitor your ntpd instances.
Credit: This weakness was discovered by Yves Younan of Cisco Talos.
* Infinite loop if extended logging enabled and the logfile and
keyfile are the same.
References: Sec 2917 / CVE-2015-7850 / TALOS-CAN-0055
Affects: All ntp-4 releases up to, but not including 4.2.8p4,
and 4.3.0 up to, but not including 4.3.77
CVSS: (AV:N/AC:H/Au:M/C:N/I:N/A:C) Base Score: 4.6, worst case
Summary: If ntpd is configured to allow remote configuration, and if
the (possibly spoofed) source IP address is allowed to send
remote configuration requests, and if the attacker knows the
remote configuration password or if ntpd was configured to
disable authentication, then an attacker can send a set of
packets to ntpd that will cause it to crash and/or create a
potentially huge log file. Specifically, the attacker could
enable extended logging, point the key file at the log file,
and cause what amounts to an infinite loop.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p4, or later, from the NTP Project Download
Page or the NTP Public Services Project Download Page.
If you are unable to upgrade, remote configuration of NTF's ntpd
requires:
an explicitly configured "trusted" key. Only configure this
if you need it.
access from a permitted IP address. You choose the IPs.
authentication. Don't disable it. Practice secure key safety.
Monitor your ntpd instances.
Credit: This weakness was discovered by Yves Younan of Cisco Talos.
* Potential path traversal vulnerability in the config file saving of
ntpd on VMS.
References: Sec 2918 / CVE-2015-7851 / TALOS-CAN-0062
Affects: All ntp-4 releases running under VMS up to, but not
including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
CVSS: (AV:N/AC:H/Au:M/C:N/I:P/A:C) Base Score: 5.2, worst case
Summary: If ntpd is configured to allow remote configuration, and if
the (possibly spoofed) IP address is allowed to send remote
configuration requests, and if the attacker knows the remote
configuration password or if ntpd was configured to disable
authentication, then an attacker can send a set of packets to
ntpd that may cause ntpd to overwrite files.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p4, or later, from the NTP Project Download
Page or the NTP Public Services Project Download Page.
If you are unable to upgrade, remote configuration of NTF's ntpd
requires:
an explicitly configured "trusted" key. Only configure
this if you need it.
access from permitted IP addresses. You choose the IPs.
authentication. Don't disable it. Practice key security safety.
Monitor your ntpd instances.
Credit: This weakness was discovered by Yves Younan of Cisco Talos.
* ntpq atoascii() potential memory corruption
References: Sec 2919 / CVE-2015-7852 / TALOS-CAN-0063
Affects: All ntp-4 releases running up to, but not including 4.2.8p4,
and 4.3.0 up to, but not including 4.3.77
CVSS: (AV:N/AC:H/Au:N/C:N/I:P/A:P) Base Score: 4.0, worst case
Summary: If an attacker can figure out the precise moment that ntpq
is listening for data and the port number it is listening on or
if the attacker can provide a malicious instance ntpd that
victims will connect to then an attacker can send a set of
crafted mode 6 response packets that, if received by ntpq,
can cause ntpq to crash.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p4, or later, from the NTP Project Download
Page or the NTP Public Services Project Download Page.
If you are unable to upgrade and you run ntpq against a server
and ntpq crashes, try again using raw mode. Build or get a
patched ntpq and see if that fixes the problem. Report new
bugs in ntpq or abusive servers appropriately.
If you use ntpq in scripts, make sure ntpq does what you expect
in your scripts.
Credit: This weakness was discovered by Yves Younan and
Aleksander Nikolich of Cisco Talos.
* Invalid length data provided by a custom refclock driver could cause
a buffer overflow.
References: Sec 2920 / CVE-2015-7853 / TALOS-CAN-0064
Affects: Potentially all ntp-4 releases running up to, but not
including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
that have custom refclocks
CVSS: (AV:L/AC:H/Au:M/C:C/I:C/A:C) Base Score: 0.0 usual case,
5.9 unusual worst case
Summary: A negative value for the datalen parameter will overflow a
data buffer. NTF's ntpd driver implementations always set this
value to 0 and are therefore not vulnerable to this weakness.
If you are running a custom refclock driver in ntpd and that
driver supplies a negative value for datalen (no custom driver
of even minimal competence would do this) then ntpd would
overflow a data buffer. It is even hypothetically possible
in this case that instead of simply crashing ntpd the attacker
could effect a code injection attack.
Mitigation:
Upgrade to 4.2.8p4, or later, from the NTP Project Download
Page or the NTP Public Services Project Download Page.
If you are unable to upgrade:
If you are running custom refclock drivers, make sure
the signed datalen value is either zero or positive.
Monitor your ntpd instances.
Credit: This weakness was discovered by Yves Younan of Cisco Talos.
* Password Length Memory Corruption Vulnerability
References: Sec 2921 / CVE-2015-7854 / TALOS-CAN-0065
Affects: All ntp-4 releases up to, but not including 4.2.8p4, and
4.3.0 up to, but not including 4.3.77
CVSS: (AV:N/AC:H/Au:M/C:C/I:C/A:C) Base Score: 0.0 best case,
1.7 usual case, 6.8, worst case
Summary: If ntpd is configured to allow remote configuration, and if
the (possibly spoofed) source IP address is allowed to send
remote configuration requests, and if the attacker knows the
remote configuration password or if ntpd was (foolishly)
configured to disable authentication, then an attacker can
send a set of packets to ntpd that may cause it to crash,
with the hypothetical possibility of a small code injection.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p4, or later, from the NTP Project Download
Page or the NTP Public Services Project Download Page.
If you are unable to upgrade, remote configuration of NTF's
ntpd requires:
an explicitly configured "trusted" key. Only configure
this if you need it.
access from a permitted IP address. You choose the IPs.
authentication. Don't disable it. Practice secure key safety.
Monitor your ntpd instances.
Credit: This weakness was discovered by Yves Younan and
Aleksander Nikolich of Cisco Talos.
* decodenetnum() will ASSERT botch instead of returning FAIL on some
bogus values.
References: Sec 2922 / CVE-2015-7855
Affects: All ntp-4 releases up to, but not including 4.2.8p4, and
4.3.0 up to, but not including 4.3.77
CVSS: (AV:N/AC:H/Au:M/C:N/I:N/A:C) Base Score: 4.6, worst case
Summary: If ntpd is fed a crafted mode 6 or mode 7 packet containing
an unusually long data value where a network address is expected,
the decodenetnum() function will abort with an assertion failure
instead of simply returning a failure condition.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p4, or later, from the NTP Project Download
Page or the NTP Public Services Project Download Page.
If you are unable to upgrade:
mode 7 is disabled by default. Don't enable it.
Use restrict noquery to limit who can send mode 6
and mode 7 requests.
Configure and use the controlkey and requestkey
authentication directives to limit who can
send mode 6 and mode 7 requests.
Monitor your ntpd instances.
Credit: This weakness was discovered by John D "Doug" Birdwell of IDA.org.
* NAK to the Future: Symmetric association authentication bypass via
crypto-NAK.
References: Sec 2941 / CVE-2015-7871
Affects: All ntp-4 releases between 4.2.5p186 up to but not including
4.2.8p4, and 4.3.0 up to but not including 4.3.77
CVSS: (AV:N/AC:L/Au:N/C:N/I:P/A:P) Base Score: 6.4
Summary: Crypto-NAK packets can be used to cause ntpd to accept time
from unauthenticated ephemeral symmetric peers by bypassing the
authentication required to mobilize peer associations. This
vulnerability appears to have been introduced in ntp-4.2.5p186
when the code handling mobilization of new passive symmetric
associations (lines 1103-1165) was refactored.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p4, or later, from the NTP Project Download
Page or the NTP Public Services Project Download Page.
If you are unable to upgrade:
Apply the patch to the bottom of the "authentic" check
block around line 1136 of ntp_proto.c.
Monitor your ntpd instances.
Credit: This weakness was discovered by Stephen Gray <stepgray@cisco.com>.
Backward-Incompatible changes:
* [Bug 2817] Default on Linux is now "rlimit memlock -1".
While the general default of 32M is still the case, under Linux
the default value has been changed to -1 (do not lock ntpd into
memory). A value of 0 means "lock ntpd into memory with whatever
memory it needs." If your ntp.conf file has an explicit "rlimit memlock"
value in it, that value will continue to be used.
* [Bug 2886] Misspelling: "outlyer" should be "outlier".
If you've written a script that looks for this case in, say, the
output of ntpq, you probably want to change your regex matches
from 'outlyer' to 'outl[iy]er'.
New features in this release:
* 'rlimit memlock' now has finer-grained control. A value of -1 means
"don't lock ntpd into memore". This is the default for Linux boxes.
A value of 0 means "lock ntpd into memory" with no limits. Otherwise
the value is the number of megabytes of memory to lock. The default
is 32 megabytes.
* The old Google Test framework has been replaced with a new framework,
based on http://www.throwtheswitch.org/unity/ .
Bug Fixes and Improvements:
* [Bug 2332] (reopened) Exercise thread cancellation once before dropping
privileges and limiting resources in NTPD removes the need to link
forcefully against 'libgcc_s' which does not always work. J.Perlinger
* [Bug 2595] ntpdate man page quirks. Hal Murray, Harlan Stenn.
* [Bug 2625] Deprecate flag1 in local refclock. Hal Murray, Harlan Stenn.
* [Bug 2817] Stop locking ntpd into memory by default under Linux. H.Stenn.
* [Bug 2821] minor build issues: fixed refclock_gpsdjson.c. perlinger@ntp.org
* [Bug 2823] ntpsweep with recursive peers option doesn't work. H.Stenn.
* [Bug 2849] Systems with more than one default route may never
synchronize. Brian Utterback. Note that this patch might need to
be reverted once Bug 2043 has been fixed.
* [Bug 2864] 4.2.8p3 fails to compile on Windows. Juergen Perlinger
* [Bug 2866] segmentation fault at initgroups(). Harlan Stenn.
* [Bug 2867] ntpd with autokey active crashed by 'ntpq -crv'. J.Perlinger
* [Bug 2873] libevent should not include .deps/ in the tarball. H.Stenn
* [Bug 2874] Don't distribute generated sntp/tests/fileHandlingTest.h. H.Stenn
* [Bug 2875] sntp/Makefile.am: Get rid of DIST_SUBDIRS. libevent must
be configured for the distribution targets. Harlan Stenn.
* [Bug 2883] ntpd crashes on exit with empty driftfile. Miroslav Lichvar.
* [Bug 2886] Mis-spelling: "outlyer" should be "outlier". dave@horsfall.org
* [Bug 2888] streamline calendar functions. perlinger@ntp.org
* [Bug 2889] ntp-dev-4.3.67 does not build on Windows. perlinger@ntp.org
* [Bug 2890] Ignore ENOBUFS on routing netlink socket. Konstantin Khlebnikov.
* [Bug 2906] make check needs better support for pthreads. Harlan Stenn.
* [Bug 2907] dist* build targets require our libevent/ to be enabled. HStenn.
* [Bug 2912] no munlockall() under Windows. David Taylor, Harlan Stenn.
* libntp/emalloc.c: Remove explicit include of stdint.h. Harlan Stenn.
* Put Unity CPPFLAGS items in unity_config.h. Harlan Stenn.
* tests/ntpd/g_leapsec.cpp typo fix. Harlan Stenn.
* Phase 1 deprecation of google test in sntp/tests/. Harlan Stenn.
* On some versions of HP-UX, inttypes.h does not include stdint.h. H.Stenn.
* top_srcdir can change based on ntp v. sntp. Harlan Stenn.
* sntp/tests/ function parameter list cleanup. Damir Tomić.
* tests/libntp/ function parameter list cleanup. Damir Tomić.
* tests/ntpd/ function parameter list cleanup. Damir Tomić.
* sntp/unity/unity_config.h: handle stdint.h. Harlan Stenn.
* sntp/unity/unity_internals.h: handle *INTPTR_MAX on old Solaris. H.Stenn.
* tests/libntp/timevalops.c and timespecops.c fixed error printing. D.Tomić.
* tests/libntp/ improvements in code and fixed error printing. Damir Tomić.
* tests/libntp: a_md5encrypt.c, authkeys.c, buftvtots.c, calendar.c, caljulian.c,
caltontp.c, clocktime.c, humandate.c, hextolfp.c, decodenetnum.c - fixed
formatting; first declaration, then code (C90); deleted unnecessary comments;
changed from sprintf to snprintf; fixed order of includes. Tomasz Flendrich
* tests/libntp/lfpfunc.c remove unnecessary include, remove old comments,
fix formatting, cleanup. Tomasz Flendrich
* tests/libntp/lfptostr.c remove unnecessary include, add consts, fix formatting.
Tomasz Flendrich
* tests/libntp/statestr.c remove empty functions, remove unnecessary include,
fix formatting. Tomasz Flendrich
* tests/libntp/modetoa.c fixed formatting. Tomasz Flendrich
* tests/libntp/msyslog.c fixed formatting. Tomasz Flendrich
* tests/libntp/numtoa.c deleted unnecessary empty functions, fixed formatting.
Tomasz Flendrich
* tests/libntp/numtohost.c added const, fixed formatting. Tomasz Flendrich
* tests/libntp/refnumtoa.c fixed formatting. Tomasz Flendrich
* tests/libntp/ssl_init.c fixed formatting. Tomasz Flendrich
* tests/libntp/tvtots.c fixed a bug, fixed formatting. Tomasz Flendrich
* tests/libntp/uglydate.c removed an unnecessary include. Tomasz Flendrich
* tests/libntp/vi64ops.c removed an unnecessary comment, fixed formatting.
* tests/libntp/ymd3yd.c removed an empty function and an unnecessary include,
fixed formatting. Tomasz Flendrich
* tests/libntp/timespecops.c fixed formatting, fixed the order of includes,
removed unnecessary comments, cleanup. Tomasz Flendrich
* tests/libntp/timevalops.c fixed the order of includes, deleted unnecessary
comments, cleanup. Tomasz Flendrich
* tests/libntp/sockaddrtest.h making it agree to NTP's conventions of formatting.
Tomasz Flendrich
* tests/libntp/lfptest.h cleanup. Tomasz Flendrich
* tests/libntp/test-libntp.c fix formatting. Tomasz Flendrich
* sntp/tests/crypto.c is now using proper Unity's assertions, fixed formatting.
Tomasz Flendrich
* sntp/tests/kodDatabase.c added consts, deleted empty function,
fixed formatting. Tomasz Flendrich
* sntp/tests/kodFile.c cleanup, fixed formatting. Tomasz Flendrich
* sntp/tests/packetHandling.c is now using proper Unity's assertions,
fixed formatting, deleted unused variable. Tomasz Flendrich
* sntp/tests/keyFile.c is now using proper Unity's assertions, fixed formatting.
Tomasz Flendrich
* sntp/tests/packetProcessing.c changed from sprintf to snprintf,
fixed formatting. Tomasz Flendrich
* sntp/tests/utilities.c is now using proper Unity's assertions, changed
the order of includes, fixed formatting, removed unnecessary comments.
Tomasz Flendrich
* sntp/tests/sntptest.h fixed formatting. Tomasz Flendrich
* sntp/tests/fileHandlingTest.h.in fixed a possible buffer overflow problem,
made one function do its job, deleted unnecessary prints, fixed formatting.
Tomasz Flendrich
* sntp/unity/Makefile.am added a missing header. Tomasz Flendrich
* sntp/unity/unity_config.h: Distribute it. Harlan Stenn.
* sntp/libevent/evconfig-private.h: remove generated filefrom SCM. H.Stenn.
* sntp/unity/Makefile.am: fix some broken paths. Harlan Stenn.
* sntp/unity/unity.c: Clean up a printf(). Harlan Stenn.
* Phase 1 deprecation of google test in tests/libntp/. Harlan Stenn.
* Don't build sntp/libevent/sample/. Harlan Stenn.
* tests/libntp/test_caltontp needs -lpthread. Harlan Stenn.
* br-flock: --enable-local-libevent. Harlan Stenn.
* Wrote tests for ntpd/ntp_prio_q.c. Tomasz Flendrich
* scripts/lib/NTP/Util.pm: stratum output is version-dependent. Harlan Stenn.
* Get rid of the NTP_ prefix on our assertion macros. Harlan Stenn.
* Code cleanup. Harlan Stenn.
* libntp/icom.c: Typo fix. Harlan Stenn.
* util/ntptime.c: initialization nit. Harlan Stenn.
* ntpd/ntp_peer.c:newpeer(): added a DEBUG_REQUIRE(srcadr). Harlan Stenn.
* Add std_unity_tests to various Makefile.am files. Harlan Stenn.
* ntpd/ntp_restrict.c: added a few assertions, created tests for this file.
Tomasz Flendrich
* Changed progname to be const in many files - now it's consistent. Tomasz
Flendrich
* Typo fix for GCC warning suppression. Harlan Stenn.
* Added tests/ntpd/ntp_scanner.c test. Damir Tomić.
* Added declarations to all Unity tests, and did minor fixes to them.
Reduced the number of warnings by half. Damir Tomić.
* Updated generate_test_runner.rb and updated the sntp/unity/auto directory
with the latest Unity updates from Mark. Damir Tomić.
* Retire google test - phase I. Harlan Stenn.
* Unity test cleanup: move declaration of 'initializing'. Harlan Stenn.
* Update the NEWS file. Harlan Stenn.
* Autoconf cleanup. Harlan Stenn.
* Unit test dist cleanup. Harlan Stenn.
* Cleanup various test Makefile.am files. Harlan Stenn.
* Pthread autoconf macro cleanup. Harlan Stenn.
* Fix progname definition in unity runner scripts. Harlan Stenn.
* Clean trailing whitespace in tests/ntpd/Makefile.am. Harlan Stenn.
* Update the patch for bug 2817. Harlan Stenn.
* More updates for bug 2817. Harlan Stenn.
* Fix bugs in tests/ntpd/ntp_prio_q.c. Harlan Stenn.
* gcc on older HPUX may need +allowdups. Harlan Stenn.
* Adding missing MCAST protection. Harlan Stenn.
* Disable certain test programs on certain platforms. Harlan Stenn.
* Implement --enable-problem-tests (on by default). Harlan Stenn.
* build system tweaks. Harlan Stenn.
---
NTP 4.2.8p3 (Harlan Stenn <stenn@ntp.org>, 2015/06/29)

1
aclocal.m4 vendored
View File

@ -1355,6 +1355,7 @@ m4_include([sntp/m4/ntp_lineeditlibs.m4])
m4_include([sntp/m4/ntp_locinfo.m4])
m4_include([sntp/m4/ntp_openssl.m4])
m4_include([sntp/m4/ntp_pkg_config.m4])
m4_include([sntp/m4/ntp_problemtests.m4])
m4_include([sntp/m4/ntp_prog_cc.m4])
m4_include([sntp/m4/ntp_rlimit.m4])
m4_include([sntp/m4/ntp_sntp.m4])

4
adjtimed/Makefile.in
View File

@ -124,6 +124,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ntp_locinfo.m4 \
$(top_srcdir)/sntp/m4/ntp_openssl.m4 \
$(top_srcdir)/sntp/m4/ntp_pkg_config.m4 \
$(top_srcdir)/sntp/m4/ntp_problemtests.m4 \
$(top_srcdir)/sntp/m4/ntp_prog_cc.m4 \
$(top_srcdir)/sntp/m4/ntp_rlimit.m4 \
$(top_srcdir)/sntp/m4/ntp_sntp.m4 \
@ -229,6 +230,7 @@ AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
BUILD_THREAD = @BUILD_THREAD@
CALC_TICKADJ_DB = @CALC_TICKADJ_DB@
CALC_TICKADJ_DL = @CALC_TICKADJ_DL@
CALC_TICKADJ_DS = @CALC_TICKADJ_DS@
@ -237,6 +239,7 @@ CALC_TICKADJ_NI = @CALC_TICKADJ_NI@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CFLAGS_LIBEVENT = @CFLAGS_LIBEVENT@
CFLAGS_NTP = @CFLAGS_NTP@
CHUTEST = @CHUTEST@
CONFIG_SHELL = @CONFIG_SHELL@
@ -298,6 +301,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
LIPO = @LIPO@
LN_S = @LN_S@
LSCF = @LSCF@
LTHREAD_LIBS = @LTHREAD_LIBS@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MAKE_ADJTIMED = @MAKE_ADJTIMED@

2
adjtimed/adjtimed.c
View File

@ -58,7 +58,7 @@ void Exit (int);
/* emacs cc-mode goes nuts if we split the next line... */
#define tvtod(tv) ((double)tv.tv_sec + ((double)tv.tv_usec / (double)MILLION))
char *progname = NULL;
char const *progname = NULL;
int verbose = 0;
int sysdebug = 0;
static int mqid;

4
clockstuff/Makefile.in
View File

@ -117,6 +117,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ntp_locinfo.m4 \
$(top_srcdir)/sntp/m4/ntp_openssl.m4 \
$(top_srcdir)/sntp/m4/ntp_pkg_config.m4 \
$(top_srcdir)/sntp/m4/ntp_problemtests.m4 \
$(top_srcdir)/sntp/m4/ntp_prog_cc.m4 \
$(top_srcdir)/sntp/m4/ntp_rlimit.m4 \
$(top_srcdir)/sntp/m4/ntp_sntp.m4 \
@ -224,6 +225,7 @@ AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
BUILD_THREAD = @BUILD_THREAD@
CALC_TICKADJ_DB = @CALC_TICKADJ_DB@
CALC_TICKADJ_DL = @CALC_TICKADJ_DL@
CALC_TICKADJ_DS = @CALC_TICKADJ_DS@
@ -232,6 +234,7 @@ CALC_TICKADJ_NI = @CALC_TICKADJ_NI@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CFLAGS_LIBEVENT = @CFLAGS_LIBEVENT@
CFLAGS_NTP = @CFLAGS_NTP@
CHUTEST = @CHUTEST@
CONFIG_SHELL = @CONFIG_SHELL@
@ -293,6 +296,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
LIPO = @LIPO@
LN_S = @LN_S@
LSCF = @LSCF@
LTHREAD_LIBS = @LTHREAD_LIBS@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MAKE_ADJTIMED = @MAKE_ADJTIMED@

2
clockstuff/chutest.c
View File

@ -56,7 +56,7 @@ struct chucode {
#define STREQ(a, b) (*(a) == *(b) && strcmp((a), (b)) == 0)
char *progname;
char const *progname;
int dofilter = 0; /* set to 1 when we should run filter algorithm */
int showtimes = 0; /* set to 1 when we should show char arrival times */

2
clockstuff/propdelay.c
View File

@ -117,7 +117,7 @@ int Cflag = 0;
int Gflag = 0;
int height;
char *progname;
char const *progname;
static void doit (double, double, double, double, double, char *);
static double latlong (char *, int);

243
configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for ntp 4.2.8p3.
# Generated by GNU Autoconf 2.69 for ntp 4.2.8p4.
#
# Report bugs to <http://bugs.ntp.org./>.
#
@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='ntp'
PACKAGE_TARNAME='ntp'
PACKAGE_VERSION='4.2.8p3'
PACKAGE_STRING='ntp 4.2.8p3'
PACKAGE_VERSION='4.2.8p4'
PACKAGE_STRING='ntp 4.2.8p4'
PACKAGE_BUGREPORT='http://bugs.ntp.org./'
PACKAGE_URL='http://www.ntp.org./'
@ -639,6 +639,12 @@ LTLIBOBJS
subdirs
PERLLIBDIR
NTP_KEYSDIR
BUILD_TEST_NTP_SIGND_FALSE
BUILD_TEST_NTP_SIGND_TRUE
BUILD_TEST_NTP_SCANNER_FALSE
BUILD_TEST_NTP_SCANNER_TRUE
BUILD_TEST_NTP_RESTRICT_FALSE
BUILD_TEST_NTP_RESTRICT_TRUE
GTEST_AVAILABLE_FALSE
GTEST_AVAILABLE_TRUE
GTEST_CPPFLAGS
@ -689,6 +695,8 @@ PTHREADS_FALSE
PTHREADS_TRUE
LIBISC_PTHREADS_NOTHREADS
PTHREAD_LIBS
LTHREAD_LIBS
BUILD_THREAD
HAVE_INLINE
LDADD_LIBUTIL
ALLOCA
@ -701,6 +709,7 @@ BUILD_LIBEVENT_FALSE
BUILD_LIBEVENT_TRUE
LDADD_LIBEVENT
CPPFLAGS_LIBEVENT
CFLAGS_LIBEVENT
PKG_CONFIG
LIBOPTS_DIR
LIBOPTS_CFLAGS
@ -1050,6 +1059,7 @@ enable_getifaddrs
enable_saveconfig
enable_leap_smear
with_gtest
enable_problem_tests
'
ac_precious_vars='build_alias
host_alias
@ -1606,7 +1616,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures ntp 4.2.8p3 to adapt to many kinds of systems.
\`configure' configures ntp 4.2.8p4 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1676,7 +1686,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of ntp 4.2.8p3:";;
short | recursive ) echo "Configuration of ntp 4.2.8p4:";;
esac
cat <<\_ACEOF
@ -1724,7 +1734,7 @@ Optional Features and Packages:
--enable-libseccomp EXPERIMENTAL: enable support for libseccomp
sandboxing (default is no)
--with-stack-limit ? =50 (200 for openbsd) 4k pages
--with-memlock ? =32 (megabytes)
--with-memlock ? =32 (-1 on linux) megabytes
--enable-debug-timing - include processing time debugging code (costs
performance)
--enable-dst-minutes =60 minutes per DST adjustment
@ -1821,6 +1831,7 @@ Optional Features and Packages:
--enable-saveconfig + saveconfig mechanism
--enable-leap-smear - experimental leap smear code
--with-gtest Use the gtest framework (Default: if it's available)
--enable-problem-tests + enable tests with undiagnosed problems
Some influential environment variables:
CC C compiler command
@ -1908,7 +1919,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
ntp configure 4.2.8p3
ntp configure 4.2.8p4
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2738,7 +2749,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by ntp $as_me 4.2.8p3, which was
It was created by ntp $as_me 4.2.8p4, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -3117,6 +3128,12 @@ ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu
@ -3733,7 +3750,7 @@ fi
# Define the identity of the package.
PACKAGE='ntp'
VERSION='4.2.8p3'
VERSION='4.2.8p4'
cat >>confdefs.h <<_ACEOF
@ -6768,7 +6785,7 @@ esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking additional compiler flags" >&5
$as_echo_n "checking additional compiler flags... " >&6; }
# allow ntp_os_flags to be preset to skip this stuff
# allow ntp_os_cflags to be preset to skip this stuff
case "${ntp_os_cflags+set}" in
set)
;;
@ -6856,7 +6873,7 @@ $as_echo_n "checking additional compiler flags... " >&6; }
;;
esac
esac
case "$ntp_os_flags" in
case "$ntp_os_cflags" in
'')
ntp_os_cflags_msg="none needed"
;;
@ -6867,6 +6884,38 @@ $as_echo_n "checking additional compiler flags... " >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_os_cflags_msg" >&5
$as_echo "$ntp_os_cflags_msg" >&6; }
{ ntp_os_cflags_msg=; unset ntp_os_cflags_msg;}
###
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking additional linker flags" >&5
$as_echo_n "checking additional linker flags... " >&6; }
# HMS: The following might still need tweaking
# allow ntp_os_ldflags to be preset to skip this stuff
case "${ntp_os_ldflags+set}" in
set)
;;
*)
ntp_os_ldflags=
case "$host_os" in
hpux*)
case "$GCC" in
yes)
ntp_os_ldflags="-Wl,+allowdups"
;;
esac
;;
esac
;;
esac
case "$ntp_os_ldflags" in
'')
ntp_os_ldflags_msg="none needed"
;;
*)
ntp_os_ldflags_msg="$ntp_os_ldflags"
esac
LDFLAGS_NTP="$LDFLAGS_NTP $ntp_os_ldflags"
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_os_ldflags_msg" >&5
$as_echo "$ntp_os_ldflags_msg" >&6; }
{ ntp_os_ldflags_msg=; unset ntp_os_ldflags_msg;}
@ -19945,6 +19994,7 @@ ntp_libevent_tearoff=sntp/libevent
case "$ntp_use_local_libevent" in
yes)
;;
@ -19958,6 +20008,7 @@ $as_echo_n "checking if libevent $ntp_libevent_min_version or later is installed
ntp_use_local_libevent=no
{ $as_echo "$as_me:${as_lineno-$LINENO}: Using the installed libevent" >&5
$as_echo "$as_me: Using the installed libevent" >&6;}
CFLAGS_LIBEVENT=`$PKG_CONFIG --cflags libevent_pthreads`
CPPFLAGS_LIBEVENT=`$PKG_CONFIG --cflags-only-I libevent`
# HMS: I hope the following is accurate.
# We don't need -levent, we only need -levent_core.
@ -19987,6 +20038,9 @@ $as_echo "$as_me: Using the installed libevent" >&6;}
$as_echo "yes" >&6; }
else
ntp_use_local_libevent=yes
# HMS: do we only need to do this if LIBISC_PTHREADS_NOTHREADS
# is "pthreads"?
CFLAGS_LIBEVENT=`$PKG_CONFIG --cflags libevent_pthreads`
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
@ -20012,6 +20066,7 @@ $as_echo "$as_me: Using libevent tearoff" >&6;}
esac
esac
if test "x$ntp_use_local_libevent" = "xyes"; then
BUILD_LIBEVENT_TRUE=
BUILD_LIBEVENT_FALSE='#'
@ -22941,7 +22996,8 @@ fi
have_pthreads=no
case "$enable_thread_support" in
yes)
no) ;;
*)
ol_found_pthreads=no
@ -26358,6 +26414,9 @@ $as_echo "$ol_cv_pthread_lib_lpthreads" >&6; }
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: ol_link_threads: <$ol_link_threads> ol_link_pthreads <$ol_link_pthreads>" >&5
$as_echo "$as_me: ol_link_threads: <$ol_link_threads> ol_link_pthreads <$ol_link_pthreads>" >&6;}
if test $ol_link_threads != no ; then
LTHREAD_LIBS="$LTHREAD_LIBS $ol_link_pthreads"
@ -27398,6 +27457,10 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $
ac_compiler_gnu=$ac_cv_c_compiler_gnu
case "$ol_found_pthreads" in
yes)
saved_LIBS="$LIBS"
@ -27423,56 +27486,6 @@ done
yes)
PTHREAD_LIBS="$LTHREAD_LIBS"
have_pthreads=yes
# Bug 2332: With GCC we need to force a reference to libgcc_s
# (if libgcc_s exists) or the combination of
# threads + setuid + mlockall does not work on linux because
# thread cancellation fails to load libgcc_s with dlopen().
# We have to pass this all as linker options to avoid argument
# reordering by libtool.
case "$GCC$with_gnu_ld" in
yesyes)
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for exit in -lgcc_s" >&5
$as_echo_n "checking for exit in -lgcc_s... " >&6; }
if ${ac_cv_lib_gcc_s_exit+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lgcc_s $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char exit ();
int
main ()
{
return exit ();
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
ac_cv_lib_gcc_s_exit=yes
else
ac_cv_lib_gcc_s_exit=no
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gcc_s_exit" >&5
$as_echo "$ac_cv_lib_gcc_s_exit" >&6; }
if test "x$ac_cv_lib_gcc_s_exit" = xyes; then :
PTHREAD_LIBS="$LTHREAD_LIBS -Wl,--no-as-needed,-lgcc_s,--as-needed"
fi
;;
esac
esac
esac
esac
@ -31236,10 +31249,15 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_rlimit_memlock" >&5
$as_echo "$ntp_cv_rlimit_memlock" >&6; }
case "$host" in
*-*-*linux*)
ntp_dflt_rlimit_memlock="-1" ;;
*) ntp_dflt_rlimit_memlock="32" ;;
esac
case "$ntp_cv_rlimit_memlock" in
yes)
HAVE_RLIMIT_MEMLOCK=" memlock 32"
HAVE_RLIMIT_MEMLOCK=" memlock $ntp_dflt_rlimit_memlock" ;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for RLIMIT_STACK" >&5
@ -31288,8 +31306,6 @@ case "$ntp_cv_rlimit_stack" in
HAVE_RLIMIT_STACK=" stacksize 50"
esac
# HMS: Only if we are doing the MLOCKALL stuff...
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for the default number of 4k stack pages" >&5
$as_echo_n "checking for the default number of 4k stack pages... " >&6; }
@ -31339,7 +31355,7 @@ fi
case "$ans" in
yes | no)
ans=32
ans=$ntp_dflt_rlimit_memlock
;;
[1-9][0-9]*) ;;
*) as_fn_error $? "\"--with-memlock requires an integer argument.\"" "$LINENO" 5
@ -31354,6 +31370,7 @@ _ACEOF
# some OSes prefer _exit() in forked children to exit()
for ac_func in _exit
do :
@ -36995,6 +37012,81 @@ fi
case "$build" in
$host) cross=0 ;;
*) cross=1 ;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we want to enable tests with undiagnosed problems" >&5
$as_echo_n "checking if we want to enable tests with undiagnosed problems... " >&6; }
# Check whether --enable-problem-tests was given.
if test "${enable_problem_tests+set}" = set; then :
enableval=$enable_problem_tests; ntp_ept=$enableval
else
ntp_ept=yes
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_ept" >&5
$as_echo "$ntp_ept" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can run test-ntp_restrict" >&5
$as_echo_n "checking if we can run test-ntp_restrict... " >&6; }
ntp_test_ntp_restrict="no"
case "$ntp_ept:$cross:$host" in
no:0:*-*-solaris*) ;;
no:0:*-*-hpux-11.23*) ;;
*) ntp_test_ntp_restrict="yes" ;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_test_ntp_restrict" >&5
$as_echo "$ntp_test_ntp_restrict" >&6; }
if test x$ntp_test_ntp_restrict = xyes; then
BUILD_TEST_NTP_RESTRICT_TRUE=
BUILD_TEST_NTP_RESTRICT_FALSE='#'
else
BUILD_TEST_NTP_RESTRICT_TRUE='#'
BUILD_TEST_NTP_RESTRICT_FALSE=
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can run test-ntp_scanner" >&5
$as_echo_n "checking if we can run test-ntp_scanner... " >&6; }
ntp_test_ntp_scanner="no"
case "$ntp_ept:$cross:$host" in
no:0:*-*-solaris*) ;;
*) ntp_test_ntp_scanner="yes" ;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_test_ntp_scanner" >&5
$as_echo "$ntp_test_ntp_scanner" >&6; }
if test x$ntp_test_ntp_scanner = xyes; then
BUILD_TEST_NTP_SCANNER_TRUE=
BUILD_TEST_NTP_SCANNER_FALSE='#'
else
BUILD_TEST_NTP_SCANNER_TRUE='#'
BUILD_TEST_NTP_SCANNER_FALSE=
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can run test-ntp_signd" >&5
$as_echo_n "checking if we can run test-ntp_signd... " >&6; }
ntp_test_ntp_signd="no"
case "$ntp_ept:$cross:$host" in
no:0:*-*-solaris*) ;;
*) ntp_test_ntp_signd="yes" ;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_test_ntp_signd" >&5
$as_echo "$ntp_test_ntp_signd" >&6; }
if test x$ntp_test_ntp_signd = xyes; then
BUILD_TEST_NTP_SIGND_TRUE=
BUILD_TEST_NTP_SIGND_FALSE='#'
else
BUILD_TEST_NTP_SIGND_TRUE='#'
BUILD_TEST_NTP_SIGND_FALSE=
fi
###
@ -37091,6 +37183,8 @@ ac_config_files="$ac_config_files tests/libntp/Makefile"
ac_config_files="$ac_config_files tests/ntpd/Makefile"
ac_config_files="$ac_config_files tests/ntpq/Makefile"
ac_config_files="$ac_config_files tests/sandbox/Makefile"
ac_config_files="$ac_config_files tests/sec-2853/Makefile"
@ -37333,6 +37427,18 @@ if test -z "${GTEST_AVAILABLE_TRUE}" && test -z "${GTEST_AVAILABLE_FALSE}"; then
as_fn_error $? "conditional \"GTEST_AVAILABLE\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${BUILD_TEST_NTP_RESTRICT_TRUE}" && test -z "${BUILD_TEST_NTP_RESTRICT_FALSE}"; then
as_fn_error $? "conditional \"BUILD_TEST_NTP_RESTRICT\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${BUILD_TEST_NTP_SCANNER_TRUE}" && test -z "${BUILD_TEST_NTP_SCANNER_FALSE}"; then
as_fn_error $? "conditional \"BUILD_TEST_NTP_SCANNER\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${BUILD_TEST_NTP_SIGND_TRUE}" && test -z "${BUILD_TEST_NTP_SIGND_FALSE}"; then
as_fn_error $? "conditional \"BUILD_TEST_NTP_SIGND\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
: "${CONFIG_STATUS=./config.status}"
ac_write_fail=0
@ -37730,7 +37836,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by ntp $as_me 4.2.8p3, which was
This file was extended by ntp $as_me 4.2.8p4, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -37797,7 +37903,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
ntp config.status 4.2.8p3
ntp config.status 4.2.8p4
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
@ -38344,6 +38450,7 @@ do
"tests/bug-2803/Makefile") CONFIG_FILES="$CONFIG_FILES tests/bug-2803/Makefile" ;;
"tests/libntp/Makefile") CONFIG_FILES="$CONFIG_FILES tests/libntp/Makefile" ;;
"tests/ntpd/Makefile") CONFIG_FILES="$CONFIG_FILES tests/ntpd/Makefile" ;;
"tests/ntpq/Makefile") CONFIG_FILES="$CONFIG_FILES tests/ntpq/Makefile" ;;
"tests/sandbox/Makefile") CONFIG_FILES="$CONFIG_FILES tests/sandbox/Makefile" ;;
"tests/sec-2853/Makefile") CONFIG_FILES="$CONFIG_FILES tests/sec-2853/Makefile" ;;
"util/Makefile") CONFIG_FILES="$CONFIG_FILES util/Makefile" ;;

58
configure.ac
View File

@ -11,6 +11,7 @@ AC_INIT(
)
AC_CONFIG_MACRO_DIR([sntp/m4])
AC_CONFIG_AUX_DIR([sntp/libevent/build-aux])
AC_LANG([C])
AC_PRESERVE_HELP_ORDER
@ -928,60 +929,6 @@ esac
NTP_RLIMIT_ITEMS
# HMS: Only if we are doing the MLOCKALL stuff...
AC_MSG_CHECKING([for the default number of 4k stack pages])
AC_ARG_WITH(
[stack-limit],
[AS_HELP_STRING(
[--with-stack-limit],
[? =50 (200 for openbsd) 4k pages]
)],
[ans=$withval],
[ans=yes]
)
case "$ans" in
yes | no)
case "$host" in
*-*-openbsd*)
ans=200
;;
*) ans=50
;;
esac
;;
[[1-9]][[0-9]]*)
;;
*) AC_MSG_ERROR(["--with-stack-limit requires an integer argument."])
;;
esac
AC_MSG_RESULT([$ans])
AC_DEFINE_UNQUOTED([DFLT_RLIMIT_STACK], [$ans],
[Default number of 4k pages for RLIMIT_STACK])
# HMS: only if we have RLIMIT_MEMLOCK
AC_MSG_CHECKING([for the default number of megabytes to MEMLOCK])
AC_ARG_WITH(
[memlock],
[AS_HELP_STRING(
[--with-memlock],
[? =32 (megabytes)]
)],
[ans=$withval],
[ans=yes]
)
case "$ans" in
yes | no)
ans=32
;;
[[1-9]][[0-9]]*) ;;
*) AC_MSG_ERROR(["--with-memlock requires an integer argument."])
;;
esac
AC_MSG_RESULT([$ans])
AC_DEFINE_UNQUOTED([DFLT_RLIMIT_MEMLOCK], [$ans],
[Default number of megabytes for RLIMIT_MEMLOCK])
# some OSes prefer _exit() in forked children to exit()
AC_CHECK_FUNCS([_exit])
ntp_worker_child_exit=exit
@ -4382,6 +4329,8 @@ dnl require a C++ compiler only if we will use gtest, but AC_PROG_CXX
dnl can't be conditionalized.
NTP_GOOGLETEST
NTP_PROBLEM_TESTS
###
AC_DEFINE_DIR([NTP_KEYSDIR], [sysconfdir],
@ -4425,6 +4374,7 @@ AC_CONFIG_FILES([tests/Makefile])
AC_CONFIG_FILES([tests/bug-2803/Makefile])
AC_CONFIG_FILES([tests/libntp/Makefile])
AC_CONFIG_FILES([tests/ntpd/Makefile])
AC_CONFIG_FILES([tests/ntpq/Makefile])
AC_CONFIG_FILES([tests/sandbox/Makefile])
AC_CONFIG_FILES([tests/sec-2853/Makefile])
AC_CONFIG_FILES([util/Makefile])

4
html/decode.html
View File

@ -11,7 +11,7 @@
<img src="pic/alice47.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
<p>Caterpillar knows all the error codes, which is more than most of us do.</p>
<p>Last update:
<!-- #BeginDate format:En2m -->16-Jul-2014 04:48<!-- #EndDate -->
<!-- #BeginDate format:En2m -->26-Jul-2015 06:26<!-- #EndDate -->
UTC</p>
</p>
<br clear="left">
@ -296,7 +296,7 @@
</tr>
<tr>
<td><tt>3</tt></td>
<td><tt>sel_outlyer</tt></td>
<td><tt>sel_outlier</tt></td>
<td><tt>-</tt></td>
<td>discarded by the cluster algorithm</td>
</tr>

4
html/miscopt.html
View File

@ -11,7 +11,7 @@
<img src="pic/boom3.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
<p>We have three, now looking for more.</p>
<p>Last update:
<!-- #BeginDate format:En2m -->29-Jun-2015 05:56<!-- #EndDate -->
<!-- #BeginDate format:En2m -->23-Sep-2015 10:20<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
@ -105,7 +105,7 @@
<dd>
<dl>
<dt><tt>memlock <i>Nmegabytes</i></tt></dt>
<dd>Specify the number of megabytes of memory that can be allocated. Probably only available under Linux, this option is useful when dropping root (the <tt>-i</tt> option). The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory.</dd>
<dd>Specify the number of megabytes of memory that should be allocated and locked. Probably only available under Linux, this option may be useful when dropping root (the <tt>-i</tt> option). The default is 32 megabytes on non-Linux machines, and -1 under Linux. -1 means "do not lock the process into memory". 0 means "lock whatever memory the process wants into memory".</dd>
<dt><tt>stacksize <i>N4kPages</i></tt></dt>
<dd>Specifies the maximum size of the process stack on systems with the <tt>mlockall()</tt> function. Defaults to 50 4k pages (200 4k pages in OpenBSD).</dd>
<dt><tt>filenum <i>Nfiledescriptors</i></tt></dt>

48
html/stats.html
View File

@ -7,9 +7,9 @@
<link href="scripts/style.css" type="text/css" rel="stylesheet">
</head>
<body>
<h3>Performance Metrics</h3>
<h3>Performance Metrics</h3>
<p>Last update:
<!-- #BeginDate format:En2m -->10-Mar-2014 05:23<!-- #EndDate -->
<!-- #BeginDate format:En2m -->26-Jul-2015 06:29<!-- #EndDate -->
UTC</p>
<h4>Related Links</h4>
<script type="text/javascript" language="javascript" src="scripts/special.txt"></script>
@ -25,45 +25,45 @@
<p>This page describes several statistics provided in the NTP specification and reference implementation and how they determine the accuracy and error measured during routine and exceptional operation. These statistics provide the following information.</p>
<ul>
<li>Nominal estimate of the server clock time relative to the client clock time. This is called <em>clock offset</em> symbolized by the Greek letter &theta;.</li>
<li>Roundtrip system and network delay measured by the on-wire protocol. This is call <em>roundtrip delay</em> symbolized by the Greek letter &delta;.</li>
<li>Potential clock offset error due to the maximum uncorrected system clock frequency error. This is called <em>dispersion</em> symbolized by the Greek letter &epsilon;.</li>
<li>Expected error, consisting of the root mean square (RMS) nominal clock offset sample differencess in a sliding window of several samples. This is called <em>jitter</em> symbolized by the Greek letter &phi;.</li>
<li>Nominal estimate of the server clock time relative to the client clock time. This is called <em>clock offset</em> symbolized by the Greek letter &theta;.</li>
<li>Roundtrip system and network delay measured by the on-wire protocol. This is call <em>roundtrip delay</em> symbolized by the Greek letter &delta;.</li>
<li>Potential clock offset error due to the maximum uncorrected system clock frequency error. This is called <em>dispersion</em> symbolized by the Greek letter &epsilon;.</li>
<li>Expected error, consisting of the root mean square (RMS) nominal clock offset sample differencess in a sliding window of several samples. This is called <em>jitter</em> symbolized by the Greek letter &phi;.</li>
</ul>
<p> Figure 1 shows how the various measured statistics are collected and compiled to calibrate NTP performance.</p>
<div align="center">
<img src="pic/stats.gif" alt="gif">
<p>Figure 1. Statistics Budget</p>
</div>
<p>The data represented in boxes labeled Server are contained in fields in packet received from the server. The data represented in boxes labeled Peer are computed by the on-wire protocol, as described below. The algorithms of the box labeled Selection and Combining Algorithms process the peer data to select a system peer. The System box represents summary data inherited from the system peer. These data are available to application programs and dependent downstream clients.</p>
<p>The data represented in boxes labeled Server are contained in fields in packet received from the server. The data represented in boxes labeled Peer are computed by the on-wire protocol, as described below. The algorithms of the box labeled Selection and Combining Algorithms process the peer data to select a system peer. The System box represents summary data inherited from the system peer. These data are available to application programs and dependent downstream clients.</p>
<h4 id="budget">2. Statistics Summary</h4>
<p>Each NTP synchronization source is characterized by the offset &theta; and delay &delta; samples measured by the on-wire protocol, as described on the <a href="warp.html">How NTP Works</a> page. In addition, the dispersion &epsilon; sample is initialized with the sum of the source precision &rho;<sub>R</sub> and the client precision &rho; (not shown) as each source packet is received. The dispersion increases at a rate of 15 &mu;s/s after that. For this purpose, the precision is equal to the latency to read the system clock. The offset, delay and dispersion are called the sample statistics.</p>
<p>Each NTP synchronization source is characterized by the offset &theta; and delay &delta; samples measured by the on-wire protocol, as described on the <a href="warp.html">How NTP Works</a> page. In addition, the dispersion &epsilon; sample is initialized with the sum of the source precision &rho;<sub>R</sub> and the client precision &rho; (not shown) as each source packet is received. The dispersion increases at a rate of 15 &mu;s/s after that. For this purpose, the precision is equal to the latency to read the system clock. The offset, delay and dispersion are called the sample statistics.</p>
<blockquote>
<p>Note. In very fast networks where the client clock frequency is not within 1 PPM or so of the the server clock frequency, the roundtrip delay may have small negative values. This is usually a temporary condition when the client is first started. When using the roundtrip delay in calculations, negative values are assumed zero.</p>
<p>Note. In very fast networks where the client clock frequency is not within 1 PPM or so of the the server clock frequency, the roundtrip delay may have small negative values. This is usually a temporary condition when the client is first started. When using the roundtrip delay in calculations, negative values are assumed zero.</p>
</blockquote>
<p> In a window of eight (offset, delay, dispersion) samples, the algorithm described on the <a href="filter.html">Clock Filter Algorithm</a> page selects the sample with minimum delay, which generally represents the most accurate offset statistic. The selected offset sample determines the <em>peer offset</em> and <em>peer delay </em>statistics. The <em>peer dispersion</em> is a weighted average of the dispersion samples in the window. These quantities are recalculated as each update is received from the source. Between updates, both the sample dispersion and peer dispersion continue to grow at the same rate, 15 &mu;s/s. Finally, the <em>peer jitter</em> &phi; is determined as the RMS differences between the offset samples in the window relative to the selected offset sample. The peer statistics are recorded by the <tt>peerstats</tt> option of the <a href="monopt.html#filegen"><tt>filegen</tt></a> command. Peer variables are displayed by the <tt>rv</tt> command of the <a href="ntpq.html#peer"><tt>ntpq</tt></a> program.</p>
<p> The clock filter algorithm continues to process updates in this way until the source is no longer reachable. Reachability is determined by an eight-bit shift register, which is shifted left by one bit as each poll packet is sent, with 0 replacing the vacated rightmost bit. Each time a valid update is received, the rightmost bit is set to 1. The source is considered reachable if any bit is set to 1 in the register; otherwise, it is considered unreachable. When a source becomes unreachable, a dummy sample with &quot;infinite&quot; dispersion is inserted in the filter window at each poll, thus displacing old samples. This causes the peer dispersion to increase eventually to infinity.</p>
<p>The composition of the source population and the system peer selection is redetermined as each update from each source is received. The system peer and system variables are determined as described on the <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page. The system variables &Theta;, &Delta;, &Epsilon; and &Phi; are updated from the system peer variables of the same name and the system stratum set one greater than the system peer stratum. The system statistics are recorded by the <tt>loopstats</tt> option of the <a href="monopt.html#filegen"><tt>filegen</tt></a> command. System variables are displayed by the <tt>rv</tt> command of the <a href="ntpq.html#system"><tt>ntpq</tt></a> program.</p>
<p>Although it might seem counterintuitive, a cardinal rule in the selection process is, once a sample has been selected by the clock filter algorithm, older samples are no longer selectable. This applies also to the clock select algorithm. Once the peer variables for a source have been selected, older variables of the same or other sources are no longer selectable. The reason for these rules is to limit the time delay in the clock discipline algorithm. This is necessary to preserve the optimum impulse response and thus the risetime and overshoot.</p>
<p> In a window of eight (offset, delay, dispersion) samples, the algorithm described on the <a href="filter.html">Clock Filter Algorithm</a> page selects the sample with minimum delay, which generally represents the most accurate offset statistic. The selected offset sample determines the <em>peer offset</em> and <em>peer delay </em>statistics. The <em>peer dispersion</em> is a weighted average of the dispersion samples in the window. These quantities are recalculated as each update is received from the source. Between updates, both the sample dispersion and peer dispersion continue to grow at the same rate, 15 &mu;s/s. Finally, the <em>peer jitter</em> &phi; is determined as the RMS differences between the offset samples in the window relative to the selected offset sample. The peer statistics are recorded by the <tt>peerstats</tt> option of the <a href="monopt.html#filegen"><tt>filegen</tt></a> command. Peer variables are displayed by the <tt>rv</tt> command of the <a href="ntpq.html#peer"><tt>ntpq</tt></a> program.</p>
<p> The clock filter algorithm continues to process updates in this way until the source is no longer reachable. Reachability is determined by an eight-bit shift register, which is shifted left by one bit as each poll packet is sent, with 0 replacing the vacated rightmost bit. Each time a valid update is received, the rightmost bit is set to 1. The source is considered reachable if any bit is set to 1 in the register; otherwise, it is considered unreachable. When a source becomes unreachable, a dummy sample with &quot;infinite&quot; dispersion is inserted in the filter window at each poll, thus displacing old samples. This causes the peer dispersion to increase eventually to infinity.</p>
<p>The composition of the source population and the system peer selection is redetermined as each update from each source is received. The system peer and system variables are determined as described on the <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page. The system variables &Theta;, &Delta;, &Epsilon; and &Phi; are updated from the system peer variables of the same name and the system stratum set one greater than the system peer stratum. The system statistics are recorded by the <tt>loopstats</tt> option of the <a href="monopt.html#filegen"><tt>filegen</tt></a> command. System variables are displayed by the <tt>rv</tt> command of the <a href="ntpq.html#system"><tt>ntpq</tt></a> program.</p>
<p>Although it might seem counterintuitive, a cardinal rule in the selection process is, once a sample has been selected by the clock filter algorithm, older samples are no longer selectable. This applies also to the clock select algorithm. Once the peer variables for a source have been selected, older variables of the same or other sources are no longer selectable. The reason for these rules is to limit the time delay in the clock discipline algorithm. This is necessary to preserve the optimum impulse response and thus the risetime and overshoot.</p>
<p>This means that not every sample can be used to update the peer variables, and up to seven samples can be ignored between selected samples. This fact has been carefully considered in the discipline algorithm design with due consideration for feedback loop delay and minimum sampling rate. In engineering terms, even if only one sample in eight survives, the resulting sample rate is twice the Nyquist rate at any time constant and poll interval.</p>
<h4 id="quality">3. Quality of Service</h4>
<p>This section discusses how an NTP client determines the system performance using a peer population including reference clocks and remote servers. This is determined for each peer from two statistics, <em>peer jitter</em> and <em>root distance.</em> Peer jitter is determined from various jitter components as described above. It represents the expected error in determining the clock offset estimate. Root distance represents the maximum error of the estimate due to all causes.</p>
<p>The root distance statistic is computed as one-half the <em> root delay</em> of the primary source of time; i.e., the reference clock, plus the <em> root dispersion</em> of that source. The root variables are included in the NTP packet header received from each source. At each update the root delay is recomputed as the sum of the root delay in the packet plus the peer delay, while the root dispersion is recomputed as the sum of the root dispersion in the packet plus the peer dispersion.</p>
<p>This section discusses how an NTP client determines the system performance using a peer population including reference clocks and remote servers. This is determined for each peer from two statistics, <em>peer jitter</em> and <em>root distance.</em> Peer jitter is determined from various jitter components as described above. It represents the expected error in determining the clock offset estimate. Root distance represents the maximum error of the estimate due to all causes.</p>
<p>The root distance statistic is computed as one-half the <em> root delay</em> of the primary source of time; i.e., the reference clock, plus the <em> root dispersion</em> of that source. The root variables are included in the NTP packet header received from each source. At each update the root delay is recomputed as the sum of the root delay in the packet plus the peer delay, while the root dispersion is recomputed as the sum of the root dispersion in the packet plus the peer dispersion.</p>
<blockquote>
<p>Note. In order to avoid timing loops, the root distance is adjusted to the maximum of the above computation and a <em>minimum threshold.</em> The minimum threshold defaults to 1 ms, but can be changed according to client preference using the <tt>mindist</tt> option of the <a href="miscopt.html#tos"><tt>tos</tt></a> command.</p>
<p>Note. In order to avoid timing loops, the root distance is adjusted to the maximum of the above computation and a <em>minimum threshold.</em> The minimum threshold defaults to 1 ms, but can be changed according to client preference using the <tt>mindist</tt> option of the <a href="miscopt.html#tos"><tt>tos</tt></a> command.</p>
</blockquote>
<p>A source is considered selectable only if its root distance is less than the <em>select threshold</em>, by default 1.5 s, but can be changed according to client preference using the <tt>maxdist</tt> option of the <a href="miscopt.html#tos"><tt>tos</tt></a> command. When an upstream server loses all sources, its root distance apparent to dependent clients continues to increase. The clients are not aware of this condition and continue to accept synchronization as long as the root distance is less than the select threshold.</p>
<p>The root distance statistic is used by the select, cluster and mitigation algorithms. In this respect, it is sometimes called the <em>synchronization distance</em> often shortened simply to <em>distance</em>. The root distance is also used in the following ways.</p>
<p>A source is considered selectable only if its root distance is less than the <em>select threshold</em>, by default 1.5 s, but can be changed according to client preference using the <tt>maxdist</tt> option of the <a href="miscopt.html#tos"><tt>tos</tt></a> command. When an upstream server loses all sources, its root distance apparent to dependent clients continues to increase. The clients are not aware of this condition and continue to accept synchronization as long as the root distance is less than the select threshold.</p>
<p>The root distance statistic is used by the select, cluster and mitigation algorithms. In this respect, it is sometimes called the <em>synchronization distance</em> often shortened simply to <em>distance</em>. The root distance is also used in the following ways.</p>
<ul>
<li>Root distance defines the maximum error of the clock offset estimate due to all causes as long as the source remains reachable..</li>
<li>Root distance defines the upper and lower limits of the correctness interval. This interval represents the maximum clock offset for each of possibly several sources. The clock select algorithm computes the intersection of the correctness intervals to determine the truechimers from the selectable source population.</li>
<li>Root distance is used by the clock cluster algorithm as a weight factor when pruning outlyers from the truechimer population.</li>
<li>Root distance defines the upper and lower limits of the correctness interval. This interval represents the maximum clock offset for each of possibly several sources. The clock select algorithm computes the intersection of the correctness intervals to determine the truechimers from the selectable source population.</li>
<li>Root distance is used by the clock cluster algorithm as a weight factor when pruning outliers from the truechimer population.</li>
<li>The (normalized) reciprocal of the root distance is used as a weight factor by the combine algorithm when computing the system clock offset and system jitter.</li>
<li>Root distance is used by the mitigation algorithm to select the system peer from among the cluster algorithm survivors.</li>
<li>Root distance is used by the mitigation algorithm to select the system peer from among the cluster algorithm survivors.</li>
</ul>
<p>The root distance thus functions as a metric in the selection and weighting of the various available sources. The strategy is to select the system peer as the source with the minimum root distance and thus the minimum maximum error. The reference implementation uses the Bellman-Ford algorithm described in the literature, where the goal is to minimize the root distance. The algorithm selects the <em>system peer</em>, from which the system root delay and system root dispersion are inherited.</p>
<p>The algorithms described on the <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page deliver several important statistics. The <em>system offset</em> and <em>system jitter</em> are weighted averages computed by the clock combine algorithm. System offset is best interpreted as the maximum-likelihood estimate of the system clock offset, while system jitter, also called estimated error, is best interpreted as the expected error of this estimate. <em>System delay</em> is the root delay inherited from the system peer, while <em>s</em><em>ystem dispersion</em> is the root dispersion plus contributions due to jitter and the absolute value of the system offset.</p>
<p>The maximum system error, or <em>system distance</em>, is computed as one-half the system delay plus the system dispersion. In order to simplify discussion, certain minor contributions to the maximum error statistic are ignored. If the precision time kernel support is available, both the estimated error and maximum error are reported to user programs via the <tt>ntp_adjtime()</tt> kernel system call. See the <a href="kern.html">Kernel Model for Precision Timekeeping</a> page for further information.</p>
<p>The root distance thus functions as a metric in the selection and weighting of the various available sources. The strategy is to select the system peer as the source with the minimum root distance and thus the minimum maximum error. The reference implementation uses the Bellman-Ford algorithm described in the literature, where the goal is to minimize the root distance. The algorithm selects the <em>system peer</em>, from which the system root delay and system root dispersion are inherited.</p>
<p>The algorithms described on the <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page deliver several important statistics. The <em>system offset</em> and <em>system jitter</em> are weighted averages computed by the clock combine algorithm. System offset is best interpreted as the maximum-likelihood estimate of the system clock offset, while system jitter, also called estimated error, is best interpreted as the expected error of this estimate. <em>System delay</em> is the root delay inherited from the system peer, while <em>s</em><em>ystem dispersion</em> is the root dispersion plus contributions due to jitter and the absolute value of the system offset.</p>
<p>The maximum system error, or <em>system distance</em>, is computed as one-half the system delay plus the system dispersion. In order to simplify discussion, certain minor contributions to the maximum error statistic are ignored. If the precision time kernel support is available, both the estimated error and maximum error are reported to user programs via the <tt>ntp_adjtime()</tt> kernel system call. See the <a href="kern.html">Kernel Model for Precision Timekeeping</a> page for further information.</p>
<hr>
<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
</body>

1
include/Makefile.am
View File

@ -62,6 +62,7 @@ noinst_HEADERS = \
ntpsim.h \
parse.h \
parse_conf.h \
rc_cmdlength.h \
recvbuff.h \
refclock_atom.h \
refidsmear.h \

5
include/Makefile.in
View File

@ -116,6 +116,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ntp_locinfo.m4 \
$(top_srcdir)/sntp/m4/ntp_openssl.m4 \
$(top_srcdir)/sntp/m4/ntp_pkg_config.m4 \
$(top_srcdir)/sntp/m4/ntp_problemtests.m4 \
$(top_srcdir)/sntp/m4/ntp_prog_cc.m4 \
$(top_srcdir)/sntp/m4/ntp_rlimit.m4 \
$(top_srcdir)/sntp/m4/ntp_sntp.m4 \
@ -227,6 +228,7 @@ AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
BUILD_THREAD = @BUILD_THREAD@
CALC_TICKADJ_DB = @CALC_TICKADJ_DB@
CALC_TICKADJ_DL = @CALC_TICKADJ_DL@
CALC_TICKADJ_DS = @CALC_TICKADJ_DS@
@ -235,6 +237,7 @@ CALC_TICKADJ_NI = @CALC_TICKADJ_NI@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CFLAGS_LIBEVENT = @CFLAGS_LIBEVENT@
CFLAGS_NTP = @CFLAGS_NTP@
CHUTEST = @CHUTEST@
CONFIG_SHELL = @CONFIG_SHELL@
@ -296,6 +299,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
LIPO = @LIPO@
LN_S = @LN_S@
LSCF = @LSCF@
LTHREAD_LIBS = @LTHREAD_LIBS@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MAKE_ADJTIMED = @MAKE_ADJTIMED@
@ -543,6 +547,7 @@ noinst_HEADERS = \
ntpsim.h \
parse.h \
parse_conf.h \
rc_cmdlength.h \
recvbuff.h \
refclock_atom.h \
refidsmear.h \

4
include/isc/Makefile.in
View File

@ -116,6 +116,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ntp_locinfo.m4 \
$(top_srcdir)/sntp/m4/ntp_openssl.m4 \
$(top_srcdir)/sntp/m4/ntp_pkg_config.m4 \
$(top_srcdir)/sntp/m4/ntp_problemtests.m4 \
$(top_srcdir)/sntp/m4/ntp_prog_cc.m4 \
$(top_srcdir)/sntp/m4/ntp_rlimit.m4 \
$(top_srcdir)/sntp/m4/ntp_sntp.m4 \
@ -185,6 +186,7 @@ AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
BUILD_THREAD = @BUILD_THREAD@
CALC_TICKADJ_DB = @CALC_TICKADJ_DB@
CALC_TICKADJ_DL = @CALC_TICKADJ_DL@
CALC_TICKADJ_DS = @CALC_TICKADJ_DS@
@ -193,6 +195,7 @@ CALC_TICKADJ_NI = @CALC_TICKADJ_NI@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CFLAGS_LIBEVENT = @CFLAGS_LIBEVENT@
CFLAGS_NTP = @CFLAGS_NTP@
CHUTEST = @CHUTEST@
CONFIG_SHELL = @CONFIG_SHELL@
@ -254,6 +257,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
LIPO = @LIPO@
LN_S = @LN_S@
LSCF = @LSCF@
LTHREAD_LIBS = @LTHREAD_LIBS@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MAKE_ADJTIMED = @MAKE_ADJTIMED@

4
include/ntp_assert.h
View File

@ -88,10 +88,6 @@ extern void calysto_assert(unsigned char cnd); /* check whether this holds */
* We initially used NTP_REQUIRE() instead of REQUIRE() etc, but that
* is unneccesarily verbose, as libisc use of REQUIRE() etc shows.
*/
#define NTP_REQUIRE(x) REQUIRE(x)
#define NTP_INSIST(x) INSIST(x)
#define NTP_INVARIANT(x) INVARIANT(x)
#define NTP_ENSURE(x) ENSURE(x)
# ifdef DEBUG
#define DEBUG_REQUIRE(x) REQUIRE(x)

13
include/ntp_calendar.h
View File

@ -157,6 +157,12 @@ ntpcal_daysplit(const vint64 *);
extern vint64
ntpcal_dayjoin(int32_t /* days */, int32_t /* seconds */);
/* Get the number of leap years since epoch for the number of elapsed
* full years
*/
extern int32_t
ntpcal_leapyears_in_years(int32_t /* years */);
/*
* Convert elapsed years in Era into elapsed days in Era.
*/
@ -220,6 +226,9 @@ ntpcal_date_to_rd(const struct calendar * /* jt */);
*
* if 'isleapyear' is not NULL, it will receive an integer that is 0
* for regular years and a non-zero value for leap years.
*
* The input is limited to [-2^30, 2^30-1]. If the days exceed this
* range, errno is set to EDOM and the result is saturated.
*/
extern ntpcal_split
ntpcal_split_eradays(int32_t /* days */, int/*BOOL*/ * /* isleapyear */);
@ -330,6 +339,10 @@ ntpcal_date_to_time(const struct calendar * /* jd */);
extern int32_t
isocal_weeks_in_years(int32_t /* years */);
/*
* The input is limited to [-2^30, 2^30-1]. If the weeks exceed this
* range, errno is set to EDOM and the result is saturated.
*/
extern ntpcal_split
isocal_split_eraweeks(int32_t /* weeks */);

4
include/ntp_config.h
View File

@ -46,8 +46,8 @@
extern int cmdline_server_count;
extern char ** cmdline_servers;
/* set to zero if admin doesn't want memory locked */
extern int do_memlock;
/* set to zero if we're not locking memory */
extern int cur_memlock;
typedef struct int_range_tag {
int first;

2
include/ntp_control.h
View File

@ -104,7 +104,7 @@ struct ntp_control {
#define CTL_PST_SEL_REJECT 0 /* reject */
#define CTL_PST_SEL_SANE 1 /* x falsetick */
#define CTL_PST_SEL_CORRECT 2 /* . excess */
#define CTL_PST_SEL_SELCAND 3 /* - outlyer */
#define CTL_PST_SEL_SELCAND 3 /* - outlier */
#define CTL_PST_SEL_SYNCCAND 4 /* + candidate */
#define CTL_PST_SEL_EXCESS 5 /* # backup */
#define CTL_PST_SEL_SYSPEER 6 /* * sys.peer */

6
include/ntp_lists.h
View File

@ -215,9 +215,9 @@ do { \
\
for (pentry = (listhead); \
pentry != NULL; \
pentry = pentry->nextlink){ \
NTP_INSIST(pentry != pentry->nextlink); \
NTP_INSIST((listhead) != pentry->nextlink); \
pentry = pentry->nextlink) { \
INSIST(pentry != pentry->nextlink); \
INSIST((listhead) != pentry->nextlink); \
} \
} while (FALSE)

1
include/ntp_stdlib.h
View File

@ -31,6 +31,7 @@ extern int mvsnprintf(char *, size_t, const char *, va_list)
extern int msnprintf(char *, size_t, const char *, ...)
NTP_PRINTF(3, 4);
extern void msyslog(int, const char *, ...) NTP_PRINTF(2, 3);
extern void mvsyslog(int, const char *, va_list) NTP_PRINTF(2, 0);
extern void init_logging (const char *, u_int32, int);
extern int change_logfile (const char *, int);
extern void setup_logfile (const char *);

1
include/ntp_syslog.h
View File

@ -9,6 +9,7 @@
#ifdef VMS
extern void msyslog();
extern void mvsyslog();
#else
# ifndef SYS_VXWORKS
# include <syslog.h>

3
include/ntp_types.h
View File

@ -15,7 +15,8 @@
#include <sys/types.h>
#if defined(HAVE_INTTYPES_H)
# include <inttypes.h>
#elif defined(HAVE_STDINT_H)
#endif
#if defined(HAVE_STDINT_H)
# include <stdint.h>
#endif

2
include/rc_cmdlength.h Normal file
View File

@ -0,0 +1,2 @@
extern size_t remoteconfig_cmdlength( const char *src_buf, const char *src_end );

4
kernel/Makefile.in
View File

@ -115,6 +115,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ntp_locinfo.m4 \
$(top_srcdir)/sntp/m4/ntp_openssl.m4 \
$(top_srcdir)/sntp/m4/ntp_pkg_config.m4 \
$(top_srcdir)/sntp/m4/ntp_problemtests.m4 \
$(top_srcdir)/sntp/m4/ntp_prog_cc.m4 \
$(top_srcdir)/sntp/m4/ntp_rlimit.m4 \
$(top_srcdir)/sntp/m4/ntp_sntp.m4 \
@ -224,6 +225,7 @@ AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
BUILD_THREAD = @BUILD_THREAD@
CALC_TICKADJ_DB = @CALC_TICKADJ_DB@
CALC_TICKADJ_DL = @CALC_TICKADJ_DL@
CALC_TICKADJ_DS = @CALC_TICKADJ_DS@
@ -232,6 +234,7 @@ CALC_TICKADJ_NI = @CALC_TICKADJ_NI@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CFLAGS_LIBEVENT = @CFLAGS_LIBEVENT@
CFLAGS_NTP = @CFLAGS_NTP@
CHUTEST = @CHUTEST@
CONFIG_SHELL = @CONFIG_SHELL@
@ -293,6 +296,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
LIPO = @LIPO@
LN_S = @LN_S@
LSCF = @LSCF@
LTHREAD_LIBS = @LTHREAD_LIBS@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MAKE_ADJTIMED = @MAKE_ADJTIMED@

4
kernel/sys/Makefile.in
View File

@ -116,6 +116,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ntp_locinfo.m4 \
$(top_srcdir)/sntp/m4/ntp_openssl.m4 \
$(top_srcdir)/sntp/m4/ntp_pkg_config.m4 \
$(top_srcdir)/sntp/m4/ntp_problemtests.m4 \
$(top_srcdir)/sntp/m4/ntp_prog_cc.m4 \
$(top_srcdir)/sntp/m4/ntp_rlimit.m4 \
$(top_srcdir)/sntp/m4/ntp_sntp.m4 \
@ -185,6 +186,7 @@ AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
BUILD_THREAD = @BUILD_THREAD@
CALC_TICKADJ_DB = @CALC_TICKADJ_DB@
CALC_TICKADJ_DL = @CALC_TICKADJ_DL@
CALC_TICKADJ_DS = @CALC_TICKADJ_DS@
@ -193,6 +195,7 @@ CALC_TICKADJ_NI = @CALC_TICKADJ_NI@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CFLAGS_LIBEVENT = @CFLAGS_LIBEVENT@
CFLAGS_NTP = @CFLAGS_NTP@
CHUTEST = @CHUTEST@
CONFIG_SHELL = @CONFIG_SHELL@
@ -254,6 +257,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
LIPO = @LIPO@
LN_S = @LN_S@
LSCF = @LSCF@
LTHREAD_LIBS = @LTHREAD_LIBS@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MAKE_ADJTIMED = @MAKE_ADJTIMED@

4
libntp/Makefile.in
View File

@ -117,6 +117,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ntp_locinfo.m4 \
$(top_srcdir)/sntp/m4/ntp_openssl.m4 \
$(top_srcdir)/sntp/m4/ntp_pkg_config.m4 \
$(top_srcdir)/sntp/m4/ntp_problemtests.m4 \
$(top_srcdir)/sntp/m4/ntp_prog_cc.m4 \
$(top_srcdir)/sntp/m4/ntp_rlimit.m4 \
$(top_srcdir)/sntp/m4/ntp_sntp.m4 \
@ -345,6 +346,7 @@ AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
BUILD_THREAD = @BUILD_THREAD@
CALC_TICKADJ_DB = @CALC_TICKADJ_DB@
CALC_TICKADJ_DL = @CALC_TICKADJ_DL@
CALC_TICKADJ_DS = @CALC_TICKADJ_DS@
@ -353,6 +355,7 @@ CALC_TICKADJ_NI = @CALC_TICKADJ_NI@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CFLAGS_LIBEVENT = @CFLAGS_LIBEVENT@
CFLAGS_NTP = @CFLAGS_NTP@
CHUTEST = @CHUTEST@
CONFIG_SHELL = @CONFIG_SHELL@
@ -414,6 +417,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
LIPO = @LIPO@
LN_S = @LN_S@
LSCF = @LSCF@
LTHREAD_LIBS = @LTHREAD_LIBS@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MAKE_ADJTIMED = @MAKE_ADJTIMED@

2
libntp/atolfp.c
View File

@ -40,7 +40,7 @@ atolfp(
int isneg;
static const char *digits = "0123456789";
NTP_REQUIRE(str != NULL);
REQUIRE(str != NULL);
isneg = 0;
dec_i = dec_f = 0;

13
libntp/audio.c
View File

@ -377,7 +377,9 @@ audio_gain(
#ifdef PCM_STYLE_SOUND
int l, r;
rval = 0;
# ifdef GCC
rval = 0; /* GCC thinks rval is used uninitialized */
# endif
r = l = 100 * gain / 255; /* Normalize to 0-100 */
# ifdef DEBUG
@ -392,10 +394,11 @@ audio_gain(
if (cf_agc[0] != '\0')
rval = ioctl(ctl_fd, agc, &l);
else
if (2 == port)
rval = ioctl(ctl_fd, SOUND_MIXER_WRITE_LINE, &l);
else
rval = ioctl(ctl_fd, SOUND_MIXER_WRITE_MIC, &l);
rval = ioctl(ctl_fd
, (2 == port)
? SOUND_MIXER_WRITE_LINE
: SOUND_MIXER_WRITE_MIC
, &l);
if (-1 == rval) {
printf("audio_gain: agc write: %s\n", strerror(errno));
return rval;

12
libntp/authkeys.c
View File

@ -534,6 +534,12 @@ MD5auth_setkey(
bucket = &key_hash[KEYHASH(keyno)];
for (sk = *bucket; sk != NULL; sk = sk->hlink) {
if (keyno == sk->keyid) {
/* TALOS-CAN-0054: make sure we have a new buffer! */
if (NULL != sk->secret) {
memset(sk->secret, 0, sk->secretsize);
free(sk->secret);
}
sk->secret = emalloc(len);
sk->type = (u_short)keytype;
secretsize = len;
sk->secretsize = (u_short)secretsize;
@ -593,12 +599,14 @@ auth_delkeys(void)
}
/*
* Don't lose info as to which keys are trusted.
* Don't lose info as to which keys are trusted. Make
* sure there are no dangling pointers!
*/
if (KEY_TRUSTED & sk->flags) {
if (sk->secret != NULL) {
memset(sk->secret, '\0', sk->secretsize);
memset(sk->secret, 0, sk->secretsize);
free(sk->secret);
sk->secret = NULL; /* TALOS-CAN-0054 */
}
sk->secretsize = 0;
sk->lifetime = 0;

89
libntp/authreadkeys.c
View File

@ -62,6 +62,40 @@ nexttok(
}
/* TALOS-CAN-0055: possibly DoS attack by setting the key file to the
* log file. This is hard to prevent (it would need to check two files
* to be the same on the inode level, which will not work so easily with
* Windows or VMS) but we can avoid the self-amplification loop: We only
* log the first 5 errors, silently ignore the next 10 errors, and give
* up when when we have found more than 15 errors.
*
* This avoids the endless file iteration we will end up with otherwise,
* and also avoids overflowing the log file.
*
* Nevertheless, once this happens, the keys are gone since this would
* require a save/swap strategy that is not easy to apply due to the
* data on global/static level.
*/
static const size_t nerr_loglimit = 5u;
static const size_t nerr_maxlimit = 15;
static void log_maybe(size_t*, const char*, ...) NTP_PRINTF(2, 3);
static void
log_maybe(
size_t *pnerr,
const char *fmt ,
...)
{
va_list ap;
if (++(*pnerr) <= nerr_loglimit) {
va_start(ap, fmt);
mvsyslog(LOG_ERR, fmt, ap);
va_end(ap);
}
}
/*
* authreadkeys - (re)read keys from a file.
*/
@ -79,7 +113,7 @@ authreadkeys(
u_char keystr[32]; /* Bug 2537 */
size_t len;
size_t j;
size_t nerr;
/*
* Open file. Complain and return if it can't be opened.
*/
@ -99,7 +133,10 @@ authreadkeys(
/*
* Now read lines from the file, looking for key entries
*/
nerr = 0;
while ((line = fgets(buf, sizeof buf, fp)) != NULL) {
if (nerr > nerr_maxlimit)
break;
token = nexttok(&line);
if (token == NULL)
continue;
@ -109,15 +146,16 @@ authreadkeys(
*/
keyno = atoi(token);
if (keyno == 0) {
msyslog(LOG_ERR,
"authreadkeys: cannot change key %s", token);
log_maybe(&nerr,
"authreadkeys: cannot change key %s",
token);
continue;
}
if (keyno > NTP_MAXKEY) {
msyslog(LOG_ERR,
"authreadkeys: key %s > %d reserved for Autokey",
token, NTP_MAXKEY);
log_maybe(&nerr,
"authreadkeys: key %s > %d reserved for Autokey",
token, NTP_MAXKEY);
continue;
}
@ -126,8 +164,9 @@ authreadkeys(
*/
token = nexttok(&line);
if (token == NULL) {
msyslog(LOG_ERR,
"authreadkeys: no key type for key %d", keyno);
log_maybe(&nerr,
"authreadkeys: no key type for key %d",
keyno);
continue;
}
#ifdef OPENSSL
@ -139,13 +178,15 @@ authreadkeys(
*/
keytype = keytype_from_text(token, NULL);
if (keytype == 0) {
msyslog(LOG_ERR,
"authreadkeys: invalid type for key %d", keyno);
log_maybe(&nerr,
"authreadkeys: invalid type for key %d",
keyno);
continue;
}
if (EVP_get_digestbynid(keytype) == NULL) {
msyslog(LOG_ERR,
"authreadkeys: no algorithm for key %d", keyno);
log_maybe(&nerr,
"authreadkeys: no algorithm for key %d",
keyno);
continue;
}
#else /* !OPENSSL follows */
@ -155,8 +196,9 @@ authreadkeys(
* 'm' for compatibility.
*/
if (!(*token == 'M' || *token == 'm')) {
msyslog(LOG_ERR,
"authreadkeys: invalid type for key %d", keyno);
log_maybe(&nerr,
"authreadkeys: invalid type for key %d",
keyno);
continue;
}
keytype = KEY_TYPE_MD5;
@ -170,8 +212,8 @@ authreadkeys(
*/
token = nexttok(&line);
if (token == NULL) {
msyslog(LOG_ERR,
"authreadkeys: no key for key %d", keyno);
log_maybe(&nerr,
"authreadkeys: no key for key %d", keyno);
continue;
}
len = strlen(token);
@ -195,13 +237,24 @@ authreadkeys(
keystr[j / 2] = temp << 4;
}
if (j < jlim) {
msyslog(LOG_ERR,
"authreadkeys: invalid hex digit for key %d", keyno);
log_maybe(&nerr,
"authreadkeys: invalid hex digit for key %d",
keyno);
continue;
}
MD5auth_setkey(keyno, keytype, keystr, jlim / 2);
}
}
fclose(fp);
if (nerr > nerr_maxlimit) {
msyslog(LOG_ERR,
"authreadkeys: emergency break after %u errors",
nerr);
return (0);
} else if (nerr > nerr_loglimit) {
msyslog(LOG_ERR,
"authreadkeys: found %u more error(s)",
nerr - nerr_loglimit);
}
return (1);
}

2
libntp/caljulian.c
View File

@ -28,7 +28,7 @@ caljulian(
ntpcal_split split;
NTP_INSIST(NULL != jt);
INSIST(NULL != jt);
/*
* Unfold ntp time around current time into NTP domain. Split

14
libntp/caltontp.c
View File

@ -40,14 +40,14 @@ caltontp(
int32_t eraday; /* CE Rata Die number */
vint64 ntptime;/* resulting NTP time */
NTP_INSIST(jt != NULL);
REQUIRE(jt != NULL);
NTP_REQUIRE(jt->month <= 13); /* permit month 0..13! */
NTP_REQUIRE(jt->monthday <= 32);
NTP_REQUIRE(jt->yearday <= 366);
NTP_REQUIRE(jt->hour <= 24);
NTP_REQUIRE(jt->minute <= MINSPERHR);
NTP_REQUIRE(jt->second <= SECSPERMIN);
REQUIRE(jt->month <= 13); /* permit month 0..13! */
REQUIRE(jt->monthday <= 32);
REQUIRE(jt->yearday <= 366);
REQUIRE(jt->hour <= 24);
REQUIRE(jt->minute <= MINSPERHR);
REQUIRE(jt->second <= SECSPERMIN);
/*
* First convert the date to he corresponding RataDie

9
libntp/decodenetnum.c
View File

@ -35,8 +35,11 @@ decodenetnum(
char *np;
char name[80];
NTP_REQUIRE(num != NULL);
NTP_REQUIRE(strlen(num) < sizeof(name));
REQUIRE(num != NULL);
if (strlen(num) >= sizeof(name)) {
return 0;
}
port_str = NULL;
if ('[' != num[0]) {
@ -72,7 +75,7 @@ decodenetnum(
err = getaddrinfo(cp, "ntp", &hints, &ai);
if (err != 0)
return 0;
NTP_INSIST(ai->ai_addrlen <= sizeof(*netnum));
INSIST(ai->ai_addrlen <= sizeof(*netnum));
ZERO(*netnum);
memcpy(netnum, ai->ai_addr, ai->ai_addrlen);
freeaddrinfo(ai);

2
libntp/emalloc.c
View File

@ -76,8 +76,6 @@ ereallocz(
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <stdint.h>
/*
* This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
* if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW

28
libntp/icom.c
View File

@ -6,14 +6,16 @@
* frequency. All other parameters must be manually set before use.
*/
#include <config.h>
#include "icom.h"
#include <ntp_stdlib.h>
#include <ntp_tty.h>
#include <l_stdlib.h>
#include <icom.h>
#include <unistd.h>
#include <stdio.h>
#include <fcntl.h>
#include <errno.h>
#include "ntp_tty.h"
#include "l_stdlib.h"
#ifdef SYS_WINNT
#undef write /* ports/winnt/include/config.h: #define write _write */
@ -60,9 +62,14 @@ static void doublefreq (double, u_char *, int);
/*
* icom_freq(fd, ident, freq) - load radio frequency
*
* returns:
* 0 (ok)
* -1 (error)
* 1 (short write to device)
*/
int
icom_freq( /* returns 0 (ok), EIO (error) */
icom_freq(
int fd, /* file descriptor */
int ident, /* ICOM radio identifier */
double freq /* frequency (MHz) */
@ -71,6 +78,7 @@ icom_freq( /* returns 0 (ok), EIO (error) */
u_char cmd[] = {PAD, PR, PR, 0, TX, V_SFREQ, 0, 0, 0, 0, FI,
FI};
int temp;
int rc;
cmd[3] = (char)ident;
if (ident == IC735)
@ -78,9 +86,17 @@ icom_freq( /* returns 0 (ok), EIO (error) */
else
temp = 5;
doublefreq(freq * 1e6, &cmd[6], temp);
temp = write(fd, cmd, temp + 7);
rc = write(fd, cmd, temp + 7);
if (rc == -1) {
msyslog(LOG_ERR, "icom_freq: write() failed: %m");
return -1;
} else if (rc != temp + 7) {
msyslog(LOG_ERR, "icom_freq: only wrote %d of %d bytes.",
rc, temp+7);
return 1;
}
return (0);
return 0;
}

6
libntp/machines.c
View File

@ -40,7 +40,7 @@ struct hostent *gethostbyname(char *name)
{
struct hostent *host1;
h_errno = 0; /* we are always successful!!! */
host1 = (struct hostent *) malloc (sizeof(struct hostent));
host1 = (struct hostent *) emalloc (sizeof(struct hostent));
host1->h_name = name;
host1->h_addrtype = AF_INET;
host1->h_aliases = name;
@ -54,7 +54,7 @@ struct hostent *gethostbyaddr(char *name, int size, int addr_type)
{
struct hostent *host1;
h_errno = 0; /* we are always successful!!! */
host1 = (struct hostent *) malloc (sizeof(struct hostent));
host1 = (struct hostent *) emalloc (sizeof(struct hostent));
host1->h_name = name;
host1->h_addrtype = AF_INET;
host1->h_aliases = name;
@ -66,7 +66,7 @@ struct hostent *gethostbyaddr(char *name, int size, int addr_type)
struct servent *getservbyname (char *name, char *type)
{
struct servent *serv1;
serv1 = (struct servent *) malloc (sizeof(struct servent));
serv1 = (struct servent *) emalloc (sizeof(struct servent));
serv1->s_name = "ntp"; /* official service name */
serv1->s_aliases = NULL; /* alias list */
serv1->s_port = 123; /* port # */

24
libntp/msyslog.c
View File

@ -38,7 +38,7 @@ char * syslog_abs_fname;
#define INIT_NTP_SYSLOGMASK ~(u_int32)0
u_int32 ntp_syslogmask = INIT_NTP_SYSLOGMASK;
extern char * progname;
extern char const * progname;
/* Declare the local functions */
void addto_syslog (int, const char *);
@ -145,8 +145,8 @@ addto_syslog(
const char * msg
)
{
static char * prevcall_progname;
static char * prog;
static char const * prevcall_progname;
static char const * prog;
const char nl[] = "\n";
const char empty[] = "";
FILE * term_file;
@ -357,6 +357,18 @@ msyslog(
addto_syslog(level, buf);
}
void
mvsyslog(
int level,
const char * fmt,
va_list ap
)
{
char buf[1024];
mvsnprintf(buf, sizeof(buf), fmt, ap);
addto_syslog(level, buf);
}
/*
* Initialize the logging
@ -371,7 +383,7 @@ init_logging(
)
{
static int was_daemon;
const char * cp;
char * cp;
const char * pname;
/*
@ -402,7 +414,7 @@ init_logging(
#ifdef SYS_WINNT /* strip ".exe" */
cp = strrchr(progname, '.');
if (NULL != cp && !strcasecmp(cp, ".exe"))
progname[cp - progname] = '\0';
*cp = '\0';
#endif
#if !defined(VMS)
@ -454,7 +466,7 @@ change_logfile(
size_t octets;
#endif /* POSIX */
NTP_REQUIRE(fname != NULL);
REQUIRE(fname != NULL);
log_fname = fname;
/*

768
libntp/ntp_calendar.c
View File

File diff suppressed because it is too large Load Diff

24
libntp/ntp_intres.c
View File

@ -249,12 +249,12 @@ getaddrinfo_sometime(
size_t servsize;
time_t now;
NTP_REQUIRE(NULL != node);
REQUIRE(NULL != node);
if (NULL != hints) {
NTP_REQUIRE(0 == hints->ai_addrlen);
NTP_REQUIRE(NULL == hints->ai_addr);
NTP_REQUIRE(NULL == hints->ai_canonname);
NTP_REQUIRE(NULL == hints->ai_next);
REQUIRE(0 == hints->ai_addrlen);
REQUIRE(NULL == hints->ai_addr);
REQUIRE(NULL == hints->ai_canonname);
REQUIRE(NULL == hints->ai_next);
}
idx = get_dnschild_ctx();
@ -420,7 +420,7 @@ blocking_getaddrinfo(
ai = ai_res;
while (NULL != ai) {
NTP_INSIST(ai->ai_addrlen <= sizeof(sockaddr_u));
INSIST(ai->ai_addrlen <= sizeof(sockaddr_u));
memcpy(cp, ai->ai_addr, ai->ai_addrlen);
cp += sizeof(sockaddr_u);
@ -568,7 +568,7 @@ getaddrinfo_sometime_complete(
ai[i].ai_canonname += (size_t)canon_start;
}
NTP_ENSURE((char *)psau == canon_start);
ENSURE((char *)psau == canon_start);
if (!gai_resp->ai_count)
ai = NULL;
@ -634,8 +634,8 @@ getnameinfo_sometime(
dnschild_ctx * child_ctx;
time_t time_now;
NTP_REQUIRE(hostoctets);
NTP_REQUIRE(hostoctets + servoctets < 1024);
REQUIRE(hostoctets);
REQUIRE(hostoctets + servoctets < 1024);
idx = get_dnschild_ctx();
child_ctx = dnschild_contexts[idx];
@ -699,7 +699,7 @@ blocking_getnameinfo(
* large allocations. We only need room for the host
* and service names.
*/
NTP_REQUIRE(octets < sizeof(host));
REQUIRE(octets < sizeof(host));
service = host + gni_req->hostoctets;
worker_ctx = get_worker_context(c, gni_req->dns_idx);
@ -775,8 +775,8 @@ blocking_getnameinfo(
cp += gni_resp->servoctets;
}
NTP_INSIST((size_t)(cp - (char *)resp) == resp_octets);
NTP_INSIST(resp_octets - sizeof(*resp) == gni_resp->octets);
INSIST((size_t)(cp - (char *)resp) == resp_octets);
INSIST(resp_octets - sizeof(*resp) == gni_resp->octets);
rc = queue_blocking_response(c, resp, resp_octets, req);
if (rc)

2
libntp/ntp_lineedit.c
View File

@ -36,7 +36,7 @@
* external references
*/
extern char * progname;
extern char const * progname;
/*
* globals, private prototypes

2
libntp/ntp_rfc2553.c
View File

@ -221,7 +221,7 @@ copy_addrinfo_common(
}
++ai_cpy;
}
NTP_ENSURE(pcanon == ((char *)dst + octets));
ENSURE(pcanon == ((char *)dst + octets));
return dst;
}

2
libntp/ntp_worker.c
View File

@ -278,7 +278,7 @@ blocking_child_common(
req = receive_blocking_req_internal(c);
if (NULL == req) {
say_bye = TRUE;
break;
continue;
}
DEBUG_REQUIRE(BLOCKING_REQ_MAGIC == req->magic_sig);

2
libntp/prettydate.c
View File

@ -141,7 +141,7 @@ get_struct_tm(
return NULL; /* That's truly pathological! */
/* 'tm' surely not NULL here! */
NTP_INSIST(tm != NULL);
INSIST(tm != NULL);
if (folds != 0) {
tm->tm_year += folds * SOLAR_CYCLE_YEARS;
if (tm->tm_year <= 0 || tm->tm_year >= 200)

2
libntp/recvbuff.c
View File

@ -216,7 +216,7 @@ get_free_recv_buffer_alloc(void)
create_buffers(RECV_INC);
buffer = get_free_recv_buffer();
}
NTP_ENSURE(buffer != NULL);
ENSURE(buffer != NULL);
return (buffer);
}
#endif

4
libntp/socket.c
View File

@ -78,7 +78,7 @@ move_fd(
static SOCKET socket_boundary = -1;
SOCKET newfd;
NTP_REQUIRE((int)fd >= 0);
REQUIRE((int)fd >= 0);
/*
* check whether boundary has be set up
@ -115,7 +115,7 @@ move_fd(
socket_boundary));
} while (socket_boundary > 0);
#else
NTP_REQUIRE((int)fd >= 0);
ENSURE((int)fd >= 0);
#endif /* !defined(SYS_WINNT) && defined(F_DUPFD) */
return fd;
}

2
libntp/socktohost.c
View File

@ -79,7 +79,7 @@ socktohost(
if (a_info)
goto forward_fail;
NTP_INSIST(alist != NULL);
INSIST(alist != NULL);
for (ai = alist; ai != NULL; ai = ai->ai_next) {
/*

2
libntp/statestr.c
View File

@ -60,7 +60,7 @@ static const struct codestring select_codes[] = {
{ CTL_PST_SEL_REJECT, "sel_reject" },
{ CTL_PST_SEL_SANE, "sel_falsetick" },
{ CTL_PST_SEL_CORRECT, "sel_excess" },
{ CTL_PST_SEL_SELCAND, "sel_outlyer" },
{ CTL_PST_SEL_SELCAND, "sel_outlier" },
{ CTL_PST_SEL_SYNCCAND, "sel_candidate" },
{ CTL_PST_SEL_EXCESS, "sel_backup" },
{ CTL_PST_SEL_SYSPEER, "sel_sys.peer" },

4
libparse/Makefile.in
View File

@ -118,6 +118,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ntp_locinfo.m4 \
$(top_srcdir)/sntp/m4/ntp_openssl.m4 \
$(top_srcdir)/sntp/m4/ntp_pkg_config.m4 \
$(top_srcdir)/sntp/m4/ntp_problemtests.m4 \
$(top_srcdir)/sntp/m4/ntp_prog_cc.m4 \
$(top_srcdir)/sntp/m4/ntp_rlimit.m4 \
$(top_srcdir)/sntp/m4/ntp_sntp.m4 \
@ -252,6 +253,7 @@ AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
BUILD_THREAD = @BUILD_THREAD@
CALC_TICKADJ_DB = @CALC_TICKADJ_DB@
CALC_TICKADJ_DL = @CALC_TICKADJ_DL@
CALC_TICKADJ_DS = @CALC_TICKADJ_DS@
@ -260,6 +262,7 @@ CALC_TICKADJ_NI = @CALC_TICKADJ_NI@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CFLAGS_LIBEVENT = @CFLAGS_LIBEVENT@
CFLAGS_NTP = @CFLAGS_NTP@
CHUTEST = @CHUTEST@
CONFIG_SHELL = @CONFIG_SHELL@
@ -321,6 +324,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
LIPO = @LIPO@
LN_S = @LN_S@
LSCF = @LSCF@
LTHREAD_LIBS = @LTHREAD_LIBS@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MAKE_ADJTIMED = @MAKE_ADJTIMED@

3
ntpd/Makefile.am
View File

@ -432,6 +432,9 @@ version.c: $(ntpd_OBJECTS) ../libntp/libntp.a @LIBPARSE@ Makefile $(top_srcdir)/
version.o: version.c
env CCACHE_DISABLE=1 $(COMPILE) -c version.c -o version.o
$(srcdir)/Makefile.am:
@: do-nothing
include $(top_srcdir)/bincheck.mf
include $(top_srcdir)/check-libopts.mf
include $(top_srcdir)/sntp/check-libntp.mf

7
ntpd/Makefile.in
View File

@ -125,6 +125,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ntp_locinfo.m4 \
$(top_srcdir)/sntp/m4/ntp_openssl.m4 \
$(top_srcdir)/sntp/m4/ntp_pkg_config.m4 \
$(top_srcdir)/sntp/m4/ntp_problemtests.m4 \
$(top_srcdir)/sntp/m4/ntp_prog_cc.m4 \
$(top_srcdir)/sntp/m4/ntp_rlimit.m4 \
$(top_srcdir)/sntp/m4/ntp_sntp.m4 \
@ -343,6 +344,7 @@ AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
BUILD_THREAD = @BUILD_THREAD@
CALC_TICKADJ_DB = @CALC_TICKADJ_DB@
CALC_TICKADJ_DL = @CALC_TICKADJ_DL@
CALC_TICKADJ_DS = @CALC_TICKADJ_DS@
@ -351,6 +353,7 @@ CALC_TICKADJ_NI = @CALC_TICKADJ_NI@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CFLAGS_LIBEVENT = @CFLAGS_LIBEVENT@
CFLAGS_NTP = @CFLAGS_NTP@
CHUTEST = @CHUTEST@
CONFIG_SHELL = @CONFIG_SHELL@
@ -412,6 +415,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
LIPO = @LIPO@
LN_S = @LN_S@
LSCF = @LSCF@
LTHREAD_LIBS = @LTHREAD_LIBS@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MAKE_ADJTIMED = @MAKE_ADJTIMED@
@ -1827,6 +1831,9 @@ version.c: $(ntpd_OBJECTS) ../libntp/libntp.a @LIBPARSE@ Makefile $(top_srcdir)/
version.o: version.c
env CCACHE_DISABLE=1 $(COMPILE) -c version.c -o version.o
$(srcdir)/Makefile.am:
@: do-nothing
install-exec-hook:
@test -z "${bin_PROGRAMS}${bin_SCRIPTS}" \
|| for i in ${bin_PROGRAMS} ${bin_SCRIPTS} " "; do \

15
ntpd/invoke-ntp.conf.texi
View File

@ -6,7 +6,7 @@
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi)
#
# It has been AutoGen-ed June 29, 2015 at 04:30:28 PM by AutoGen 5.18.5
# It has been AutoGen-ed October 21, 2015 at 12:38:16 PM by AutoGen 5.18.5
# From the definitions ntp.conf.def
# and the template file agtexi-file.tpl
@end ignore
@ -1837,7 +1837,7 @@ re-associate accordingly.
Some administrators prefer to avoid running
@code{ntpd(1ntpdmdoc)}
continuously and run either
@code{ntpdate(8)}
@code{sntp(1sntpmdoc)}
or
@code{ntpd(1ntpdmdoc)}
@code{-q}
@ -1921,7 +1921,7 @@ peers remaining.
This value defaults to 1, but can be changed
to any number from 1 to 15.
@item @code{minclock} @kbd{minclock}
The clustering algorithm repeatedly casts out outlyer
The clustering algorithm repeatedly casts out outlier
associations until no more than
@code{minclock}
associations remain.
@ -2578,12 +2578,15 @@ pulses will not be suppressed.
@item @code{rlimit} @code{[@code{memlock} @kbd{Nmegabytes} | @code{stacksize} @kbd{N4kPages} @code{filenum} @kbd{Nfiledescriptors}]}
@table @asis
@item @code{memlock} @kbd{Nmegabytes}
Specify the number of megabytes of memory that can be allocated.
Probably only available under Linux, this option is useful
Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
when dropping root (the
@code{-i}
option).
The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory.
The default is 32 megabytes on non-Linux machines, and -1 under Linux.
-1 means "do not lock the process into memory".
0 means "lock whatever memory the process wants into memory".
@item @code{stacksize} @kbd{N4kPages}
Specifies the maximum size of the process stack on systems with the
@code{mlockall()}

2
ntpd/invoke-ntp.keys.texi
View File

@ -6,7 +6,7 @@
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi)
#
# It has been AutoGen-ed June 29, 2015 at 04:30:31 PM by AutoGen 5.18.5
# It has been AutoGen-ed October 21, 2015 at 12:38:19 PM by AutoGen 5.18.5
# From the definitions ntp.keys.def
# and the template file agtexi-file.tpl
@end ignore

4
ntpd/invoke-ntpd.texi
View File

@ -6,7 +6,7 @@
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpd.texi)
#
# It has been AutoGen-ed June 29, 2015 at 04:30:33 PM by AutoGen 5.18.5
# It has been AutoGen-ed October 21, 2015 at 12:38:21 PM by AutoGen 5.18.5
# From the definitions ntpd-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@ -142,7 +142,7 @@ with a status code of 0.
@exampleindent 0
@example
ntpd - NTP daemon program - Ver. 4.2.8p3
ntpd - NTP daemon program - Ver. 4.2.8p4
Usage: ntpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \
[ <server1> ... <serverN> ]
Flg Arg Option-Name Description

19
ntpd/ntp.conf.5man
View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntp.conf 5man "29 Jun 2015" "4.2.8p3" "File Formats"
.TH ntp.conf 5man "21 Oct 2015" "4.2.8p4" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-R0aO7B/ag-30aG6B)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-9oaqYI/ag-OpaiXI)
.\"
.\" It has been AutoGen-ed June 29, 2015 at 04:30:16 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed October 21, 2015 at 12:38:01 PM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def
.\" and the template file agman-cmd.tpl
.SH NAME
@ -2080,7 +2080,7 @@ re-associate accordingly.
Some administrators prefer to avoid running
\fCntpd\f[]\fR(1ntpdmdoc)\f[]
continuously and run either
\fCntpdate\f[]\fR(8)\f[]
\fCsntp\f[]\fR(1sntpmdoc)\f[]
or
\fCntpd\f[]\fR(1ntpdmdoc)\f[]
\f\*[B-Font]\-q\f[]
@ -2170,7 +2170,7 @@ This value defaults to 1, but can be changed
to any number from 1 to 15.
.TP 7
.NOP \f\*[B-Font]minclock\f[] \f\*[I-Font]minclock\f[]
The clustering algorithm repeatedly casts out outlyer
The clustering algorithm repeatedly casts out outlier
associations until no more than
\f\*[B-Font]minclock\f[]
associations remain.
@ -2897,12 +2897,15 @@ pulses will not be suppressed.
.RS
.TP 7
.NOP \f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[]
Specify the number of megabytes of memory that can be allocated.
Probably only available under Linux, this option is useful
Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
when dropping root (the
\f\*[B-Font]\-i\f[]
option).
The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory.
The default is 32 megabytes on non-Linux machines, and \-1 under Linux.
-1 means "do not lock the process into memory".
0 means "lock whatever memory the process wants into memory".
.TP 7
.NOP \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[]
Specifies the maximum size of the process stack on systems with the

17
ntpd/ntp.conf.5mdoc
View File

@ -1,9 +1,9 @@
.Dd June 29 2015
.Dd October 21 2015
.Dt NTP_CONF 5mdoc File Formats
.Os
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
.\" It has been AutoGen-ed June 29, 2015 at 04:30:36 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed October 21, 2015 at 12:38:24 PM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
@ -1903,7 +1903,7 @@ re\-associate accordingly.
Some administrators prefer to avoid running
.Xr ntpd 1ntpdmdoc
continuously and run either
.Xr ntpdate 8
.Xr sntp 1sntpmdoc
or
.Xr ntpd 1ntpdmdoc
.Fl q
@ -1995,7 +1995,7 @@ peers remaining.
This value defaults to 1, but can be changed
to any number from 1 to 15.
.It Cm minclock Ar minclock
The clustering algorithm repeatedly casts out outlyer
The clustering algorithm repeatedly casts out outlier
associations until no more than
.Cm minclock
associations remain.
@ -2725,12 +2725,15 @@ pulses will not be suppressed.
.Xc
.Bl -tag -width indent
.It Cm memlock Ar Nmegabytes
Specify the number of megabytes of memory that can be allocated.
Probably only available under Linux, this option is useful
Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
when dropping root (the
.Fl i
option).
The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory.
The default is 32 megabytes on non\-Linux machines, and \-1 under Linux.
-1 means "do not lock the process into memory".
0 means "lock whatever memory the process wants into memory".
.It Cm stacksize Ar N4kPages
Specifies the maximum size of the process stack on systems with the
.Fn mlockall

13
ntpd/ntp.conf.def
View File

@ -1905,7 +1905,7 @@ re-associate accordingly.
Some administrators prefer to avoid running
.Xr ntpd 1ntpdmdoc
continuously and run either
.Xr ntpdate 8
.Xr sntp 1sntpmdoc
or
.Xr ntpd 1ntpdmdoc
.Fl q
@ -1997,7 +1997,7 @@ peers remaining.
This value defaults to 1, but can be changed
to any number from 1 to 15.
.It Cm minclock Ar minclock
The clustering algorithm repeatedly casts out outlyer
The clustering algorithm repeatedly casts out outlier
associations until no more than
.Cm minclock
associations remain.
@ -2727,12 +2727,15 @@ pulses will not be suppressed.
.Xc
.Bl -tag -width indent
.It Cm memlock Ar Nmegabytes
Specify the number of megabytes of memory that can be allocated.
Probably only available under Linux, this option is useful
Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
when dropping root (the
.Fl i
option).
The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory.
The default is 32 megabytes on non-Linux machines, and -1 under Linux.
-1 means "do not lock the process into memory".
0 means "lock whatever memory the process wants into memory".
.It Cm stacksize Ar N4kPages
Specifies the maximum size of the process stack on systems with the
.Fn mlockall

15
ntpd/ntp.conf.html
View File

@ -33,7 +33,7 @@ Up:&nbsp;<a rel="up" accesskey="u" href="#dir">(dir)</a>
<p>This document describes the configuration file for the NTP Project's
<code>ntpd</code> program.
<p>This document applies to version 4.2.8p3 of <code>ntp.conf</code>.
<p>This document applies to version 4.2.8p4 of <code>ntp.conf</code>.
<div class="shortcontents">
<h2>Short Contents</h2>
@ -1839,7 +1839,7 @@ re-associate accordingly.
<p>Some administrators prefer to avoid running
<code>ntpd(1ntpdmdoc)</code>
continuously and run either
<code>ntpdate(8)</code>
<code>sntp(1sntpmdoc)</code>
or
<code>ntpd(1ntpdmdoc)</code>
<code>-q</code>
@ -1922,7 +1922,7 @@ will be discarded if there are at least
peers remaining.
This value defaults to 1, but can be changed
to any number from 1 to 15.
<br><dt><code>minclock</code> <kbd>minclock</kbd><dd>The clustering algorithm repeatedly casts out outlyer
<br><dt><code>minclock</code> <kbd>minclock</kbd><dd>The clustering algorithm repeatedly casts out outlier
associations until no more than
<code>minclock</code>
associations remain.
@ -2546,12 +2546,15 @@ pulses will not be suppressed.
</dl>
<br><dt><code>rlimit</code> <code>[memlock </code><kbd>Nmegabytes</kbd><code> | stacksize </code><kbd>N4kPages</kbd><code> filenum </code><kbd>Nfiledescriptors</kbd><code>]</code><dd>
<dl>
<dt><code>memlock</code> <kbd>Nmegabytes</kbd><dd>Specify the number of megabytes of memory that can be allocated.
Probably only available under Linux, this option is useful
<dt><code>memlock</code> <kbd>Nmegabytes</kbd><dd>Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
when dropping root (the
<code>-i</code>
option).
The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory.
The default is 32 megabytes on non-Linux machines, and -1 under Linux.
-1 means "do not lock the process into memory".
0 means "lock whatever memory the process wants into memory".
<br><dt><code>stacksize</code> <kbd>N4kPages</kbd><dd>Specifies the maximum size of the process stack on systems with the
<code>mlockall()</code>
function.

19
ntpd/ntp.conf.man.in
View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntp.conf 5 "29 Jun 2015" "4.2.8p3" "File Formats"
.TH ntp.conf 5 "21 Oct 2015" "4.2.8p4" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-R0aO7B/ag-30aG6B)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-9oaqYI/ag-OpaiXI)
.\"
.\" It has been AutoGen-ed June 29, 2015 at 04:30:16 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed October 21, 2015 at 12:38:01 PM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def
.\" and the template file agman-cmd.tpl
.SH NAME
@ -2080,7 +2080,7 @@ re-associate accordingly.
Some administrators prefer to avoid running
\fCntpd\f[]\fR(@NTPD_MS@)\f[]
continuously and run either
\fCntpdate\f[]\fR(8)\f[]
\fCsntp\f[]\fR(@SNTP_MS@)\f[]
or
\fCntpd\f[]\fR(@NTPD_MS@)\f[]
\f\*[B-Font]\-q\f[]
@ -2170,7 +2170,7 @@ This value defaults to 1, but can be changed
to any number from 1 to 15.
.TP 7
.NOP \f\*[B-Font]minclock\f[] \f\*[I-Font]minclock\f[]
The clustering algorithm repeatedly casts out outlyer
The clustering algorithm repeatedly casts out outlier
associations until no more than
\f\*[B-Font]minclock\f[]
associations remain.
@ -2897,12 +2897,15 @@ pulses will not be suppressed.
.RS
.TP 7
.NOP \f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[]
Specify the number of megabytes of memory that can be allocated.
Probably only available under Linux, this option is useful
Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
when dropping root (the
\f\*[B-Font]\-i\f[]
option).
The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory.
The default is 32 megabytes on non-Linux machines, and \-1 under Linux.
-1 means "do not lock the process into memory".
0 means "lock whatever memory the process wants into memory".
.TP 7
.NOP \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[]
Specifies the maximum size of the process stack on systems with the

17
ntpd/ntp.conf.mdoc.in
View File

@ -1,9 +1,9 @@
.Dd June 29 2015
.Dd October 21 2015
.Dt NTP_CONF 5 File Formats
.Os
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
.\" It has been AutoGen-ed June 29, 2015 at 04:30:36 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed October 21, 2015 at 12:38:24 PM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
@ -1903,7 +1903,7 @@ re\-associate accordingly.
Some administrators prefer to avoid running
.Xr ntpd @NTPD_MS@
continuously and run either
.Xr ntpdate 8
.Xr sntp @SNTP_MS@
or
.Xr ntpd @NTPD_MS@
.Fl q
@ -1995,7 +1995,7 @@ peers remaining.
This value defaults to 1, but can be changed
to any number from 1 to 15.
.It Cm minclock Ar minclock
The clustering algorithm repeatedly casts out outlyer
The clustering algorithm repeatedly casts out outlier
associations until no more than
.Cm minclock
associations remain.
@ -2725,12 +2725,15 @@ pulses will not be suppressed.
.Xc
.Bl -tag -width indent
.It Cm memlock Ar Nmegabytes
Specify the number of megabytes of memory that can be allocated.
Probably only available under Linux, this option is useful
Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
when dropping root (the
.Fl i
option).
The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory.
The default is 32 megabytes on non\-Linux machines, and \-1 under Linux.
-1 means "do not lock the process into memory".
0 means "lock whatever memory the process wants into memory".
.It Cm stacksize Ar N4kPages
Specifies the maximum size of the process stack on systems with the
.Fn mlockall

4
ntpd/ntp.keys.5man
View File

@ -1,8 +1,8 @@
.TH ntp.keys 5man "29 Jun 2015" "4.2.8p3" "File Formats"
.TH ntp.keys 5man "21 Oct 2015" "4.2.8p4" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\"
.\" It has been AutoGen-ed June 29, 2015 at 04:30:21 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed October 21, 2015 at 12:38:08 PM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def
.\" and the template file agman-file.tpl
.Sh NAME

4
ntpd/ntp.keys.5mdoc
View File

@ -1,9 +1,9 @@
.Dd June 29 2015
.Dd October 21 2015
.Dt NTP_KEYS 5mdoc File Formats
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
.\" It has been AutoGen-ed June 29, 2015 at 04:30:39 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed October 21, 2015 at 12:38:28 PM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def
.\" and the template file agmdoc-file.tpl
.Sh NAME

2
ntpd/ntp.keys.html
View File

@ -33,7 +33,7 @@ Up:&nbsp;<a rel="up" accesskey="u" href="#dir">(dir)</a>
<p>This document describes the symmetric key file for the NTP Project's
<code>ntpd</code> program.
<p>This document applies to version 4.2.8p3 of <code>ntp.keys</code>.
<p>This document applies to version 4.2.8p4 of <code>ntp.keys</code>.
<div class="shortcontents">
<h2>Short Contents</h2>

4
ntpd/ntp.keys.man.in
View File

@ -1,8 +1,8 @@
.TH ntp.keys 5 "29 Jun 2015" "4.2.8p3" "File Formats"
.TH ntp.keys 5 "21 Oct 2015" "4.2.8p4" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\"
.\" It has been AutoGen-ed June 29, 2015 at 04:30:21 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed October 21, 2015 at 12:38:08 PM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def
.\" and the template file agman-file.tpl
.Sh NAME

4
ntpd/ntp.keys.mdoc.in
View File

@ -1,9 +1,9 @@
.Dd June 29 2015
.Dd October 21 2015
.Dt NTP_KEYS 5 File Formats
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
.\" It has been AutoGen-ed June 29, 2015 at 04:30:39 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed October 21, 2015 at 12:38:28 PM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def
.\" and the template file agmdoc-file.tpl
.Sh NAME

59
ntpd/ntp_config.c
View File

@ -53,13 +53,21 @@
#include "ntp_parser.h"
#include "ntpd-opts.h"
/* Bug 2817 */
#if defined(HAVE_SYS_MMAN_H)
# include <sys/mman.h>
#endif
/* list of servers from command line for config_peers() */
int cmdline_server_count;
char ** cmdline_servers;
/* set to zero if admin doesn't want memory locked */
int do_memlock = 1;
/* Current state of memory locking:
* -1: default
* 0: memory locking disabled
* 1: Memory locking enabled
*/
int cur_memlock = -1;
/*
* "logconfig" building blocks
@ -1152,9 +1160,8 @@ create_address_node(
{
address_node *my_node;
NTP_REQUIRE(NULL != addr);
NTP_REQUIRE(AF_INET == type ||
AF_INET6 == type || AF_UNSPEC == type);
REQUIRE(NULL != addr);
REQUIRE(AF_INET == type || AF_INET6 == type || AF_UNSPEC == type);
my_node = emalloc_zero(sizeof(*my_node));
my_node->address = addr;
my_node->type = (u_short)type;
@ -1170,7 +1177,7 @@ destroy_address_node(
{
if (NULL == my_node)
return;
NTP_REQUIRE(NULL != my_node->address);
REQUIRE(NULL != my_node->address);
free(my_node->address);
free(my_node);
@ -1567,7 +1574,7 @@ create_nic_rule_node(
{
nic_rule_node *my_node;
NTP_REQUIRE(match_class != 0 || if_name != NULL);
REQUIRE(match_class != 0 || if_name != NULL);
my_node = emalloc_zero(sizeof(*my_node));
my_node->match_class = match_class;
@ -1826,7 +1833,9 @@ config_auth(
/* Crypto Command */
#ifdef AUTOKEY
# ifdef __GNUC__
item = -1; /* quiet warning */
# endif
my_val = HEAD_PFIFO(ptree->auth.crypto_cmd_list);
for (; my_val != NULL; my_val = my_val->link) {
switch (my_val->attr) {
@ -1979,7 +1988,9 @@ config_tos(
int item;
double val;
#ifdef __GNUC__
item = -1; /* quiet warning */
#endif
tos = HEAD_PFIFO(ptree->orphan_cmds);
for (; tos != NULL; tos = tos->link) {
val = tos->value.d;
@ -2610,18 +2621,36 @@ config_rlimit(
break;
case T_Memlock:
if (rlimit_av->value.i != 0) {
/* What if we HAVE_OPT(SAVECONFIGQUIT) ? */
if (rlimit_av->value.i == -1) {
# if defined(HAVE_MLOCKALL)
if (cur_memlock != 0) {
if (-1 == munlockall()) {
msyslog(LOG_ERR, "munlockall() failed: %m");
}
}
cur_memlock = 0;
# endif /* HAVE_MLOCKALL */
} else if (rlimit_av->value.i >= 0) {
#if defined(RLIMIT_MEMLOCK)
# if defined(HAVE_MLOCKALL)
if (cur_memlock != 1) {
if (-1 == mlockall(MCL_CURRENT|MCL_FUTURE)) {
msyslog(LOG_ERR, "mlockall() failed: %m");
}
}
# endif /* HAVE_MLOCKALL */
ntp_rlimit(RLIMIT_MEMLOCK,
(rlim_t)(rlimit_av->value.i * 1024 * 1024),
1024 * 1024,
"MB");
cur_memlock = 1;
#else
/* STDERR as well would be fine... */
msyslog(LOG_WARNING, "'rlimit memlock' specified but is not available on this system.");
#endif /* RLIMIT_MEMLOCK */
} else {
do_memlock = 0;
msyslog(LOG_WARNING, "'rlimit memlock' value of %d is unexpected!", rlimit_av->value.i);
}
break;
@ -2662,7 +2691,9 @@ config_tinker(
attr_val * tinker;
int item;
#ifdef __GNUC__
item = -1; /* quiet warning */
#endif
tinker = HEAD_PFIFO(ptree->tinker);
for (; tinker != NULL; tinker = tinker->link) {
switch (tinker->attr) {
@ -2776,12 +2807,14 @@ config_nic_rules(
switch (curr_node->match_class) {
default:
#ifdef __GNUC__
/*
* this assignment quiets a gcc "may be used
* uninitialized" warning and is here for no
* other reason.
*/
match_type = MATCH_ALL;
#endif
INSIST(FALSE);
break;
@ -2834,12 +2867,14 @@ config_nic_rules(
switch (curr_node->action) {
default:
#ifdef __GNUC__
/*
* this assignment quiets a gcc "may be used
* uninitialized" warning and is here for no
* other reason.
*/
action = ACTION_LISTEN;
#endif
INSIST(FALSE);
break;
@ -4880,9 +4915,9 @@ getnetnum(
enum gnn_type a_type /* ignored */
)
{
NTP_REQUIRE(AF_UNSPEC == AF(addr) ||
AF_INET == AF(addr) ||
AF_INET6 == AF(addr));
REQUIRE(AF_UNSPEC == AF(addr) ||
AF_INET == AF(addr) ||
AF_INET6 == AF(addr));
if (!is_ip_address(num, AF(addr), addr))
return 0;

80
ntpd/ntp_control.c
View File

@ -28,11 +28,11 @@
#include "ntp_leapsec.h"
#include "ntp_md5.h" /* provides OpenSSL digest API */
#include "lib_strbuf.h"
#include <rc_cmdlength.h>
#ifdef KERNEL_PLL
# include "ntp_syscall.h"
#endif
extern size_t remoteconfig_cmdlength( const char *src_buf, const char *src_end );
/*
* Structure to hold request procedure information
@ -420,10 +420,10 @@ static const struct ctl_var sys_var[] = {
{ CS_TIMER_XMTS, RO, "timer_xmts" }, /* 87 */
{ CS_FUZZ, RO, "fuzz" }, /* 88 */
{ CS_WANDER_THRESH, RO, "clk_wander_threshold" }, /* 89 */
#ifdef LEAP_SMEAR
{ CS_LEAPSMEARINTV, RO, "leapsmearinterval" }, /* 90 */
{ CS_LEAPSMEAROFFS, RO, "leapsmearoffset" }, /* 91 */
#endif /* LEAP_SMEAR */
#ifdef AUTOKEY
{ CS_FLAGS, RO, "flags" }, /* 1 + CS_MAX_NOAUTOKEY */
{ CS_HOST, RO, "host" }, /* 2 + CS_MAX_NOAUTOKEY */
@ -884,6 +884,28 @@ save_config(
int restrict_mask
)
{
/* block directory traversal by searching for characters that
* indicate directory components in a file path.
*
* Conceptually we should be searching for DIRSEP in filename,
* however Windows actually recognizes both forward and
* backslashes as equivalent directory separators at the API
* level. On POSIX systems we could allow '\\' but such
* filenames are tricky to manipulate from a shell, so just
* reject both types of slashes on all platforms.
*/
/* TALOS-CAN-0062: block directory traversal for VMS, too */
static const char * illegal_in_filename =
#if defined(VMS)
":[]" /* do not allow drive and path components here */
#elif defined(SYS_WINNT)
":\\/" /* path and drive separators */
#else
"\\/" /* separator and critical char for POSIX */
#endif
;
char reply[128];
#ifdef SAVECONFIG
char filespec[128];
@ -938,15 +960,9 @@ save_config(
localtime(&now)))
strlcpy(filename, filespec, sizeof(filename));
/*
* Conceptually we should be searching for DIRSEP in filename,
* however Windows actually recognizes both forward and
* backslashes as equivalent directory separators at the API
* level. On POSIX systems we could allow '\\' but such
* filenames are tricky to manipulate from a shell, so just
* reject both types of slashes on all platforms.
*/
if (strchr(filename, '\\') || strchr(filename, '/')) {
/* block directory/drive traversal */
/* TALOS-CAN-0062: block directory traversal for VMS, too */
if (NULL != strpbrk(filename, illegal_in_filename)) {
snprintf(reply, sizeof(reply),
"saveconfig does not allow directory in filename");
ctl_putdata(reply, strlen(reply), 0);
@ -1401,7 +1417,7 @@ ctl_putstr(
memcpy(buffer, tag, tl);
cp = buffer + tl;
if (len > 0) {
NTP_INSIST(tl + 3 + len <= sizeof(buffer));
INSIST(tl + 3 + len <= sizeof(buffer));
*cp++ = '=';
*cp++ = '"';
memcpy(cp, data, len);
@ -1436,7 +1452,7 @@ ctl_putunqstr(
memcpy(buffer, tag, tl);
cp = buffer + tl;
if (len > 0) {
NTP_INSIST(tl + 1 + len <= sizeof(buffer));
INSIST(tl + 1 + len <= sizeof(buffer));
*cp++ = '=';
memcpy(cp, data, len);
cp += len;
@ -1465,7 +1481,7 @@ ctl_putdblf(
while (*cq != '\0')
*cp++ = *cq++;
*cp++ = '=';
NTP_INSIST((size_t)(cp - buffer) < sizeof(buffer));
INSIST((size_t)(cp - buffer) < sizeof(buffer));
snprintf(cp, sizeof(buffer) - (cp - buffer), use_f ? "%.*f" : "%.*g",
precision, d);
cp += strlen(cp);
@ -1491,7 +1507,7 @@ ctl_putuint(
*cp++ = *cq++;
*cp++ = '=';
NTP_INSIST((cp - buffer) < (int)sizeof(buffer));
INSIST((cp - buffer) < (int)sizeof(buffer));
snprintf(cp, sizeof(buffer) - (cp - buffer), "%lu", uval);
cp += strlen(cp);
ctl_putdata(buffer, (unsigned)( cp - buffer ), 0);
@ -1518,7 +1534,7 @@ ctl_putcal(
pcal->hour,
pcal->minute
);
NTP_INSIST(numch < sizeof(buffer));
INSIST(numch < sizeof(buffer));
ctl_putdata(buffer, numch, 0);
return;
@ -1549,7 +1565,7 @@ ctl_putfs(
tm = gmtime(&fstamp);
if (NULL == tm)
return;
NTP_INSIST((cp - buffer) < (int)sizeof(buffer));
INSIST((cp - buffer) < (int)sizeof(buffer));
snprintf(cp, sizeof(buffer) - (cp - buffer),
"%04d%02d%02d%02d%02d", tm->tm_year + 1900,
tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min);
@ -1578,7 +1594,7 @@ ctl_puthex(
*cp++ = *cq++;
*cp++ = '=';
NTP_INSIST((cp - buffer) < (int)sizeof(buffer));
INSIST((cp - buffer) < (int)sizeof(buffer));
snprintf(cp, sizeof(buffer) - (cp - buffer), "0x%lx", uval);
cp += strlen(cp);
ctl_putdata(buffer,(unsigned)( cp - buffer ), 0);
@ -1604,7 +1620,7 @@ ctl_putint(
*cp++ = *cq++;
*cp++ = '=';
NTP_INSIST((cp - buffer) < (int)sizeof(buffer));
INSIST((cp - buffer) < (int)sizeof(buffer));
snprintf(cp, sizeof(buffer) - (cp - buffer), "%ld", ival);
cp += strlen(cp);
ctl_putdata(buffer, (unsigned)( cp - buffer ), 0);
@ -1630,7 +1646,7 @@ ctl_putts(
*cp++ = *cq++;
*cp++ = '=';
NTP_INSIST((size_t)(cp - buffer) < sizeof(buffer));
INSIST((size_t)(cp - buffer) < sizeof(buffer));
snprintf(cp, sizeof(buffer) - (cp - buffer), "0x%08x.%08x",
(u_int)ts->l_ui, (u_int)ts->l_uf);
cp += strlen(cp);
@ -1662,7 +1678,7 @@ ctl_putadr(
cq = numtoa(addr32);
else
cq = stoa(addr);
NTP_INSIST((cp - buffer) < (int)sizeof(buffer));
INSIST((cp - buffer) < (int)sizeof(buffer));
snprintf(cp, sizeof(buffer) - (cp - buffer), "%s", cq);
cp += strlen(cp);
ctl_putdata(buffer, (unsigned)(cp - buffer), 0);
@ -1733,7 +1749,7 @@ ctl_putarray(
if (i == 0)
i = NTP_SHIFT;
i--;
NTP_INSIST((cp - buffer) < (int)sizeof(buffer));
INSIST((cp - buffer) < (int)sizeof(buffer));
snprintf(cp, sizeof(buffer) - (cp - buffer),
" %.2f", arr[i] * 1e3);
cp += strlen(cp);
@ -2402,6 +2418,9 @@ ctl_putsys(
ntohl(hostval.tstamp));
break;
#endif /* AUTOKEY */
default:
break;
}
}
@ -2925,7 +2944,6 @@ ctl_getitem(
* Look for a first character match on the tag. If we find
* one, see if it is a full match.
*/
v = var_list;
cp = reqpt;
for (v = var_list; !(EOV & v->flags); v++) {
if (!(PADDING & v->flags) && *cp == *(v->text)) {
@ -3107,7 +3125,7 @@ read_peervars(void)
ctl_error(CERR_UNKNOWNVAR);
return;
}
NTP_INSIST(v->code < COUNTOF(wants));
INSIST(v->code < COUNTOF(wants));
wants[v->code] = 1;
gotvar = 1;
}
@ -3150,19 +3168,19 @@ read_sysvars(void)
gotvar = 0;
while (NULL != (v = ctl_getitem(sys_var, &valuep))) {
if (!(EOV & v->flags)) {
NTP_INSIST(v->code < wants_count);
INSIST(v->code < wants_count);
wants[v->code] = 1;
gotvar = 1;
} else {
v = ctl_getitem(ext_sys_var, &valuep);
NTP_INSIST(v != NULL);
INSIST(v != NULL);
if (EOV & v->flags) {
ctl_error(CERR_UNKNOWNVAR);
free(wants);
return;
}
n = v->code + CS_MAXCODE + 1;
NTP_INSIST(n < wants_count);
INSIST(n < wants_count);
wants[n] = 1;
gotvar = 1;
}
@ -4396,7 +4414,7 @@ read_clockstatus(
gotvar = TRUE;
} else {
v = ctl_getitem(kv, &valuep);
NTP_INSIST(NULL != v);
INSIST(NULL != v);
if (EOV & v->flags) {
ctl_error(CERR_UNKNOWNVAR);
free(wants);
@ -4792,7 +4810,7 @@ report_event(
for (i = 1; i <= CS_VARLIST; i++)
ctl_putsys(i);
} else {
NTP_INSIST(peer != NULL);
INSIST(peer != NULL);
rpkt.associd = htons(peer->associd);
rpkt.status = htons(ctlpeerstatus(peer));
@ -4897,7 +4915,7 @@ count_var(
while (!(EOV & (k++)->flags))
c++;
NTP_ENSURE(c <= USHRT_MAX);
ENSURE(c <= USHRT_MAX);
return (u_short)c;
}

134
ntpd/ntp_crypto.c
View File

@ -202,6 +202,7 @@ static void cert_free (struct cert_info *);
static struct pkey_info *crypto_key (char *, char *, sockaddr_u *);
static void bighash (BIGNUM *, BIGNUM *);
static struct cert_info *crypto_cert (char *);
static u_int exten_payload_size(const struct exten *);
#ifdef SYS_WINNT
int
@ -380,7 +381,7 @@ make_keylist(
EVP_SignUpdate(&ctx, (u_char *)vp, 12);
EVP_SignUpdate(&ctx, vp->ptr, sizeof(struct autokey));
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
NTP_INSIST(len <= sign_siglen);
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
peer->flags |= FLAG_ASSOC;
}
@ -419,7 +420,7 @@ crypto_recv(
struct autokey *ap, *bp; /* autokey pointer */
struct exten *ep, *fp; /* extension pointers */
struct cert_info *xinfo; /* certificate info pointer */
int has_mac; /* length of MAC field */
int macbytes; /* length of MAC field, signed by intention */
int authlen; /* offset of MAC field */
associd_t associd; /* association ID */
tstamp_t fstamp = 0; /* filestamp */
@ -446,7 +447,11 @@ crypto_recv(
*/
authlen = LEN_PKT_NOMAC;
hismode = (int)PKT_MODE((&rbufp->recv_pkt)->li_vn_mode);
while ((has_mac = rbufp->recv_length - authlen) > (int)MAX_MAC_LEN) {
while ((macbytes = rbufp->recv_length - authlen) > (int)MAX_MAC_LEN) {
/* We can be reasonably sure that we can read at least
* the opcode and the size field here. More stringent
* checks follow up shortly.
*/
pkt = (u_int32 *)&rbufp->recv_pkt + authlen / 4;
ep = (struct exten *)pkt;
code = ntohl(ep->opcode) & 0xffff0000;
@ -467,6 +472,18 @@ crypto_recv(
code |= CRYPTO_ERROR;
}
/* Check if the declared size fits into the remaining
* buffer.
*/
if (len > macbytes) {
DPRINTF(1, ("crypto_recv: possible attack detected, associd %d\n",
associd));
return XEVNT_LEN;
}
/* Check if the paylod of the extension fits into the
* declared frame.
*/
if (len >= VALUE_LEN) {
fstamp = ntohl(ep->fstamp);
vallen = ntohl(ep->vallen);
@ -508,6 +525,7 @@ crypto_recv(
rval = XEVNT_ERR;
break;
}
free(peer->cmmd); /* will be set again! */
}
fp = emalloc(len);
memcpy(fp, ep, len);
@ -1153,9 +1171,8 @@ crypto_xmit(
* choice.
*/
case CRYPTO_CERT | CRYPTO_RESP:
vallen = ntohl(ep->vallen); /* Must be <64k */
if (vallen == 0 || vallen > MAXHOSTNAME ||
len - VALUE_LEN < vallen) {
vallen = exten_payload_size(ep); /* Must be <64k */
if (vallen == 0 || vallen >= sizeof(certname) ) {
rval = XEVNT_LEN;
break;
}
@ -1591,7 +1608,7 @@ crypto_encrypt(
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(&ctx, vp->ptr, vallen);
if (EVP_SignFinal(&ctx, vp->sig, &vallen, sign_pkey)) {
NTP_INSIST(vallen <= sign_siglen);
INSIST(vallen <= sign_siglen);
vp->siglen = htonl(vallen);
}
return (XEVNT_OK);
@ -1770,7 +1787,7 @@ crypto_send(
if (j * 4 < siglen)
ep->pkt[i + j++] = 0;
memcpy(&ep->pkt[i], vp->sig, siglen);
i += j;
/* i += j; */ /* We don't use i after this */
}
opcode = ntohl(ep->opcode);
ep->opcode = htonl((opcode & 0xffff0000) | len);
@ -1825,7 +1842,7 @@ crypto_update(void)
EVP_SignUpdate(&ctx, (u_char *)&pubkey, 12);
EVP_SignUpdate(&ctx, pubkey.ptr, ntohl(pubkey.vallen));
if (EVP_SignFinal(&ctx, pubkey.sig, &len, sign_pkey)) {
NTP_INSIST(len <= sign_siglen);
INSIST(len <= sign_siglen);
pubkey.siglen = htonl(len);
}
}
@ -1846,7 +1863,7 @@ crypto_update(void)
EVP_SignUpdate(&ctx, cp->cert.ptr,
ntohl(cp->cert.vallen));
if (EVP_SignFinal(&ctx, cp->cert.sig, &len, sign_pkey)) {
NTP_INSIST(len <= sign_siglen);
INSIST(len <= sign_siglen);
cp->cert.siglen = htonl(len);
}
}
@ -1896,7 +1913,7 @@ crypto_update(void)
EVP_SignUpdate(&ctx, (u_char *)&tai_leap, 12);
EVP_SignUpdate(&ctx, tai_leap.ptr, len);
if (EVP_SignFinal(&ctx, tai_leap.sig, &len, sign_pkey)) {
NTP_INSIST(len <= sign_siglen);
INSIST(len <= sign_siglen);
tai_leap.siglen = htonl(len);
}
crypto_flags |= CRYPTO_FLAG_TAI;
@ -1997,9 +2014,9 @@ asn_to_calendar (
* 100. Dontcha love ASN.1? Better than MIL-188.
*/
len = asn1time->length;
NTP_REQUIRE(len < sizeof(v));
REQUIRE(len < sizeof(v));
(void)strncpy(v, (char *)(asn1time->data), len);
NTP_REQUIRE(len >= 13);
REQUIRE(len >= 13);
temp = strtoul(v+len-3, NULL, 10);
pjd->second = temp;
v[len-3] = '\0';
@ -2169,7 +2186,7 @@ crypto_alice(
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(&ctx, vp->ptr, len);
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
NTP_INSIST(len <= sign_siglen);
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
}
return (XEVNT_OK);
@ -2197,8 +2214,7 @@ crypto_bob(
tstamp_t tstamp; /* NTP timestamp */
BIGNUM *bn, *bk, *r;
u_char *ptr;
u_int len; /* extension field length */
u_int vallen = 0; /* value length */
u_int len; /* extension field value length */
/*
* If the IFF parameters are not valid, something awful
@ -2213,11 +2229,10 @@ crypto_bob(
/*
* Extract r from the challenge.
*/
vallen = ntohl(ep->vallen);
len = ntohl(ep->opcode) & 0x0000ffff;
if (vallen == 0 || len < VALUE_LEN || len - VALUE_LEN < vallen)
return XEVNT_LEN;
if ((r = BN_bin2bn((u_char *)ep->pkt, vallen, NULL)) == NULL) {
len = exten_payload_size(ep);
if (len == 0 || len > MAX_VALLEN)
return (XEVNT_LEN);
if ((r = BN_bin2bn((u_char *)ep->pkt, len, NULL)) == NULL) {
msyslog(LOG_ERR, "crypto_bob: %s",
ERR_error_string(ERR_get_error(), NULL));
return (XEVNT_ERR);
@ -2229,7 +2244,7 @@ crypto_bob(
*/
bctx = BN_CTX_new(); bk = BN_new(); bn = BN_new();
sdsa = DSA_SIG_new();
BN_rand(bk, vallen * 8, -1, 1); /* k */
BN_rand(bk, len * 8, -1, 1); /* k */
BN_mod_mul(bn, dsa->priv_key, r, dsa->q, bctx); /* b r mod q */
BN_add(bn, bn, bk);
BN_mod(bn, bn, dsa->q, bctx); /* k + b r mod q */
@ -2248,16 +2263,16 @@ crypto_bob(
* Encode the values in ASN.1 and sign. The filestamp is from
* the local file.
*/
vallen = i2d_DSA_SIG(sdsa, NULL);
if (vallen == 0) {
len = i2d_DSA_SIG(sdsa, NULL);
if (len == 0) {
msyslog(LOG_ERR, "crypto_bob: %s",
ERR_error_string(ERR_get_error(), NULL));
DSA_SIG_free(sdsa);
return (XEVNT_ERR);
}
if (vallen > MAX_VALLEN) {
msyslog(LOG_ERR, "crypto_bob: signature is too big: %d",
vallen);
if (len > MAX_VALLEN) {
msyslog(LOG_ERR, "crypto_bob: signature is too big: %u",
len);
DSA_SIG_free(sdsa);
return (XEVNT_LEN);
}
@ -2265,8 +2280,8 @@ crypto_bob(
tstamp = crypto_time();
vp->tstamp = htonl(tstamp);
vp->fstamp = htonl(iffkey_info->fstamp);
vp->vallen = htonl(vallen);
ptr = emalloc(vallen);
vp->vallen = htonl(len);
ptr = emalloc(len);
vp->ptr = ptr;
i2d_DSA_SIG(sdsa, &ptr);
DSA_SIG_free(sdsa);
@ -2277,10 +2292,10 @@ crypto_bob(
vp->sig = emalloc(sign_siglen);
EVP_SignInit(&ctx, sign_digest);
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(&ctx, vp->ptr, vallen);
if (EVP_SignFinal(&ctx, vp->sig, &vallen, sign_pkey)) {
NTP_INSIST(vallen <= sign_siglen);
vp->siglen = htonl(vallen);
EVP_SignUpdate(&ctx, vp->ptr, len);
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
}
return (XEVNT_OK);
}
@ -2486,7 +2501,7 @@ crypto_alice2(
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(&ctx, vp->ptr, len);
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
NTP_INSIST(len <= sign_siglen);
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
}
return (XEVNT_OK);
@ -2530,7 +2545,9 @@ crypto_bob2(
/*
* Extract r from the challenge.
*/
len = ntohl(ep->vallen);
len = exten_payload_size(ep);
if (len == 0 || len > MAX_VALLEN)
return (XEVNT_LEN);
if ((r = BN_bin2bn((u_char *)ep->pkt, len, NULL)) == NULL) {
msyslog(LOG_ERR, "crypto_bob2: %s",
ERR_error_string(ERR_get_error(), NULL));
@ -2586,7 +2603,7 @@ crypto_bob2(
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(&ctx, vp->ptr, len);
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
NTP_INSIST(len <= sign_siglen);
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
}
return (XEVNT_OK);
@ -2817,7 +2834,7 @@ crypto_alice3(
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(&ctx, vp->ptr, len);
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
NTP_INSIST(len <= sign_siglen);
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
}
return (XEVNT_OK);
@ -2859,7 +2876,9 @@ crypto_bob3(
/*
* Extract r from the challenge.
*/
len = ntohl(ep->vallen);
len = exten_payload_size(ep);
if (len == 0 || len > MAX_VALLEN)
return (XEVNT_LEN);
if ((r = BN_bin2bn((u_char *)ep->pkt, len, NULL)) == NULL) {
msyslog(LOG_ERR, "crypto_bob3: %s",
ERR_error_string(ERR_get_error(), NULL));
@ -2919,7 +2938,7 @@ crypto_bob3(
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(&ctx, vp->ptr, len);
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
NTP_INSIST(len <= sign_siglen);
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
}
return (XEVNT_OK);
@ -3078,8 +3097,11 @@ cert_sign(
if (tstamp == 0)
return (XEVNT_TSP);
len = exten_payload_size(ep);
if (len == 0 || len > MAX_VALLEN)
return (XEVNT_LEN);
cptr = (void *)ep->pkt;
if ((req = d2i_X509(NULL, &cptr, ntohl(ep->vallen))) == NULL) {
if ((req = d2i_X509(NULL, &cptr, len)) == NULL) {
msyslog(LOG_ERR, "cert_sign: %s",
ERR_error_string(ERR_get_error(), NULL));
return (XEVNT_CRT);
@ -3158,7 +3180,7 @@ cert_sign(
EVP_SignUpdate(&ctx, (u_char *)vp, 12);
EVP_SignUpdate(&ctx, vp->ptr, len);
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
NTP_INSIST(len <= sign_siglen);
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
}
}
@ -4028,6 +4050,36 @@ crypto_config(
break;
}
}
/*
* Get the payload size (internal value length) of an extension packet.
* If the inner value size does not match the outer packet size (that
* is, the value would end behind the frame given by the opcode/size
* field) the function will effectively return UINT_MAX. If the frame is
* too short to hold a variable-sized value, the return value is zero.
*/
static u_int
exten_payload_size(
const struct exten * ep)
{
typedef const u_char *BPTR;
size_t extn_size;
size_t data_size;
size_t head_size;
data_size = 0;
if (NULL != ep) {
head_size = (BPTR)(&ep->vallen + 1) - (BPTR)ep;
extn_size = (uint16_t)(ntohl(ep->opcode) & 0x0000ffff);
if (extn_size >= head_size) {
data_size = (uint32_t)ntohl(ep->vallen);
if (data_size > extn_size - head_size)
data_size = ~(size_t)0u;
}
}
return (u_int)data_size;
}
# else /* !AUTOKEY follows */
int ntp_crypto_bs_pubkey;
# endif /* !AUTOKEY */

84
ntpd/ntp_io.c
View File

@ -371,7 +371,7 @@ maintain_activefds(
maxactivefd = i;
break;
}
NTP_INSIST(fd != maxactivefd);
INSIST(fd != maxactivefd);
}
}
}
@ -687,8 +687,8 @@ addr_samesubnet(
const u_int32 * pm;
size_t loops;
NTP_REQUIRE(AF(a) == AF(a_mask));
NTP_REQUIRE(AF(b) == AF(b_mask));
REQUIRE(AF(a) == AF(a_mask));
REQUIRE(AF(b) == AF(b_mask));
/*
* With address and mask families verified to match, comparing
* the masks also validates the address's families match.
@ -735,8 +735,8 @@ is_ip_address(
char tmpbuf[128];
char *pch;
NTP_REQUIRE(host != NULL);
NTP_REQUIRE(addr != NULL);
REQUIRE(host != NULL);
REQUIRE(addr != NULL);
ZERO_SOCK(addr);
@ -1250,15 +1250,15 @@ add_nic_rule(
rule->action = action;
if (MATCH_IFNAME == match_type) {
NTP_REQUIRE(NULL != if_name);
REQUIRE(NULL != if_name);
rule->if_name = estrdup(if_name);
} else if (MATCH_IFADDR == match_type) {
NTP_REQUIRE(NULL != if_name);
REQUIRE(NULL != if_name);
/* set rule->addr */
is_ip = is_ip_address(if_name, AF_UNSPEC, &rule->addr);
NTP_REQUIRE(is_ip);
REQUIRE(is_ip);
} else
NTP_REQUIRE(NULL == if_name);
REQUIRE(NULL == if_name);
LINK_SLIST(nic_rule_list, rule, next);
}
@ -1278,7 +1278,7 @@ action_text(
t = "ERROR"; /* quiet uninit warning */
DPRINTF(1, ("fatal: unknown nic_rule_action %d\n",
action));
NTP_ENSURE(0);
ENSURE(0);
break;
case ACTION_LISTEN:
@ -2022,6 +2022,7 @@ update_interfaces(
if (sys_bclient)
io_setbclient();
#ifdef MCAST
/*
* Check multicast interfaces and try to join multicast groups if
* not joined yet.
@ -2047,6 +2048,7 @@ update_interfaces(
}
}
}
#endif /* MCAST */
return new_interface_found;
}
@ -2397,7 +2399,7 @@ enable_multicast_if(
u_int off6 = 0;
#endif
NTP_REQUIRE(AF(maddr) == AF(&iface->sin));
REQUIRE(AF(maddr) == AF(&iface->sin));
switch (AF(&iface->sin)) {
@ -2457,9 +2459,9 @@ socket_multicast_enable(
)
{
struct ip_mreq mreq;
#ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
# ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
struct ipv6_mreq mreq6;
#endif
# endif
switch (AF(maddr)) {
case AF_INET:
@ -2486,7 +2488,7 @@ socket_multicast_enable(
break;
case AF_INET6:
#ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
# ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
/*
* Enable reception of multicast packets.
* If the address is link-local we can get the
@ -2510,9 +2512,9 @@ socket_multicast_enable(
DPRINTF(4, ("Added IPv6 multicast group on socket %d, addr %s for interface %u (%s)\n",
iface->fd, stoa(&iface->sin),
mreq6.ipv6mr_interface, stoa(maddr)));
#else
# else
return ISC_FALSE;
#endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */
# endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */
}
iface->flags |= INT_MCASTOPEN;
iface->num_mcast++;
@ -2534,9 +2536,9 @@ socket_multicast_disable(
sockaddr_u * maddr
)
{
#ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
# ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
struct ipv6_mreq mreq6;
#endif
# endif
struct ip_mreq mreq;
ZERO(mreq);
@ -2565,7 +2567,7 @@ socket_multicast_disable(
}
break;
case AF_INET6:
#ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
# ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
/*
* Disable reception of multicast packets
* If the address is link-local we can get the
@ -2587,9 +2589,9 @@ socket_multicast_disable(
return ISC_FALSE;
}
break;
#else
# else
return ISC_FALSE;
#endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */
# endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */
}
iface->num_mcast--;
@ -2629,7 +2631,7 @@ io_setbclient(void)
continue;
/* Only IPv4 addresses are valid for broadcast */
NTP_REQUIRE(IS_IPV4(&interf->sin));
REQUIRE(IS_IPV4(&interf->sin));
/* Do we already have the broadcast address open? */
if (interf->flags & INT_BCASTOPEN) {
@ -2735,7 +2737,7 @@ io_multicast_add(
return;
}
#ifndef MULTICAST_NONEWSOCKET
# ifndef MULTICAST_NONEWSOCKET
ep = new_interface(NULL);
/*
@ -2785,7 +2787,7 @@ io_multicast_add(
}
{ /* in place of the { following for in #else clause */
one_ep = ep;
#else /* MULTICAST_NONEWSOCKET follows */
# else /* MULTICAST_NONEWSOCKET follows */
/*
* For the case where we can't use a separate socket (Windows)
* join each applicable endpoint socket to the group address.
@ -2800,7 +2802,7 @@ io_multicast_add(
(INT_LOOPBACK | INT_WILDCARD) & ep->flags)
continue;
one_ep = ep;
#endif /* MULTICAST_NONEWSOCKET */
# endif /* MULTICAST_NONEWSOCKET */
if (socket_multicast_enable(ep, addr))
msyslog(LOG_INFO,
"Joined %s socket to multicast group %s",
@ -3240,7 +3242,7 @@ read_refclock_packet(
l_fp ts
)
{
int i;
u_int read_count;
int buflen;
int saved_errno;
int consumed;
@ -3259,12 +3261,15 @@ read_refclock_packet(
return (buflen);
}
i = (rp->datalen == 0
|| rp->datalen > (int)sizeof(rb->recv_space))
? (int)sizeof(rb->recv_space)
: rp->datalen;
/* TALOS-CAN-0064: avoid signed/unsigned clashes that can lead
* to buffer overrun and memory corruption
*/
if (rp->datalen <= 0 || rp->datalen > sizeof(rb->recv_space))
read_count = sizeof(rb->recv_space);
else
read_count = (u_int)rp->datalen;
do {
buflen = read(fd, (char *)&rb->recv_space, (u_int)i);
buflen = read(fd, (char *)&rb->recv_space, read_count);
} while (buflen < 0 && EINTR == errno);
if (buflen <= 0) {
@ -4079,7 +4084,7 @@ calc_addr_distance(
int a1_greater;
int i;
NTP_REQUIRE(AF(a1) == AF(a2));
REQUIRE(AF(a1) == AF(a2));
ZERO_SOCK(dist);
AF(dist) = AF(a1);
@ -4130,7 +4135,7 @@ cmp_addr_distance(
{
int i;
NTP_REQUIRE(AF(d1) == AF(d2));
REQUIRE(AF(d1) == AF(d2));
if (IS_IPV4(d1)) {
if (SRCADR(d1) < SRCADR(d2))
@ -4622,10 +4627,15 @@ process_routing_msgs(struct asyncio_reader *reader)
cnt = read(reader->fd, buffer, sizeof(buffer));
if (cnt < 0) {
msyslog(LOG_ERR,
"i/o error on routing socket %m - disabling");
remove_asyncio_reader(reader);
delete_asyncio_reader(reader);
if (errno == ENOBUFS) {
msyslog(LOG_ERR,
"routing socket reports: %m");
} else {
msyslog(LOG_ERR,
"routing socket reports: %m - disabling");
remove_asyncio_reader(reader);
delete_asyncio_reader(reader);
}
return;
}

8
ntpd/ntp_loopfilter.c
View File

@ -577,7 +577,7 @@ local_clock(
switch (state) {
/*
* In SYNC state we ignore the first outlyer and switch
* In SYNC state we ignore the first outlier and switch
* to SPIK state.
*/
case EVNT_SYNC:
@ -588,8 +588,8 @@ local_clock(
return (0);
/*
* In FREQ state we ignore outlyers and inlyers. At the
* first outlyer after the stepout threshold, compute
* In FREQ state we ignore outliers and inlyers. At the
* first outlier after the stepout threshold, compute
* the apparent frequency correction and step the phase.
*/
case EVNT_FREQ:
@ -601,7 +601,7 @@ local_clock(
/* fall through to EVNT_SPIK */
/*
* In SPIK state we ignore succeeding outlyers until
* In SPIK state we ignore succeeding outliers until
* either an inlyer is found or the stepout threshold is
* exceeded.
*/

6
ntpd/ntp_monitor.c
View File

@ -133,7 +133,7 @@ remove_from_hash(
hash = MON_HASH(&mon->rmtadr);
UNLINK_SLIST(punlinked, mon_hash[hash], mon, hash_next,
mon_entry);
NTP_ENSURE(punlinked == mon);
ENSURE(punlinked == mon);
}
@ -325,6 +325,8 @@ ntp_monitor(
int leak; /* new headway */
int limit; /* average threshold */
REQUIRE(rbufp != NULL);
if (mon_enabled == MON_OFF)
return ~(RES_LIMITED | RES_KOD) & flags;
@ -466,6 +468,8 @@ ntp_monitor(
}
}
INSIST(mon != NULL);
/*
* Got one, initialize it
*/

2393
ntpd/ntp_parser.c
View File

File diff suppressed because it is too large Load Diff

442
ntpd/ntp_parser.h
View File

@ -1,19 +1,19 @@
/* A Bison parser, made by GNU Bison 2.7.12-4996. */
/* A Bison parser, made by GNU Bison 3.0.2. */
/* Bison interface for Yacc-like parsers in C
Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
@ -26,13 +26,13 @@
special exception, which will cause the skeleton and the resulting
Bison output files to be licensed under the GNU General Public
License without this special exception.
This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */
#ifndef YY_YY_NTP_PARSER_H_INCLUDED
# define YY_YY_NTP_PARSER_H_INCLUDED
/* Enabling traces. */
#ifndef YY_YY__NTPD_NTP_PARSER_H_INCLUDED
# define YY_YY__NTPD_NTP_PARSER_H_INCLUDED
/* Debug traces. */
#ifndef YYDEBUG
# define YYDEBUG 1
#endif
@ -40,204 +40,203 @@
extern int yydebug;
#endif
/* Tokens. */
/* Token type. */
#ifndef YYTOKENTYPE
# define YYTOKENTYPE
/* Put the tokens into the symbol table, so that GDB and other debuggers
know about them. */
enum yytokentype {
T_Abbrev = 258,
T_Age = 259,
T_All = 260,
T_Allan = 261,
T_Allpeers = 262,
T_Auth = 263,
T_Autokey = 264,
T_Automax = 265,
T_Average = 266,
T_Bclient = 267,
T_Beacon = 268,
T_Broadcast = 269,
T_Broadcastclient = 270,
T_Broadcastdelay = 271,
T_Burst = 272,
T_Calibrate = 273,
T_Ceiling = 274,
T_Clockstats = 275,
T_Cohort = 276,
T_ControlKey = 277,
T_Crypto = 278,
T_Cryptostats = 279,
T_Ctl = 280,
T_Day = 281,
T_Default = 282,
T_Digest = 283,
T_Disable = 284,
T_Discard = 285,
T_Dispersion = 286,
T_Double = 287,
T_Driftfile = 288,
T_Drop = 289,
T_Dscp = 290,
T_Ellipsis = 291,
T_Enable = 292,
T_End = 293,
T_False = 294,
T_File = 295,
T_Filegen = 296,
T_Filenum = 297,
T_Flag1 = 298,
T_Flag2 = 299,
T_Flag3 = 300,
T_Flag4 = 301,
T_Flake = 302,
T_Floor = 303,
T_Freq = 304,
T_Fudge = 305,
T_Host = 306,
T_Huffpuff = 307,
T_Iburst = 308,
T_Ident = 309,
T_Ignore = 310,
T_Incalloc = 311,
T_Incmem = 312,
T_Initalloc = 313,
T_Initmem = 314,
T_Includefile = 315,
T_Integer = 316,
T_Interface = 317,
T_Intrange = 318,
T_Io = 319,
T_Ipv4 = 320,
T_Ipv4_flag = 321,
T_Ipv6 = 322,
T_Ipv6_flag = 323,
T_Kernel = 324,
T_Key = 325,
T_Keys = 326,
T_Keysdir = 327,
T_Kod = 328,
T_Mssntp = 329,
T_Leapfile = 330,
T_Leapsmearinterval = 331,
T_Limited = 332,
T_Link = 333,
T_Listen = 334,
T_Logconfig = 335,
T_Logfile = 336,
T_Loopstats = 337,
T_Lowpriotrap = 338,
T_Manycastclient = 339,
T_Manycastserver = 340,
T_Mask = 341,
T_Maxage = 342,
T_Maxclock = 343,
T_Maxdepth = 344,
T_Maxdist = 345,
T_Maxmem = 346,
T_Maxpoll = 347,
T_Mdnstries = 348,
T_Mem = 349,
T_Memlock = 350,
T_Minclock = 351,
T_Mindepth = 352,
T_Mindist = 353,
T_Minimum = 354,
T_Minpoll = 355,
T_Minsane = 356,
T_Mode = 357,
T_Mode7 = 358,
T_Monitor = 359,
T_Month = 360,
T_Mru = 361,
T_Multicastclient = 362,
T_Nic = 363,
T_Nolink = 364,
T_Nomodify = 365,
T_Nomrulist = 366,
T_None = 367,
T_Nonvolatile = 368,
T_Nopeer = 369,
T_Noquery = 370,
T_Noselect = 371,
T_Noserve = 372,
T_Notrap = 373,
T_Notrust = 374,
T_Ntp = 375,
T_Ntpport = 376,
T_NtpSignDsocket = 377,
T_Orphan = 378,
T_Orphanwait = 379,
T_Panic = 380,
T_Peer = 381,
T_Peerstats = 382,
T_Phone = 383,
T_Pid = 384,
T_Pidfile = 385,
T_Pool = 386,
T_Port = 387,
T_Preempt = 388,
T_Prefer = 389,
T_Protostats = 390,
T_Pw = 391,
T_Randfile = 392,
T_Rawstats = 393,
T_Refid = 394,
T_Requestkey = 395,
T_Reset = 396,
T_Restrict = 397,
T_Revoke = 398,
T_Rlimit = 399,
T_Saveconfigdir = 400,
T_Server = 401,
T_Setvar = 402,
T_Source = 403,
T_Stacksize = 404,
T_Statistics = 405,
T_Stats = 406,
T_Statsdir = 407,
T_Step = 408,
T_Stepback = 409,
T_Stepfwd = 410,
T_Stepout = 411,
T_Stratum = 412,
T_String = 413,
T_Sys = 414,
T_Sysstats = 415,
T_Tick = 416,
T_Time1 = 417,
T_Time2 = 418,
T_Timer = 419,
T_Timingstats = 420,
T_Tinker = 421,
T_Tos = 422,
T_Trap = 423,
T_True = 424,
T_Trustedkey = 425,
T_Ttl = 426,
T_Type = 427,
T_U_int = 428,
T_Unconfig = 429,
T_Unpeer = 430,
T_Version = 431,
T_WanderThreshold = 432,
T_Week = 433,
T_Wildcard = 434,
T_Xleave = 435,
T_Year = 436,
T_Flag = 437,
T_EOC = 438,
T_Simulate = 439,
T_Beep_Delay = 440,
T_Sim_Duration = 441,
T_Server_Offset = 442,
T_Duration = 443,
T_Freq_Offset = 444,
T_Wander = 445,
T_Jitter = 446,
T_Prop_Delay = 447,
T_Proc_Delay = 448
};
enum yytokentype
{
T_Abbrev = 258,
T_Age = 259,
T_All = 260,
T_Allan = 261,
T_Allpeers = 262,
T_Auth = 263,
T_Autokey = 264,
T_Automax = 265,
T_Average = 266,
T_Bclient = 267,
T_Beacon = 268,
T_Broadcast = 269,
T_Broadcastclient = 270,
T_Broadcastdelay = 271,
T_Burst = 272,
T_Calibrate = 273,
T_Ceiling = 274,
T_Clockstats = 275,
T_Cohort = 276,
T_ControlKey = 277,
T_Crypto = 278,
T_Cryptostats = 279,
T_Ctl = 280,
T_Day = 281,
T_Default = 282,
T_Digest = 283,
T_Disable = 284,
T_Discard = 285,
T_Dispersion = 286,
T_Double = 287,
T_Driftfile = 288,
T_Drop = 289,
T_Dscp = 290,
T_Ellipsis = 291,
T_Enable = 292,
T_End = 293,
T_False = 294,
T_File = 295,
T_Filegen = 296,
T_Filenum = 297,
T_Flag1 = 298,
T_Flag2 = 299,
T_Flag3 = 300,
T_Flag4 = 301,
T_Flake = 302,
T_Floor = 303,
T_Freq = 304,
T_Fudge = 305,
T_Host = 306,
T_Huffpuff = 307,
T_Iburst = 308,
T_Ident = 309,
T_Ignore = 310,
T_Incalloc = 311,
T_Incmem = 312,
T_Initalloc = 313,
T_Initmem = 314,
T_Includefile = 315,
T_Integer = 316,
T_Interface = 317,
T_Intrange = 318,
T_Io = 319,
T_Ipv4 = 320,
T_Ipv4_flag = 321,
T_Ipv6 = 322,
T_Ipv6_flag = 323,
T_Kernel = 324,
T_Key = 325,
T_Keys = 326,
T_Keysdir = 327,
T_Kod = 328,
T_Mssntp = 329,
T_Leapfile = 330,
T_Leapsmearinterval = 331,
T_Limited = 332,
T_Link = 333,
T_Listen = 334,
T_Logconfig = 335,
T_Logfile = 336,
T_Loopstats = 337,
T_Lowpriotrap = 338,
T_Manycastclient = 339,
T_Manycastserver = 340,
T_Mask = 341,
T_Maxage = 342,
T_Maxclock = 343,
T_Maxdepth = 344,
T_Maxdist = 345,
T_Maxmem = 346,
T_Maxpoll = 347,
T_Mdnstries = 348,
T_Mem = 349,
T_Memlock = 350,
T_Minclock = 351,
T_Mindepth = 352,
T_Mindist = 353,
T_Minimum = 354,
T_Minpoll = 355,
T_Minsane = 356,
T_Mode = 357,
T_Mode7 = 358,
T_Monitor = 359,
T_Month = 360,
T_Mru = 361,
T_Multicastclient = 362,
T_Nic = 363,
T_Nolink = 364,
T_Nomodify = 365,
T_Nomrulist = 366,
T_None = 367,
T_Nonvolatile = 368,
T_Nopeer = 369,
T_Noquery = 370,
T_Noselect = 371,
T_Noserve = 372,
T_Notrap = 373,
T_Notrust = 374,
T_Ntp = 375,
T_Ntpport = 376,
T_NtpSignDsocket = 377,
T_Orphan = 378,
T_Orphanwait = 379,
T_Panic = 380,
T_Peer = 381,
T_Peerstats = 382,
T_Phone = 383,
T_Pid = 384,
T_Pidfile = 385,
T_Pool = 386,
T_Port = 387,
T_Preempt = 388,
T_Prefer = 389,
T_Protostats = 390,
T_Pw = 391,
T_Randfile = 392,
T_Rawstats = 393,
T_Refid = 394,
T_Requestkey = 395,
T_Reset = 396,
T_Restrict = 397,
T_Revoke = 398,
T_Rlimit = 399,
T_Saveconfigdir = 400,
T_Server = 401,
T_Setvar = 402,
T_Source = 403,
T_Stacksize = 404,
T_Statistics = 405,
T_Stats = 406,
T_Statsdir = 407,
T_Step = 408,
T_Stepback = 409,
T_Stepfwd = 410,
T_Stepout = 411,
T_Stratum = 412,
T_String = 413,
T_Sys = 414,
T_Sysstats = 415,
T_Tick = 416,
T_Time1 = 417,
T_Time2 = 418,
T_Timer = 419,
T_Timingstats = 420,
T_Tinker = 421,
T_Tos = 422,
T_Trap = 423,
T_True = 424,
T_Trustedkey = 425,
T_Ttl = 426,
T_Type = 427,
T_U_int = 428,
T_Unconfig = 429,
T_Unpeer = 430,
T_Version = 431,
T_WanderThreshold = 432,
T_Week = 433,
T_Wildcard = 434,
T_Xleave = 435,
T_Year = 436,
T_Flag = 437,
T_EOC = 438,
T_Simulate = 439,
T_Beep_Delay = 440,
T_Sim_Duration = 441,
T_Server_Offset = 442,
T_Duration = 443,
T_Freq_Offset = 444,
T_Wander = 445,
T_Jitter = 446,
T_Prop_Delay = 447,
T_Proc_Delay = 448
};
#endif
/* Tokens. */
#define T_Abbrev 258
@ -432,13 +431,12 @@ extern int yydebug;
#define T_Prop_Delay 447
#define T_Proc_Delay 448
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE
typedef union YYSTYPE YYSTYPE;
union YYSTYPE
{
/* Line 2053 of yacc.c */
#line 51 "../../ntpd/ntp_parser.y"
#line 51 "../../ntpd/ntp_parser.y" /* yacc.c:1909 */
char * String;
double Double;
@ -457,29 +455,15 @@ typedef union YYSTYPE
script_info * Sim_script;
script_info_fifo * Sim_script_fifo;
/* Line 2053 of yacc.c */
#line 463 "ntp_parser.h"
} YYSTYPE;
#line 459 "../../ntpd/ntp_parser.h" /* yacc.c:1909 */
};
# define YYSTYPE_IS_TRIVIAL 1
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
#endif
extern YYSTYPE yylval;
#ifdef YYPARSE_PARAM
#if defined __STDC__ || defined __cplusplus
int yyparse (void *YYPARSE_PARAM);
#else
int yyparse ();
#endif
#else /* ! YYPARSE_PARAM */
#if defined __STDC__ || defined __cplusplus
int yyparse (void);
#else
int yyparse ();
#endif
#endif /* ! YYPARSE_PARAM */
#endif /* !YY_YY_NTP_PARSER_H_INCLUDED */
#endif /* !YY_YY__NTPD_NTP_PARSER_H_INCLUDED */

41
ntpd/ntp_parser.y
View File

@ -1225,37 +1225,48 @@ misc_cmd_int_keyword
misc_cmd_str_keyword
: T_Ident
| T_Leapfile
| T_Pidfile
;
misc_cmd_str_lcl_keyword
: T_Logfile
| T_Pidfile
| T_Saveconfigdir
;
drift_parm
: T_String
{
attr_val *av;
av = create_attr_sval(T_Driftfile, $1);
APPEND_G_FIFO(cfgt.vars, av);
if (lex_from_file()) {
attr_val *av;
av = create_attr_sval(T_Driftfile, $1);
APPEND_G_FIFO(cfgt.vars, av);
} else {
YYFREE($1);
yyerror("driftfile remote configuration ignored");
}
}
| T_String T_Double
{
attr_val *av;
av = create_attr_sval(T_Driftfile, $1);
APPEND_G_FIFO(cfgt.vars, av);
av = create_attr_dval(T_WanderThreshold, $2);
APPEND_G_FIFO(cfgt.vars, av);
if (lex_from_file()) {
attr_val *av;
av = create_attr_sval(T_Driftfile, $1);
APPEND_G_FIFO(cfgt.vars, av);
av = create_attr_dval(T_WanderThreshold, $2);
APPEND_G_FIFO(cfgt.vars, av);
} else {
YYFREE($1);
yyerror("driftfile remote configuration ignored");
}
}
| /* Null driftfile, indicated by empty string "" */
{
attr_val *av;
av = create_attr_sval(T_Driftfile, "");
APPEND_G_FIFO(cfgt.vars, av);
if (lex_from_file()) {
attr_val *av;
av = create_attr_sval(T_Driftfile, estrdup(""));
APPEND_G_FIFO(cfgt.vars, av);
} else {
yyerror("driftfile remote configuration ignored");
}
}
;

13
ntpd/ntp_peer.c
View File

@ -718,9 +718,13 @@ refresh_all_peerinterfaces(void)
/*
* this is called when the interface list has changed
* give all peers a chance to find a better interface
* but only if either they don't have an address already
* or if the one they have hasn't worked for a while.
*/
for (p = peer_list; p != NULL; p = p->p_link)
peer_refresh_interface(p);
for (p = peer_list; p != NULL; p = p->p_link) {
if (!(p->dstadr && (p->reach & 0x3))) // Bug 2849 XOR 2043
peer_refresh_interface(p);
}
}
@ -746,6 +750,8 @@ newpeer(
struct peer * peer;
u_int hash;
DEBUG_REQUIRE(srcadr);
#ifdef AUTOKEY
/*
* If Autokey is requested but not configured, complain loudly.
@ -764,7 +770,7 @@ newpeer(
/*
* For now only pool associations have a hostname.
*/
NTP_INSIST(NULL == hostname || (MDF_POOL & cast_flags));
INSIST(NULL == hostname || (MDF_POOL & cast_flags));
/*
* First search from the beginning for an association with given
@ -817,6 +823,7 @@ newpeer(
if (peer_free_count == 0)
getmorepeermem();
UNLINK_HEAD_SLIST(peer, peer_free, p_link);
INSIST(peer != NULL);
peer_free_count--;
peer_associations++;
if (FLAG_PREEMPT & flags)

297
ntpd/ntp_proto.c
View File

@ -28,14 +28,27 @@
* This macro defines the authentication state. If x is 1 authentication
* is required; othewise it is optional.
*/
#define AUTH(x, y) ((x) ? (y) == AUTH_OK : (y) == AUTH_OK || \
(y) == AUTH_NONE)
#define AUTH(x, y) ((x) ? (y) == AUTH_OK \
: (y) == AUTH_OK || (y) == AUTH_NONE)
#define AUTH_NONE 0 /* authentication not required */
#define AUTH_OK 1 /* authentication OK */
#define AUTH_ERROR 2 /* authentication error */
#define AUTH_CRYPTO 3 /* crypto_NAK */
/*
* Set up Kiss Code values
*/
enum kiss_codes {
NOKISS, /* No Kiss Code */
RATEKISS, /* Rate limit Kiss Code */
DENYKISS, /* Deny Kiss */
RSTRKISS, /* Restricted Kiss */
XKISS, /* Experimental Kiss */
UNKNOWNKISS /* Unknown Kiss Code */
};
/*
* traffic shaping parameters
*/
@ -139,6 +152,7 @@ u_long sys_declined; /* declined */
u_long sys_limitrejected; /* rate exceeded */
u_long sys_kodsent; /* KoD sent */
static int kiss_code_check(u_char hisleap, u_char hisstratum, u_char hismode, u_int32 refid);
static double root_distance (struct peer *);
static void clock_combine (peer_select *, int, int);
static void peer_xmit (struct peer *);
@ -185,7 +199,34 @@ set_sys_leap(u_char new_sys_leap) {
}
}
/*
* Kiss Code check
*/
int kiss_code_check(u_char hisleap, u_char hisstratum, u_char hismode, u_int32 refid) {
if ( hismode == MODE_SERVER
&& hisleap == LEAP_NOTINSYNC
&& hisstratum == STRATUM_UNSPEC) {
if(memcmp(&refid,"RATE", 4) == 0) {
return (RATEKISS);
}
else if(memcmp(&refid,"DENY", 4) == 0) {
return (DENYKISS);
}
else if(memcmp(&refid,"RSTR", 4) == 0) {
return (RSTRKISS);
}
else if(memcmp(&refid,"X", 1) == 0) {
return (XKISS);
}
else {
return (UNKNOWNKISS);
}
}
else {
return (NOKISS);
}
}
/*
* transmit - transmit procedure called by poll timeout
*/
@ -235,8 +276,8 @@ transmit(
peer->unreach = 0;
peer->ttl = 0;
peer_xmit(peer);
} else if (sys_survivors < sys_minclock ||
peer_associations < sys_maxclock) {
} else if ( sys_survivors < sys_minclock
|| peer_associations < sys_maxclock) {
if (peer->ttl < (u_int32)sys_ttlmax)
peer->ttl++;
peer_xmit(peer);
@ -260,9 +301,9 @@ transmit(
*/
if (peer->cast_flags & MDF_POOL) {
peer->outdate = current_time;
if ((peer_associations <= 2 * sys_maxclock) &&
(peer_associations < sys_maxclock ||
sys_survivors < sys_minclock))
if ( (peer_associations <= 2 * sys_maxclock)
&& ( peer_associations < sys_maxclock
|| sys_survivors < sys_minclock))
pool_xmit(peer);
poll_update(peer, hpoll);
return;
@ -297,8 +338,8 @@ transmit(
peer_unfit(peer);
report_event(PEVNT_UNREACH, peer, NULL);
}
if ((peer->flags & FLAG_IBURST) &&
peer->retry == 0)
if ( (peer->flags & FLAG_IBURST)
&& peer->retry == 0)
peer->retry = NTP_RETRY;
} else {
@ -312,8 +353,9 @@ transmit(
hpoll = sys_poll;
if (!(peer->flags & FLAG_PREEMPT))
peer->unreach = 0;
if ((peer->flags & FLAG_BURST) && peer->retry ==
0 && !peer_unfit(peer))
if ( (peer->flags & FLAG_BURST)
&& peer->retry == 0
&& !peer_unfit(peer))
peer->retry = NTP_RETRY;
}
@ -334,9 +376,9 @@ transmit(
unpeer(peer);
return;
}
if ((peer->flags & FLAG_PREEMPT) &&
(peer_associations > sys_maxclock) &&
score_all(peer)) {
if ( (peer->flags & FLAG_PREEMPT)
&& (peer_associations > sys_maxclock)
&& score_all(peer)) {
report_event(PEVNT_RESTART, peer, "timeout");
peer_clear(peer, "TIME");
unpeer(peer);
@ -392,6 +434,7 @@ receive(
u_char hismode; /* packet mode */
u_char hisstratum; /* packet stratum */
u_short restrict_mask; /* restrict bits */
int kissCode = NOKISS; /* Kiss Code */
int has_mac; /* length of MAC field */
int authlen; /* offset of MAC field */
int is_authentic = 0; /* cryptosum ok */
@ -483,8 +526,8 @@ receive(
*/
if (hisversion == NTP_VERSION) {
sys_newversion++; /* new version */
} else if (!(restrict_mask & RES_VERSION) && hisversion >=
NTP_OLDVERSION) {
} else if ( !(restrict_mask & RES_VERSION)
&& hisversion >= NTP_OLDVERSION) {
sys_oldversion++; /* previous version */
} else {
sys_badlength++;
@ -538,8 +581,9 @@ receive(
} else {
opcode = ntohl(((u_int32 *)pkt)[authlen / 4]);
len = opcode & 0xffff;
if (len % 4 != 0 || len < 4 || (int)len +
authlen > rbufp->recv_length) {
if ( len % 4 != 0
|| len < 4
|| (int)len + authlen > rbufp->recv_length) {
sys_badlength++;
return; /* bad length */
}
@ -549,13 +593,13 @@ receive(
* sys_groupname is non-NULL, there must be
* a group name provided to elicit a response.
*/
if ((opcode & 0x3fff0000) == CRYPTO_ASSOC &&
sys_groupname != NULL) {
if ( (opcode & 0x3fff0000) == CRYPTO_ASSOC
&& sys_groupname != NULL) {
ep = (struct exten *)&((u_int32 *)pkt)[authlen / 4];
hostlen = ntohl(ep->vallen);
if (hostlen >= sizeof(hostname) ||
hostlen > len -
offsetof(struct exten, pkt)) {
if ( hostlen >= sizeof(hostname)
|| hostlen > len -
offsetof(struct exten, pkt)) {
sys_badlength++;
return; /* bad length */
}
@ -599,8 +643,9 @@ receive(
restrict_mask = ntp_monitor(rbufp, restrict_mask);
if (restrict_mask & RES_LIMITED) {
sys_limitrejected++;
if (!(restrict_mask & RES_KOD) || MODE_BROADCAST ==
hismode || MODE_SERVER == hismode) {
if ( !(restrict_mask & RES_KOD)
|| MODE_BROADCAST == hismode
|| MODE_SERVER == hismode) {
if (MODE_SERVER == hismode)
DPRINTF(1, ("Possibly self-induced rate limiting of MODE_SERVER from %s\n",
stoa(&rbufp->recv_srcadr)));
@ -698,10 +743,11 @@ receive(
* This is described in Microsoft's WSPP docs, in MS-SNTP:
* http://msdn.microsoft.com/en-us/library/cc212930.aspx
*/
} else if (has_mac == MAX_MD5_LEN && (restrict_mask & RES_MSSNTP) &&
(retcode == AM_FXMIT || retcode == AM_NEWPASS) &&
(memcmp(zero_key, (char *)pkt + authlen + 4, MAX_MD5_LEN - 4) ==
0)) {
} else if ( has_mac == MAX_MD5_LEN
&& (restrict_mask & RES_MSSNTP)
&& (retcode == AM_FXMIT || retcode == AM_NEWPASS)
&& (memcmp(zero_key, (char *)pkt + authlen + 4,
MAX_MD5_LEN - 4) == 0)) {
is_authentic = AUTH_NONE;
#endif /* HAVE_NTP_SIGND */
@ -754,8 +800,9 @@ receive(
* mobilized. However, if this is from
* the wildcard interface, game over.
*/
if (crypto_flags && rbufp->dstadr ==
ANY_INTERFACE_CHOOSE(&rbufp->recv_srcadr)) {
if ( crypto_flags
&& rbufp->dstadr ==
ANY_INTERFACE_CHOOSE(&rbufp->recv_srcadr)) {
sys_restricted++;
return; /* no wildcard */
}
@ -882,10 +929,10 @@ receive(
* stratum is greater than the manycaster or the
* manycaster has already synchronized to us.
*/
if (sys_leap == LEAP_NOTINSYNC || sys_stratum >=
hisstratum || (!sys_cohort && sys_stratum ==
hisstratum + 1) || rbufp->dstadr->addr_refid ==
pkt->refid) {
if ( sys_leap == LEAP_NOTINSYNC
|| sys_stratum >= hisstratum
|| (!sys_cohort && sys_stratum == hisstratum + 1)
|| rbufp->dstadr->addr_refid == pkt->refid) {
sys_declined++;
return; /* no help */
}
@ -933,9 +980,10 @@ receive(
sys_restricted++;
return; /* not enabled */
}
if (!AUTH((!(peer2->cast_flags & MDF_POOL) &&
sys_authenticate) | (restrict_mask & (RES_NOPEER |
RES_DONTTRUST)), is_authentic)) {
if (!AUTH( (!(peer2->cast_flags & MDF_POOL)
&& sys_authenticate)
|| (restrict_mask & (RES_NOPEER |
RES_DONTTRUST)), is_authentic)) {
sys_restricted++;
return; /* access denied */
}
@ -944,8 +992,9 @@ receive(
* Do not respond if unsynchronized or stratum is below
* the floor or at or above the ceiling.
*/
if (hisleap == LEAP_NOTINSYNC || hisstratum <
sys_floor || hisstratum >= sys_ceiling) {
if ( hisleap == LEAP_NOTINSYNC
|| hisstratum < sys_floor
|| hisstratum >= sys_ceiling) {
sys_declined++;
return; /* no help */
}
@ -1007,8 +1056,9 @@ receive(
* Do not respond if unsynchronized or stratum is below
* the floor or at or above the ceiling.
*/
if (hisleap == LEAP_NOTINSYNC || hisstratum <
sys_floor || hisstratum >= sys_ceiling) {
if ( hisleap == LEAP_NOTINSYNC
|| hisstratum < sys_floor
|| hisstratum >= sys_ceiling) {
sys_declined++;
return; /* no help */
}
@ -1018,8 +1068,8 @@ receive(
* Do not respond if Autokey and the opcode is not a
* CRYPTO_ASSOC response with association ID.
*/
if (crypto_flags && skeyid > NTP_MAXKEY && (opcode &
0xffff0000) != (CRYPTO_ASSOC | CRYPTO_RESP)) {
if ( crypto_flags && skeyid > NTP_MAXKEY
&& (opcode & 0xffff0000) != (CRYPTO_ASSOC | CRYPTO_RESP)) {
sys_declined++;
return; /* protocol error */
}
@ -1133,6 +1183,24 @@ receive(
sys_restricted++;
return;
}
/* [Bug 2941]
* If we got here, the packet isn't part of an
* existing association, it isn't correctly
* authenticated, and it didn't meet either of
* the previous two special cases so we should
* just drop it on the floor. For example,
* crypto-NAKs (is_authentic == AUTH_CRYPTO)
* will make it this far. This is just
* debug-printed and not logged to avoid log
* flooding.
*/
DPRINTF(1, ("receive: at %ld refusing to mobilize passive association"
" with unknown peer %s mode %d keyid %08x len %d auth %d\n",
current_time, stoa(&rbufp->recv_srcadr),
hismode, skeyid, (authlen + has_mac),
is_authentic));
sys_declined++;
return;
}
/*
@ -1145,8 +1213,8 @@ receive(
* we will spin an ephemeral association in response to
* MODE_ACTIVE KoDs, which will time out eventually.
*/
if (hisleap != LEAP_NOTINSYNC && (hisstratum <
sys_floor || hisstratum >= sys_ceiling)) {
if ( hisleap != LEAP_NOTINSYNC
&& (hisstratum < sys_floor || hisstratum >= sys_ceiling)) {
sys_declined++;
return; /* no help */
}
@ -1205,9 +1273,9 @@ receive(
* have a public key ID; if not, the packet must have a
* symmetric key ID.
*/
if (is_authentic != AUTH_CRYPTO && (((peer->flags &
FLAG_SKEY) && skeyid <= NTP_MAXKEY) || (!(peer->flags &
FLAG_SKEY) && skeyid > NTP_MAXKEY))) {
if ( is_authentic != AUTH_CRYPTO
&& ( ((peer->flags & FLAG_SKEY) && skeyid <= NTP_MAXKEY)
|| (!(peer->flags & FLAG_SKEY) && skeyid > NTP_MAXKEY))) {
sys_badauth++;
return;
}
@ -1256,16 +1324,23 @@ receive(
* Check for bogus packet in basic mode. If found, switch to
* interleaved mode and resynchronize, but only after confirming
* the packet is not bogus in symmetric interleaved mode.
*
* This could also mean somebody is forging packets claiming to
* be from us, attempting to cause our server to KoD us.
*/
} else if (peer->flip == 0) {
if (!L_ISEQU(&p_org, &peer->aorg)) {
peer->bogusorg++;
peer->flash |= TEST2; /* bogus */
if (!L_ISZERO(&peer->dst) && L_ISEQU(&p_org,
&peer->dst)) {
msyslog(LOG_INFO,
"receive: Unexpected origin timestamp from %s",
ntoa(&peer->srcadr));
if ( !L_ISZERO(&peer->dst)
&& L_ISEQU(&p_org, &peer->dst)) {
peer->flip = 1;
report_event(PEVNT_XLEAVE, peer, NULL);
}
return; /* Bogus packet, we are done */
} else {
L_CLR(&peer->aorg);
}
@ -1282,11 +1357,12 @@ receive(
* can happen if a packet is lost, duplicated or crossed. If
* found, flip and resynchronize.
*/
} else if (!L_ISZERO(&peer->dst) && !L_ISEQU(&p_org,
&peer->dst)) {
} else if ( !L_ISZERO(&peer->dst)
&& !L_ISEQU(&p_org, &peer->dst)) {
peer->bogusorg++;
peer->flags |= FLAG_XBOGUS;
peer->flash |= TEST2; /* bogus */
return; /* Bogus packet, we are done */
}
/*
@ -1321,8 +1397,8 @@ receive(
report_event(PEVNT_AUTH, peer, "digest");
peer->flash |= TEST5; /* bad auth */
peer->badauth++;
if (has_mac &&
(hismode == MODE_ACTIVE || hismode == MODE_PASSIVE))
if ( has_mac
&& (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE))
fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask);
if (peer->flags & FLAG_PREEMPT) {
unpeer(peer);
@ -1351,11 +1427,22 @@ receive(
* this maximum and advance the headway to give the sender some
* headroom. Very intricate.
*/
/*
* Check for any kiss codes. Note this is only used when a server
* responds to a packet request
*/
kissCode = kiss_code_check(hisleap, hisstratum, hismode, pkt->refid);
/*
* Check to see if this is a RATE Kiss Code
* Currently this kiss code will accept whatever poll
* rate that the server sends
*/
peer->ppoll = max(peer->minpoll, pkt->ppoll);
if (hismode == MODE_SERVER && hisleap == LEAP_NOTINSYNC &&
hisstratum == STRATUM_UNSPEC && memcmp(&pkt->refid,
"RATE", 4) == 0) {
peer->selbroken++;
if (kissCode == RATEKISS) {
peer->selbroken++; /* Increment the KoD count */
report_event(PEVNT_RATE, peer, NULL);
if (pkt->ppoll > peer->minpoll)
peer->minpoll = peer->ppoll;
@ -1364,6 +1451,11 @@ receive(
poll_update(peer, pkt->ppoll);
return; /* kiss-o'-death */
}
if (kissCode != NOKISS) {
peer->selbroken++; /* Increment the KoD count */
return; /* Drop any other kiss code packets */
}
/*
* That was hard and I am sweaty, but the packet is squeaky
@ -1455,8 +1547,8 @@ receive(
int i;
for (i = 0; ; i++) {
if (tkeyid == peer->pkeyid ||
tkeyid == ap->key) {
if ( tkeyid == peer->pkeyid
|| tkeyid == ap->key) {
peer->flash &= ~TEST8;
peer->pkeyid = skeyid;
ap->seq -= i;
@ -1589,8 +1681,8 @@ process_packet(
* Verify the server is synchronized; that is, the leap bits,
* stratum and root distance are valid.
*/
if (pleap == LEAP_NOTINSYNC || /* test 6 */
pstratum < sys_floor || pstratum >= sys_ceiling)
if ( pleap == LEAP_NOTINSYNC /* test 6 */
|| pstratum < sys_floor || pstratum >= sys_ceiling)
peer->flash |= TEST6; /* bad synch or strat */
if (p_del / 2 + p_disp >= MAXDISPERSE) /* test 7 */
peer->flash |= TEST7; /* bad header */
@ -1823,8 +1915,9 @@ process_packet(
* client mode when the client is fit and the autokey dance is
* complete.
*/
if ((FLAG_BC_VOL & peer->flags) && MODE_CLIENT == peer->hmode &&
!(TEST11 & peer_unfit(peer))) { /* distance exceeded */
if ( (FLAG_BC_VOL & peer->flags)
&& MODE_CLIENT == peer->hmode
&& !(TEST11 & peer_unfit(peer))) { /* distance exceeded */
#ifdef AUTOKEY
if (peer->flags & FLAG_SKEY) {
if (!(~peer->crypto & CRYPTO_FLAG_ALL))
@ -1865,8 +1958,8 @@ clock_update(
sys_poll = peer->maxpoll;
poll_update(peer, sys_poll);
sys_stratum = min(peer->stratum + 1, STRATUM_UNSPEC);
if (peer->stratum == STRATUM_REFCLOCK ||
peer->stratum == STRATUM_UNSPEC)
if ( peer->stratum == STRATUM_REFCLOCK
|| peer->stratum == STRATUM_UNSPEC)
sys_refid = peer->refid;
else
sys_refid = addr2refid(&peer->srcadr);
@ -1992,12 +2085,12 @@ clock_update(
* once is mostly harmless.)
*/
if (leapsec == LSPROX_NOWARN) {
if (leap_vote_ins > leap_vote_del
if ( leap_vote_ins > leap_vote_del
&& leap_vote_ins > sys_survivors / 2) {
get_systime(&now);
leapsec_add_dyn(TRUE, now.l_ui, NULL);
}
if (leap_vote_del > leap_vote_ins
if ( leap_vote_del > leap_vote_ins
&& leap_vote_del > sys_survivors / 2) {
get_systime(&now);
leapsec_add_dyn(FALSE, now.l_ui, NULL);
@ -2320,8 +2413,8 @@ clock_filter(
m = 0;
for (i = 0; i < NTP_SHIFT; i++) {
peer->filter_order[i] = (u_char) ord[i];
if (dst[i] >= MAXDISPERSE || (m >= 2 && dst[i] >=
sys_maxdist))
if ( dst[i] >= MAXDISPERSE
|| (m >= 2 && dst[i] >= sys_maxdist))
continue;
m++;
}
@ -2367,10 +2460,11 @@ clock_filter(
* than twice the host poll interval, consider the new sample
* a popcorn spike and ignore it.
*/
if (peer->disp < sys_maxdist && peer->filter_disp[k] <
sys_maxdist && etemp > CLOCK_SGATE * peer->jitter &&
peer->filter_epoch[k] - peer->epoch < 2. *
ULOGTOD(peer->hpoll)) {
if ( peer->disp < sys_maxdist
&& peer->filter_disp[k] < sys_maxdist
&& etemp > CLOCK_SGATE * peer->jitter
&& peer->filter_epoch[k] - peer->epoch
< 2. * ULOGTOD(peer->hpoll)) {
snprintf(tbuf, sizeof(tbuf), "%.6f s", etemp);
report_event(PEVNT_POPCORN, peer, tbuf);
return;
@ -2547,14 +2641,14 @@ clock_select(void)
if (!(peer->flags & FLAG_PREFER)) {
switch (peer->refclktype) {
case REFCLK_LOCALCLOCK:
if (current_time > orphwait &&
typelocal == NULL)
if ( current_time > orphwait
&& typelocal == NULL)
typelocal = peer;
continue;
case REFCLK_ACTS:
if (current_time > orphwait &&
typeacts == NULL)
if ( current_time > orphwait
&& typeacts == NULL)
typeacts = peer;
continue;
}
@ -2684,8 +2778,10 @@ clock_select(void)
peer = peers[i].peer;
h = peers[i].synch;
if ((high <= low || peer->offset + h < low ||
peer->offset - h > high) && !(peer->flags & FLAG_TRUE))
if (( high <= low
|| peer->offset + h < low
|| peer->offset - h > high
) && !(peer->flags & FLAG_TRUE))
continue;
#ifdef REFCLOCK
@ -2742,7 +2838,7 @@ clock_select(void)
}
/*
* Now, vote outlyers off the island by select jitter weighted
* Now, vote outliers off the island by select jitter weighted
* by root distance. Continue voting as long as there are more
* than sys_minclock survivors and the select jitter of the peer
* with the worst metric is greater than the minimum peer
@ -2772,8 +2868,9 @@ clock_select(void)
}
}
g = max(g, LOGTOD(sys_precision));
if (nlist <= max(1, sys_minclock) || g <= d ||
((FLAG_TRUE | FLAG_PREFER) & peers[k].peer->flags))
if ( nlist <= max(1, sys_minclock)
|| g <= d
|| ((FLAG_TRUE | FLAG_PREFER) & peers[k].peer->flags))
break;
DPRINTF(3, ("select: drop %s seljit %.6f jit %.6f\n",
@ -2898,10 +2995,12 @@ clock_select(void)
* if there is a prefer peer or there are no survivors and none
* are required.
*/
if (typepps != NULL && fabs(sys_offset) < 0.4 &&
(typepps->refclktype != REFCLK_ATOM_PPS ||
(typepps->refclktype == REFCLK_ATOM_PPS && (sys_prefer !=
NULL || (typesystem == NULL && sys_minsane == 0))))) {
if ( typepps != NULL
&& fabs(sys_offset) < 0.4
&& ( typepps->refclktype != REFCLK_ATOM_PPS
|| ( typepps->refclktype == REFCLK_ATOM_PPS
&& ( sys_prefer != NULL
|| (typesystem == NULL && sys_minsane == 0))))) {
typesystem = typepps;
sys_clockhop = 0;
typesystem->new_status = CTL_PST_SEL_PPS;
@ -3240,16 +3339,16 @@ peer_xmit(
* autokey sequence, the autokey exchange is
* used to retrieve the autokey values.
*/
else if (sys_leap != LEAP_NOTINSYNC &&
peer->leap != LEAP_NOTINSYNC &&
!(peer->crypto & CRYPTO_FLAG_COOK))
else if ( sys_leap != LEAP_NOTINSYNC
&& peer->leap != LEAP_NOTINSYNC
&& !(peer->crypto & CRYPTO_FLAG_COOK))
exten = crypto_args(peer, CRYPTO_COOK,
peer->associd, NULL);
else if (!(peer->crypto & CRYPTO_FLAG_AUTO))
exten = crypto_args(peer, CRYPTO_AUTO,
peer->associd, NULL);
else if (peer->flags & FLAG_ASSOC &&
peer->crypto & CRYPTO_FLAG_SIGN)
else if ( peer->flags & FLAG_ASSOC
&& peer->crypto & CRYPTO_FLAG_SIGN)
exten = crypto_args(peer, CRYPTO_AUTO |
CRYPTO_RESP, peer->assoc, NULL);
@ -3693,7 +3792,7 @@ pool_xmit(
pool->hostname));
else
msyslog(LOG_ERR,
"unable to start pool DNS %s %m",
"unable to start pool DNS %s: %m",
pool->hostname);
return;
}
@ -3883,8 +3982,9 @@ peer_unfit(
* synchronized, (2) the server stratum is below the floor or
* greater than or equal to the ceiling.
*/
if (peer->leap == LEAP_NOTINSYNC || peer->stratum < sys_floor ||
peer->stratum >= sys_ceiling)
if ( peer->leap == LEAP_NOTINSYNC
|| peer->stratum < sys_floor
|| peer->stratum >= sys_ceiling)
rval |= TEST10; /* bad synch or stratum */
/*
@ -3892,8 +3992,9 @@ peer_unfit(
* distance is greater than or equal to the distance threshold
* plus the increment due to one host poll interval.
*/
if (!(peer->flags & FLAG_REFCLOCK) && root_distance(peer) >=
sys_maxdist + clock_phi * ULOGTOD(peer->hpoll))
if ( !(peer->flags & FLAG_REFCLOCK)
&& root_distance(peer) >= sys_maxdist
+ clock_phi * ULOGTOD(peer->hpoll))
rval |= TEST11; /* distance exceeded */
/*

2
ntpd/ntp_refclock.c
View File

@ -1049,7 +1049,7 @@ refclock_control(
if (NULL == peer)
return;
NTP_INSIST(peer->procptr != NULL);
INSIST(peer->procptr != NULL);
pp = peer->procptr;
/*

10
ntpd/ntp_request.c
View File

@ -1757,10 +1757,12 @@ do_restrict(
}
/*
* Looks okay, try it out
* Looks okay, try it out. Needs to reload data pointer and
* item counter. (Talos-CAN-0052)
*/
ZERO_SOCK(&matchaddr);
ZERO_SOCK(&matchmask);
items = INFO_NITEMS(inpkt->err_nitems);
datap = inpkt->u.data;
while (items-- > 0) {
@ -1917,9 +1919,11 @@ reset_peer(
}
/*
* Now do it in earnest.
* Now do it in earnest. Needs to reload data pointer and item
* counter. (Talos-CAN-0052)
*/
items = INFO_NITEMS(inpkt->err_nitems);
datap = inpkt->u.data;
while (items-- > 0) {
ZERO(cp);

28
ntpd/ntp_restrict.c
View File

@ -173,7 +173,7 @@ alloc_res4(void)
LINK_SLIST(resfree4, res, link);
res = (void *)((char *)res - cb);
}
NTP_INSIST(rl == res);
INSIST(rl == res);
/* allocate the first */
return res;
}
@ -199,7 +199,7 @@ alloc_res6(void)
LINK_SLIST(resfree6, res, link);
res = (void *)((char *)res - cb);
}
NTP_INSIST(rl == res);
INSIST(rl == res);
/* allocate the first */
return res;
}
@ -223,7 +223,7 @@ free_res(
else
plisthead = &restrictlist4;
UNLINK_SLIST(unlinked, *plisthead, res, link, restrict_u);
NTP_INSIST(unlinked == res);
INSIST(unlinked == res);
if (v6) {
zero_mem(res, V6_SIZEOF_RESTRICT_U);
@ -291,7 +291,7 @@ match_restrict6_addr(
for (res = restrictlist6; res != NULL; res = next) {
next = res->link;
NTP_INSIST(next != res);
INSIST(next != res);
if (res->expire &&
res->expire <= current_time)
free_res(res, v6);
@ -435,6 +435,9 @@ restrictions(
match = match_restrict4_addr(SRCADR(srcadr),
SRCPORT(srcadr));
INSIST(match != NULL);
match->count++;
/*
* res_not_found counts only use of the final default
@ -461,6 +464,7 @@ restrictions(
return (int)RES_IGNORE;
match = match_restrict6_addr(pin6, SRCPORT(srcadr));
INSIST(match != NULL);
match->count++;
if (&restrict_def6 == match)
res_not_found++;
@ -494,8 +498,8 @@ hack_restrict(
op, stoa(resaddr), stoa(resmask), mflags, flags));
if (NULL == resaddr) {
NTP_REQUIRE(NULL == resmask);
NTP_REQUIRE(RESTRICT_FLAGS == op);
REQUIRE(NULL == resmask);
REQUIRE(RESTRICT_FLAGS == op);
restrict_source_flags = flags;
restrict_source_mflags = mflags;
restrict_source_enabled = 1;
@ -503,9 +507,13 @@ hack_restrict(
}
ZERO(match);
#if 0
/* silence VC9 potentially uninit warnings */
// HMS: let's use a compiler-specific "enable" for this.
res = NULL;
v6 = 0;
#endif
if (IS_IPV4(resaddr)) {
v6 = 0;
@ -528,7 +536,7 @@ hack_restrict(
&match.u.v6.mask);
} else /* not IPv4 nor IPv6 */
NTP_REQUIRE(0);
REQUIRE(0);
match.flags = flags;
match.mflags = mflags;
@ -600,7 +608,7 @@ hack_restrict(
break;
default: /* unknown op */
NTP_INSIST(0);
INSIST(0);
break;
}
@ -626,7 +634,7 @@ restrict_source(
IS_MCAST(addr) || ISREFCLOCKADR(addr))
return;
NTP_REQUIRE(AF_INET == AF(addr) || AF_INET6 == AF(addr));
REQUIRE(AF_INET == AF(addr) || AF_INET6 == AF(addr));
SET_HOSTMASK(&onesmask, AF(addr));
if (farewell) {
@ -647,10 +655,12 @@ restrict_source(
*/
if (IS_IPV4(addr)) {
res = match_restrict4_addr(SRCADR(addr), SRCPORT(addr));
INSIST(res != NULL);
found_specific = (SRCADR(&onesmask) == res->u.v4.mask);
} else {
res = match_restrict6_addr(&SOCK_ADDR6(addr),
SRCPORT(addr));
INSIST(res != NULL);
found_specific = ADDR6_EQ(&res->u.v6.mask,
&SOCK_ADDR6(&onesmask));
}

6
ntpd/ntp_timer.c
View File

@ -56,6 +56,12 @@ static void check_leapsec(u_int32, const time_t*, int/*BOOL*/);
*/
volatile int interface_interval; /* init_io() sets def. 300s */
/*
* Initializing flag. All async routines watch this and only do their
* thing when it is clear.
*/
int initializing;
/*
* Alarm flag. The mainline code imports this.
*/

14
ntpd/ntpd-opts.c
View File

@ -1,7 +1,7 @@
/*
* EDIT THIS FILE WITH CAUTION (ntpd-opts.c)
*
* It has been AutoGen-ed June 29, 2015 at 04:28:19 PM by AutoGen 5.18.5
* It has been AutoGen-ed October 21, 2015 at 12:36:00 PM by AutoGen 5.18.5
* From the definitions ntpd-opts.def
* and the template file options
*
@ -75,7 +75,7 @@ extern FILE * option_usage_fp;
* static const strings for ntpd options
*/
static char const ntpd_opt_strs[3129] =
/* 0 */ "ntpd 4.2.8p3\n"
/* 0 */ "ntpd 4.2.8p4\n"
"Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
@ -205,12 +205,12 @@ static char const ntpd_opt_strs[3129] =
/* 2900 */ "output version information and exit\0"
/* 2936 */ "version\0"
/* 2944 */ "NTPD\0"
/* 2949 */ "ntpd - NTP daemon program - Ver. 4.2.8p3\n"
/* 2949 */ "ntpd - NTP daemon program - Ver. 4.2.8p4\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n"
"\t\t[ <server1> ... <serverN> ]\n\0"
/* 3080 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 3114 */ "\n\0"
/* 3116 */ "ntpd 4.2.8p3";
/* 3116 */ "ntpd 4.2.8p4";
/**
* ipv4 option description with
@ -1529,7 +1529,7 @@ static void bogus_function(void) {
translate option names.
*/
/* referenced via ntpdOptions.pzCopyright */
puts(_("ntpd 4.2.8p3\n\
puts(_("ntpd 4.2.8p4\n\
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\
@ -1670,7 +1670,7 @@ implied warranty.\n"));
puts(_("output version information and exit"));
/* referenced via ntpdOptions.pzUsageTitle */
puts(_("ntpd - NTP daemon program - Ver. 4.2.8p3\n\
puts(_("ntpd - NTP daemon program - Ver. 4.2.8p4\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
\t\t[ <server1> ... <serverN> ]\n"));
@ -1678,7 +1678,7 @@ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
puts(_("\n"));
/* referenced via ntpdOptions.pzFullVersion */
puts(_("ntpd 4.2.8p3"));
puts(_("ntpd 4.2.8p4"));
/* referenced via ntpdOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>"));

6
ntpd/ntpd-opts.def
View File

@ -236,6 +236,8 @@ when you have permission to do so from the owner of the target host.
Finally,
in the past many startup scripts would run
.Xr ntpdate 1ntpdatemdoc
or
.Xr sntp 1sntpmdoc
to get the system clock close to correct before starting
.Xr ntpd 1ntpdmdoc ,
but this was never more than a mediocre hack and is no longer needed.
@ -245,7 +247,9 @@ and you still need to set the system time before starting
.Nm ,
please open a bug report and document what is going on,
and then look at using
.Xr sntp 1sntpmdoc .
.Xr sntp 1sntpmdoc
if you really need to set the clock before starting
.Nm .
.Pp
There is a way to start
.Xr ntpd 1ntpdmdoc

6
ntpd/ntpd-opts.h
View File

@ -1,7 +1,7 @@
/*
* EDIT THIS FILE WITH CAUTION (ntpd-opts.h)
*
* It has been AutoGen-ed June 29, 2015 at 04:28:18 PM by AutoGen 5.18.5
* It has been AutoGen-ed October 21, 2015 at 12:35:59 PM by AutoGen 5.18.5
* From the definitions ntpd-opts.def
* and the template file options
*
@ -106,9 +106,9 @@ typedef enum {
/** count of all options for ntpd */
#define OPTION_CT 38
/** ntpd version */
#define NTPD_VERSION "4.2.8p3"
#define NTPD_VERSION "4.2.8p4"
/** Full ntpd version text */
#define NTPD_FULL_VERSION "ntpd 4.2.8p3"
#define NTPD_FULL_VERSION "ntpd 4.2.8p4"
/**
* Interface defines for all options. Replace "n" with the UPPER_CASED

12
ntpd/ntpd.1ntpdman
View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntpd 1ntpdman "29 Jun 2015" "4.2.8p3" "User Commands"
.TH ntpd 1ntpdman "21 Oct 2015" "4.2.8p4" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LZaapD/ag-XZa4nD)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-dUaOfK/ag-qUaGeK)
.\"
.\" It has been AutoGen-ed June 29, 2015 at 04:30:24 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed October 21, 2015 at 12:38:11 PM by AutoGen 5.18.5
.\" From the definitions ntpd-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME
@ -602,6 +602,8 @@ when you have permission to do so from the owner of the target host.
Finally,
in the past many startup scripts would run
\fCntpdate\f[]\fR(1ntpdatemdoc)\f[]
or
\fCsntp\f[]\fR(1sntpmdoc)\f[]
to get the system clock close to correct before starting
\fCntpd\f[]\fR(1ntpdmdoc)\f[],
but this was never more than a mediocre hack and is no longer needed.
@ -611,7 +613,9 @@ and you still need to set the system time before starting
\f\*[B-Font]ntpd\fP,
please open a bug report and document what is going on,
and then look at using
\fCsntp\f[]\fR(1sntpmdoc)\f[].
\fCsntp\f[]\fR(1sntpmdoc)\f[]
if you really need to set the clock before starting
\f\*[B-Font]ntpd\fP.
.sp \n(Ppu
.ne 2

10
ntpd/ntpd.1ntpdmdoc
View File

@ -1,9 +1,9 @@
.Dd June 29 2015
.Dd October 21 2015
.Dt NTPD 1ntpdmdoc User Commands
.Os
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
.\"
.\" It has been AutoGen-ed June 29, 2015 at 04:30:41 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed October 21, 2015 at 12:38:30 PM by AutoGen 5.18.5
.\" From the definitions ntpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
@ -532,6 +532,8 @@ when you have permission to do so from the owner of the target host.
Finally,
in the past many startup scripts would run
.Xr ntpdate 1ntpdatemdoc
or
.Xr sntp 1sntpmdoc
to get the system clock close to correct before starting
.Xr ntpd 1ntpdmdoc ,
but this was never more than a mediocre hack and is no longer needed.
@ -541,7 +543,9 @@ and you still need to set the system time before starting
.Nm ,
please open a bug report and document what is going on,
and then look at using
.Xr sntp 1sntpmdoc .
.Xr sntp 1sntpmdoc
if you really need to set the clock before starting
.Nm .
.Pp
There is a way to start
.Xr ntpd 1ntpdmdoc

104
ntpd/ntpd.c
View File

@ -27,6 +27,14 @@
#include "ntp_libopts.h"
#include "ntpd-opts.h"
/* there's a short treatise below what the thread stuff is for */
#if defined(HAVE_PTHREADS) && HAVE_PTHREADS && !defined(NO_THREADS)
# ifdef HAVE_PTHREAD_H
# include <pthread.h>
# endif
# define NEED_PTHREAD_WARMUP
#endif
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif
@ -179,12 +187,6 @@ struct passwd *pw;
int waitsync_fd_to_close = -1; /* -w/--wait-sync */
#endif
/*
* Initializing flag. All async routines watch this and only do their
* thing when it is clear.
*/
int initializing;
/*
* Version declaration
*/
@ -238,6 +240,68 @@ static void library_unexpected_error(const char *, int,
#endif /* !SIM */
/* Bug2332 unearthed a problem in the interaction of reduced user
* privileges, the limits on memory usage and some versions of the
* pthread library on Linux systems. The 'pthread_cancel()' function and
* likely some others need to track the stack of the thread involved,
* and uses a function that comes from GCC (--> libgcc_s.so) to do
* this. Unfortunately the developers of glibc decided to load the
* library on demand, which speeds up program start but can cause
* trouble here: Due to all the things NTPD does to limit its resource
* usage, this deferred load of libgcc_s does not always work once the
* restrictions are in effect.
*
* One way out of this was attempting a forced link against libgcc_s
* when possible because it makes the library available immediately
* without deferred load. (The symbol resolution would still be dynamic
* and on demand, but the code would already be in the process image.)
*
* This is a tricky thing to do, since it's not necessary everywhere,
* not possible everywhere, has shown to break the build of other
* programs in the NTP suite and is now generally frowned upon.
*
* So we take a different approach here: We creat a worker thread that does
* actually nothing except waiting for cancellation and cancel it. If
* this is done before all the limitations are put in place, the
* machinery is pre-heated and all the runtime stuff should be in place
* and useable when needed.
*
* This uses only the standard pthread API and should work with all
* implementations of pthreads. It is not necessary everywhere, but it's
* cheap enough to go on nearly unnoticed.
*/
#ifdef NEED_PTHREAD_WARMUP
/* simple thread function: sleep until cancelled, just to exercise
* thread cancellation.
*/
static void*
my_pthread_warmup_worker(
void *thread_args)
{
(void)thread_args;
for (;;)
sleep(10);
return NULL;
}
/* pre-heat threading: create a thread and cancel it, just to exercise
* thread cancellation.
*/
static void
my_pthread_warmup(void)
{
pthread_t thread;
int rc;
rc = pthread_create(
&thread, NULL, my_pthread_warmup_worker, NULL);
if (0 == rc) {
pthread_cancel(thread);
pthread_join(thread, NULL);
}
}
#endif /*defined(NEED_PTHREAD_WARMUP)*/
void
@ -451,6 +515,10 @@ ntpdmain(
int zero;
# endif
# ifdef NEED_PTHREAD_WARMUP
my_pthread_warmup();
# endif
# ifdef HAVE_UMASK
uv = umask(0);
if (uv)
@ -791,13 +859,16 @@ ntpdmain(
*/
getconfig(argc, argv);
if (do_memlock) {
if (-1 == cur_memlock) {
# if defined(HAVE_MLOCKALL)
/*
* lock the process into memory
*/
if (!HAVE_OPT(SAVECONFIGQUIT) &&
0 != mlockall(MCL_CURRENT|MCL_FUTURE))
if ( !HAVE_OPT(SAVECONFIGQUIT)
# ifdef RLIMIT_MEMLOCK
&& -1 != DFLT_RLIMIT_MEMLOCK
# endif
&& 0 != mlockall(MCL_CURRENT|MCL_FUTURE))
msyslog(LOG_ERR, "mlockall(): %m");
# else /* !HAVE_MLOCKALL follows */
# ifdef HAVE_PLOCK
@ -937,10 +1008,17 @@ ntpdmain(
msyslog(LOG_ERR, "Cannot setegid() to group `%s': %m", group);
exit (-1);
}
if (group)
setgroups(1, &sw_gid);
else
initgroups(pw->pw_name, pw->pw_gid);
if (group) {
if (0 != setgroups(1, &sw_gid)) {
msyslog(LOG_ERR, "setgroups(1, %d) failed: %m", sw_gid);
exit (-1);
}
}
else if (pw)
if (0 != initgroups(pw->pw_name, pw->pw_gid)) {
msyslog(LOG_ERR, "initgroups(<%s>, %d) filed: %m", pw->pw_name, pw->pw_gid);
exit (-1);
}
if (user && setuid(sw_uid)) {
msyslog(LOG_ERR, "Cannot setuid() to user `%s': %m", user);
exit (-1);

4
ntpd/ntpd.html
View File

@ -39,7 +39,7 @@ The program can operate in any of several modes, including client/server,
symmetric and broadcast modes, and with both symmetric-key and public-key
cryptography.
<p>This document applies to version 4.2.8p3 of <code>ntpd</code>.
<p>This document applies to version 4.2.8p4 of <code>ntpd</code>.
<ul class="menu">
<li><a accesskey="1" href="#ntpd-Description">ntpd Description</a>: Description
@ -220,7 +220,7 @@ the usage text by passing it through a pager program.
used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
<pre class="example">ntpd - NTP daemon program - Ver. 4.2.8p3-RC3
<pre class="example">ntpd - NTP daemon program - Ver. 4.2.8p4-sec-RC2
Usage: ntpd [ -&lt;flag&gt; [&lt;val&gt;] | --&lt;name&gt;[{=| }&lt;val&gt;] ]... \
[ &lt;server1&gt; ... &lt;serverN&gt; ]
Flg Arg Option-Name Description

12
ntpd/ntpd.man.in
View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntpd @NTPD_MS@ "29 Jun 2015" "4.2.8p3" "User Commands"
.TH ntpd @NTPD_MS@ "21 Oct 2015" "4.2.8p4" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LZaapD/ag-XZa4nD)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-dUaOfK/ag-qUaGeK)
.\"
.\" It has been AutoGen-ed June 29, 2015 at 04:30:24 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed October 21, 2015 at 12:38:11 PM by AutoGen 5.18.5
.\" From the definitions ntpd-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME
@ -602,6 +602,8 @@ when you have permission to do so from the owner of the target host.
Finally,
in the past many startup scripts would run
\fCntpdate\f[]\fR(@NTPDATE_MS@)\f[]
or
\fCsntp\f[]\fR(@SNTP_MS@)\f[]
to get the system clock close to correct before starting
\fCntpd\f[]\fR(@NTPD_MS@)\f[],
but this was never more than a mediocre hack and is no longer needed.
@ -611,7 +613,9 @@ and you still need to set the system time before starting
\f\*[B-Font]ntpd\fP,
please open a bug report and document what is going on,
and then look at using
\fCsntp\f[]\fR(@SNTP_MS@)\f[].
\fCsntp\f[]\fR(@SNTP_MS@)\f[]
if you really need to set the clock before starting
\f\*[B-Font]ntpd\fP.
.sp \n(Ppu
.ne 2

10
ntpd/ntpd.mdoc.in
View File

@ -1,9 +1,9 @@
.Dd June 29 2015
.Dd October 21 2015
.Dt NTPD @NTPD_MS@ User Commands
.Os
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
.\"
.\" It has been AutoGen-ed June 29, 2015 at 04:30:41 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed October 21, 2015 at 12:38:30 PM by AutoGen 5.18.5
.\" From the definitions ntpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
@ -532,6 +532,8 @@ when you have permission to do so from the owner of the target host.
Finally,
in the past many startup scripts would run
.Xr ntpdate @NTPDATE_MS@
or
.Xr sntp @SNTP_MS@
to get the system clock close to correct before starting
.Xr ntpd @NTPD_MS@ ,
but this was never more than a mediocre hack and is no longer needed.
@ -541,7 +543,9 @@ and you still need to set the system time before starting
.Nm ,
please open a bug report and document what is going on,
and then look at using
.Xr sntp @SNTP_MS@ .
.Xr sntp @SNTP_MS@
if you really need to set the clock before starting
.Nm .
.Pp
There is a way to start
.Xr ntpd @NTPD_MS@

1
ntpd/rc_cmdlength.c
View File

@ -1,4 +1,5 @@
#include <config.h>
#include <rc_cmdlength.h>
#if HAVE_UNISTD_H
# include <unistd.h>

2
ntpd/refclock_arc.c
View File

@ -657,7 +657,7 @@ arc_start(
return 0;
}
close(temp_fd);
temp_fd = -1;
temp_fd = -1; /* not used after this, at *this* time. */
#ifndef SYS_WINNT
if (-1 == fcntl(fd, F_SETFL, 0)) /* clear the descriptor flags */

2
ntpd/refclock_chu.c
View File

@ -1194,7 +1194,7 @@ chu_a(
* only if the maximum distance is at least MINSYNC.
*/
up->syndist = k = 0;
val = -16;
// val = -16;
for (i = -1; i < 2; i++) {
temp = up->cbuf[i + 4] & 0xf;
if (i >= 0)

18
ntpd/refclock_gpsdjson.c
View File

@ -1113,9 +1113,9 @@ strtojint(
/* Now try to convert a sequence of digits. */
hold = cp;
accu = 0;
while (isdigit(*(const unsigned char*)cp)) {
while (isdigit(*(const u_char*)cp)) {
flags |= (accu > limit_lo);
accu = accu * 10 + (*(const unsigned char*)cp++ - '0');
accu = accu * 10 + (*(const u_char*)cp++ - '0');
flags |= (accu > limit_hi);
}
/* Check for empty conversion (no digits seen). */
@ -2086,8 +2086,8 @@ convert_ascii_time(
return FALSE; /* could not parse the mandatory stuff! */
if (*ep == '.') {
dw = 100000000u;
while (isdigit(*(unsigned char*)++ep)) {
ts.tv_nsec += (*(unsigned char*)ep - '0') * dw;
while (isdigit(*(u_char*)++ep)) {
ts.tv_nsec += (*(u_char*)ep - '0') * dw;
dw /= 10u;
}
}
@ -2189,16 +2189,16 @@ log_data(
char *dtop = s_lbuf + sizeof(s_lbuf) - 1; /* for NUL */
while (sptr != stop && dptr != dtop) {
if (*sptr == '\\') {
u_char uch = (u_char)*sptr++;
if (uch == '\\') {
dptr = add_string(dptr, dtop, "\\\\");
} else if (isprint(*sptr)) {
*dptr++ = *sptr;
} else if (isprint(uch)) {
*dptr++ = (char)uch;
} else {
char fbuf[6];
snprintf(fbuf, sizeof(fbuf), "\\%03o", *(const u_char*)sptr);
snprintf(fbuf, sizeof(fbuf), "\\%03o", uch);
dptr = add_string(dptr, dtop, fbuf);
}
sptr++;
}
*dptr = '\0';
mprintf("%s[%s]: '%s'\n", up->logname, what, s_lbuf);

18
ntpd/refclock_local.c
View File

@ -55,15 +55,7 @@
*
* Fudge Factors
*
* If fudge flag1 is lit, the leap second bit is set in the peer
* status word. It should be set early in the day of a leap second
* event and set dark on the day after the event.
*
* Note the fudge time1 and time2 have been deprecated. The fudge time1
* was intended to apply a bias offset. This can be done using the Unix
* date command. The fudge time2 was intended to apply a bias frequency.
* This can be done using the frequency file and/or the freq
* configuration command.
* None currently supported.
*/
/*
* Local interface definitions
@ -179,9 +171,7 @@ local_poll(
/*
* Ramble through the usual filtering and grooming code, which
* is essentially a no-op and included mostly for pretty
* billboards. We allow a one-time time adjustment using fudge
* time1 (s) and a continuous frequency adjustment using fudge
* time 2 (ppm).
* billboards.
*/
poll_time = current_time;
refclock_process_offset(pp, pp->lastrec, pp->lastrec, 0);
@ -215,10 +205,6 @@ local_poll(
pp->disp = 0;
pp->jitter = 0;
#else /* KERNEL_PLL LOCKCLOCK */
if (pp->sloppyclockflag & CLK_FLAG1)
pp->leap = LEAP_ADDSECOND;
else
pp->leap = LEAP_NOWARNING;
pp->disp = DISPERSION;
pp->jitter = 0;
#endif /* KERNEL_PLL LOCKCLOCK */

7
ntpd/refclock_nmea.c
View File

@ -810,9 +810,10 @@ nmea_receive(
ZERO(tofs);
ZERO(date);
ZERO(gpsw);
sentence = 0;
rc_date = 0;
rc_time = 0;
sentence = 0; // Should never be needed.
rc_date = 0; // Should never be needed.
rc_time = 0; // Should never be needed.
/*
* Read the timecode and timestamp, then initialise field
* processing. The <CR><LF> at the NMEA line end is translated

4
ntpd/refclock_palisade.c
View File

@ -218,7 +218,7 @@ init_thunderbolt (
struct packettx tx;
tx.size = 0;
tx.data = (u_char *) malloc(100);
tx.data = (u_char *) emalloc(100);
/* set UTC time */
sendsupercmd (&tx, 0x8E, 0xA2);
@ -246,7 +246,7 @@ init_acutime (
struct packettx tx;
tx.size = 0;
tx.data = (u_char *) malloc(100);
tx.data = (u_char *) emalloc(100);
sendsupercmd(&tx, 0x8E, 0xA5);
sendbyte(&tx, 0x02);

Some files were not shown because too many files have changed in this diff Show More