MFV r308954:

ntp 4.2.8p9.

Approved by:	so
This commit is contained in:
delphij 2016-11-22 08:27:49 +00:00
commit 3298f99b19
183 changed files with 7435 additions and 3841 deletions

View File

@ -1,3 +1,72 @@
---
(4.2.8p9) 2016/11/21 Released by Harlan Stenn <stenn@ntp.org>
(4.2.8p9) 2016/MM/DD Released by Harlan Stenn <stenn@ntp.org>
* [Sec 3119] Trap crash <perlinger@ntp.org>
* [Sec 3118] Mode 6 information disclosure and DDoS vector <perlinger@ntp.org>
- TRAP config via mode 6 packet requires AUTH now.
* [Sec 3114] Broadcast Mode Replay Prevention DoS
- applied patches by Matthew Van Gundy. <perlinger@ntp.org>
- with bcpollbstep, tweaks and cleanup by stenn@ntp.org
* [Sec 3113] Broadcast Mode Poll Interval Enforcement DoS <perlinger@ntp.org>
- applied fix as suggested by Matthew Van Gundy
* [Sec 3110] Windows: ntpd DoS by oversized UDP packet
- fixed error handling for truncated UDP packets. <perlinger@ntp.org>
* [Sec 3102] Zero origin issues. HStenn.
* [Sec 3082] null pointer dereference in _IO_str_init_static_internal()
- more hardening to read_mru_list(). perlinger@ntp.org
* [Sec 3072] Attack on interface selection <perlinger@ntp.org>
- implemented Miroslav Lichvars <mlichvar@redhat.com> suggestion
to skip interface updates based on incoming packets
* [Bug 3142] bug in netmask prefix length detection <perlinger@ntp.org>
* [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org
* [Bug 3129] Unknown hosts can put resolver thread into a hard loop
- moved retry decision where it belongs. <perlinger@ntp.org>
* [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order
using the loopback-ppsapi-provider.dll <perlinger@ntp.org>
* [Bug 3116] unit tests for NTP time stamp expansion. <perlinger@ntp.org>
* [Bug 3100] ntpq can't retrieve daemon_version <perlinger@ntp.org>
- fixed extended sysvar lookup (bug introduced with bug 3008 fix)
* [Bug 3095] Compatibility with openssl 1.1 <perlinger@ntp.org>
- applied patches by Kurt Roeckx <kurt@roeckx.be> to source
- added shim layer for SSL API calls with issues (both directions)
* [Bug 3089] Serial Parser does not work anymore for hopfser like device
- simplified / refactored hex-decoding in driver. <perlinger@ntp.org>
* [Bug 3084] update-leap mis-parses the leapfile name. HStenn.
* [Bug 3068] Linker warnings when building on Solaris. perlinger@ntp.org
- applied patch thanks to Andrew Stormont <andyjstormont@gmail.com>
* [Bug 3067] Root distance calculation needs improvement. HStenn.
* [Bug 3066] NMEA clock ignores pps. perlinger@ntp.org
- PPS-HACK works again.
* [Bug 3059] Potential buffer overrun from oversized hash <perlinger@ntp.org>
- applied patch by Brian Utterback <brian.utterback@oracle.com>
* [Bug 3053] ntp_loopfilter.c frequency calc precedence error. Sarah White.
* [Bug 3050] Fix for bug #2960 causes [...] spurious error message.
<perlinger@ntp.org>
- patches by Reinhard Max <max@suse.com> and Havard Eidnes <he@uninett.no>
* [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org
- Patch provided by Kuramatsu.
* [Bug 3021] unity_fixture.c needs pragma weak <perlinger@ntp.org>
- removed unnecessary & harmful decls of 'setUp()' & 'tearDown()'
* [Bug 3019] Windows: ERROR_HOST_UNREACHABLE block packet processing.
DMayer and JPerlinger.
* [Bug 2998] sntp/tests/packetProcessing.c broken without openssl. JPerlinger
* [Bug 2961] sntp/tests/packetProcessing.c assumes AUTOKEY. HStenn.
* [Bug 2959] refclock_jupiter: gps week correction <perlinger@ntp.org>
- fixed GPS week expansion to work based on build date. Special thanks
to Craig Leres for initial patch and testing.
* [Bug 2951] ntpd tests fail: multiple definition of `send_via_ntp_signd'
- fixed Makefile.am <perlinger@ntp.org>
* [Bug 2689] ATOM driver processes last PPS pulse at startup,
even if it is very old <perlinger@ntp.org>
- make sure PPS source is alive before processing samples
- improve stability close to the 500ms phase jump (phase gate)
* Fix typos in include/ntp.h.
* Shim X509_get_signature_nid() if needed.
* git author attribution cleanup
* bk ignore file cleanup
* remove locks in Windows IO, use rpc-like thread synchronisation instead
---
(4.2.8p8) 2016/06/02 Released by Harlan Stenn <stenn@ntp.org>
@ -19,7 +88,7 @@
* Fix typo in ntp-wait and plot_summary. HStenn.
* Make sure we have an "author" file for git imports. HStenn.
* Update the sntp problem tests for MacOS. HStenn.
---
(4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org>

File diff suppressed because it is too large Load Diff

View File

@ -1,3 +1,310 @@
---
NTP 4.2.8p9 (Harlan Stenn <stenn@ntp.org>, 2016/11/21)
Focus: Security, Bug fixes, enhancements.
Severity: HIGH
In addition to bug fixes and enhancements, this release fixes the
following 1 high- (Windows only), 2 medium-, 2 medium-/low, and
5 low-severity vulnerabilities, and provides 28 other non-security
fixes and improvements:
* Trap crash
Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
References: Sec 3119 / CVE-2016-9311 / VU#633847
Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not
including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94.
CVSS2: MED 4.9 (AV:N/AC:H/Au:N/C:N/I:N/A:C)
CVSS3: MED 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary:
ntpd does not enable trap service by default. If trap service
has been explicitly enabled, an attacker can send a specially
crafted packet to cause a null pointer dereference that will
crash ntpd, resulting in a denial of service.
Mitigation:
Implement BCP-38.
Use "restrict default noquery ..." in your ntp.conf file. Only
allow mode 6 queries from trusted networks and hosts.
Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page
Properly monitor your ntpd instances, and auto-restart ntpd
(without -g) if it stops running.
Credit: This weakness was discovered by Matthew Van Gundy of Cisco.
* Mode 6 information disclosure and DDoS vector
Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
References: Sec 3118 / CVE-2016-9310 / VU#633847
Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not
including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94.
CVSS2: MED 6.4 (AV:A/AC:L/Au:N/C:N/I:N/A:P)
CVSS3: MED 6.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary:
An exploitable configuration modification vulnerability exists
in the control mode (mode 6) functionality of ntpd. If, against
long-standing BCP recommendations, "restrict default noquery ..."
is not specified, a specially crafted control mode packet can set
ntpd traps, providing information disclosure and DDoS
amplification, and unset ntpd traps, disabling legitimate
monitoring. A remote, unauthenticated, network attacker can
trigger this vulnerability.
Mitigation:
Implement BCP-38.
Use "restrict default noquery ..." in your ntp.conf file.
Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page
Properly monitor your ntpd instances, and auto-restart ntpd
(without -g) if it stops running.
Credit: This weakness was discovered by Matthew Van Gundy of Cisco.
* Broadcast Mode Replay Prevention DoS
Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
References: Sec 3114 / CVE-2016-7427 / VU#633847
Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and
ntp-4.3.90 up to, but not including ntp-4.3.94.
CVSS2: LOW 3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P)
CVSS3: MED 4.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary:
The broadcast mode of NTP is expected to only be used in a
trusted network. If the broadcast network is accessible to an
attacker, a potentially exploitable denial of service
vulnerability in ntpd's broadcast mode replay prevention
functionality can be abused. An attacker with access to the NTP
broadcast domain can periodically inject specially crafted
broadcast mode NTP packets into the broadcast domain which,
while being logged by ntpd, can cause ntpd to reject broadcast
mode packets from legitimate NTP broadcast servers.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page
Properly monitor your ntpd instances, and auto-restart ntpd
(without -g) if it stops running.
Credit: This weakness was discovered by Matthew Van Gundy of Cisco.
* Broadcast Mode Poll Interval Enforcement DoS
Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
References: Sec 3113 / CVE-2016-7428 / VU#633847
Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and
ntp-4.3.90 up to, but not including ntp-4.3.94
CVSS2: LOW 3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P)
CVSS3: MED 4.3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary:
The broadcast mode of NTP is expected to only be used in a
trusted network. If the broadcast network is accessible to an
attacker, a potentially exploitable denial of service
vulnerability in ntpd's broadcast mode poll interval enforcement
functionality can be abused. To limit abuse, ntpd restricts the
rate at which each broadcast association will process incoming
packets. ntpd will reject broadcast mode packets that arrive
before the poll interval specified in the preceding broadcast
packet expires. An attacker with access to the NTP broadcast
domain can send specially crafted broadcast mode NTP packets to
the broadcast domain which, while being logged by ntpd, will
cause ntpd to reject broadcast mode packets from legitimate NTP
broadcast servers.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page
Properly monitor your ntpd instances, and auto-restart ntpd
(without -g) if it stops running.
Credit: This weakness was discovered by Matthew Van Gundy of Cisco.
* Windows: ntpd DoS by oversized UDP packet
Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
References: Sec 3110 / CVE-2016-9312 / VU#633847
Affects Windows only: ntp-4.?.?, up to but not including ntp-4.2.8p9,
and ntp-4.3.0 up to, but not including ntp-4.3.94.
CVSS2: HIGH 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS3: HIGH 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary:
If a vulnerable instance of ntpd on Windows receives a crafted
malicious packet that is "too big", ntpd will stop working.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page
Properly monitor your ntpd instances, and auto-restart ntpd
(without -g) if it stops running.
Credit: This weakness was discovered by Robert Pajak of ABB.
* 0rigin (zero origin) issues
Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
References: Sec 3102 / CVE-2016-7431 / VU#633847
Affects: ntp-4.2.8p8, and ntp-4.3.93.
CVSS2: MED 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS3: MED 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary:
Zero Origin timestamp problems were fixed by Bug 2945 in
ntp-4.2.8p6. However, subsequent timestamp validation checks
introduced a regression in the handling of some Zero origin
timestamp checks.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page
Properly monitor your ntpd instances, and auto-restart ntpd
(without -g) if it stops running.
Credit: This weakness was discovered by Sharon Goldberg and Aanchal
Malhotra of Boston University.
* read_mru_list() does inadequate incoming packet checks
Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
References: Sec 3082 / CVE-2016-7434 / VU#633847
Affects: ntp-4.2.7p22, up to but not including ntp-4.2.8p9, and
ntp-4.3.0 up to, but not including ntp-4.3.94.
CVSS2: LOW 3.8 (AV:L/AC:H/Au:S/C:N/I:N/A:C)
CVSS3: LOW 3.8 CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
Summary:
If ntpd is configured to allow mrulist query requests from a
server that sends a crafted malicious packet, ntpd will crash
on receipt of that crafted malicious mrulist query packet.
Mitigation:
Only allow mrulist query packets from trusted hosts.
Implement BCP-38.
Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page
Properly monitor your ntpd instances, and auto-restart ntpd
(without -g) if it stops running.
Credit: This weakness was discovered by Magnus Stubman.
* Attack on interface selection
Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
References: Sec 3072 / CVE-2016-7429 / VU#633847
Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and
ntp-4.3.0 up to, but not including ntp-4.3.94
CVSS2: LOW 1.0 (AV:L/AC:H/Au:S/C:N/I:N/A:P)
CVSS3: LOW 1.6 CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L
Summary:
When ntpd receives a server response on a socket that corresponds
to a different interface than was used for the request, the peer
structure is updated to use the interface for new requests. If
ntpd is running on a host with multiple interfaces in separate
networks and the operating system doesn't check source address in
received packets (e.g. rp_filter on Linux is set to 0), an
attacker that knows the address of the source can send a packet
with spoofed source address which will cause ntpd to select wrong
interface for the source and prevent it from sending new requests
until the list of interfaces is refreshed, which happens on
routing changes or every 5 minutes by default. If the attack is
repeated often enough (once per second), ntpd will not be able to
synchronize with the source.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page
If you are going to configure your OS to disable source address
checks, also configure your firewall configuration to control
what interfaces can receive packets from what networks.
Properly monitor your ntpd instances, and auto-restart ntpd
(without -g) if it stops running.
Credit: This weakness was discovered by Miroslav Lichvar of Red Hat.
* Client rate limiting and server responses
Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
References: Sec 3071 / CVE-2016-7426 / VU#633847
Affects: ntp-4.2.5p203, up to but not including ntp-4.2.8p9, and
ntp-4.3.0 up to, but not including ntp-4.3.94
CVSS2: LOW 1.0 (AV:L/AC:H/Au:S/C:N/I:N/A:P)
CVSS3: LOW 1.6 CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L
Summary:
When ntpd is configured with rate limiting for all associations
(restrict default limited in ntp.conf), the limits are applied
also to responses received from its configured sources. An
attacker who knows the sources (e.g., from an IPv4 refid in
server response) and knows the system is (mis)configured in this
way can periodically send packets with spoofed source address to
keep the rate limiting activated and prevent ntpd from accepting
valid responses from its sources.
While this blanket rate limiting can be useful to prevent
brute-force attacks on the origin timestamp, it allows this DoS
attack. Similarly, it allows the attacker to prevent mobilization
of ephemeral associations.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page
Properly monitor your ntpd instances, and auto-restart ntpd
(without -g) if it stops running.
Credit: This weakness was discovered by Miroslav Lichvar of Red Hat.
* Fix for bug 2085 broke initial sync calculations
Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
References: Sec 3067 / CVE-2016-7433 / VU#633847
Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and
ntp-4.3.0 up to, but not including ntp-4.3.94. But the
root-distance calculation in general is incorrect in all versions
of ntp-4 until this release.
CVSS2: LOW 1.2 (AV:L/AC:H/Au:N/C:N/I:N/A:P)
CVSS3: LOW 1.6 CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
Summary:
Bug 2085 described a condition where the root delay was included
twice, causing the jitter value to be higher than expected. Due
to a misinterpretation of a small-print variable in The Book, the
fix for this problem was incorrect, resulting in a root distance
that did not include the peer dispersion. The calculations and
formulae have been reviewed and reconciled, and the code has been
updated accordingly.
Mitigation:
Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page
Properly monitor your ntpd instances, and auto-restart ntpd
(without -g) if it stops running.
Credit: This weakness was discovered independently by Brian Utterback of
Oracle, and Sharon Goldberg and Aanchal Malhotra of Boston University.
Other fixes:
* [Bug 3142] bug in netmask prefix length detection <perlinger@ntp.org>
* [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org
* [Bug 3129] Unknown hosts can put resolver thread into a hard loop
- moved retry decision where it belongs. <perlinger@ntp.org>
* [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order
using the loopback-ppsapi-provider.dll <perlinger@ntp.org>
* [Bug 3116] unit tests for NTP time stamp expansion. <perlinger@ntp.org>
* [Bug 3100] ntpq can't retrieve daemon_version <perlinger@ntp.org>
- fixed extended sysvar lookup (bug introduced with bug 3008 fix)
* [Bug 3095] Compatibility with openssl 1.1 <perlinger@ntp.org>
- applied patches by Kurt Roeckx <kurt@roeckx.be> to source
- added shim layer for SSL API calls with issues (both directions)
* [Bug 3089] Serial Parser does not work anymore for hopfser like device
- simplified / refactored hex-decoding in driver. <perlinger@ntp.org>
* [Bug 3084] update-leap mis-parses the leapfile name. HStenn.
* [Bug 3068] Linker warnings when building on Solaris. perlinger@ntp.org
- applied patch thanks to Andrew Stormont <andyjstormont@gmail.com>
* [Bug 3067] Root distance calculation needs improvement. HStenn
* [Bug 3066] NMEA clock ignores pps. perlinger@ntp.org
- PPS-HACK works again.
* [Bug 3059] Potential buffer overrun from oversized hash <perlinger@ntp.org>
- applied patch by Brian Utterback <brian.utterback@oracle.com>
* [Bug 3053] ntp_loopfilter.c frequency calc precedence error. Sarah White.
* [Bug 3050] Fix for bug #2960 causes [...] spurious error message.
<perlinger@ntp.org>
- patches by Reinhard Max <max@suse.com> and Havard Eidnes <he@uninett.no>
* [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org
- Patch provided by Kuramatsu.
* [Bug 3021] unity_fixture.c needs pragma weak <perlinger@ntp.org>
- removed unnecessary & harmful decls of 'setUp()' & 'tearDown()'
* [Bug 3019] Windows: ERROR_HOST_UNREACHABLE block packet processing. DMayer
* [Bug 2998] sntp/tests/packetProcessing.c broken without openssl. JPerlinger
* [Bug 2961] sntp/tests/packetProcessing.c assumes AUTOKEY. HStenn.
* [Bug 2959] refclock_jupiter: gps week correction <perlinger@ntp.org>
- fixed GPS week expansion to work based on build date. Special thanks
to Craig Leres for initial patch and testing.
* [Bug 2951] ntpd tests fail: multiple definition of `send_via_ntp_signd'
- fixed Makefile.am <perlinger@ntp.org>
* [Bug 2689] ATOM driver processes last PPS pulse at startup,
even if it is very old <perlinger@ntp.org>
- make sure PPS source is alive before processing samples
- improve stability close to the 500ms phase jump (phase gate)
* Fix typos in include/ntp.h.
* Shim X509_get_signature_nid() if needed
* git author attribution cleanup
* bk ignore file cleanup
* remove locks in Windows IO, use rpc-like thread synchronisation instead
---
NTP 4.2.8p8 (Harlan Stenn <stenn@ntp.org>, 2016/06/02)

20
contrib/ntp/configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for ntp 4.2.8p8.
# Generated by GNU Autoconf 2.69 for ntp 4.2.8p9.
#
# Report bugs to <http://bugs.ntp.org./>.
#
@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='ntp'
PACKAGE_TARNAME='ntp'
PACKAGE_VERSION='4.2.8p8'
PACKAGE_STRING='ntp 4.2.8p8'
PACKAGE_VERSION='4.2.8p9'
PACKAGE_STRING='ntp 4.2.8p9'
PACKAGE_BUGREPORT='http://bugs.ntp.org./'
PACKAGE_URL='http://www.ntp.org./'
@ -1618,7 +1618,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures ntp 4.2.8p8 to adapt to many kinds of systems.
\`configure' configures ntp 4.2.8p9 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1688,7 +1688,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of ntp 4.2.8p8:";;
short | recursive ) echo "Configuration of ntp 4.2.8p9:";;
esac
cat <<\_ACEOF
@ -1924,7 +1924,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
ntp configure 4.2.8p8
ntp configure 4.2.8p9
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2754,7 +2754,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by ntp $as_me 4.2.8p8, which was
It was created by ntp $as_me 4.2.8p9, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -3755,7 +3755,7 @@ fi
# Define the identity of the package.
PACKAGE='ntp'
VERSION='4.2.8p8'
VERSION='4.2.8p9'
cat >>confdefs.h <<_ACEOF
@ -38003,7 +38003,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by ntp $as_me 4.2.8p8, which was
This file was extended by ntp $as_me 4.2.8p9, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -38070,7 +38070,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
ntp config.status 4.2.8p8
ntp config.status 4.2.8p9
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

View File

@ -16,7 +16,7 @@
<body>
<h3>JJY Receivers</h3>
<p>Last update:
<!-- #BeginDate format:En2m -->15-May-2015 00:00<!-- #EndDate -->
<!-- #BeginDate format:En2m -->08-May-2016 00:00<!-- #EndDate -->
UTC &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<a href="driver40.html">ENGLISH英語</a> &nbsp; <a href="driver40-ja.html">JAPANESE日本語</a></p>
<hr>
<h4>Synopsis</h4>
@ -137,7 +137,7 @@
<tr>
<td><code>{ENQ}1J{ETX}</code></td>
<td>&nbsp;--&gt;&nbsp;</td>
<td><code>{STX}JYYMMDD HHMMSSS{ETX}</code></td>
<td><code>{STX}JYYMMDDWHHMMSSS{ETX}</code></td>
</tr>
</table>
<br>

View File

@ -16,7 +16,7 @@
<body>
<h3>JJY Receivers</h3>
<p>Last update:
<!-- #BeginDate format:En2m -->15-May-2015 00:00<!-- #EndDate -->
<!-- #BeginDate format:En2m -->08-May-2016 00:00<!-- #EndDate -->
UTC &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<a href="driver40.html">ENGLISH</a> &nbsp; <a href="driver40-ja.html">JAPANESE</a></p>
<hr>
<h4>Synopsis</h4>
@ -136,7 +136,7 @@
<tr>
<td><code>{ENQ}1J{ETX}</code></td>
<td>&nbsp;--&gt;&nbsp;</td>
<td><code>{STX}JYYMMDD HHMMSSS{ETX}</code></td>
<td><code>{STX}JYYMMDDWHHMMSSS{ETX}</code></td>
</tr>
</table>
<br>

View File

@ -11,7 +11,7 @@
<img src="pic/boom3.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
<p>We have three, now looking for more.</p>
<p>Last update:
<!-- #BeginDate format:En2m -->17-May-2016 06:26<!-- #EndDate -->
<!-- #BeginDate format:En2m -->9-Nov-2016 12:26<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
@ -145,10 +145,12 @@
<dd>Specifies the stepout threshold in seconds. The default without this command is 300 s. Since this option also affects the training and startup intervals, it should not be set less than the default. Further details are on the <a href="clock.html">Clock State Machine</a> page.</dd>
</dl>
</dd>
<dt id="tos"><tt>tos [beacon <i>beacon</i> | ceiling <i>ceiling</i> | cohort {0 | 1} | floor <i>floor</i> | maxclock <i>maxclock </i>| maxdist <i>maxdist</i> | minclock <i>minclock</i> | mindist <i>mindist </i>| minsane <i>minsane</i> | orphan <i>stratum</i> | orphanwait <em>delay</em>]</tt></dt>
<dt id="tos"><tt>tos [bcpollbstep <i>poll-gate</i> | beacon <i>beacon</i> | ceiling <i>ceiling</i> | cohort {0 | 1} | floor <i>floor</i> | maxclock <i>maxclock </i>| maxdist <i>maxdist</i> | minclock <i>minclock</i> | mindist <i>mindist </i>| minsane <i>minsane</i> | orphan <i>stratum</i> | orphanwait <em>delay</em>]</tt></dt>
<dd>This command alters certain system variables used by the the clock selection and clustering algorithms. The default values of these variables have been carefully optimized for a wide range of network speeds and reliability expectations. Very rarely is it necessary to change the default values; but, some folks can't resist twisting the knobs. It can be used to select the quality and quantity of peers used to synchronize the system clock and is most useful in dynamic server discovery schemes. The options are as follows:</dd>
<dd>
<dl>
<dt><tt>bcpollbstep <i>poll-gate</i></tt></dt>
<dd>This option will cause the client to delay believing backward time steps from a broadcast server for <tt>bcpollbstep</tt> poll intervals. NTP Broadcast networks are expected to be trusted, and if the server's time gets stepped backwards then it's desireable that the clients follow this change as soon as possible. However, in spite of various protections built-in to the broadcast protocol, it is possible that an attacker could perform a carefully-constructed replay attack and cause clients to erroneously step their clocks backward. If the risk of a successful broadcast replay attack is greater than the risk of the clients being out of sync in the event that there is a backward step on the broadcast time servers, this option may be used to cause the clients to delay beliveving backward time steps until <i>poll-gate</i> consecutive polls have been received. The default is 0, which means the client will accept these steps upon receipt. Any value from 0 to 4 can be specified.</dd>
<dt><tt>beacon <i>beacon</i></tt></dt>
<dd>The manycast server sends packets at intervals of 64 s if less than <tt>maxclock</tt> servers are available. Otherwise, it sends packets at the <i><tt>beacon</tt></i> interval in seconds. The default is 3600 s. See the <a href="discover.html">Automatic Server Discovery</a> page for further details.</dd>
<dt><tt>ceiling <i>ceiling</i></tt></dt>

View File

@ -16,6 +16,7 @@ noinst_HEADERS = \
intreswork.h \
iosignal.h \
l_stdlib.h \
libssl_compat.h \
lib_strbuf.h \
libntp.h \
mbg_gps166.h \

View File

@ -501,6 +501,7 @@ noinst_HEADERS = \
intreswork.h \
iosignal.h \
l_stdlib.h \
libssl_compat.h \
lib_strbuf.h \
libntp.h \
mbg_gps166.h \

View File

@ -0,0 +1,100 @@
/*
* libssl_compat.h -- OpenSSL v1.1 compatibility shims
*
* ---------------------------------------------------------------------
*
* Written by Juergen Perlinger <perlinger@ntp.org> for the NTP project
*
* Based on an idea by Kurt Roeckx <kurt@roeckx.be>
*
* ---------------------------------------------------------------------
* This is a clean room implementation of shim functions that have
* counterparts in the OpenSSL v1.1 API but not in earlier versions.
*
* If the OpenSSL version used for compilation needs the shims (that is,
* does not provide the new functions) the names of these functions are
* redirected to our shims.
* ---------------------------------------------------------------------
*/
#ifndef NTP_LIBSSL_COMPAT_H
#define NTP_LIBSSL_COMPAT_H
#include "openssl/evp.h"
#include "openssl/dsa.h"
#include "openssl/rsa.h"
/* ----------------------------------------------------------------- */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
/* ----------------------------------------------------------------- */
# include <openssl/objects.h>
# include <openssl/x509.h>
/* shim the new-style API on an old-style OpenSSL */
extern BN_GENCB* sslshimBN_GENCB_new(void);
extern void sslshimBN_GENCB_free(BN_GENCB*);
extern EVP_MD_CTX* sslshim_EVP_MD_CTX_new(void);
extern void sslshim_EVP_MD_CTX_free(EVP_MD_CTX *ctx);
extern int sslshim_EVP_PKEY_id(const EVP_PKEY * pkey);
extern int sslshim_EVP_PKEY_base_id(const EVP_PKEY * pkey);
extern RSA* sslshim_EVP_PKEY_get0_RSA(EVP_PKEY * pkey);
extern DSA* sslshim_EVP_PKEY_get0_DSA(EVP_PKEY * pkey);
extern void sslshim_RSA_get0_key(const RSA *prsa, const BIGNUM **pn,
const BIGNUM **pe, const BIGNUM **pd);
extern int sslshim_RSA_set0_key(RSA *prsa, BIGNUM *n,
BIGNUM *e, BIGNUM *d);
extern void sslshim_RSA_get0_factors(const RSA *prsa, const BIGNUM **pp,
const BIGNUM **pq);
extern int sslshim_RSA_set0_factors(RSA *prsar, BIGNUM *p, BIGNUM *q);
extern int sslshim_RSA_set0_crt_params(RSA *prsa, BIGNUM *dmp1,
BIGNUM *dmq1, BIGNUM *iqmp);
extern void sslshim_DSA_SIG_get0(const DSA_SIG *psig, const BIGNUM **pr,
const BIGNUM **ps);
extern int sslshim_DSA_SIG_set0(DSA_SIG *psig, BIGNUM *r, BIGNUM *s);
extern void sslshim_DSA_get0_pqg(const DSA *pdsa, const BIGNUM **pp,
const BIGNUM **pq, const BIGNUM **pg);
extern int sslshim_DSA_set0_pqg(DSA *pdsa, BIGNUM *p, BIGNUM *q, BIGNUM *g);
extern void sslshim_DSA_get0_key(const DSA *pdsa, const BIGNUM **ppub_key,
const BIGNUM **ppriv_key);
extern int sslshim_DSA_set0_key(DSA *pdsa, BIGNUM *pub_key,
BIGNUM *priv_key);
extern int sslshim_X509_get_signature_nid(const X509 *x);
#define BN_GENCB_new sslshimBN_GENCB_new
#define BN_GENCB_free sslshimBN_GENCB_free
#define EVP_MD_CTX_new sslshim_EVP_MD_CTX_new
#define EVP_MD_CTX_free sslshim_EVP_MD_CTX_free
#define EVP_PKEY_id sslshim_EVP_PKEY_id
#define EVP_PKEY_base_id sslshim_EVP_PKEY_base_id
#define EVP_PKEY_get0_RSA sslshim_EVP_PKEY_get0_RSA
#define EVP_PKEY_get0_DSA sslshim_EVP_PKEY_get0_DSA
#define RSA_get0_key sslshim_RSA_get0_key
#define RSA_set0_key sslshim_RSA_set0_key
#define RSA_get0_factors sslshim_RSA_get0_factors
#define RSA_set0_factors sslshim_RSA_set0_factors
#define RSA_set0_crt_params sslshim_RSA_set0_crt_params
#define DSA_SIG_get0 sslshim_DSA_SIG_get0
#define DSA_SIG_set0 sslshim_DSA_SIG_set0
#define DSA_get0_pqg sslshim_DSA_get0_pqg
#define DSA_set0_pqg sslshim_DSA_set0_pqg
#define DSA_get0_key sslshim_DSA_get0_key
#define DSA_set0_key sslshim_DSA_set0_key
#define X509_get_signature_nid sslshim_X509_get_signature_nid
/* ----------------------------------------------------------------- */
#endif /* OPENSSL_VERSION_NUMBER < v1.1.0 */
/* ----------------------------------------------------------------- */
#endif /* NTP_LIBSSL_COMPAT_H */

View File

@ -391,7 +391,7 @@ struct peer {
* Statistic counters
*/
u_long timereset; /* time stat counters were reset */
u_long timelastrec; /* last packet received time */
u_long timelastrec; /* last packet received time, incl. trash */
u_long timereceived; /* last (clean) packet received time */
u_long timereachable; /* last reachable/unreachable time */
@ -419,8 +419,7 @@ struct peer {
* MODE_BROADCAST and MODE_BCLIENT appear in the transition
* function. MODE_CONTROL and MODE_PRIVATE can appear in packets,
* but those never survive to the transition function.
* is a
/ */
*/
#define MODE_UNSPEC 0 /* unspecified (old version) */
#define MODE_ACTIVE 1 /* symmetric active mode */
#define MODE_PASSIVE 2 /* symmetric passive mode */
@ -433,7 +432,7 @@ struct peer {
#define MODE_CONTROL 6 /* control mode */
#define MODE_PRIVATE 7 /* private mode */
/*
* This is a madeup mode for broadcast client.
* This is a made-up mode for broadcast client.
*/
#define MODE_BCLIENT 6 /* broadcast client mode */
@ -724,6 +723,7 @@ struct pkt {
#define PROTO_UECRYPTONAK 30
#define PROTO_UEDIGEST 31
#define PROTO_PCEDIGEST 32
#define PROTO_BCPOLLBSTEP 33
/*
* Configuration items for the loop filter
@ -731,7 +731,7 @@ struct pkt {
#define LOOP_DRIFTINIT 1 /* iniitialize frequency */
#define LOOP_KERN_CLEAR 2 /* set initial frequency offset */
#define LOOP_MAX 3 /* set both step offsets */
#define LOOP_MAX_BACK 4 /* set bacward-step offset */
#define LOOP_MAX_BACK 4 /* set backward-step offset */
#define LOOP_MAX_FWD 5 /* set forward-step offset */
#define LOOP_PANIC 6 /* set panic offseet */
#define LOOP_PHI 7 /* set dispersion rate */

View File

@ -9,6 +9,9 @@
#ifdef WORKER
#define INITIAL_DNS_RETRY 2 /* seconds between queries */
/* flags for extended addrinfo version */
#define GAIR_F_IGNDNSERR 0x0001 /* ignore DNS errors */
/*
* you call getaddrinfo_sometime(name, service, &hints, retry, callback_func, context);
* later (*callback_func)(rescode, gai_errno, context, name, service, hints, ai_result) is called.
@ -19,6 +22,9 @@ typedef void (*gai_sometime_callback)
extern int getaddrinfo_sometime(const char *, const char *,
const struct addrinfo *, int,
gai_sometime_callback, void *);
extern int getaddrinfo_sometime_ex(const char *, const char *,
const struct addrinfo *, int,
gai_sometime_callback, void *, u_int);
/*
* In gai_sometime_callback routines, the resulting addrinfo list is
* only available until the callback returns. To hold on to the list

View File

@ -483,6 +483,7 @@ extern int sys_bclient; /* we set our time to broadcasts */
extern double sys_bdelay; /* broadcast client default delay */
extern int sys_authenticate; /* requre authentication for config */
extern l_fp sys_authdelay; /* authentication delay */
extern u_char sys_bcpollbstep; /* broadcast poll backstep gate */
extern u_long sys_epoch; /* last clock update time */
extern keyid_t sys_private; /* private value for session seed */
extern int sys_manycastserver; /* respond to manycast client pkts */

View File

@ -280,7 +280,6 @@ isc_netaddr_masktoprefixlen(const isc_netaddr_t *s, unsigned int *lenp) {
for (; i < ipbytes; i++) {
if (p[i] != 0)
return (ISC_R_MASKNONCONTIG);
i++;
}
*lenp = nbytes * 8 + nbits;
return (ISC_R_SUCCESS);

View File

@ -73,6 +73,7 @@ libntp_a_SRCS = \
iosignal.c \
is_ip_address.c \
lib_strbuf.c \
libssl_compat.c \
machines.c \
mktime.c \
modetoa.c \

View File

@ -150,15 +150,15 @@ am__libntp_a_SOURCES_DIST = systime.c a_md5encrypt.c adjtime.c \
calyearstart.c clocktime.c clocktypes.c decodenetnum.c \
dofptoa.c dolfptoa.c emalloc.c findconfig.c getopt.c \
hextoint.c hextolfp.c humandate.c icom.c iosignal.c \
is_ip_address.c lib_strbuf.c machines.c mktime.c modetoa.c \
mstolfp.c msyslog.c netof.c ntp_calendar.c ntp_crypto_rnd.c \
ntp_intres.c ntp_libopts.c ntp_lineedit.c ntp_random.c \
ntp_rfc2553.c ntp_worker.c numtoa.c numtohost.c octtoint.c \
prettydate.c refidsmear.c recvbuff.c refnumtoa.c snprintf.c \
socket.c socktoa.c socktohost.c ssl_init.c statestr.c strdup.c \
strl_obsd.c syssignal.c timetoa.c timevalops.c uglydate.c \
vint64ops.c work_fork.c work_thread.c ymd2yd.c \
$(srcdir)/../lib/isc/assertions.c \
is_ip_address.c lib_strbuf.c libssl_compat.c machines.c \
mktime.c modetoa.c mstolfp.c msyslog.c netof.c ntp_calendar.c \
ntp_crypto_rnd.c ntp_intres.c ntp_libopts.c ntp_lineedit.c \
ntp_random.c ntp_rfc2553.c ntp_worker.c numtoa.c numtohost.c \
octtoint.c prettydate.c refidsmear.c recvbuff.c refnumtoa.c \
snprintf.c socket.c socktoa.c socktohost.c ssl_init.c \
statestr.c strdup.c strl_obsd.c syssignal.c timetoa.c \
timevalops.c uglydate.c vint64ops.c work_fork.c work_thread.c \
ymd2yd.c $(srcdir)/../lib/isc/assertions.c \
$(srcdir)/../lib/isc/buffer.c \
$(srcdir)/../lib/isc/backtrace-emptytbl.c \
$(srcdir)/../lib/isc/backtrace.c \
@ -209,20 +209,21 @@ am__objects_4 = a_md5encrypt.$(OBJEXT) adjtime.$(OBJEXT) \
getopt.$(OBJEXT) hextoint.$(OBJEXT) hextolfp.$(OBJEXT) \
humandate.$(OBJEXT) icom.$(OBJEXT) iosignal.$(OBJEXT) \
is_ip_address.$(OBJEXT) lib_strbuf.$(OBJEXT) \
machines.$(OBJEXT) mktime.$(OBJEXT) modetoa.$(OBJEXT) \
mstolfp.$(OBJEXT) msyslog.$(OBJEXT) netof.$(OBJEXT) \
ntp_calendar.$(OBJEXT) ntp_crypto_rnd.$(OBJEXT) \
ntp_intres.$(OBJEXT) ntp_libopts.$(OBJEXT) \
ntp_lineedit.$(OBJEXT) ntp_random.$(OBJEXT) \
ntp_rfc2553.$(OBJEXT) ntp_worker.$(OBJEXT) numtoa.$(OBJEXT) \
numtohost.$(OBJEXT) octtoint.$(OBJEXT) prettydate.$(OBJEXT) \
refidsmear.$(OBJEXT) recvbuff.$(OBJEXT) refnumtoa.$(OBJEXT) \
snprintf.$(OBJEXT) socket.$(OBJEXT) socktoa.$(OBJEXT) \
socktohost.$(OBJEXT) ssl_init.$(OBJEXT) statestr.$(OBJEXT) \
strdup.$(OBJEXT) strl_obsd.$(OBJEXT) syssignal.$(OBJEXT) \
timetoa.$(OBJEXT) timevalops.$(OBJEXT) uglydate.$(OBJEXT) \
vint64ops.$(OBJEXT) work_fork.$(OBJEXT) work_thread.$(OBJEXT) \
ymd2yd.$(OBJEXT) $(am__objects_3) $(am__objects_1)
libssl_compat.$(OBJEXT) machines.$(OBJEXT) mktime.$(OBJEXT) \
modetoa.$(OBJEXT) mstolfp.$(OBJEXT) msyslog.$(OBJEXT) \
netof.$(OBJEXT) ntp_calendar.$(OBJEXT) \
ntp_crypto_rnd.$(OBJEXT) ntp_intres.$(OBJEXT) \
ntp_libopts.$(OBJEXT) ntp_lineedit.$(OBJEXT) \
ntp_random.$(OBJEXT) ntp_rfc2553.$(OBJEXT) \
ntp_worker.$(OBJEXT) numtoa.$(OBJEXT) numtohost.$(OBJEXT) \
octtoint.$(OBJEXT) prettydate.$(OBJEXT) refidsmear.$(OBJEXT) \
recvbuff.$(OBJEXT) refnumtoa.$(OBJEXT) snprintf.$(OBJEXT) \
socket.$(OBJEXT) socktoa.$(OBJEXT) socktohost.$(OBJEXT) \
ssl_init.$(OBJEXT) statestr.$(OBJEXT) strdup.$(OBJEXT) \
strl_obsd.$(OBJEXT) syssignal.$(OBJEXT) timetoa.$(OBJEXT) \
timevalops.$(OBJEXT) uglydate.$(OBJEXT) vint64ops.$(OBJEXT) \
work_fork.$(OBJEXT) work_thread.$(OBJEXT) ymd2yd.$(OBJEXT) \
$(am__objects_3) $(am__objects_1)
am_libntp_a_OBJECTS = systime.$(OBJEXT) $(am__objects_4)
libntp_a_OBJECTS = $(am_libntp_a_OBJECTS)
libntpsim_a_AR = $(AR) $(ARFLAGS)
@ -233,15 +234,15 @@ am__libntpsim_a_SOURCES_DIST = systime_s.c a_md5encrypt.c adjtime.c \
calyearstart.c clocktime.c clocktypes.c decodenetnum.c \
dofptoa.c dolfptoa.c emalloc.c findconfig.c getopt.c \
hextoint.c hextolfp.c humandate.c icom.c iosignal.c \
is_ip_address.c lib_strbuf.c machines.c mktime.c modetoa.c \
mstolfp.c msyslog.c netof.c ntp_calendar.c ntp_crypto_rnd.c \
ntp_intres.c ntp_libopts.c ntp_lineedit.c ntp_random.c \
ntp_rfc2553.c ntp_worker.c numtoa.c numtohost.c octtoint.c \
prettydate.c refidsmear.c recvbuff.c refnumtoa.c snprintf.c \
socket.c socktoa.c socktohost.c ssl_init.c statestr.c strdup.c \
strl_obsd.c syssignal.c timetoa.c timevalops.c uglydate.c \
vint64ops.c work_fork.c work_thread.c ymd2yd.c \
$(srcdir)/../lib/isc/assertions.c \
is_ip_address.c lib_strbuf.c libssl_compat.c machines.c \
mktime.c modetoa.c mstolfp.c msyslog.c netof.c ntp_calendar.c \
ntp_crypto_rnd.c ntp_intres.c ntp_libopts.c ntp_lineedit.c \
ntp_random.c ntp_rfc2553.c ntp_worker.c numtoa.c numtohost.c \
octtoint.c prettydate.c refidsmear.c recvbuff.c refnumtoa.c \
snprintf.c socket.c socktoa.c socktohost.c ssl_init.c \
statestr.c strdup.c strl_obsd.c syssignal.c timetoa.c \
timevalops.c uglydate.c vint64ops.c work_fork.c work_thread.c \
ymd2yd.c $(srcdir)/../lib/isc/assertions.c \
$(srcdir)/../lib/isc/buffer.c \
$(srcdir)/../lib/isc/backtrace-emptytbl.c \
$(srcdir)/../lib/isc/backtrace.c \
@ -665,6 +666,7 @@ libntp_a_SRCS = \
iosignal.c \
is_ip_address.c \
lib_strbuf.c \
libssl_compat.c \
machines.c \
mktime.c \
modetoa.c \
@ -813,6 +815,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/is_ip_address.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib_strbuf.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libssl_compat.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/log.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/machines.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5.Po@am__quote@

View File

@ -11,6 +11,7 @@
#include "ntp.h"
#include "ntp_md5.h" /* provides OpenSSL digest API */
#include "isc/string.h"
#include "libssl_compat.h"
/*
* MD5authencrypt - generate message digest
*
@ -26,7 +27,7 @@ MD5authencrypt(
{
u_char digest[EVP_MAX_MD_SIZE];
u_int len;
EVP_MD_CTX ctx;
EVP_MD_CTX *ctx;
/*
* Compute digest of key concatenated with packet. Note: the
@ -34,18 +35,20 @@ MD5authencrypt(
* was creaded.
*/
INIT_SSL();
#if defined(OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x0090700fL
if (!EVP_DigestInit(&ctx, EVP_get_digestbynid(type))) {
ctx = EVP_MD_CTX_new();
if (!(ctx && EVP_DigestInit(ctx, EVP_get_digestbynid(type)))) {
msyslog(LOG_ERR,
"MAC encrypt: digest init failed");
EVP_MD_CTX_free(ctx);
return (0);
}
#else
EVP_DigestInit(&ctx, EVP_get_digestbynid(type));
#endif
EVP_DigestUpdate(&ctx, key, cache_secretsize);
EVP_DigestUpdate(&ctx, (u_char *)pkt, length);
EVP_DigestFinal(&ctx, digest, &len);
EVP_DigestUpdate(ctx, key, cache_secretsize);
EVP_DigestUpdate(ctx, (u_char *)pkt, length);
EVP_DigestFinal(ctx, digest, &len);
EVP_MD_CTX_free(ctx);
/* If the MAC is longer than the MAX then truncate it. */
if (len > MAX_MAC_LEN - 4)
len = MAX_MAC_LEN - 4;
memmove((u_char *)pkt + length + 4, digest, len);
return (len + 4);
}
@ -67,7 +70,7 @@ MD5authdecrypt(
{
u_char digest[EVP_MAX_MD_SIZE];
u_int len;
EVP_MD_CTX ctx;
EVP_MD_CTX *ctx;
/*
* Compute digest of key concatenated with packet. Note: the
@ -75,24 +78,26 @@ MD5authdecrypt(
* was created.
*/
INIT_SSL();
#if defined(OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x0090700fL
if (!EVP_DigestInit(&ctx, EVP_get_digestbynid(type))) {
ctx = EVP_MD_CTX_new();
if (!(ctx && EVP_DigestInit(ctx, EVP_get_digestbynid(type)))) {
msyslog(LOG_ERR,
"MAC decrypt: digest init failed");
EVP_MD_CTX_free(ctx);
return (0);
}
#else
EVP_DigestInit(&ctx, EVP_get_digestbynid(type));
#endif
EVP_DigestUpdate(&ctx, key, cache_secretsize);
EVP_DigestUpdate(&ctx, (u_char *)pkt, length);
EVP_DigestFinal(&ctx, digest, &len);
EVP_DigestUpdate(ctx, key, cache_secretsize);
EVP_DigestUpdate(ctx, (u_char *)pkt, length);
EVP_DigestFinal(ctx, digest, &len);
EVP_MD_CTX_free(ctx);
/* If the MAC is longer than the MAX then truncate it. */
if (len > MAX_MAC_LEN - 4)
len = MAX_MAC_LEN - 4;
if (size != (size_t)len + 4) {
msyslog(LOG_ERR,
"MAC decrypt: MAC length error");
return (0);
}
return !isc_tsmemcmp(digest, (const char *)pkt + length + 4, len);
return !isc_tsmemcmp(digest, (u_char *)pkt + length + 4, len);
}
/*
@ -106,7 +111,7 @@ addr2refid(sockaddr_u *addr)
{
u_char digest[20];
u_int32 addr_refid;
EVP_MD_CTX ctx;
EVP_MD_CTX *ctx;
u_int len;
if (IS_IPV4(addr))
@ -114,24 +119,23 @@ addr2refid(sockaddr_u *addr)
INIT_SSL();
#if defined(OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x0090700fL
EVP_MD_CTX_init(&ctx);
ctx = EVP_MD_CTX_new();
EVP_MD_CTX_init(ctx);
#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
/* MD5 is not used as a crypto hash here. */
EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
#endif
if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) {
if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL)) {
msyslog(LOG_ERR,
"MD5 init failed");
EVP_MD_CTX_free(ctx); /* pedantic... but safe */
exit(1);
}
#else
EVP_DigestInit(&ctx, EVP_md5());
#endif
EVP_DigestUpdate(&ctx, (u_char *)PSOCK_ADDR6(addr),
EVP_DigestUpdate(ctx, (u_char *)PSOCK_ADDR6(addr),
sizeof(struct in6_addr));
EVP_DigestFinal(&ctx, digest, &len);
EVP_DigestFinal(ctx, digest, &len);
EVP_MD_CTX_free(ctx);
memcpy(&addr_refid, digest, sizeof(addr_refid));
return (addr_refid);
}

View File

@ -55,7 +55,7 @@ static struct audio_device device; /* audio device ident */
#ifdef PCM_STYLE_SOUND
# define INIT_FILE "/etc/ntp.audio"
int agc = SOUND_MIXER_WRITE_RECLEV; /* or IGAIN or LINE */
int monitor = SOUND_MIXER_WRITE_VOLUME; /* or OGAIN */
int audiomonitor = SOUND_MIXER_WRITE_VOLUME; /* or OGAIN */
int devmask = 0;
int recmask = 0;
char cf_c_dev[100], cf_i_dev[100], cf_agc[100], cf_monitor[100];
@ -334,7 +334,7 @@ audio_init(
/* devmask */
i = mixer_name(cf_monitor, devmask);
if (i >= 0)
monitor = MIXER_WRITE(i);
audiomonitor = MIXER_WRITE(i);
else
printf("monitor %s not in devmask %#x\n",
cf_monitor, devmask);
@ -412,7 +412,7 @@ audio_gain(
# endif
l |= r << 8;
if (cf_monitor[0] != '\0')
rval = ioctl(ctl_fd, monitor, &l );
rval = ioctl(ctl_fd, audiomonitor, &l );
else
rval = ioctl(ctl_fd, SOUND_MIXER_WRITE_VOLUME,
&l);

View File

@ -0,0 +1,335 @@
/*
* libssl_compat.c -- OpenSSL v1.1 compatibility functions
*
* ---------------------------------------------------------------------
* Written by Juergen Perlinger <perlinger@ntp.org> for the NTP project
*
* Based on an idea by Kurt Roeckx <kurt@roeckx.be>
*
* ---------------------------------------------------------------------
* This is a clean room implementation of shim functions that have
* counterparts in the OpenSSL v1.1 API but not in earlier versions. So
* while OpenSSL broke binary compatibility with v1.1, this shim module
* should provide the necessary source code compatibility with older
* versions of OpenSSL.
* ---------------------------------------------------------------------
*/
#include "config.h"
#include <string.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#include "ntp_types.h"
/* ----------------------------------------------------------------- */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
/* ----------------------------------------------------------------- */
#include "libssl_compat.h"
#include "ntp_assert.h"
/* --------------------------------------------------------------------
* replace a BIGNUM owned by the caller with another one if it's not
* NULL, taking over the ownership of the new value. This clears & frees
* the old value -- the clear might be overkill, but it's better to err
* on the side of paranoia here.
*/
static void
replace_bn_nn(
BIGNUM ** ps,
BIGNUM * n
)
{
if (n) {
REQUIRE(*ps != n);
BN_clear_free(*ps);
*ps = n;
}
}
/* --------------------------------------------------------------------
* allocation and deallocation of prime number callbacks
*/
BN_GENCB*
sslshimBN_GENCB_new(void)
{
return calloc(1,sizeof(BN_GENCB));
}
void
sslshimBN_GENCB_free(
BN_GENCB *cb
)
{
free(cb);
}
/* --------------------------------------------------------------------
* allocation and deallocation of message digests
*/
EVP_MD_CTX*
sslshim_EVP_MD_CTX_new(void)
{
return calloc(1, sizeof(EVP_MD_CTX));
}
void
sslshim_EVP_MD_CTX_free(
EVP_MD_CTX * pctx
)
{
free(pctx);
}
/* --------------------------------------------------------------------
* get EVP keys and key type
*/
int
sslshim_EVP_PKEY_id(
const EVP_PKEY *pkey
)
{
return (pkey) ? pkey->type : EVP_PKEY_NONE;
}
int
sslshim_EVP_PKEY_base_id(
const EVP_PKEY *pkey
)
{
return (pkey) ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
}
RSA*
sslshim_EVP_PKEY_get0_RSA(
EVP_PKEY * pkey
)
{
return (pkey) ? pkey->pkey.rsa : NULL;
}
DSA*
sslshim_EVP_PKEY_get0_DSA(
EVP_PKEY * pkey
)
{
return (pkey) ? pkey->pkey.dsa : NULL;
}
/* --------------------------------------------------------------------
* set/get RSA params
*/
void
sslshim_RSA_get0_key(
const RSA * prsa,
const BIGNUM ** pn,
const BIGNUM ** pe,
const BIGNUM ** pd
)
{
REQUIRE(prsa != NULL);
if (pn)
*pn = prsa->n;
if (pe)
*pe = prsa->e;
if (pd)
*pd = prsa->d;
}
int
sslshim_RSA_set0_key(
RSA * prsa,
BIGNUM * n,
BIGNUM * e,
BIGNUM * d
)
{
REQUIRE(prsa != NULL);
if (!((prsa->n || n) && (prsa->e || e)))
return 0;
replace_bn_nn(&prsa->n, n);
replace_bn_nn(&prsa->e, e);
replace_bn_nn(&prsa->d, d);
return 1;
}
void
sslshim_RSA_get0_factors(
const RSA * prsa,
const BIGNUM ** pp,
const BIGNUM ** pq
)
{
REQUIRE(prsa != NULL);
if (pp)
*pp = prsa->p;
if (pq)
*pq = prsa->q;
}
int
sslshim_RSA_set0_factors(
RSA * prsa,
BIGNUM * p,
BIGNUM * q
)
{
REQUIRE(prsa != NULL);
if (!((prsa->p || p) && (prsa->q || q)))
return 0;
replace_bn_nn(&prsa->p, p);
replace_bn_nn(&prsa->q, q);
return 1;
}
int
sslshim_RSA_set0_crt_params(
RSA * prsa,
BIGNUM * dmp1,
BIGNUM * dmq1,
BIGNUM * iqmp
)
{
REQUIRE(prsa != NULL);
if (!((prsa->dmp1 || dmp1) &&
(prsa->dmq1 || dmq1) &&
(prsa->iqmp || iqmp) ))
return 0;
replace_bn_nn(&prsa->dmp1, dmp1);
replace_bn_nn(&prsa->dmq1, dmq1);
replace_bn_nn(&prsa->iqmp, iqmp);
return 1;
}
/* --------------------------------------------------------------------
* set/get DSA signature parameters
*/
void
sslshim_DSA_SIG_get0(
const DSA_SIG * psig,
const BIGNUM ** pr,
const BIGNUM ** ps
)
{
REQUIRE(psig != NULL);
if (pr != NULL)
*pr = psig->r;
if (ps != NULL)
*ps = psig->s;
}
int
sslshim_DSA_SIG_set0(
DSA_SIG * psig,
BIGNUM * r,
BIGNUM * s
)
{
REQUIRE(psig != NULL);
if (!(r && s))
return 0;
replace_bn_nn(&psig->r, r);
replace_bn_nn(&psig->s, s);
return 1;
}
/* --------------------------------------------------------------------
* get/set DSA parameters
*/
void
sslshim_DSA_get0_pqg(
const DSA * pdsa,
const BIGNUM ** pp,
const BIGNUM ** pq,
const BIGNUM ** pg
)
{
REQUIRE(pdsa != NULL);
if (pp != NULL)
*pp = pdsa->p;
if (pq != NULL)
*pq = pdsa->q;
if (pg != NULL)
*pg = pdsa->g;
}
int
sslshim_DSA_set0_pqg(
DSA * pdsa,
BIGNUM * p,
BIGNUM * q,
BIGNUM * g
)
{
if (!((pdsa->p || p) && (pdsa->q || q) && (pdsa->g || g)))
return 0;
replace_bn_nn(&pdsa->p, p);
replace_bn_nn(&pdsa->q, q);
replace_bn_nn(&pdsa->g, g);
return 1;
}
void
sslshim_DSA_get0_key(
const DSA * pdsa,
const BIGNUM ** ppub_key,
const BIGNUM ** ppriv_key
)
{
REQUIRE(pdsa != NULL);
if (ppub_key != NULL)
*ppub_key = pdsa->pub_key;
if (ppriv_key != NULL)
*ppriv_key = pdsa->priv_key;
}
int
sslshim_DSA_set0_key(
DSA * pdsa,
BIGNUM * pub_key,
BIGNUM * priv_key
)
{
REQUIRE(pdsa != NULL);
if (!(pdsa->pub_key || pub_key))
return 0;
replace_bn_nn(&pdsa->pub_key, pub_key);
replace_bn_nn(&pdsa->priv_key, priv_key);
return 1;
}
int
sslshim_X509_get_signature_nid(
const X509 *x
)
{
return OBJ_obj2nid(x->sig_alg->algorithm);
}
/* ----------------------------------------------------------------- */
#else /* OPENSSL_VERSION_NUMBER >= v1.1.0 */
/* ----------------------------------------------------------------- */
NONEMPTY_TRANSLATION_UNIT
/* ----------------------------------------------------------------- */
#endif
/* ----------------------------------------------------------------- */

View File

@ -91,7 +91,7 @@
/*
*---------------------------------------------------------------------
* replacing the 'time()' function
* --------------------------------------------------------------------
*---------------------------------------------------------------------
*/
static systime_func_ptr systime_func = &time;
@ -395,7 +395,7 @@ ntpcal_get_build_date(
/*
*---------------------------------------------------------------------
* basic calendar stuff
* --------------------------------------------------------------------
*---------------------------------------------------------------------
*/
/* month table for a year starting with March,1st */
@ -443,11 +443,11 @@ static const uint16_t real_month_table[2][13] = {
*/
/*
* ==================================================================
* ====================================================================
*
* General algorithmic stuff
*
* ==================================================================
* ====================================================================
*/
/*
@ -495,7 +495,7 @@ static const uint16_t real_month_table[2][13] = {
* 32/16bit divisions and is still performant is a bit more
* difficult. Since most usecases can be coded in a way that does only
* require the 32-bit version a 64bit version is NOT provided here.
* ---------------------------------------------------------------------
*---------------------------------------------------------------------
*/
int32_t
ntpcal_periodic_extend(
@ -542,8 +542,35 @@ ntpcal_periodic_extend(
return pivot;
}
/*---------------------------------------------------------------------
* Note to the casual reader
*
* In the next two functions you will find (or would have found...)
* the expression
*
* res.Q_s -= 0x80000000;
*
* There was some ruckus about a possible programming error due to
* integer overflow and sign propagation.
*
* This assumption is based on a lack of understanding of the C
* standard. (Though this is admittedly not one of the most 'natural'
* aspects of the 'C' language and easily to get wrong.)
*
* see
* http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1570.pdf
* "ISO/IEC 9899:201x Committee Draft — April 12, 2011"
* 6.4.4.1 Integer constants, clause 5
*
* why there is no sign extension/overflow problem here.
*
* But to ease the minds of the doubtful, I added back the 'u' qualifiers
* that somehow got lost over the last years.
*/
/*
*-------------------------------------------------------------------
*---------------------------------------------------------------------
* Convert a timestamp in NTP scale to a 64bit seconds value in the UN*X
* scale with proper epoch unfolding around a given pivot or the current
* system time. This function happily accepts negative pivot values as
@ -553,7 +580,7 @@ ntpcal_periodic_extend(
* This is also a periodic extension, but since the cycle is 2^32 and
* the shift is 2^31, we can do some *very* fast math without explicit
* divisions.
*-------------------------------------------------------------------
*---------------------------------------------------------------------
*/
vint64
ntpcal_ntp_to_time(
@ -568,7 +595,7 @@ ntpcal_ntp_to_time(
res.q_s = (pivot != NULL)
? *pivot
: now();
res.Q_s -= 0x80000000; /* unshift of half range */
res.Q_s -= 0x80000000u; /* unshift of half range */
ntp -= (uint32_t)JAN_1970; /* warp into UN*X domain */
ntp -= res.D_s.lo; /* cycle difference */
res.Q_s += (uint64_t)ntp; /* get expanded time */
@ -581,7 +608,7 @@ ntpcal_ntp_to_time(
? *pivot
: now();
res = time_to_vint64(&tmp);
M_SUB(res.D_s.hi, res.D_s.lo, 0, 0x80000000);
M_SUB(res.D_s.hi, res.D_s.lo, 0, 0x80000000u);
ntp -= (uint32_t)JAN_1970; /* warp into UN*X domain */
ntp -= res.D_s.lo; /* cycle difference */
M_ADD(res.D_s.hi, res.D_s.lo, 0, ntp);
@ -592,7 +619,7 @@ ntpcal_ntp_to_time(
}
/*
*-------------------------------------------------------------------
*---------------------------------------------------------------------
* Convert a timestamp in NTP scale to a 64bit seconds value in the NTP
* scale with proper epoch unfolding around a given pivot or the current
* system time.
@ -602,7 +629,7 @@ ntpcal_ntp_to_time(
* This is also a periodic extension, but since the cycle is 2^32 and
* the shift is 2^31, we can do some *very* fast math without explicit
* divisions.
*-------------------------------------------------------------------
*---------------------------------------------------------------------
*/
vint64
ntpcal_ntp_to_ntp(
@ -617,7 +644,7 @@ ntpcal_ntp_to_ntp(
res.q_s = (pivot)
? *pivot
: now();
res.Q_s -= 0x80000000; /* unshift of half range */
res.Q_s -= 0x80000000u; /* unshift of half range */
res.Q_s += (uint32_t)JAN_1970; /* warp into NTP domain */
ntp -= res.D_s.lo; /* cycle difference */
res.Q_s += (uint64_t)ntp; /* get expanded time */
@ -642,20 +669,20 @@ ntpcal_ntp_to_ntp(
/*
* ==================================================================
* ====================================================================
*
* Splitting values to composite entities
*
* ==================================================================
* ====================================================================
*/
/*
*-------------------------------------------------------------------
*---------------------------------------------------------------------
* Split a 64bit seconds value into elapsed days in 'res.hi' and
* elapsed seconds since midnight in 'res.lo' using explicit floor
* division. This function happily accepts negative time values as
* timestamps before the respective epoch start.
* -------------------------------------------------------------------
*---------------------------------------------------------------------
*/
ntpcal_split
ntpcal_daysplit(
@ -736,11 +763,11 @@ ntpcal_daysplit(
}
/*
*-------------------------------------------------------------------
*---------------------------------------------------------------------
* Split a 32bit seconds value into h/m/s and excessive days. This
* function happily accepts negative time values as timestamps before
* midnight.
* -------------------------------------------------------------------
*---------------------------------------------------------------------
*/
static int32_t
priv_timesplit(
@ -773,7 +800,7 @@ priv_timesplit(
}
/*
* ---------------------------------------------------------------------
*---------------------------------------------------------------------
* Given the number of elapsed days in the calendar era, split this
* number into the number of elapsed years in 'res.hi' and the number
* of elapsed days of that year in 'res.lo'.
@ -1053,11 +1080,11 @@ ntpcal_time_to_date(
/*
* ==================================================================
* ====================================================================
*
* merging composite entities
*
* ==================================================================
* ====================================================================
*/
/*
@ -1251,8 +1278,8 @@ ntpcal_edate_to_eradays(
* Convert ELAPSED years/months/days of gregorian calendar to elapsed
* days in year.
*
* Note: This will give the true difference to the start of the given year,
* even if months & days are off-scale.
* Note: This will give the true difference to the start of the given
* year, even if months & days are off-scale.
*---------------------------------------------------------------------
*/
int32_t
@ -1434,11 +1461,11 @@ ntpcal_date_to_time(
/*
* ==================================================================
* ====================================================================
*
* extended and unchecked variants of caljulian/caltontp
*
* ==================================================================
* ====================================================================
*/
int
ntpcal_ntp64_to_date(
@ -1500,11 +1527,11 @@ ntpcal_date_to_ntp(
/*
* ==================================================================
* ====================================================================
*
* day-of-week calculations
*
* ==================================================================
* ====================================================================
*/
/*
* Given a RataDie and a day-of-week, calculate a RDN that is reater-than,
@ -1557,7 +1584,7 @@ ntpcal_weekday_lt(
}
/*
* ==================================================================
* ====================================================================
*
* ISO week-calendar conversions
*
@ -1601,7 +1628,7 @@ ntpcal_weekday_lt(
* smallest possible powers of two, so the division can be implemented
* as shifts if the optimiser chooses to do so.
*
* ==================================================================
* ====================================================================
*/
/*

View File

@ -118,14 +118,16 @@
* is managed by the code which calls the *_complete routines.
*/
/* === typedefs === */
typedef struct blocking_gai_req_tag { /* marshalled args */
size_t octets;
u_int dns_idx;
time_t scheduled;
time_t earliest;
struct addrinfo hints;
int retry;
struct addrinfo hints;
u_int qflags;
gai_sometime_callback callback;
void * context;
size_t nodesize;
@ -205,8 +207,8 @@ static dnsworker_ctx * get_worker_context(blocking_child *, u_int);
static void scheduled_sleep(time_t, time_t,
dnsworker_ctx *);
static void manage_dns_retry_interval(time_t *, time_t *,
int *,
time_t *);
int *, time_t *,
int/*BOOL*/);
static int should_retry_dns(int, int);
#ifdef HAVE_RES_INIT
static void reload_resolv_conf(dnsworker_ctx *);
@ -230,13 +232,14 @@ static void getnameinfo_sometime_complete(blocking_work_req,
* invokes provided callback completion function.
*/
int
getaddrinfo_sometime(
getaddrinfo_sometime_ex(
const char * node,
const char * service,
const struct addrinfo * hints,
int retry,
gai_sometime_callback callback,
void * context
void * context,
u_int qflags
)
{
blocking_gai_req * gai_req;
@ -277,6 +280,7 @@ getaddrinfo_sometime(
gai_req->context = context;
gai_req->nodesize = nodesize;
gai_req->servsize = servsize;
gai_req->qflags = qflags;
memcpy((char *)gai_req + sizeof(*gai_req), node, nodesize);
memcpy((char *)gai_req + sizeof(*gai_req) + nodesize, service,
@ -451,6 +455,20 @@ blocking_getaddrinfo(
return 0;
}
int
getaddrinfo_sometime(
const char * node,
const char * service,
const struct addrinfo * hints,
int retry,
gai_sometime_callback callback,
void * context
)
{
return getaddrinfo_sometime_ex(node, service, hints, retry,
callback, context, 0);
}
static void
getaddrinfo_sometime_complete(
@ -470,7 +488,7 @@ getaddrinfo_sometime_complete(
char * service;
char * canon_start;
time_t time_now;
int again;
int again, noerr;
int af;
const char * fam_spec;
int i;
@ -498,8 +516,9 @@ getaddrinfo_sometime_complete(
gai_req->dns_idx, humantime(time_now)));
}
} else {
again = should_retry_dns(gai_resp->retcode,
gai_resp->gai_errno);
noerr = !!(gai_req->qflags & GAIR_F_IGNDNSERR);
again = noerr || should_retry_dns(
gai_resp->retcode, gai_resp->gai_errno);
/*
* exponential backoff of DNS retries to 64s
*/
@ -528,9 +547,10 @@ getaddrinfo_sometime_complete(
gai_strerror(gai_resp->retcode),
gai_resp->retcode);
}
manage_dns_retry_interval(&gai_req->scheduled,
&gai_req->earliest, &gai_req->retry,
&child_ctx->next_dns_timeslot);
manage_dns_retry_interval(
&gai_req->scheduled, &gai_req->earliest,
&gai_req->retry, &child_ctx->next_dns_timeslot,
noerr);
if (!queue_blocking_request(
BLOCKING_GETADDRINFO,
gai_req,
@ -826,7 +846,7 @@ getnameinfo_sometime_complete(
if (gni_req->retry > 0)
manage_dns_retry_interval(&gni_req->scheduled,
&gni_req->earliest, &gni_req->retry,
&child_ctx->next_dns_timeslot);
&child_ctx->next_dns_timeslot, FALSE);
if (gni_req->retry > 0 && again) {
if (!queue_blocking_request(
@ -1033,18 +1053,32 @@ manage_dns_retry_interval(
time_t * pscheduled,
time_t * pwhen,
int * pretry,
time_t * pnext_timeslot
time_t * pnext_timeslot,
int forever
)
{
time_t now;
time_t when;
int retry;
int retmax;
now = time(NULL);
retry = *pretry;
when = max(now + retry, *pnext_timeslot);
*pnext_timeslot = when;
retry = min(64, retry << 1);
/* this exponential backoff is slower than doubling up: The
* sequence goes 2-3-4-6-8-12-16-24-32... and the upper limit is
* 64 seconds for things that should not repeat forever, and
* 1024 when repeated forever.
*/
retmax = forever ? 1024 : 64;
retry <<= 1;
if (retry & (retry - 1))
retry &= (retry - 1);
else
retry -= (retry >> 2);
retry = min(retmax, retry);
*pscheduled = now;
*pwhen = when;

View File

@ -15,6 +15,7 @@
#ifdef OPENSSL
#include "openssl/err.h"
#include "openssl/evp.h"
#include "libssl_compat.h"
void atexit_ssl_cleanup(void);
@ -62,6 +63,7 @@ ssl_check_version(void)
INIT_SSL();
}
#endif /* OPENSSL */
@ -84,7 +86,6 @@ keytype_from_text(
u_char digest[EVP_MAX_MD_SIZE];
char * upcased;
char * pch;
EVP_MD_CTX ctx;
/*
* OpenSSL digest short names are capitalized, so uppercase the
@ -110,8 +111,12 @@ keytype_from_text(
if (NULL != pdigest_len) {
#ifdef OPENSSL
EVP_DigestInit(&ctx, EVP_get_digestbynid(key_type));
EVP_DigestFinal(&ctx, digest, &digest_len);
EVP_MD_CTX *ctx;
ctx = EVP_MD_CTX_new();
EVP_DigestInit(ctx, EVP_get_digestbynid(key_type));
EVP_DigestFinal(ctx, digest, &digest_len);
EVP_MD_CTX_free(ctx);
if (digest_len > max_digest_len) {
fprintf(stderr,
"key type %s %u octet digests are too big, max %lu\n",

View File

@ -114,18 +114,24 @@ interrupt_worker_sleep(void)
/*
* harvest_child_status() runs in the parent.
*
* Note the error handling -- this is an interaction with SIGCHLD.
* SIG_IGN on SIGCHLD on some OSes means do not wait but reap
* automatically. Since we're not really interested in the result code,
* we simply ignore the error.
*/
static void
harvest_child_status(
blocking_child * c
)
{
if (c->pid)
{
if (c->pid) {
/* Wait on the child so it can finish terminating */
if (waitpid(c->pid, NULL, 0) == c->pid)
TRACE(4, ("harvested child %d\n", c->pid));
else msyslog(LOG_ERR, "error waiting on child %d: %m", c->pid);
else if (errno != ECHILD)
msyslog(LOG_ERR, "error waiting on child %d: %m", c->pid);
c->pid = 0;
}
}
@ -162,7 +168,6 @@ cleanup_after_child(
close(c->resp_read_pipe);
c->resp_read_pipe = -1;
}
c->pid = 0;
c->resp_read_ctx = NULL;
DEBUG_INSIST(-1 == c->req_read_pipe);
DEBUG_INSIST(-1 == c->resp_write_pipe);
@ -461,7 +466,10 @@ fork_blocking_child(
fflush(stdout);
fflush(stderr);
signal_no_reset(SIGCHLD, SIG_IGN);
/* [BUG 3050] setting SIGCHLD to SIG_IGN likely causes unwanted
* or undefined effects. We don't do it and leave SIGCHLD alone.
*/
/* signal_no_reset(SIGCHLD, SIG_IGN); */
childpid = fork();
if (-1 == childpid) {

View File

@ -113,13 +113,10 @@ static struct format hopf6021_fmt =
#define OFFS(x) format->field_offsets[(x)].offset
#define STOI(x, y) Stoi(&buffer[OFFS(x)], y, format->field_offsets[(x)].length)
#define hexval(x) (('0' <= (x) && (x) <= '9') ? (x) - '0' : \
('a' <= (x) && (x) <= 'f') ? (x) - 'a' + 10 : \
('A' <= (x) && (x) <= 'F') ? (x) - 'A' + 10 : \
-1)
static parse_cvt_fnc_t cvt_hopf6021;
static parse_inp_fnc_t inp_hopf6021;
static unsigned char hexval(unsigned char);
clockformat_t clock_hopf6021 =
{
@ -160,40 +157,40 @@ cvt_hopf6021(
return CVT_FAIL|CVT_BADFMT;
}
clock_time->usecond = 0;
clock_time->utcoffset = 0;
clock_time->usecond = 0;
clock_time->flags = 0;
status = (u_char) hexval(buffer[OFFS(O_FLAGS)]);
weekday= (u_char) hexval(buffer[OFFS(O_WDAY)]);
status = hexval(buffer[OFFS(O_FLAGS)]);
weekday = hexval(buffer[OFFS(O_WDAY)]);
if ((status == 0xFF) || (weekday == 0xFF))
{
return CVT_FAIL|CVT_BADFMT;
}
clock_time->flags = 0;
if (weekday & HOPF_UTC)
{
clock_time->flags |= PARSEB_UTC;
clock_time->flags |= PARSEB_UTC;
clock_time->utcoffset = 0;
}
else if (status & HOPF_DST)
{
clock_time->flags |= PARSEB_DST;
clock_time->utcoffset = -2*60*60; /* MET DST */
}
else
{
if (status & HOPF_DST)
{
clock_time->flags |= PARSEB_DST;
clock_time->utcoffset = -2*60*60; /* MET DST */
}
else
{
clock_time->utcoffset = -1*60*60; /* MET */
}
clock_time->utcoffset = -1*60*60; /* MET */
}
clock_time->flags |= (status & HOPF_DSTWARN) ? PARSEB_ANNOUNCE : 0;
if (status & HOPF_DSTWARN)
{
clock_time->flags |= PARSEB_ANNOUNCE;
}
switch (status & HOPF_MODE)
{
default: /* dummy: we cover all 4 cases. */
case HOPF_INVALID: /* Time/Date invalid */
clock_time->flags |= PARSEB_POWERUP;
break;
@ -205,9 +202,6 @@ cvt_hopf6021(
case HOPF_RADIO: /* Radio clock */
case HOPF_RADIOHP: /* Radio clock high precision */
break;
default:
return CVT_FAIL|CVT_BADFMT;
}
return CVT_OK;
@ -244,6 +238,30 @@ inp_hopf6021(
}
}
/*
* convert a hex-digit to numeric value
*/
static unsigned char
hexval(
unsigned char ch
)
{
unsigned int dv;
if ((dv = ch - '0') >= 10u)
{
if ((dv -= 'A'-'0') < 6u || (dv -= 'a'-'A') < 6u)
{
dv += 10;
}
else
{
dv = 0xFF;
}
}
return (unsigned char)dv;
}
#else /* not (REFCLOCK && CLOCK_PARSE && CLOCK_HOPF6021) */
int clk_hopf6021_bs;
#endif /* not (REFCLOCK && CLOCK_PARSE && CLOCK_HOPF6021) */

View File

@ -26,7 +26,7 @@ controlkey 12
requestkey 12
enable auth ntp monitor stats
disable bclient calibrate kernel mode7 peer_clear_digest_early unpeer_crypto_early unpeer_crypto_nak_early unpeer_digest_early
tos beacon 3600 ceiling 16 cohort 0 floor 1 maxclock 10 maxdist 1.5 minclock 3 mindist 0.001 minsane 1 orphan 16 orphanwait 300
tos beacon 3600 ceiling 16 cohort 0 floor 1 maxclock 10 maxdist 1.5 minclock 3 mindist 0.001 minsane 1 orphan 16 orphanwait 300 bcpollbstep 3
rlimit@HAVE_RLIMIT_MEMLOCK@@HAVE_RLIMIT_STACK@
tinker allan 1500 dispersion 15 freq 0 huffpuff 7200 panic 1000 step 0.128 stepout 900 tick 0.01
broadcastclient

View File

@ -6,7 +6,7 @@
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi)
#
# It has been AutoGen-ed June 2, 2016 at 07:36:07 AM by AutoGen 5.18.5
# It has been AutoGen-ed November 21, 2016 at 08:01:55 AM by AutoGen 5.18.5
# From the definitions ntp.conf.def
# and the template file agtexi-file.tpl
@end ignore
@ -1925,6 +1925,21 @@ At the same time, the manycast
scheme starts all over from the beginning and
the expanding ring shrinks to the minimum and increments
from there while collecting all servers in scope.
@subsubsection Broadcast Options
@table @asis
@item @code{tos} @code{[@code{bcpollbstep} @kbd{gate}]}
This command provides a way to delay,
by the specified number of broadcast poll intervals,
believing backward time steps from a broadcast server.
Broadcast time networks are expected to be trusted.
In the event a broadcast server's time is stepped backwards,
there is clear benefit to having the clients notice this change
as soon as possible.
Attacks such as replay attacks can happen, however,
and even though there are a number of protections built in to
broadcast mode, attempts to perform a replay attack are possible.
This value defaults to 0, but can be changed
to any number of poll intervals between 0 and 4.
@subsubsection Manycast Options
@table @asis
@item @code{tos} @code{[@code{ceiling} @kbd{ceiling} | @code{cohort} @code{@{} @code{0} | @code{1} @code{@}} | @code{floor} @kbd{floor} | @code{minclock} @kbd{minclock} | @code{minsane} @kbd{minsane}]}

View File

@ -6,7 +6,7 @@
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi)
#
# It has been AutoGen-ed June 2, 2016 at 07:36:10 AM by AutoGen 5.18.5
# It has been AutoGen-ed November 21, 2016 at 08:01:58 AM by AutoGen 5.18.5
# From the definitions ntp.keys.def
# and the template file agtexi-file.tpl
@end ignore

View File

@ -6,7 +6,7 @@
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpd.texi)
#
# It has been AutoGen-ed June 2, 2016 at 07:36:12 AM by AutoGen 5.18.5
# It has been AutoGen-ed November 21, 2016 at 08:02:00 AM by AutoGen 5.18.5
# From the definitions ntpd-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@ -142,7 +142,7 @@ with a status code of 0.
@exampleindent 0
@example
ntpd - NTP daemon program - Ver. 4.2.8p8
ntpd - NTP daemon program - Ver. 4.2.8p9
Usage: ntpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \
[ <server1> ... <serverN> ]
Flg Arg Option-Name Description

View File

@ -1 +1 @@
* Generated 2016-05-19 06:35:34 UTC diff_ignore_line
* Generated 2016-11-09 11:39:28 UTC diff_ignore_line

View File

@ -148,6 +148,7 @@ struct key_tok ntp_keywords[] = {
{ "cohort", T_Cohort, FOLLBY_TOKEN },
{ "mindist", T_Mindist, FOLLBY_TOKEN },
{ "maxdist", T_Maxdist, FOLLBY_TOKEN },
{ "bcpollbstep", T_Bcpollbstep, FOLLBY_TOKEN },
{ "beacon", T_Beacon, FOLLBY_TOKEN },
{ "orphan", T_Orphan, FOLLBY_TOKEN },
{ "orphanwait", T_Orphanwait, FOLLBY_TOKEN },

View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntp.conf 5man "02 Jun 2016" "4.2.8p8" "File Formats"
.TH ntp.conf 5man "21 Nov 2016" "4.2.8p9" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-OzaOIT/ag-3zaGHT)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Q_ai3f/ag-2_aa2f)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:35:50 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:01:41 AM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def
.\" and the template file agman-cmd.tpl
.SH NAME
@ -2174,7 +2174,23 @@ At the same time, the manycast
scheme starts all over from the beginning and
the expanding ring shrinks to the minimum and increments
from there while collecting all servers in scope.
.SS Broadcast Options
.TP 7
.NOP \f\*[B-Font]tos\f[] [\f\*[B-Font]bcpollbstep\f[] \f\*[I-Font]gate\f[]]
This command provides a way to delay,
by the specified number of broadcast poll intervals,
believing backward time steps from a broadcast server.
Broadcast time networks are expected to be trusted.
In the event a broadcast server's time is stepped backwards,
there is clear benefit to having the clients notice this change
as soon as possible.
Attacks such as replay attacks can happen, however,
and even though there are a number of protections built in to
broadcast mode, attempts to perform a replay attack are possible.
This value defaults to 0, but can be changed
to any number of poll intervals between 0 and 4.
.SS Manycast Options
.RS
.TP 7
.NOP \f\*[B-Font]tos\f[] [\f\*[B-Font]ceiling\f[] \f\*[I-Font]ceiling\f[] | \f\*[B-Font]cohort\f[] { \f\*[B-Font]0\f[] | \f\*[B-Font]1\f[] } | \f\*[B-Font]floor\f[] \f\*[I-Font]floor\f[] | \f\*[B-Font]minclock\f[] \f\*[I-Font]minclock\f[] | \f\*[B-Font]minsane\f[] \f\*[I-Font]minsane\f[]]
This command affects the clock selection and clustering
@ -2244,7 +2260,7 @@ In manycast mode these values are used in turn
in an expanding-ring search.
The default is eight
multiples of 32 starting at 31.
.PP
.RE
.SH Reference Clock Support
The NTP Version 4 daemon supports some three dozen different radio,
satellite and modem reference clocks plus a special pseudo-clock
@ -2411,6 +2427,7 @@ option is used for this purpose.
Except where noted,
these options apply to all clock drivers.
.SS Reference Clock Commands
.RS
.TP 7
.NOP \f\*[B-Font]server\f[] \f[C]127.127.\f[]\f\*[I-Font]t\f[].\f\*[I-Font]u\f[] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]mode\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]int\f[]]
This command can be used to configure reference clocks in
@ -2559,8 +2576,9 @@ Further information on the
command can be found in
\fIMonitoring\f[] \fIOptions\f[].
.RE
.PP
.RE
.SH Miscellaneous Options
.RS
.TP 7
.NOP \f\*[B-Font]broadcastdelay\f[] \f\*[I-Font]seconds\f[]
The broadcast and multicast modes require a special calibration
@ -3079,8 +3097,9 @@ In manycast mode these values are used in turn in
an expanding-ring search.
The default is eight multiples of 32 starting at
31.
.PP
.RE
.SH "OPTIONS"
.RS
.TP
.NOP \f\*[B-Font]\-\-help\f[]
Display usage information and exit.
@ -3092,7 +3111,7 @@ Pass the extended usage information through a pager.
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
.PP
.RE
.SH "OPTION PRESETS"
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from environment variables named:
@ -3103,6 +3122,7 @@ by loading values from environment variables named:
.SH "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.SH FILES
.RS
.TP 15
.NOP \fI/etc/ntp.conf\f[]
the default name of the configuration file
@ -3126,9 +3146,10 @@ RSA public key
.TP 15
.NOP \fIntp_dh\f[]
Diffie-Hellman agreement parameters
.PP
.RE
.SH "EXIT STATUS"
One of the following exit values will be returned:
.RS
.TP
.NOP 0 " (EXIT_SUCCESS)"
Successful program execution.
@ -3139,7 +3160,7 @@ The operation failed or the command syntax was not valid.
.NOP 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
.PP
.RE
.SH "SEE ALSO"
\fCntpd\f[]\fR(1ntpdmdoc)\f[],
\fCntpdc\f[]\fR(1ntpdcmdoc)\f[],

View File

@ -1,9 +1,9 @@
.Dd June 2 2016
.Dd November 21 2016
.Dt NTP_CONF 5mdoc File Formats
.Os
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:36:16 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:02:03 AM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
@ -1995,6 +1995,25 @@ At the same time, the manycast
scheme starts all over from the beginning and
the expanding ring shrinks to the minimum and increments
from there while collecting all servers in scope.
.Ss Broadcast Options
.Bl -tag -width indent
.It Xo Ic tos
.Oo
.Cm bcpollbstep Ar gate
.Oc
.Xc
This command provides a way to delay,
by the specified number of broadcast poll intervals,
believing backward time steps from a broadcast server.
Broadcast time networks are expected to be trusted.
In the event a broadcast server's time is stepped backwards,
there is clear benefit to having the clients notice this change
as soon as possible.
Attacks such as replay attacks can happen, however,
and even though there are a number of protections built in to
broadcast mode, attempts to perform a replay attack are possible.
This value defaults to 0, but can be changed
to any number of poll intervals between 0 and 4.
.Ss Manycast Options
.Bl -tag -width indent
.It Xo Ic tos

View File

@ -1997,6 +1997,25 @@ At the same time, the manycast
scheme starts all over from the beginning and
the expanding ring shrinks to the minimum and increments
from there while collecting all servers in scope.
.Ss Broadcast Options
.Bl -tag -width indent
.It Xo Ic tos
.Oo
.Cm bcpollbstep Ar gate
.Oc
.Xc
This command provides a way to delay,
by the specified number of broadcast poll intervals,
believing backward time steps from a broadcast server.
Broadcast time networks are expected to be trusted.
In the event a broadcast server's time is stepped backwards,
there is clear benefit to having the clients notice this change
as soon as possible.
Attacks such as replay attacks can happen, however,
and even though there are a number of protections built in to
broadcast mode, attempts to perform a replay attack are possible.
This value defaults to 0, but can be changed
to any number of poll intervals between 0 and 4.
.Ss Manycast Options
.Bl -tag -width indent
.It Xo Ic tos

View File

@ -33,9 +33,9 @@ Up:&nbsp;<a rel="up" accesskey="u" href="#dir">(dir)</a>
<p>This document describes the configuration file for the NTP Project's
<code>ntpd</code> program.
<p>This document applies to version 4.2.8p8 of <code>ntp.conf</code>.
<p>This document applies to version 4.2.8p9 of <code>ntp.conf</code>.
<div class="shortcontents">
<div class="shortcontents">
<h2>Short Contents</h2>
<ul>
<a href="#Top">NTP's Configuration File User Manual</a>
@ -1926,9 +1926,25 @@ scheme starts all over from the beginning and
the expanding ring shrinks to the minimum and increments
from there while collecting all servers in scope.
<h5 class="subsubsection">Manycast Options</h5>
<h5 class="subsubsection">Broadcast Options</h5>
<dl>
<dt><code>tos</code> <code>[bcpollbstep </code><kbd>gate</kbd><code>]</code><dd>This command provides a way to delay,
by the specified number of broadcast poll intervals,
believing backward time steps from a broadcast server.
Broadcast time networks are expected to be trusted.
In the event a broadcast server's time is stepped backwards,
there is clear benefit to having the clients notice this change
as soon as possible.
Attacks such as replay attacks can happen, however,
and even though there are a number of protections built in to
broadcast mode, attempts to perform a replay attack are possible.
This value defaults to 0, but can be changed
to any number of poll intervals between 0 and 4.
<h5 class="subsubsection">Manycast Options</h5>
<dl>
<dt><code>tos</code> <code>[ceiling </code><kbd>ceiling</kbd><code> | cohort { 0 | 1 } | floor </code><kbd>floor</kbd><code> | minclock </code><kbd>minclock</kbd><code> | minsane </code><kbd>minsane</kbd><code>]</code><dd>This command affects the clock selection and clustering
algorithms.
It can be used to select the quality and
@ -1936,7 +1952,7 @@ quantity of peers used to synchronize the system clock
and is most useful in manycast mode.
The variables operate
as follows:
<dl>
<dl>
<dt><code>ceiling</code> <kbd>ceiling</kbd><dd>Peers with strata above
<code>ceiling</code>
will be discarded if there are at least
@ -1978,14 +1994,14 @@ Byzantine agreement,
should be at least 4 in order to detect and discard
a single falseticker.
</dl>
<br><dt><code>ttl</code> <kbd>hop</kbd> <kbd>...</kbd><dd>This command specifies a list of TTL values in increasing
<br><dt><code>ttl</code> <kbd>hop</kbd> <kbd>...</kbd><dd>This command specifies a list of TTL values in increasing
order, up to 8 values can be specified.
In manycast mode these values are used in turn
in an expanding-ring search.
The default is eight
multiples of 32 starting at 31.
</dl>
<div class="node">
<div class="node">
<p><hr>
<a name="Reference-Clock-Support"></a>
<br>
@ -1993,7 +2009,7 @@ multiples of 32 starting at 31.
<h4 class="subsection">Reference Clock Support</h4>
<p>The NTP Version 4 daemon supports some three dozen different radio,
<p>The NTP Version 4 daemon supports some three dozen different radio,
satellite and modem reference clocks plus a special pseudo-clock
used for backup or when no other clock source is available.
Detailed descriptions of individual device drivers and options can
@ -2030,7 +2046,7 @@ page
provided in
<span class="file">/usr/share/doc/ntp</span>).
<p>A reference clock will generally (though not always) be a radio
<p>A reference clock will generally (though not always) be a radio
timecode receiver which is synchronized to a source of standard
time such as the services offered by the NRC in Canada and NIST and
USNO in the US.
@ -2046,7 +2062,7 @@ or the hardware port has not been appropriately configured results
in a scalding remark to the system log file, but is otherwise non
hazardous.
<p>For the purposes of configuration,
<p>For the purposes of configuration,
<code>ntpd(1ntpdmdoc)</code>
treats
reference clocks in a manner analogous to normal NTP peers as much
@ -2067,7 +2083,7 @@ While it may seem overkill, it is in fact
sometimes useful to configure multiple reference clocks of the same
type, in which case the unit numbers must be unique.
<p>The
<p>The
<code>server</code>
command is used to configure a reference
clock, where the
@ -2105,7 +2121,7 @@ meaning only for selected clock drivers.
See the individual clock
driver document pages for additional information.
<p>The
<p>The
<code>fudge</code>
command is used to provide additional
information for individual clock drivers and normally follows
@ -2127,7 +2143,7 @@ in the
<code>fudge</code>
command as well.
<p>The stratum number of a reference clock is by default zero.
<p>The stratum number of a reference clock is by default zero.
Since the
<code>ntpd(1ntpdmdoc)</code>
daemon adds one to the stratum of each
@ -2150,11 +2166,11 @@ these options apply to all clock drivers.
<h5 class="subsubsection">Reference Clock Commands</h5>
<dl>
<dl>
<dt><code>server</code> <code>127.127.</code><kbd>t</kbd>.<kbd>u</kbd> <code>[prefer]</code> <code>[mode </code><kbd>int</kbd><code>]</code> <code>[minpoll </code><kbd>int</kbd><code>]</code> <code>[maxpoll </code><kbd>int</kbd><code>]</code><dd>This command can be used to configure reference clocks in
special ways.
The options are interpreted as follows:
<dl>
<dl>
<dt><code>prefer</code><dd>Marks the reference clock as preferred.
All other things being
equal, this host will be chosen for synchronization among a set of
@ -2187,7 +2203,7 @@ defaults to 10 (17.1 m) and
defaults to 14 (4.5 h).
The allowable range is 4 (16 s) to 17 (36.4 h) inclusive.
</dl>
<br><dt><code>fudge</code> <code>127.127.</code><kbd>t</kbd>.<kbd>u</kbd> <code>[time1 </code><kbd>sec</kbd><code>]</code> <code>[time2 </code><kbd>sec</kbd><code>]</code> <code>[stratum </code><kbd>int</kbd><code>]</code> <code>[refid </code><kbd>string</kbd><code>]</code> <code>[mode </code><kbd>int</kbd><code>]</code> <code>[flag1 0 | 1]</code> <code>[flag2 0 | 1]</code> <code>[flag3 0 | 1]</code> <code>[flag4 0 | 1]</code><dd>This command can be used to configure reference clocks in
<br><dt><code>fudge</code> <code>127.127.</code><kbd>t</kbd>.<kbd>u</kbd> <code>[time1 </code><kbd>sec</kbd><code>]</code> <code>[time2 </code><kbd>sec</kbd><code>]</code> <code>[stratum </code><kbd>int</kbd><code>]</code> <code>[refid </code><kbd>string</kbd><code>]</code> <code>[mode </code><kbd>int</kbd><code>]</code> <code>[flag1 0 | 1]</code> <code>[flag2 0 | 1]</code> <code>[flag3 0 | 1]</code> <code>[flag4 0 | 1]</code><dd>This command can be used to configure reference clocks in
special ways.
It must immediately follow the
<code>server</code>
@ -2198,7 +2214,7 @@ is possible at run time using the
program.
The options are interpreted as
follows:
<dl>
<dl>
<dt><code>time1</code> <kbd>sec</kbd><dd>Specifies a constant to be added to the time offset produced by
the driver, a fixed-point decimal number in seconds.
This is used
@ -2269,8 +2285,8 @@ Further information on the
command can be found in
<a href="#Monitoring-Options">Monitoring Options</a>.
</dl>
</dl>
<div class="node">
</dl>
<div class="node">
<p><hr>
<a name="Miscellaneous-Options"></a>
<br>
@ -2278,7 +2294,7 @@ command can be found in
<h4 class="subsection">Miscellaneous Options</h4>
<dl>
<dl>
<dt><code>broadcastdelay</code> <kbd>seconds</kbd><dd>The broadcast and multicast modes require a special calibration
to determine the network delay between the local and remote
servers.
@ -2311,7 +2327,7 @@ frequency of zero and creates the file when writing it for the first time.
If this command is not given, the daemon will always start with an initial
frequency of zero.
<p>The file format consists of a single line containing a single
<p>The file format consists of a single line containing a single
floating point number, which records the frequency offset measured
in parts-per-million (PPM).
The file is updated by first writing
@ -2331,7 +2347,7 @@ Note that all of these flags
can be controlled remotely using the
<code>ntpdc(1ntpdcmdoc)</code>
utility program.
<dl>
<dl>
<dt><code>auth</code><dd>Enables the server to synchronize with unconfigured peers only if the
peer has been correctly authenticated using either public key or
private key cryptography.
@ -2466,7 +2482,7 @@ The
default for this flag is
<code>enable</code>.
</dl>
<br><dt><code>includefile</code> <kbd>includefile</kbd><dd>This command allows additional configuration commands
<br><dt><code>includefile</code> <kbd>includefile</kbd><dd>This command allows additional configuration commands
to be included from a separate file.
Include files may
be nested to a depth of five; upon reaching the end of any
@ -2527,7 +2543,7 @@ and
status messages
(<code>status</code>).
<p>Configuration keywords are formed by concatenating the message class with
<p>Configuration keywords are formed by concatenating the message class with
the event class.
The
<code>all</code>
@ -2539,20 +2555,20 @@ keyword to enable/disable all
messages of the respective message class.
Thus, a minimal log configuration
could look like this:
<pre class="verbatim">
logconfig =syncstatus +sysevents
</pre>
<pre class="verbatim">
logconfig =syncstatus +sysevents
</pre>
<p>This would just list the synchronizations state of
<p>This would just list the synchronizations state of
<code>ntpd(1ntpdmdoc)</code>
and the major system events.
For a simple reference server, the
following minimum message configuration could be useful:
<pre class="verbatim">
logconfig =syncall +clockall
</pre>
<pre class="verbatim">
logconfig =syncall +clockall
</pre>
<p>This configuration will list all clock information and
<p>This configuration will list all clock information and
synchronization information.
All other events and messages about
peers, system events and so on is suppressed.
@ -2611,8 +2627,8 @@ for them.
Emphasis added: twisters are on their own and can expect
no help from the support group.
<p>The variables operate as follows:
<dl>
<p>The variables operate as follows:
<dl>
<dt><code>allan</code> <kbd>allan</kbd><dd>The argument becomes the new value for the minimum Allan
intercept, which is a parameter of the PLL/FLL clock discipline
algorithm.
@ -2661,8 +2677,8 @@ be set to any positive number in seconds.
If set to zero, the stepout
pulses will not be suppressed.
</dl>
<br><dt><code>rlimit</code> <code>[memlock </code><kbd>Nmegabytes</kbd><code> | stacksize </code><kbd>N4kPages</kbd><code> filenum </code><kbd>Nfiledescriptors</kbd><code>]</code><dd>
<dl>
<br><dt><code>rlimit</code> <code>[memlock </code><kbd>Nmegabytes</kbd><code> | stacksize </code><kbd>N4kPages</kbd><code> filenum </code><kbd>Nfiledescriptors</kbd><code>]</code><dd>
<dl>
<dt><code>memlock</code> <kbd>Nmegabytes</kbd><dd>Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
@ -2679,7 +2695,7 @@ Defaults to 50 4k pages (200 4k pages in OpenBSD).
<br><dt><code>filenum</code> <kbd>Nfiledescriptors</kbd><dd>Specifies the maximum number of file descriptors ntpd may have open at once.
Defaults to the system default.
</dl>
<br><dt><code>trap</code> <kbd>host_address</kbd> <code>[port </code><kbd>port_number</kbd><code>]</code> <code>[interface </code><kbd>interface_address</kbd><code>]</code><dd>This command configures a trap receiver at the given host
<br><dt><code>trap</code> <kbd>host_address</kbd> <code>[port </code><kbd>port_number</kbd><code>]</code> <code>[interface </code><kbd>interface_address</kbd><code>]</code><dd>This command configures a trap receiver at the given host
address and port number for sending messages with the specified
local interface address.
If the port number is unspecified, a value
@ -2690,7 +2706,7 @@ message is sent through.
Note that on a multihomed host the
interface used may vary from time to time with routing changes.
<p>The trap receiver will generally log event messages and other
<p>The trap receiver will generally log event messages and other
information from the server in a log file.
While such monitor
programs may also request their own trap dynamically, configuring a
@ -2704,11 +2720,11 @@ The default is eight multiples of 32 starting at
31.
</dl>
<p>This section was generated by <strong>AutoGen</strong>,
<p>This section was generated by <strong>AutoGen</strong>,
using the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntp.conf</code> program.
This software is released under the NTP license, &lt;http://ntp.org/license&gt;.
<ul class="menu">
<ul class="menu">
<li><a accesskey="1" href="#ntp_002econf-Files">ntp.conf Files</a>: Files
<li><a accesskey="2" href="#ntp_002econf-See-Also">ntp.conf See Also</a>: See Also
<li><a accesskey="3" href="#ntp_002econf-Bugs">ntp.conf Bugs</a>: Bugs
@ -2723,14 +2739,14 @@ This software is released under the NTP license, &lt;http://ntp.org/license&gt;.
<h4 class="subsection">ntp.conf Files</h4>
<dl>
<dl>
<dt><span class="file">/etc/ntp.conf</span><dd>the default name of the configuration file
<br><dt><span class="file">ntp.keys</span><dd>private MD5 keys
<br><dt><span class="file">ntpkey</span><dd>RSA private key
<br><dt><span class="file">ntpkey_</span><kbd>host</kbd><dd>RSA public key
<br><dt><span class="file">ntp_dh</span><dd>Diffie-Hellman agreement parameters
</dl>
<div class="node">
<div class="node">
<p><hr>
<a name="ntp_002econf-See-Also"></a>
<br>
@ -2738,11 +2754,11 @@ This software is released under the NTP license, &lt;http://ntp.org/license&gt;.
<h4 class="subsection">ntp.conf See Also</h4>
<p><code>ntpd(1ntpdmdoc)</code>,
<p><code>ntpd(1ntpdmdoc)</code>,
<code>ntpdc(1ntpdcmdoc)</code>,
<code>ntpq(1ntpqmdoc)</code>
<p>In addition to the manual pages provided,
<p>In addition to the manual pages provided,
comprehensive documentation is available on the world wide web
at
<code>http://www.ntp.org/</code>.
@ -2750,7 +2766,7 @@ A snapshot of this documentation is available in HTML format in
<span class="file">/usr/share/doc/ntp</span>.
<br>
<p><br>
<p><br>
David L. Mills, <em>Network Time Protocol (Version 4)</em>, RFC5905
<div class="node">
<p><hr>
@ -2760,11 +2776,11 @@ David L. Mills, <em>Network Time Protocol (Version 4)</em>, RFC5905
<h4 class="subsection">ntp.conf Bugs</h4>
<p>The syntax checking is not picky; some combinations of
<p>The syntax checking is not picky; some combinations of
ridiculous and even hilarious options and modes may not be
detected.
<p>The
<p>The
<span class="file">ntpkey_</span><kbd>host</kbd>
files are really digital
certificates.
@ -2778,7 +2794,7 @@ services when they become universally available.
<h4 class="subsection">ntp.conf Notes</h4>
<p>This document was derived from FreeBSD.
<p>This document was derived from FreeBSD.
</body></html>

View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntp.conf 5 "02 Jun 2016" "4.2.8p8" "File Formats"
.TH ntp.conf 5 "21 Nov 2016" "4.2.8p9" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-OzaOIT/ag-3zaGHT)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Q_ai3f/ag-2_aa2f)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:35:50 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:01:41 AM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def
.\" and the template file agman-cmd.tpl
.SH NAME
@ -2174,7 +2174,23 @@ At the same time, the manycast
scheme starts all over from the beginning and
the expanding ring shrinks to the minimum and increments
from there while collecting all servers in scope.
.SS Broadcast Options
.TP 7
.NOP \f\*[B-Font]tos\f[] [\f\*[B-Font]bcpollbstep\f[] \f\*[I-Font]gate\f[]]
This command provides a way to delay,
by the specified number of broadcast poll intervals,
believing backward time steps from a broadcast server.
Broadcast time networks are expected to be trusted.
In the event a broadcast server's time is stepped backwards,
there is clear benefit to having the clients notice this change
as soon as possible.
Attacks such as replay attacks can happen, however,
and even though there are a number of protections built in to
broadcast mode, attempts to perform a replay attack are possible.
This value defaults to 0, but can be changed
to any number of poll intervals between 0 and 4.
.SS Manycast Options
.RS
.TP 7
.NOP \f\*[B-Font]tos\f[] [\f\*[B-Font]ceiling\f[] \f\*[I-Font]ceiling\f[] | \f\*[B-Font]cohort\f[] { \f\*[B-Font]0\f[] | \f\*[B-Font]1\f[] } | \f\*[B-Font]floor\f[] \f\*[I-Font]floor\f[] | \f\*[B-Font]minclock\f[] \f\*[I-Font]minclock\f[] | \f\*[B-Font]minsane\f[] \f\*[I-Font]minsane\f[]]
This command affects the clock selection and clustering
@ -2244,7 +2260,7 @@ In manycast mode these values are used in turn
in an expanding-ring search.
The default is eight
multiples of 32 starting at 31.
.PP
.RE
.SH Reference Clock Support
The NTP Version 4 daemon supports some three dozen different radio,
satellite and modem reference clocks plus a special pseudo-clock
@ -2411,6 +2427,7 @@ option is used for this purpose.
Except where noted,
these options apply to all clock drivers.
.SS Reference Clock Commands
.RS
.TP 7
.NOP \f\*[B-Font]server\f[] \f[C]127.127.\f[]\f\*[I-Font]t\f[].\f\*[I-Font]u\f[] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]mode\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]int\f[]]
This command can be used to configure reference clocks in
@ -2559,8 +2576,9 @@ Further information on the
command can be found in
\fIMonitoring\f[] \fIOptions\f[].
.RE
.PP
.RE
.SH Miscellaneous Options
.RS
.TP 7
.NOP \f\*[B-Font]broadcastdelay\f[] \f\*[I-Font]seconds\f[]
The broadcast and multicast modes require a special calibration
@ -3079,8 +3097,9 @@ In manycast mode these values are used in turn in
an expanding-ring search.
The default is eight multiples of 32 starting at
31.
.PP
.RE
.SH "OPTIONS"
.RS
.TP
.NOP \f\*[B-Font]\-\-help\f[]
Display usage information and exit.
@ -3092,7 +3111,7 @@ Pass the extended usage information through a pager.
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
.PP
.RE
.SH "OPTION PRESETS"
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from environment variables named:
@ -3103,6 +3122,7 @@ by loading values from environment variables named:
.SH "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.SH FILES
.RS
.TP 15
.NOP \fI/etc/ntp.conf\f[]
the default name of the configuration file
@ -3126,9 +3146,10 @@ RSA public key
.TP 15
.NOP \fIntp_dh\f[]
Diffie-Hellman agreement parameters
.PP
.RE
.SH "EXIT STATUS"
One of the following exit values will be returned:
.RS
.TP
.NOP 0 " (EXIT_SUCCESS)"
Successful program execution.
@ -3139,7 +3160,7 @@ The operation failed or the command syntax was not valid.
.NOP 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
.PP
.RE
.SH "SEE ALSO"
\fCntpd\f[]\fR(@NTPD_MS@)\f[],
\fCntpdc\f[]\fR(@NTPDC_MS@)\f[],

View File

@ -1,9 +1,9 @@
.Dd June 2 2016
.Dd November 21 2016
.Dt NTP_CONF 5 File Formats
.Os
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:36:16 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:02:03 AM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
@ -1995,6 +1995,25 @@ At the same time, the manycast
scheme starts all over from the beginning and
the expanding ring shrinks to the minimum and increments
from there while collecting all servers in scope.
.Ss Broadcast Options
.Bl -tag -width indent
.It Xo Ic tos
.Oo
.Cm bcpollbstep Ar gate
.Oc
.Xc
This command provides a way to delay,
by the specified number of broadcast poll intervals,
believing backward time steps from a broadcast server.
Broadcast time networks are expected to be trusted.
In the event a broadcast server's time is stepped backwards,
there is clear benefit to having the clients notice this change
as soon as possible.
Attacks such as replay attacks can happen, however,
and even though there are a number of protections built in to
broadcast mode, attempts to perform a replay attack are possible.
This value defaults to 0, but can be changed
to any number of poll intervals between 0 and 4.
.Ss Manycast Options
.Bl -tag -width indent
.It Xo Ic tos

View File

@ -1,8 +1,8 @@
.TH ntp.keys 5man "02 Jun 2016" "4.2.8p8" "File Formats"
.TH ntp.keys 5man "21 Nov 2016" "4.2.8p9" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:35:57 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:01:46 AM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def
.\" and the template file agman-file.tpl
.Sh NAME

View File

@ -1,9 +1,9 @@
.Dd June 2 2016
.Dd November 21 2016
.Dt NTP_KEYS 5mdoc File Formats
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:36:20 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:02:06 AM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def
.\" and the template file agmdoc-file.tpl
.Sh NAME

View File

@ -33,7 +33,7 @@ Up:&nbsp;<a rel="up" accesskey="u" href="#dir">(dir)</a>
<p>This document describes the symmetric key file for the NTP Project's
<code>ntpd</code> program.
<p>This document applies to version 4.2.8p8 of <code>ntp.keys</code>.
<p>This document applies to version 4.2.8p9 of <code>ntp.keys</code>.
<div class="shortcontents">
<h2>Short Contents</h2>

View File

@ -1,8 +1,8 @@
.TH ntp.keys 5 "02 Jun 2016" "4.2.8p8" "File Formats"
.TH ntp.keys 5 "21 Nov 2016" "4.2.8p9" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:35:57 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:01:46 AM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def
.\" and the template file agman-file.tpl
.Sh NAME

View File

@ -1,9 +1,9 @@
.Dd June 2 2016
.Dd November 21 2016
.Dt NTP_KEYS 5 File Formats
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:36:20 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:02:06 AM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def
.\" and the template file agmdoc-file.tpl
.Sh NAME

View File

@ -53,6 +53,12 @@
#include "ntp_parser.h"
#include "ntpd-opts.h"
#ifndef IGNORE_DNS_ERRORS
# define DNSFLAGS 0
#else
# define DNSFLAGS GAIR_F_IGNDNSERR
#endif
extern int yyparse(void);
/* Bug 2817 */
@ -2002,6 +2008,21 @@ config_tos(
INSIST(0);
break;
case T_Bcpollbstep:
if (val > 4) {
msyslog(LOG_WARNING,
"Using maximum bcpollbstep ceiling %d, %g requested",
4, val);
val = 4;
} else if (val < 0) {
msyslog(LOG_WARNING,
"Using minimum bcpollbstep floor %d, %g requested",
0, val);
val = 0;
}
item = PROTO_BCPOLLBSTEP;
break;
case T_Ceiling:
if (val > STRATUM_UNSPEC - 1) {
msyslog(LOG_WARNING,
@ -3813,11 +3834,11 @@ config_peers(
hints.ai_socktype = SOCK_DGRAM;
hints.ai_protocol = IPPROTO_UDP;
getaddrinfo_sometime(*cmdline_servers,
getaddrinfo_sometime_ex(*cmdline_servers,
"ntp", &hints,
INITIAL_DNS_RETRY,
&peer_name_resolved,
(void *)ctx);
(void *)ctx, DNSFLAGS);
# else /* !WORKER follows */
msyslog(LOG_ERR,
"hostname %s can not be used, please use IP address instead.",
@ -3891,10 +3912,11 @@ config_peers(
hints.ai_socktype = SOCK_DGRAM;
hints.ai_protocol = IPPROTO_UDP;
getaddrinfo_sometime(curr_peer->addr->address,
getaddrinfo_sometime_ex(curr_peer->addr->address,
"ntp", &hints,
INITIAL_DNS_RETRY,
&peer_name_resolved, ctx);
&peer_name_resolved, ctx,
DNSFLAGS);
# else /* !WORKER follows */
msyslog(LOG_ERR,
"hostname %s can not be used, please use IP address instead.",
@ -3935,16 +3957,10 @@ peer_name_resolved(
DPRINTF(1, ("peer_name_resolved(%s) rescode %d\n", name, rescode));
if (rescode) {
#ifndef IGNORE_DNS_ERRORS
free(ctx);
msyslog(LOG_ERR,
"giving up resolving host %s: %s (%d)",
name, gai_strerror(rescode), rescode);
#else /* IGNORE_DNS_ERRORS follows */
getaddrinfo_sometime(name, service, hints,
INITIAL_DNS_RETRY,
&peer_name_resolved, context);
#endif
return;
}

View File

@ -33,6 +33,7 @@
# include "ntp_syscall.h"
#endif
#include "libssl_compat.h"
/*
* Structure to hold request procedure information
@ -120,14 +121,14 @@ static const struct ctl_proc control_codes[] = {
{ CTL_OP_READVAR, NOAUTH, read_variables },
{ CTL_OP_WRITEVAR, AUTH, write_variables },
{ CTL_OP_READCLOCK, NOAUTH, read_clockstatus },
{ CTL_OP_WRITECLOCK, NOAUTH, write_clockstatus },
{ CTL_OP_SETTRAP, NOAUTH, set_trap },
{ CTL_OP_WRITECLOCK, AUTH, write_clockstatus },
{ CTL_OP_SETTRAP, AUTH, set_trap },
{ CTL_OP_CONFIGURE, AUTH, configure },
{ CTL_OP_SAVECONFIG, AUTH, save_config },
{ CTL_OP_READ_MRU, NOAUTH, read_mru_list },
{ CTL_OP_READ_ORDLIST_A, AUTH, read_ordlist },
{ CTL_OP_REQ_NONCE, NOAUTH, req_nonce },
{ CTL_OP_UNSETTRAP, NOAUTH, unset_trap },
{ CTL_OP_UNSETTRAP, AUTH, unset_trap },
{ NO_REQUEST, 0, NULL }
};
@ -3158,15 +3159,21 @@ ctl_getitem(
for (v = var_list; !(EOV & v->flags); ++v)
if (!(PADDING & v->flags)) {
/* check if the var name matches the buffer */
/* Check if the var name matches the buffer. The
* name is bracketed by [reqpt..tp] and not NUL
* terminated, and it contains no '=' char. The
* lookup value IS NUL-terminated but might
* include a '='... We have to look out for
* that!
*/
const char *sp1 = reqpt;
const char *sp2 = v->text;
while ((sp1 != tp) && *sp2 && (*sp1 == *sp2)) {
while ((sp1 != tp) && (*sp1 == *sp2)) {
++sp1;
++sp2;
}
if (sp1 == tp && !*sp2)
if (sp1 == tp && (*sp2 == '\0' || *sp2 == '='))
break;
}
@ -3649,7 +3656,7 @@ static u_int32 derive_nonce(
u_char digest[EVP_MAX_MD_SIZE];
u_int32 extract;
} d;
EVP_MD_CTX ctx;
EVP_MD_CTX *ctx;
u_int len;
while (!salt[0] || current_time - last_salt_update >= 3600) {
@ -3660,19 +3667,21 @@ static u_int32 derive_nonce(
last_salt_update = current_time;
}
EVP_DigestInit(&ctx, EVP_get_digestbynid(NID_md5));
EVP_DigestUpdate(&ctx, salt, sizeof(salt));
EVP_DigestUpdate(&ctx, &ts_i, sizeof(ts_i));
EVP_DigestUpdate(&ctx, &ts_f, sizeof(ts_f));
ctx = EVP_MD_CTX_new();
EVP_DigestInit(ctx, EVP_get_digestbynid(NID_md5));
EVP_DigestUpdate(ctx, salt, sizeof(salt));
EVP_DigestUpdate(ctx, &ts_i, sizeof(ts_i));
EVP_DigestUpdate(ctx, &ts_f, sizeof(ts_f));
if (IS_IPV4(addr))
EVP_DigestUpdate(&ctx, &SOCK_ADDR4(addr),
EVP_DigestUpdate(ctx, &SOCK_ADDR4(addr),
sizeof(SOCK_ADDR4(addr)));
else
EVP_DigestUpdate(&ctx, &SOCK_ADDR6(addr),
EVP_DigestUpdate(ctx, &SOCK_ADDR6(addr),
sizeof(SOCK_ADDR6(addr)));
EVP_DigestUpdate(&ctx, &NSRCPORT(addr), sizeof(NSRCPORT(addr)));
EVP_DigestUpdate(&ctx, salt, sizeof(salt));
EVP_DigestFinal(&ctx, d.digest, &len);
EVP_DigestUpdate(ctx, &NSRCPORT(addr), sizeof(NSRCPORT(addr)));
EVP_DigestUpdate(ctx, salt, sizeof(salt));
EVP_DigestFinal(ctx, d.digest, &len);
EVP_MD_CTX_free(ctx);
return d.extract;
}
@ -3954,15 +3963,17 @@ static void read_mru_list(
int restrict_mask
)
{
const char nonce_text[] = "nonce";
const char frags_text[] = "frags";
const char limit_text[] = "limit";
const char mincount_text[] = "mincount";
const char resall_text[] = "resall";
const char resany_text[] = "resany";
const char maxlstint_text[] = "maxlstint";
const char laddr_text[] = "laddr";
const char resaxx_fmt[] = "0x%hx";
static const char nulltxt[1] = { '\0' };
static const char nonce_text[] = "nonce";
static const char frags_text[] = "frags";
static const char limit_text[] = "limit";
static const char mincount_text[] = "mincount";
static const char resall_text[] = "resall";
static const char resany_text[] = "resany";
static const char maxlstint_text[] = "maxlstint";
static const char laddr_text[] = "laddr";
static const char resaxx_fmt[] = "0x%hx";
u_int limit;
u_short frags;
u_short resall;
@ -3979,7 +3990,7 @@ static void read_mru_list(
char buf[128];
struct ctl_var * in_parms;
const struct ctl_var * v;
char * val;
const char * val;
const char * pch;
char * pnonce;
int nonce_valid;
@ -4031,46 +4042,68 @@ static void read_mru_list(
ZERO(last);
ZERO(addr);
while (NULL != (v = ctl_getitem(in_parms, &val)) &&
/* have to go through '(void*)' to drop 'const' property from pointer.
* ctl_getitem()' needs some cleanup, too.... perlinger@ntp.org
*/
while (NULL != (v = ctl_getitem(in_parms, (void*)&val)) &&
!(EOV & v->flags)) {
int si;
if (NULL == val)
val = nulltxt;
if (!strcmp(nonce_text, v->text)) {
if (NULL != pnonce)
free(pnonce);
pnonce = estrdup(val);
free(pnonce);
pnonce = (*val) ? estrdup(val) : NULL;
} else if (!strcmp(frags_text, v->text)) {
sscanf(val, "%hu", &frags);
if (1 != sscanf(val, "%hu", &frags))
goto blooper;
} else if (!strcmp(limit_text, v->text)) {
sscanf(val, "%u", &limit);
if (1 != sscanf(val, "%u", &limit))
goto blooper;
} else if (!strcmp(mincount_text, v->text)) {
if (1 != sscanf(val, "%d", &mincount) ||
mincount < 0)
if (1 != sscanf(val, "%d", &mincount))
goto blooper;
if (mincount < 0)
mincount = 0;
} else if (!strcmp(resall_text, v->text)) {
sscanf(val, resaxx_fmt, &resall);
if (1 != sscanf(val, resaxx_fmt, &resall))
goto blooper;
} else if (!strcmp(resany_text, v->text)) {
sscanf(val, resaxx_fmt, &resany);
if (1 != sscanf(val, resaxx_fmt, &resany))
goto blooper;
} else if (!strcmp(maxlstint_text, v->text)) {
sscanf(val, "%u", &maxlstint);
if (1 != sscanf(val, "%u", &maxlstint))
goto blooper;
} else if (!strcmp(laddr_text, v->text)) {
if (decodenetnum(val, &laddr))
lcladr = getinterface(&laddr, 0);
if (!decodenetnum(val, &laddr))
goto blooper;
lcladr = getinterface(&laddr, 0);
} else if (1 == sscanf(v->text, last_fmt, &si) &&
(size_t)si < COUNTOF(last)) {
if (2 == sscanf(val, "0x%08x.%08x", &ui, &uf)) {
last[si].l_ui = ui;
last[si].l_uf = uf;
if (!SOCK_UNSPEC(&addr[si]) &&
si == priors)
priors++;
}
if (2 != sscanf(val, "0x%08x.%08x", &ui, &uf))
goto blooper;
last[si].l_ui = ui;
last[si].l_uf = uf;
if (!SOCK_UNSPEC(&addr[si]) && si == priors)
priors++;
} else if (1 == sscanf(v->text, addr_fmt, &si) &&
(size_t)si < COUNTOF(addr)) {
if (decodenetnum(val, &addr[si])
&& last[si].l_ui && last[si].l_uf &&
si == priors)
if (!decodenetnum(val, &addr[si]))
goto blooper;
if (last[si].l_ui && last[si].l_uf && si == priors)
priors++;
} else {
DPRINTF(1, ("read_mru_list: invalid key item: '%s' (ignored)\n",
v->text));
continue;
blooper:
DPRINTF(1, ("read_mru_list: invalid param for '%s': '%s' (bailing)\n",
v->text, val));
free(pnonce);
pnonce = NULL;
break;
}
}
free_varlist(in_parms);
@ -4997,6 +5030,22 @@ report_event(
if (num_ctl_traps <= 0)
return;
/* [Bug 3119]
* Peer Events should be associated with a peer -- hence the
* name. But there are instances where this function is called
* *without* a valid peer. This happens e.g. with an unsolicited
* CryptoNAK, or when a leap second alarm is going off while
* currently without a system peer.
*
* The most sensible approach to this seems to bail out here if
* this happens. Avoiding to call this function would also
* bypass the log reporting in the first part of this function,
* and this is probably not the best of all options.
* -*-perlinger@ntp.org-*-
*/
if ((err & PEER_EVENT) && !peer)
return;
/*
* Set up the outgoing packet variables
*/
@ -5013,15 +5062,14 @@ report_event(
/* Include the core system variables and the list. */
for (i = 1; i <= CS_VARLIST; i++)
ctl_putsys(i);
} else {
INSIST(peer != NULL);
} else if (NULL != peer) { /* paranoia -- skip output */
rpkt.associd = htons(peer->associd);
rpkt.status = htons(ctlpeerstatus(peer));
/* Dump it all. Later, maybe less. */
for (i = 1; i <= CP_MAX_NOAUTOKEY; i++)
ctl_putpeer(i, peer);
#ifdef REFCLOCK
# ifdef REFCLOCK
/*
* for clock exception events: add clock variables to
* reflect info on exception
@ -5047,7 +5095,7 @@ report_event(
FALSE);
free_varlist(cs.kv_list);
}
#endif /* REFCLOCK */
# endif /* REFCLOCK */
}
/*

View File

@ -22,13 +22,13 @@
#include "ntp_calendar.h"
#include "ntp_leapsec.h"
#include "openssl/asn1_mac.h"
#include "openssl/bn.h"
#include "openssl/err.h"
#include "openssl/evp.h"
#include "openssl/pem.h"
#include "openssl/rand.h"
#include "openssl/x509v3.h"
#include "libssl_compat.h"
#ifdef KERNEL_PLL
#include "ntp_syscall.h"
@ -230,7 +230,7 @@ session_key(
u_long lifetime /* key lifetime */
)
{
EVP_MD_CTX ctx; /* message digest context */
EVP_MD_CTX *ctx; /* message digest context */
u_char dgst[EVP_MAX_MD_SIZE]; /* message digest */
keyid_t keyid; /* key identifer */
u_int32 header[10]; /* data in network byte order */
@ -263,9 +263,11 @@ session_key(
hdlen = 10 * sizeof(u_int32);
break;
}
EVP_DigestInit(&ctx, EVP_get_digestbynid(crypto_nid));
EVP_DigestUpdate(&ctx, (u_char *)header, hdlen);
EVP_DigestFinal(&ctx, dgst, &len);
ctx = EVP_MD_CTX_new();
EVP_DigestInit(ctx, EVP_get_digestbynid(crypto_nid));
EVP_DigestUpdate(ctx, (u_char *)header, hdlen);
EVP_DigestFinal(ctx, dgst, &len);
EVP_MD_CTX_free(ctx);
memcpy(&keyid, dgst, 4);
keyid = ntohl(keyid);
if (lifetime != 0) {
@ -299,7 +301,7 @@ make_keylist(
struct interface *dstadr /* interface */
)
{
EVP_MD_CTX ctx; /* signature context */
EVP_MD_CTX *ctx; /* signature context */
tstamp_t tstamp; /* NTP timestamp */
struct autokey *ap; /* autokey pointer */
struct value *vp; /* value pointer */
@ -377,14 +379,16 @@ make_keylist(
if (tstamp != 0) {
if (vp->sig == NULL)
vp->sig = emalloc(sign_siglen);
EVP_SignInit(&ctx, sign_digest);
EVP_SignUpdate(&ctx, (u_char *)vp, 12);
EVP_SignUpdate(&ctx, vp->ptr, sizeof(struct autokey));
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
ctx = EVP_MD_CTX_new();
EVP_SignInit(ctx, sign_digest);
EVP_SignUpdate(ctx, (u_char *)vp, 12);
EVP_SignUpdate(ctx, vp->ptr, sizeof(struct autokey));
if (EVP_SignFinal(ctx, vp->sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
peer->flags |= FLAG_ASSOC;
}
EVP_MD_CTX_free(ctx);
}
DPRINTF(1, ("make_keys: %d %08x %08x ts %u fs %u poll %d\n",
peer->keynumber, keyid, cookie, ntohl(vp->tstamp),
@ -820,8 +824,8 @@ crypto_recv(
* errors.
*/
if (vallen == (u_int)EVP_PKEY_size(host_pkey)) {
u_int32 *cookiebuf = malloc(
RSA_size(host_pkey->pkey.rsa));
RSA *rsa = EVP_PKEY_get0_RSA(host_pkey);
u_int32 *cookiebuf = malloc(RSA_size(rsa));
if (!cookiebuf) {
rval = XEVNT_CKY;
break;
@ -830,7 +834,7 @@ crypto_recv(
if (RSA_private_decrypt(vallen,
(u_char *)ep->pkt,
(u_char *)cookiebuf,
host_pkey->pkey.rsa,
rsa,
RSA_PKCS1_OAEP_PADDING) != 4) {
rval = XEVNT_CKY;
free(cookiebuf);
@ -1421,7 +1425,7 @@ crypto_verify(
)
{
EVP_PKEY *pkey; /* server public key */
EVP_MD_CTX ctx; /* signature context */
EVP_MD_CTX *ctx; /* signature context */
tstamp_t tstamp, tstamp1 = 0; /* timestamp */
tstamp_t fstamp, fstamp1 = 0; /* filestamp */
u_int vallen; /* value length */
@ -1533,12 +1537,16 @@ crypto_verify(
* signature. If the identity exchange is verified, light the
* proventic bit. What a relief.
*/
EVP_VerifyInit(&ctx, peer->digest);
ctx = EVP_MD_CTX_new();
EVP_VerifyInit(ctx, peer->digest);
/* XXX: the "+ 12" needs to be at least documented... */
EVP_VerifyUpdate(&ctx, (u_char *)&ep->tstamp, vallen + 12);
if (EVP_VerifyFinal(&ctx, (u_char *)&ep->pkt[i], siglen,
pkey) <= 0)
EVP_VerifyUpdate(ctx, (u_char *)&ep->tstamp, vallen + 12);
if (EVP_VerifyFinal(ctx, (u_char *)&ep->pkt[i], siglen,
pkey) <= 0) {
EVP_MD_CTX_free(ctx);
return (XEVNT_SIG);
}
EVP_MD_CTX_free(ctx);
if (peer->crypto & CRYPTO_FLAG_VRFY)
peer->crypto |= CRYPTO_FLAG_PROV;
@ -1564,7 +1572,7 @@ crypto_encrypt(
)
{
EVP_PKEY *pkey; /* public key */
EVP_MD_CTX ctx; /* signature context */
EVP_MD_CTX *ctx; /* signature context */
tstamp_t tstamp; /* NTP timestamp */
u_int32 temp32;
u_char *puch;
@ -1592,7 +1600,7 @@ crypto_encrypt(
puch = vp->ptr;
temp32 = htonl(*cookie);
if (RSA_public_encrypt(4, (u_char *)&temp32, puch,
pkey->pkey.rsa, RSA_PKCS1_OAEP_PADDING) <= 0) {
EVP_PKEY_get0_RSA(pkey), RSA_PKCS1_OAEP_PADDING) <= 0) {
msyslog(LOG_ERR, "crypto_encrypt: %s",
ERR_error_string(ERR_get_error(), NULL));
free(vp->ptr);
@ -1604,13 +1612,15 @@ crypto_encrypt(
return (XEVNT_OK);
vp->sig = emalloc(sign_siglen);
EVP_SignInit(&ctx, sign_digest);
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(&ctx, vp->ptr, vallen);
if (EVP_SignFinal(&ctx, vp->sig, &vallen, sign_pkey)) {
ctx = EVP_MD_CTX_new();
EVP_SignInit(ctx, sign_digest);
EVP_SignUpdate(ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(ctx, vp->ptr, vallen);
if (EVP_SignFinal(ctx, vp->sig, &vallen, sign_pkey)) {
INSIST(vallen <= sign_siglen);
vp->siglen = htonl(vallen);
}
EVP_MD_CTX_free(ctx);
return (XEVNT_OK);
}
@ -1817,7 +1827,7 @@ crypto_send(
void
crypto_update(void)
{
EVP_MD_CTX ctx; /* message digest context */
EVP_MD_CTX *ctx; /* message digest context */
struct cert_info *cp; /* certificate info/value */
char statstr[NTP_MAXSTRLEN]; /* statistics for filegen */
u_int32 *ptr;
@ -1828,6 +1838,8 @@ crypto_update(void)
if (hostval.tstamp == 0)
return;
ctx = EVP_MD_CTX_new();
/*
* Sign public key and timestamps. The filestamp is derived from
* the host key file extension from wherever the file was
@ -1838,10 +1850,10 @@ crypto_update(void)
pubkey.siglen = 0;
if (pubkey.sig == NULL)
pubkey.sig = emalloc(sign_siglen);
EVP_SignInit(&ctx, sign_digest);
EVP_SignUpdate(&ctx, (u_char *)&pubkey, 12);
EVP_SignUpdate(&ctx, pubkey.ptr, ntohl(pubkey.vallen));
if (EVP_SignFinal(&ctx, pubkey.sig, &len, sign_pkey)) {
EVP_SignInit(ctx, sign_digest);
EVP_SignUpdate(ctx, (u_char *)&pubkey, 12);
EVP_SignUpdate(ctx, pubkey.ptr, ntohl(pubkey.vallen));
if (EVP_SignFinal(ctx, pubkey.sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
pubkey.siglen = htonl(len);
}
@ -1858,11 +1870,11 @@ crypto_update(void)
cp->cert.siglen = 0;
if (cp->cert.sig == NULL)
cp->cert.sig = emalloc(sign_siglen);
EVP_SignInit(&ctx, sign_digest);
EVP_SignUpdate(&ctx, (u_char *)&cp->cert, 12);
EVP_SignUpdate(&ctx, cp->cert.ptr,
EVP_SignInit(ctx, sign_digest);
EVP_SignUpdate(ctx, (u_char *)&cp->cert, 12);
EVP_SignUpdate(ctx, cp->cert.ptr,
ntohl(cp->cert.vallen));
if (EVP_SignFinal(&ctx, cp->cert.sig, &len, sign_pkey)) {
if (EVP_SignFinal(ctx, cp->cert.sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
cp->cert.siglen = htonl(len);
}
@ -1909,10 +1921,10 @@ crypto_update(void)
}
if (tai_leap.sig == NULL)
tai_leap.sig = emalloc(sign_siglen);
EVP_SignInit(&ctx, sign_digest);
EVP_SignUpdate(&ctx, (u_char *)&tai_leap, 12);
EVP_SignUpdate(&ctx, tai_leap.ptr, len);
if (EVP_SignFinal(&ctx, tai_leap.sig, &len, sign_pkey)) {
EVP_SignInit(ctx, sign_digest);
EVP_SignUpdate(ctx, (u_char *)&tai_leap, 12);
EVP_SignUpdate(ctx, tai_leap.ptr, len);
if (EVP_SignFinal(ctx, tai_leap.sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
tai_leap.siglen = htonl(len);
}
@ -1922,6 +1934,7 @@ crypto_update(void)
ntohl(hostval.tstamp));
record_crypto_stats(NULL, statstr);
DPRINTF(1, ("crypto_update: %s\n", statstr));
EVP_MD_CTX_free(ctx);
}
/*
@ -2061,7 +2074,7 @@ bighash(
BIGNUM *bk /* BIGNUM * to */
)
{
EVP_MD_CTX ctx; /* message digest context */
EVP_MD_CTX *ctx; /* message digest context */
u_char dgst[EVP_MAX_MD_SIZE]; /* message digest */
u_char *ptr; /* a BIGNUM as binary string */
u_int len;
@ -2069,9 +2082,11 @@ bighash(
len = BN_num_bytes(bn);
ptr = emalloc(len);
BN_bn2bin(bn, ptr);
EVP_DigestInit(&ctx, EVP_md5());
EVP_DigestUpdate(&ctx, ptr, len);
EVP_DigestFinal(&ctx, dgst, &len);
ctx = EVP_MD_CTX_new();
EVP_DigestInit(ctx, EVP_md5());
EVP_DigestUpdate(ctx, ptr, len);
EVP_DigestFinal(ctx, dgst, &len);
EVP_MD_CTX_free(ctx);
BN_bin2bn(dgst, len, bk);
free(ptr);
}
@ -2139,9 +2154,10 @@ crypto_alice(
{
DSA *dsa; /* IFF parameters */
BN_CTX *bctx; /* BIGNUM context */
EVP_MD_CTX ctx; /* signature context */
EVP_MD_CTX *ctx; /* signature context */
tstamp_t tstamp;
u_int len;
const BIGNUM *q;
/*
* The identity parameters must have correct format and content.
@ -2151,7 +2167,7 @@ crypto_alice(
return (XEVNT_ID);
}
if ((dsa = peer->ident_pkey->pkey->pkey.dsa) == NULL) {
if ((dsa = EVP_PKEY_get0_DSA(peer->ident_pkey->pkey)) == NULL) {
msyslog(LOG_NOTICE, "crypto_alice: defective key");
return (XEVNT_PUB);
}
@ -2162,10 +2178,11 @@ crypto_alice(
if (peer->iffval != NULL)
BN_free(peer->iffval);
peer->iffval = BN_new();
len = BN_num_bytes(dsa->q);
DSA_get0_pqg(dsa, NULL, &q, NULL);
len = BN_num_bytes(q);
BN_rand(peer->iffval, len * 8, -1, 1); /* r mod q*/
bctx = BN_CTX_new();
BN_mod(peer->iffval, peer->iffval, dsa->q, bctx);
BN_mod(peer->iffval, peer->iffval, q, bctx);
BN_CTX_free(bctx);
/*
@ -2182,13 +2199,15 @@ crypto_alice(
return (XEVNT_OK);
vp->sig = emalloc(sign_siglen);
EVP_SignInit(&ctx, sign_digest);
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(&ctx, vp->ptr, len);
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
ctx = EVP_MD_CTX_new();
EVP_SignInit(ctx, sign_digest);
EVP_SignUpdate(ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(ctx, vp->ptr, len);
if (EVP_SignFinal(ctx, vp->sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
}
EVP_MD_CTX_free(ctx);
return (XEVNT_OK);
}
@ -2210,11 +2229,13 @@ crypto_bob(
DSA *dsa; /* IFF parameters */
DSA_SIG *sdsa; /* DSA signature context fake */
BN_CTX *bctx; /* BIGNUM context */
EVP_MD_CTX ctx; /* signature context */
EVP_MD_CTX *ctx; /* signature context */
tstamp_t tstamp; /* NTP timestamp */
BIGNUM *bn, *bk, *r;
u_char *ptr;
u_int len; /* extension field value length */
const BIGNUM *p, *q, *g;
const BIGNUM *priv_key;
/*
* If the IFF parameters are not valid, something awful
@ -2224,7 +2245,9 @@ crypto_bob(
msyslog(LOG_NOTICE, "crypto_bob: scheme unavailable");
return (XEVNT_ID);
}
dsa = iffkey_info->pkey->pkey.dsa;
dsa = EVP_PKEY_get0_DSA(iffkey_info->pkey);
DSA_get0_pqg(dsa, &p, &q, &g);
DSA_get0_key(dsa, NULL, &priv_key);
/*
* Extract r from the challenge.
@ -2245,15 +2268,14 @@ crypto_bob(
bctx = BN_CTX_new(); bk = BN_new(); bn = BN_new();
sdsa = DSA_SIG_new();
BN_rand(bk, len * 8, -1, 1); /* k */
BN_mod_mul(bn, dsa->priv_key, r, dsa->q, bctx); /* b r mod q */
BN_mod_mul(bn, priv_key, r, q, bctx); /* b r mod q */
BN_add(bn, bn, bk);
BN_mod(bn, bn, dsa->q, bctx); /* k + b r mod q */
sdsa->r = BN_dup(bn);
BN_mod_exp(bk, dsa->g, bk, dsa->p, bctx); /* g^k mod p */
BN_mod(bn, bn, q, bctx); /* k + b r mod q */
BN_mod_exp(bk, g, bk, p, bctx); /* g^k mod p */
bighash(bk, bk);
sdsa->s = BN_dup(bk);
DSA_SIG_set0(sdsa, bn, bk);
BN_CTX_free(bctx);
BN_free(r); BN_free(bn); BN_free(bk);
BN_free(r);
#ifdef DEBUG
if (debug > 1)
DSA_print_fp(stdout, dsa, 0);
@ -2290,13 +2312,15 @@ crypto_bob(
/* XXX: more validation to make sure the sign fits... */
vp->sig = emalloc(sign_siglen);
EVP_SignInit(&ctx, sign_digest);
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(&ctx, vp->ptr, len);
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
ctx = EVP_MD_CTX_new();
EVP_SignInit(ctx, sign_digest);
EVP_SignUpdate(ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(ctx, vp->ptr, len);
if (EVP_SignFinal(ctx, vp->sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
}
EVP_MD_CTX_free(ctx);
return (XEVNT_OK);
}
@ -2323,6 +2347,9 @@ crypto_iff(
u_int len;
const u_char *ptr;
int temp;
const BIGNUM *p, *g;
const BIGNUM *r, *s;
const BIGNUM *pub_key;
/*
* If the IFF parameters are not valid or no challenge was sent,
@ -2337,7 +2364,7 @@ crypto_iff(
ntohl(ep->fstamp));
return (XEVNT_FSP);
}
if ((dsa = peer->ident_pkey->pkey->pkey.dsa) == NULL) {
if ((dsa = EVP_PKEY_get0_DSA(peer->ident_pkey->pkey)) == NULL) {
msyslog(LOG_NOTICE, "crypto_iff: defective key");
return (XEVNT_PUB);
}
@ -2362,15 +2389,18 @@ crypto_iff(
/*
* Compute g^(k + b r) g^(q - b)r mod p.
*/
BN_mod_exp(bn, dsa->pub_key, peer->iffval, dsa->p, bctx);
BN_mod_exp(bk, dsa->g, sdsa->r, dsa->p, bctx);
BN_mod_mul(bn, bn, bk, dsa->p, bctx);
DSA_get0_key(dsa, &pub_key, NULL);
DSA_get0_pqg(dsa, &p, NULL, &g);
DSA_SIG_get0(sdsa, &r, &s);
BN_mod_exp(bn, pub_key, peer->iffval, p, bctx);
BN_mod_exp(bk, g, r, p, bctx);
BN_mod_mul(bn, bn, bk, p, bctx);
/*
* Verify the hash of the result matches hash(x).
*/
bighash(bn, bn);
temp = BN_cmp(bn, sdsa->s);
temp = BN_cmp(bn, s);
BN_free(bn); BN_free(bk); BN_CTX_free(bctx);
BN_free(peer->iffval);
peer->iffval = NULL;
@ -2456,9 +2486,10 @@ crypto_alice2(
{
RSA *rsa; /* GQ parameters */
BN_CTX *bctx; /* BIGNUM context */
EVP_MD_CTX ctx; /* signature context */
EVP_MD_CTX *ctx; /* signature context */
tstamp_t tstamp;
u_int len;
const BIGNUM *n;
/*
* The identity parameters must have correct format and content.
@ -2466,7 +2497,7 @@ crypto_alice2(
if (peer->ident_pkey == NULL)
return (XEVNT_ID);
if ((rsa = peer->ident_pkey->pkey->pkey.rsa) == NULL) {
if ((rsa = EVP_PKEY_get0_RSA(peer->ident_pkey->pkey)) == NULL) {
msyslog(LOG_NOTICE, "crypto_alice2: defective key");
return (XEVNT_PUB);
}
@ -2477,10 +2508,11 @@ crypto_alice2(
if (peer->iffval != NULL)
BN_free(peer->iffval);
peer->iffval = BN_new();
len = BN_num_bytes(rsa->n);
RSA_get0_key(rsa, &n, NULL, NULL);
len = BN_num_bytes(n);
BN_rand(peer->iffval, len * 8, -1, 1); /* r mod n */
bctx = BN_CTX_new();
BN_mod(peer->iffval, peer->iffval, rsa->n, bctx);
BN_mod(peer->iffval, peer->iffval, n, bctx);
BN_CTX_free(bctx);
/*
@ -2497,13 +2529,15 @@ crypto_alice2(
return (XEVNT_OK);
vp->sig = emalloc(sign_siglen);
EVP_SignInit(&ctx, sign_digest);
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(&ctx, vp->ptr, len);
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
ctx = EVP_MD_CTX_new();
EVP_SignInit(ctx, sign_digest);
EVP_SignUpdate(ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(ctx, vp->ptr, len);
if (EVP_SignFinal(ctx, vp->sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
}
EVP_MD_CTX_free(ctx);
return (XEVNT_OK);
}
@ -2525,12 +2559,13 @@ crypto_bob2(
RSA *rsa; /* GQ parameters */
DSA_SIG *sdsa; /* DSA parameters */
BN_CTX *bctx; /* BIGNUM context */
EVP_MD_CTX ctx; /* signature context */
EVP_MD_CTX *ctx; /* signature context */
tstamp_t tstamp; /* NTP timestamp */
BIGNUM *r, *k, *g, *y;
u_char *ptr;
u_int len;
int s_len;
const BIGNUM *n, *p, *e;
/*
* If the GQ parameters are not valid, something awful
@ -2540,7 +2575,8 @@ crypto_bob2(
msyslog(LOG_NOTICE, "crypto_bob2: scheme unavailable");
return (XEVNT_ID);
}
rsa = gqkey_info->pkey->pkey.rsa;
rsa = EVP_PKEY_get0_RSA(gqkey_info->pkey);
RSA_get0_key(rsa, &n, &p, &e);
/*
* Extract r from the challenge.
@ -2561,15 +2597,14 @@ crypto_bob2(
bctx = BN_CTX_new(); k = BN_new(); g = BN_new(); y = BN_new();
sdsa = DSA_SIG_new();
BN_rand(k, len * 8, -1, 1); /* k */
BN_mod(k, k, rsa->n, bctx);
BN_mod_exp(y, rsa->p, r, rsa->n, bctx); /* u^r mod n */
BN_mod_mul(y, k, y, rsa->n, bctx); /* k u^r mod n */
sdsa->r = BN_dup(y);
BN_mod_exp(g, k, rsa->e, rsa->n, bctx); /* k^b mod n */
BN_mod(k, k, n, bctx);
BN_mod_exp(y, p, r, n, bctx); /* u^r mod n */
BN_mod_mul(y, k, y, n, bctx); /* k u^r mod n */
BN_mod_exp(g, k, e, n, bctx); /* k^b mod n */
bighash(g, g);
sdsa->s = BN_dup(g);
DSA_SIG_set0(sdsa, y, g);
BN_CTX_free(bctx);
BN_free(r); BN_free(k); BN_free(g); BN_free(y);
BN_free(r); BN_free(k);
#ifdef DEBUG
if (debug > 1)
RSA_print_fp(stdout, rsa, 0);
@ -2599,13 +2634,15 @@ crypto_bob2(
return (XEVNT_OK);
vp->sig = emalloc(sign_siglen);
EVP_SignInit(&ctx, sign_digest);
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(&ctx, vp->ptr, len);
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
ctx = EVP_MD_CTX_new();
EVP_SignInit(ctx, sign_digest);
EVP_SignUpdate(ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(ctx, vp->ptr, len);
if (EVP_SignFinal(ctx, vp->sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
}
EVP_MD_CTX_free(ctx);
return (XEVNT_OK);
}
@ -2633,6 +2670,8 @@ crypto_gq(
const u_char *ptr;
long len;
u_int temp;
const BIGNUM *n, *e;
const BIGNUM *r, *s;
/*
* If the GQ parameters are not valid or no challenge was sent,
@ -2649,10 +2688,11 @@ crypto_gq(
ntohl(ep->fstamp));
return (XEVNT_FSP);
}
if ((rsa = peer->ident_pkey->pkey->pkey.rsa) == NULL) {
if ((rsa = EVP_PKEY_get0_RSA(peer->ident_pkey->pkey)) == NULL) {
msyslog(LOG_NOTICE, "crypto_gq: defective key");
return (XEVNT_PUB);
}
RSA_get0_key(rsa, &n, NULL, &e);
if (peer->iffval == NULL) {
msyslog(LOG_NOTICE, "crypto_gq: missing challenge");
return (XEVNT_ID);
@ -2671,6 +2711,7 @@ crypto_gq(
ERR_error_string(ERR_get_error(), NULL));
return (XEVNT_ERR);
}
DSA_SIG_get0(sdsa, &r, &s);
/*
* Compute v^r y^b mod n.
@ -2679,16 +2720,16 @@ crypto_gq(
msyslog(LOG_NOTICE, "crypto_gq: missing group key");
return (XEVNT_ID);
}
BN_mod_exp(v, peer->grpkey, peer->iffval, rsa->n, bctx);
BN_mod_exp(v, peer->grpkey, peer->iffval, n, bctx);
/* v^r mod n */
BN_mod_exp(y, sdsa->r, rsa->e, rsa->n, bctx); /* y^b mod n */
BN_mod_mul(y, v, y, rsa->n, bctx); /* v^r y^b mod n */
BN_mod_exp(y, r, e, n, bctx); /* y^b mod n */
BN_mod_mul(y, v, y, n, bctx); /* v^r y^b mod n */
/*
* Verify the hash of the result matches hash(x).
*/
bighash(y, y);
temp = BN_cmp(y, sdsa->s);
temp = BN_cmp(y, s);
BN_CTX_free(bctx); BN_free(y); BN_free(v);
BN_free(peer->iffval);
peer->iffval = NULL;
@ -2789,9 +2830,10 @@ crypto_alice3(
{
DSA *dsa; /* MV parameters */
BN_CTX *bctx; /* BIGNUM context */
EVP_MD_CTX ctx; /* signature context */
EVP_MD_CTX *ctx; /* signature context */
tstamp_t tstamp;
u_int len;
const BIGNUM *p;
/*
* The identity parameters must have correct format and content.
@ -2799,10 +2841,11 @@ crypto_alice3(
if (peer->ident_pkey == NULL)
return (XEVNT_ID);
if ((dsa = peer->ident_pkey->pkey->pkey.dsa) == NULL) {
if ((dsa = EVP_PKEY_get0_DSA(peer->ident_pkey->pkey)) == NULL) {
msyslog(LOG_NOTICE, "crypto_alice3: defective key");
return (XEVNT_PUB);
}
DSA_get0_pqg(dsa, &p, NULL, NULL);
/*
* Roll new random r (0 < r < q).
@ -2810,10 +2853,10 @@ crypto_alice3(
if (peer->iffval != NULL)
BN_free(peer->iffval);
peer->iffval = BN_new();
len = BN_num_bytes(dsa->p);
len = BN_num_bytes(p);
BN_rand(peer->iffval, len * 8, -1, 1); /* r mod p */
bctx = BN_CTX_new();
BN_mod(peer->iffval, peer->iffval, dsa->p, bctx);
BN_mod(peer->iffval, peer->iffval, p, bctx);
BN_CTX_free(bctx);
/*
@ -2830,13 +2873,15 @@ crypto_alice3(
return (XEVNT_OK);
vp->sig = emalloc(sign_siglen);
EVP_SignInit(&ctx, sign_digest);
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(&ctx, vp->ptr, len);
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
ctx = EVP_MD_CTX_new();
EVP_SignInit(ctx, sign_digest);
EVP_SignUpdate(ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(ctx, vp->ptr, len);
if (EVP_SignFinal(ctx, vp->sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
}
EVP_MD_CTX_free(ctx);
return (XEVNT_OK);
}
@ -2857,11 +2902,14 @@ crypto_bob3(
DSA *dsa; /* MV parameters */
DSA *sdsa; /* DSA signature context fake */
BN_CTX *bctx; /* BIGNUM context */
EVP_MD_CTX ctx; /* signature context */
EVP_MD_CTX *ctx; /* signature context */
tstamp_t tstamp; /* NTP timestamp */
BIGNUM *r, *k, *u;
u_char *ptr;
u_int len;
const BIGNUM *p, *q, *g;
const BIGNUM *pub_key, *priv_key;
BIGNUM *sp, *sq, *sg;
/*
* If the MV parameters are not valid, something awful
@ -2871,7 +2919,9 @@ crypto_bob3(
msyslog(LOG_NOTICE, "crypto_bob3: scheme unavailable");
return (XEVNT_ID);
}
dsa = mvkey_info->pkey->pkey.dsa;
dsa = EVP_PKEY_get0_DSA(mvkey_info->pkey);
DSA_get0_pqg(dsa, &p, &q, &g);
DSA_get0_key(dsa, &pub_key, &priv_key);
/*
* Extract r from the challenge.
@ -2892,18 +2942,20 @@ crypto_bob3(
*/
bctx = BN_CTX_new(); k = BN_new(); u = BN_new();
sdsa = DSA_new();
sdsa->p = BN_new(); sdsa->q = BN_new(); sdsa->g = BN_new();
sp = BN_new(); sq = BN_new(); sg = BN_new();
while (1) {
BN_rand(k, BN_num_bits(dsa->q), 0, 0);
BN_mod(k, k, dsa->q, bctx);
BN_gcd(u, k, dsa->q, bctx);
BN_rand(k, BN_num_bits(q), 0, 0);
BN_mod(k, k, q, bctx);
BN_gcd(u, k, q, bctx);
if (BN_is_one(u))
break;
}
BN_mod_exp(u, dsa->g, k, dsa->p, bctx); /* A^k r */
BN_mod_mul(sdsa->p, u, r, dsa->p, bctx);
BN_mod_exp(sdsa->q, dsa->priv_key, k, dsa->p, bctx); /* gbar */
BN_mod_exp(sdsa->g, dsa->pub_key, k, dsa->p, bctx); /* ghat */
BN_mod_exp(u, g, k, p, bctx); /* A^k r */
BN_mod_mul(sp, u, r, p, bctx);
BN_mod_exp(sq, priv_key, k, p, bctx); /* gbar */
BN_mod_exp(sg, pub_key, k, p, bctx); /* ghat */
DSA_set0_key(sdsa, BN_dup(pub_key), NULL);
DSA_set0_pqg(sdsa, sp, sq, sg);
BN_CTX_free(bctx); BN_free(k); BN_free(r); BN_free(u);
#ifdef DEBUG
if (debug > 1)
@ -2934,13 +2986,15 @@ crypto_bob3(
return (XEVNT_OK);
vp->sig = emalloc(sign_siglen);
EVP_SignInit(&ctx, sign_digest);
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(&ctx, vp->ptr, len);
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
ctx = EVP_MD_CTX_new();
EVP_SignInit(ctx, sign_digest);
EVP_SignUpdate(ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(ctx, vp->ptr, len);
if (EVP_SignFinal(ctx, vp->sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
}
EVP_MD_CTX_free(ctx);
return (XEVNT_OK);
}
@ -2968,6 +3022,9 @@ crypto_mv(
u_int len;
const u_char *ptr;
int temp;
const BIGNUM *p;
const BIGNUM *pub_key, *priv_key;
const BIGNUM *sp, *sq, *sg;
/*
* If the MV parameters are not valid or no challenge was sent,
@ -2982,10 +3039,12 @@ crypto_mv(
ntohl(ep->fstamp));
return (XEVNT_FSP);
}
if ((dsa = peer->ident_pkey->pkey->pkey.dsa) == NULL) {
if ((dsa = EVP_PKEY_get0_DSA(peer->ident_pkey->pkey)) == NULL) {
msyslog(LOG_NOTICE, "crypto_mv: defective key");
return (XEVNT_PUB);
}
DSA_get0_pqg(dsa, &p, NULL, NULL);
DSA_get0_key(dsa, &pub_key, &priv_key);
if (peer->iffval == NULL) {
msyslog(LOG_NOTICE, "crypto_mv: missing challenge");
return (XEVNT_ID);
@ -3002,14 +3061,15 @@ crypto_mv(
ERR_error_string(ERR_get_error(), NULL));
return (XEVNT_ERR);
}
DSA_get0_pqg(sdsa, &sp, &sq, &sg);
/*
* Compute (gbar^xhat ghat^xbar) mod p.
*/
BN_mod_exp(u, sdsa->q, dsa->pub_key, dsa->p, bctx);
BN_mod_exp(v, sdsa->g, dsa->priv_key, dsa->p, bctx);
BN_mod_mul(u, u, v, dsa->p, bctx);
BN_mod_mul(u, u, sdsa->p, dsa->p, bctx);
BN_mod_exp(u, sq, pub_key, p, bctx);
BN_mod_exp(v, sg, priv_key, p, bctx);
BN_mod_mul(u, u, v, p, bctx);
BN_mod_mul(u, u, sp, p, bctx);
/*
* The result should match r.
@ -3080,7 +3140,7 @@ cert_sign(
ASN1_INTEGER *serial; /* serial number */
X509_NAME *subj; /* distinguished (common) name */
EVP_PKEY *pkey; /* public key */
EVP_MD_CTX ctx; /* message digest context */
EVP_MD_CTX *ctx; /* message digest context */
tstamp_t tstamp; /* NTP timestamp */
struct calendar tscal;
u_int len;
@ -3176,13 +3236,15 @@ cert_sign(
vp->siglen = 0;
if (tstamp != 0) {
vp->sig = emalloc(sign_siglen);
EVP_SignInit(&ctx, sign_digest);
EVP_SignUpdate(&ctx, (u_char *)vp, 12);
EVP_SignUpdate(&ctx, vp->ptr, len);
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
ctx = EVP_MD_CTX_new();
EVP_SignInit(ctx, sign_digest);
EVP_SignUpdate(ctx, (u_char *)vp, 12);
EVP_SignUpdate(ctx, vp->ptr, len);
if (EVP_SignFinal(ctx, vp->sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
}
EVP_MD_CTX_free(ctx);
}
#ifdef DEBUG
if (debug > 1)
@ -3368,13 +3430,12 @@ cert_parse(
)
{
X509 *cert; /* X509 certificate */
X509_EXTENSION *ext; /* X509v3 extension */
struct cert_info *ret; /* certificate info/value */
BIO *bp;
char pathbuf[MAXFILENAME];
const u_char *ptr;
char *pch;
int temp, cnt, i;
int cnt, i;
struct calendar fscal;
/*
@ -3422,7 +3483,7 @@ cert_parse(
* objects at this time, since the real crunch can happen only
* when the time is valid but not yet certificated.
*/
ret->nid = OBJ_obj2nid(cert->cert_info->signature->algorithm);
ret->nid = X509_get_signature_nid(cert);
ret->digest = (const EVP_MD *)EVP_get_digestbynid(ret->nid);
ret->serial =
(u_long)ASN1_INTEGER_get(X509_get_serialNumber(cert));
@ -3446,9 +3507,16 @@ cert_parse(
*/
cnt = X509_get_ext_count(cert);
for (i = 0; i < cnt; i++) {
X509_EXTENSION *ext;
ASN1_OBJECT *obj;
int nid;
ASN1_OCTET_STRING *data;
ext = X509_get_ext(cert, i);
temp = OBJ_obj2nid(ext->object);
switch (temp) {
obj = X509_EXTENSION_get_object(ext);
nid = OBJ_obj2nid(obj);
switch (nid) {
/*
* If a key_usage field is present, we decode whether
@ -3466,7 +3534,7 @@ cert_parse(
else if (strcmp(pathbuf, "Private") == 0)
ret->flags |= CERT_PRIV;
DPRINTF(1, ("cert_parse: %s: %s\n",
OBJ_nid2ln(temp), pathbuf));
OBJ_nid2ln(nid), pathbuf));
break;
/*
@ -3474,12 +3542,13 @@ cert_parse(
* contains the GQ public key.
*/
case NID_subject_key_identifier:
ret->grpkey = BN_bin2bn(&ext->value->data[2],
ext->value->length - 2, NULL);
data = X509_EXTENSION_get_data(ext);
ret->grpkey = BN_bin2bn(&data->data[2],
data->length - 2, NULL);
/* fall through */
default:
DPRINTF(1, ("cert_parse: %s\n",
OBJ_nid2ln(temp)));
OBJ_nid2ln(nid)));
break;
}
}
@ -3669,10 +3738,10 @@ crypto_key(
DPRINTF(1, ("crypto_key: %s\n", statstr));
#ifdef DEBUG
if (debug > 1) {
if (pkey->type == EVP_PKEY_DSA)
DSA_print_fp(stdout, pkey->pkey.dsa, 0);
else if (pkey->type == EVP_PKEY_RSA)
RSA_print_fp(stdout, pkey->pkey.rsa, 0);
if (EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA)
DSA_print_fp(stdout, EVP_PKEY_get0_DSA(pkey), 0);
else if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA)
RSA_print_fp(stdout, EVP_PKEY_get0_RSA(pkey), 0);
}
#endif
return (pkp);
@ -3882,7 +3951,7 @@ crypto_setup(void)
filename);
exit (-1);
}
if (pinfo->pkey->type != EVP_PKEY_RSA) {
if (EVP_PKEY_base_id(pinfo->pkey) != EVP_PKEY_RSA) {
msyslog(LOG_ERR,
"crypto_setup: host key is not RSA key type");
exit (-1);

File diff suppressed because it is too large Load Diff

View File

@ -701,9 +701,10 @@ local_clock(
* where the FLL becomes effective.
*/
if (sys_poll >= allan_xpt)
clock_frequency += (fp_offset -
clock_offset) / max(ULOGTOD(sys_poll),
mu) * CLOCK_FLL;
clock_frequency +=
(fp_offset - clock_offset)
/ ( max(ULOGTOD(sys_poll), mu)
* CLOCK_FLL);
/*
* The PLL frequency gain (numerator) depends on
@ -713,8 +714,8 @@ local_clock(
*/
etemp = min(ULOGTOD(allan_xpt), mu);
dtemp = 4 * CLOCK_PLL * ULOGTOD(sys_poll);
clock_frequency += fp_offset * etemp / (dtemp *
dtemp);
clock_frequency +=
fp_offset * etemp / (dtemp * dtemp);
}
rstclock(EVNT_SYNC, fp_offset);
if (fabs(fp_offset) < CLOCK_FLOOR)

File diff suppressed because it is too large Load Diff

View File

@ -55,191 +55,192 @@ extern int yydebug;
T_Automax = 265,
T_Average = 266,
T_Bclient = 267,
T_Beacon = 268,
T_Broadcast = 269,
T_Broadcastclient = 270,
T_Broadcastdelay = 271,
T_Burst = 272,
T_Calibrate = 273,
T_Ceiling = 274,
T_Clockstats = 275,
T_Cohort = 276,
T_ControlKey = 277,
T_Crypto = 278,
T_Cryptostats = 279,
T_Ctl = 280,
T_Day = 281,
T_Default = 282,
T_Digest = 283,
T_Disable = 284,
T_Discard = 285,
T_Dispersion = 286,
T_Double = 287,
T_Driftfile = 288,
T_Drop = 289,
T_Dscp = 290,
T_Ellipsis = 291,
T_Enable = 292,
T_End = 293,
T_False = 294,
T_File = 295,
T_Filegen = 296,
T_Filenum = 297,
T_Flag1 = 298,
T_Flag2 = 299,
T_Flag3 = 300,
T_Flag4 = 301,
T_Flake = 302,
T_Floor = 303,
T_Freq = 304,
T_Fudge = 305,
T_Host = 306,
T_Huffpuff = 307,
T_Iburst = 308,
T_Ident = 309,
T_Ignore = 310,
T_Incalloc = 311,
T_Incmem = 312,
T_Initalloc = 313,
T_Initmem = 314,
T_Includefile = 315,
T_Integer = 316,
T_Interface = 317,
T_Intrange = 318,
T_Io = 319,
T_Ipv4 = 320,
T_Ipv4_flag = 321,
T_Ipv6 = 322,
T_Ipv6_flag = 323,
T_Kernel = 324,
T_Key = 325,
T_Keys = 326,
T_Keysdir = 327,
T_Kod = 328,
T_Mssntp = 329,
T_Leapfile = 330,
T_Leapsmearinterval = 331,
T_Limited = 332,
T_Link = 333,
T_Listen = 334,
T_Logconfig = 335,
T_Logfile = 336,
T_Loopstats = 337,
T_Lowpriotrap = 338,
T_Manycastclient = 339,
T_Manycastserver = 340,
T_Mask = 341,
T_Maxage = 342,
T_Maxclock = 343,
T_Maxdepth = 344,
T_Maxdist = 345,
T_Maxmem = 346,
T_Maxpoll = 347,
T_Mdnstries = 348,
T_Mem = 349,
T_Memlock = 350,
T_Minclock = 351,
T_Mindepth = 352,
T_Mindist = 353,
T_Minimum = 354,
T_Minpoll = 355,
T_Minsane = 356,
T_Mode = 357,
T_Mode7 = 358,
T_Monitor = 359,
T_Month = 360,
T_Mru = 361,
T_Multicastclient = 362,
T_Nic = 363,
T_Nolink = 364,
T_Nomodify = 365,
T_Nomrulist = 366,
T_None = 367,
T_Nonvolatile = 368,
T_Nopeer = 369,
T_Noquery = 370,
T_Noselect = 371,
T_Noserve = 372,
T_Notrap = 373,
T_Notrust = 374,
T_Ntp = 375,
T_Ntpport = 376,
T_NtpSignDsocket = 377,
T_Orphan = 378,
T_Orphanwait = 379,
T_PCEdigest = 380,
T_Panic = 381,
T_Peer = 382,
T_Peerstats = 383,
T_Phone = 384,
T_Pid = 385,
T_Pidfile = 386,
T_Pool = 387,
T_Port = 388,
T_Preempt = 389,
T_Prefer = 390,
T_Protostats = 391,
T_Pw = 392,
T_Randfile = 393,
T_Rawstats = 394,
T_Refid = 395,
T_Requestkey = 396,
T_Reset = 397,
T_Restrict = 398,
T_Revoke = 399,
T_Rlimit = 400,
T_Saveconfigdir = 401,
T_Server = 402,
T_Setvar = 403,
T_Source = 404,
T_Stacksize = 405,
T_Statistics = 406,
T_Stats = 407,
T_Statsdir = 408,
T_Step = 409,
T_Stepback = 410,
T_Stepfwd = 411,
T_Stepout = 412,
T_Stratum = 413,
T_String = 414,
T_Sys = 415,
T_Sysstats = 416,
T_Tick = 417,
T_Time1 = 418,
T_Time2 = 419,
T_Timer = 420,
T_Timingstats = 421,
T_Tinker = 422,
T_Tos = 423,
T_Trap = 424,
T_True = 425,
T_Trustedkey = 426,
T_Ttl = 427,
T_Type = 428,
T_U_int = 429,
T_UEcrypto = 430,
T_UEcryptonak = 431,
T_UEdigest = 432,
T_Unconfig = 433,
T_Unpeer = 434,
T_Version = 435,
T_WanderThreshold = 436,
T_Week = 437,
T_Wildcard = 438,
T_Xleave = 439,
T_Year = 440,
T_Flag = 441,
T_EOC = 442,
T_Simulate = 443,
T_Beep_Delay = 444,
T_Sim_Duration = 445,
T_Server_Offset = 446,
T_Duration = 447,
T_Freq_Offset = 448,
T_Wander = 449,
T_Jitter = 450,
T_Prop_Delay = 451,
T_Proc_Delay = 452
T_Bcpollbstep = 268,
T_Beacon = 269,
T_Broadcast = 270,
T_Broadcastclient = 271,
T_Broadcastdelay = 272,
T_Burst = 273,
T_Calibrate = 274,
T_Ceiling = 275,
T_Clockstats = 276,
T_Cohort = 277,
T_ControlKey = 278,
T_Crypto = 279,
T_Cryptostats = 280,
T_Ctl = 281,
T_Day = 282,
T_Default = 283,
T_Digest = 284,
T_Disable = 285,
T_Discard = 286,
T_Dispersion = 287,
T_Double = 288,
T_Driftfile = 289,
T_Drop = 290,
T_Dscp = 291,
T_Ellipsis = 292,
T_Enable = 293,
T_End = 294,
T_False = 295,
T_File = 296,
T_Filegen = 297,
T_Filenum = 298,
T_Flag1 = 299,
T_Flag2 = 300,
T_Flag3 = 301,
T_Flag4 = 302,
T_Flake = 303,
T_Floor = 304,
T_Freq = 305,
T_Fudge = 306,
T_Host = 307,
T_Huffpuff = 308,
T_Iburst = 309,
T_Ident = 310,
T_Ignore = 311,
T_Incalloc = 312,
T_Incmem = 313,
T_Initalloc = 314,
T_Initmem = 315,
T_Includefile = 316,
T_Integer = 317,
T_Interface = 318,
T_Intrange = 319,
T_Io = 320,
T_Ipv4 = 321,
T_Ipv4_flag = 322,
T_Ipv6 = 323,
T_Ipv6_flag = 324,
T_Kernel = 325,
T_Key = 326,
T_Keys = 327,
T_Keysdir = 328,
T_Kod = 329,
T_Mssntp = 330,
T_Leapfile = 331,
T_Leapsmearinterval = 332,
T_Limited = 333,
T_Link = 334,
T_Listen = 335,
T_Logconfig = 336,
T_Logfile = 337,
T_Loopstats = 338,
T_Lowpriotrap = 339,
T_Manycastclient = 340,
T_Manycastserver = 341,
T_Mask = 342,
T_Maxage = 343,
T_Maxclock = 344,
T_Maxdepth = 345,
T_Maxdist = 346,
T_Maxmem = 347,
T_Maxpoll = 348,
T_Mdnstries = 349,
T_Mem = 350,
T_Memlock = 351,
T_Minclock = 352,
T_Mindepth = 353,
T_Mindist = 354,
T_Minimum = 355,
T_Minpoll = 356,
T_Minsane = 357,
T_Mode = 358,
T_Mode7 = 359,
T_Monitor = 360,
T_Month = 361,
T_Mru = 362,
T_Multicastclient = 363,
T_Nic = 364,
T_Nolink = 365,
T_Nomodify = 366,
T_Nomrulist = 367,
T_None = 368,
T_Nonvolatile = 369,
T_Nopeer = 370,
T_Noquery = 371,
T_Noselect = 372,
T_Noserve = 373,
T_Notrap = 374,
T_Notrust = 375,
T_Ntp = 376,
T_Ntpport = 377,
T_NtpSignDsocket = 378,
T_Orphan = 379,
T_Orphanwait = 380,
T_PCEdigest = 381,
T_Panic = 382,
T_Peer = 383,
T_Peerstats = 384,
T_Phone = 385,
T_Pid = 386,
T_Pidfile = 387,
T_Pool = 388,
T_Port = 389,
T_Preempt = 390,
T_Prefer = 391,
T_Protostats = 392,
T_Pw = 393,
T_Randfile = 394,
T_Rawstats = 395,
T_Refid = 396,
T_Requestkey = 397,
T_Reset = 398,
T_Restrict = 399,
T_Revoke = 400,
T_Rlimit = 401,
T_Saveconfigdir = 402,
T_Server = 403,
T_Setvar = 404,
T_Source = 405,
T_Stacksize = 406,
T_Statistics = 407,
T_Stats = 408,
T_Statsdir = 409,
T_Step = 410,
T_Stepback = 411,
T_Stepfwd = 412,
T_Stepout = 413,
T_Stratum = 414,
T_String = 415,
T_Sys = 416,
T_Sysstats = 417,
T_Tick = 418,
T_Time1 = 419,
T_Time2 = 420,
T_Timer = 421,
T_Timingstats = 422,
T_Tinker = 423,
T_Tos = 424,
T_Trap = 425,
T_True = 426,
T_Trustedkey = 427,
T_Ttl = 428,
T_Type = 429,
T_U_int = 430,
T_UEcrypto = 431,
T_UEcryptonak = 432,
T_UEdigest = 433,
T_Unconfig = 434,
T_Unpeer = 435,
T_Version = 436,
T_WanderThreshold = 437,
T_Week = 438,
T_Wildcard = 439,
T_Xleave = 440,
T_Year = 441,
T_Flag = 442,
T_EOC = 443,
T_Simulate = 444,
T_Beep_Delay = 445,
T_Sim_Duration = 446,
T_Server_Offset = 447,
T_Duration = 448,
T_Freq_Offset = 449,
T_Wander = 450,
T_Jitter = 451,
T_Prop_Delay = 452,
T_Proc_Delay = 453
};
#endif
/* Tokens. */
@ -253,191 +254,192 @@ extern int yydebug;
#define T_Automax 265
#define T_Average 266
#define T_Bclient 267
#define T_Beacon 268
#define T_Broadcast 269
#define T_Broadcastclient 270
#define T_Broadcastdelay 271
#define T_Burst 272
#define T_Calibrate 273
#define T_Ceiling 274
#define T_Clockstats 275
#define T_Cohort 276
#define T_ControlKey 277
#define T_Crypto 278
#define T_Cryptostats 279
#define T_Ctl 280
#define T_Day 281
#define T_Default 282
#define T_Digest 283
#define T_Disable 284
#define T_Discard 285
#define T_Dispersion 286
#define T_Double 287
#define T_Driftfile 288
#define T_Drop 289
#define T_Dscp 290
#define T_Ellipsis 291
#define T_Enable 292
#define T_End 293
#define T_False 294
#define T_File 295
#define T_Filegen 296
#define T_Filenum 297
#define T_Flag1 298
#define T_Flag2 299
#define T_Flag3 300
#define T_Flag4 301
#define T_Flake 302
#define T_Floor 303
#define T_Freq 304
#define T_Fudge 305
#define T_Host 306
#define T_Huffpuff 307
#define T_Iburst 308
#define T_Ident 309
#define T_Ignore 310
#define T_Incalloc 311
#define T_Incmem 312
#define T_Initalloc 313
#define T_Initmem 314
#define T_Includefile 315
#define T_Integer 316
#define T_Interface 317
#define T_Intrange 318
#define T_Io 319
#define T_Ipv4 320
#define T_Ipv4_flag 321
#define T_Ipv6 322
#define T_Ipv6_flag 323
#define T_Kernel 324
#define T_Key 325
#define T_Keys 326
#define T_Keysdir 327
#define T_Kod 328
#define T_Mssntp 329
#define T_Leapfile 330
#define T_Leapsmearinterval 331
#define T_Limited 332
#define T_Link 333
#define T_Listen 334
#define T_Logconfig 335
#define T_Logfile 336
#define T_Loopstats 337
#define T_Lowpriotrap 338
#define T_Manycastclient 339
#define T_Manycastserver 340
#define T_Mask 341
#define T_Maxage 342
#define T_Maxclock 343
#define T_Maxdepth 344
#define T_Maxdist 345
#define T_Maxmem 346
#define T_Maxpoll 347
#define T_Mdnstries 348
#define T_Mem 349
#define T_Memlock 350
#define T_Minclock 351
#define T_Mindepth 352
#define T_Mindist 353
#define T_Minimum 354
#define T_Minpoll 355
#define T_Minsane 356
#define T_Mode 357
#define T_Mode7 358
#define T_Monitor 359
#define T_Month 360
#define T_Mru 361
#define T_Multicastclient 362
#define T_Nic 363
#define T_Nolink 364
#define T_Nomodify 365
#define T_Nomrulist 366
#define T_None 367
#define T_Nonvolatile 368
#define T_Nopeer 369
#define T_Noquery 370
#define T_Noselect 371
#define T_Noserve 372
#define T_Notrap 373
#define T_Notrust 374
#define T_Ntp 375
#define T_Ntpport 376
#define T_NtpSignDsocket 377
#define T_Orphan 378
#define T_Orphanwait 379
#define T_PCEdigest 380
#define T_Panic 381
#define T_Peer 382
#define T_Peerstats 383
#define T_Phone 384
#define T_Pid 385
#define T_Pidfile 386
#define T_Pool 387
#define T_Port 388
#define T_Preempt 389
#define T_Prefer 390
#define T_Protostats 391
#define T_Pw 392
#define T_Randfile 393
#define T_Rawstats 394
#define T_Refid 395
#define T_Requestkey 396
#define T_Reset 397
#define T_Restrict 398
#define T_Revoke 399
#define T_Rlimit 400
#define T_Saveconfigdir 401
#define T_Server 402
#define T_Setvar 403
#define T_Source 404
#define T_Stacksize 405
#define T_Statistics 406
#define T_Stats 407
#define T_Statsdir 408
#define T_Step 409
#define T_Stepback 410
#define T_Stepfwd 411
#define T_Stepout 412
#define T_Stratum 413
#define T_String 414
#define T_Sys 415
#define T_Sysstats 416
#define T_Tick 417
#define T_Time1 418
#define T_Time2 419
#define T_Timer 420
#define T_Timingstats 421
#define T_Tinker 422
#define T_Tos 423
#define T_Trap 424
#define T_True 425
#define T_Trustedkey 426
#define T_Ttl 427
#define T_Type 428
#define T_U_int 429
#define T_UEcrypto 430
#define T_UEcryptonak 431
#define T_UEdigest 432
#define T_Unconfig 433
#define T_Unpeer 434
#define T_Version 435
#define T_WanderThreshold 436
#define T_Week 437
#define T_Wildcard 438
#define T_Xleave 439
#define T_Year 440
#define T_Flag 441
#define T_EOC 442
#define T_Simulate 443
#define T_Beep_Delay 444
#define T_Sim_Duration 445
#define T_Server_Offset 446
#define T_Duration 447
#define T_Freq_Offset 448
#define T_Wander 449
#define T_Jitter 450
#define T_Prop_Delay 451
#define T_Proc_Delay 452
#define T_Bcpollbstep 268
#define T_Beacon 269
#define T_Broadcast 270
#define T_Broadcastclient 271
#define T_Broadcastdelay 272
#define T_Burst 273
#define T_Calibrate 274
#define T_Ceiling 275
#define T_Clockstats 276
#define T_Cohort 277
#define T_ControlKey 278
#define T_Crypto 279
#define T_Cryptostats 280
#define T_Ctl 281
#define T_Day 282
#define T_Default 283
#define T_Digest 284
#define T_Disable 285
#define T_Discard 286
#define T_Dispersion 287
#define T_Double 288
#define T_Driftfile 289
#define T_Drop 290
#define T_Dscp 291
#define T_Ellipsis 292
#define T_Enable 293
#define T_End 294
#define T_False 295
#define T_File 296
#define T_Filegen 297
#define T_Filenum 298
#define T_Flag1 299
#define T_Flag2 300
#define T_Flag3 301
#define T_Flag4 302
#define T_Flake 303
#define T_Floor 304
#define T_Freq 305
#define T_Fudge 306
#define T_Host 307
#define T_Huffpuff 308
#define T_Iburst 309
#define T_Ident 310
#define T_Ignore 311
#define T_Incalloc 312
#define T_Incmem 313
#define T_Initalloc 314
#define T_Initmem 315
#define T_Includefile 316
#define T_Integer 317
#define T_Interface 318
#define T_Intrange 319
#define T_Io 320
#define T_Ipv4 321
#define T_Ipv4_flag 322
#define T_Ipv6 323
#define T_Ipv6_flag 324
#define T_Kernel 325
#define T_Key 326
#define T_Keys 327
#define T_Keysdir 328
#define T_Kod 329
#define T_Mssntp 330
#define T_Leapfile 331
#define T_Leapsmearinterval 332
#define T_Limited 333
#define T_Link 334
#define T_Listen 335
#define T_Logconfig 336
#define T_Logfile 337
#define T_Loopstats 338
#define T_Lowpriotrap 339
#define T_Manycastclient 340
#define T_Manycastserver 341
#define T_Mask 342
#define T_Maxage 343
#define T_Maxclock 344
#define T_Maxdepth 345
#define T_Maxdist 346
#define T_Maxmem 347
#define T_Maxpoll 348
#define T_Mdnstries 349
#define T_Mem 350
#define T_Memlock 351
#define T_Minclock 352
#define T_Mindepth 353
#define T_Mindist 354
#define T_Minimum 355
#define T_Minpoll 356
#define T_Minsane 357
#define T_Mode 358
#define T_Mode7 359
#define T_Monitor 360
#define T_Month 361
#define T_Mru 362
#define T_Multicastclient 363
#define T_Nic 364
#define T_Nolink 365
#define T_Nomodify 366
#define T_Nomrulist 367
#define T_None 368
#define T_Nonvolatile 369
#define T_Nopeer 370
#define T_Noquery 371
#define T_Noselect 372
#define T_Noserve 373
#define T_Notrap 374
#define T_Notrust 375
#define T_Ntp 376
#define T_Ntpport 377
#define T_NtpSignDsocket 378
#define T_Orphan 379
#define T_Orphanwait 380
#define T_PCEdigest 381
#define T_Panic 382
#define T_Peer 383
#define T_Peerstats 384
#define T_Phone 385
#define T_Pid 386
#define T_Pidfile 387
#define T_Pool 388
#define T_Port 389
#define T_Preempt 390
#define T_Prefer 391
#define T_Protostats 392
#define T_Pw 393
#define T_Randfile 394
#define T_Rawstats 395
#define T_Refid 396
#define T_Requestkey 397
#define T_Reset 398
#define T_Restrict 399
#define T_Revoke 400
#define T_Rlimit 401
#define T_Saveconfigdir 402
#define T_Server 403
#define T_Setvar 404
#define T_Source 405
#define T_Stacksize 406
#define T_Statistics 407
#define T_Stats 408
#define T_Statsdir 409
#define T_Step 410
#define T_Stepback 411
#define T_Stepfwd 412
#define T_Stepout 413
#define T_Stratum 414
#define T_String 415
#define T_Sys 416
#define T_Sysstats 417
#define T_Tick 418
#define T_Time1 419
#define T_Time2 420
#define T_Timer 421
#define T_Timingstats 422
#define T_Tinker 423
#define T_Tos 424
#define T_Trap 425
#define T_True 426
#define T_Trustedkey 427
#define T_Ttl 428
#define T_Type 429
#define T_U_int 430
#define T_UEcrypto 431
#define T_UEcryptonak 432
#define T_UEdigest 433
#define T_Unconfig 434
#define T_Unpeer 435
#define T_Version 436
#define T_WanderThreshold 437
#define T_Week 438
#define T_Wildcard 439
#define T_Xleave 440
#define T_Year 441
#define T_Flag 442
#define T_EOC 443
#define T_Simulate 444
#define T_Beep_Delay 445
#define T_Sim_Duration 446
#define T_Server_Offset 447
#define T_Duration 448
#define T_Freq_Offset 449
#define T_Wander 450
#define T_Jitter 451
#define T_Prop_Delay 452
#define T_Proc_Delay 453
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
@ -463,7 +465,7 @@ union YYSTYPE
script_info * Sim_script;
script_info_fifo * Sim_script_fifo;
#line 467 "../../ntpd/ntp_parser.h" /* yacc.c:1909 */
#line 469 "ntp_parser.h" /* yacc.c:1909 */
};
typedef union YYSTYPE YYSTYPE;

View File

@ -273,6 +273,22 @@ findexistingpeer(
/*
* findpeer - find and return a peer match for a received datagram in
* the peer_hash table.
*
* [Bug 3072] To faciliate a faster reorganisation after routing changes
* the original code re-assigned the peer address to be the destination
* of the received packet and initiated another round on a mismatch.
* Unfortunately this leaves us wide open for a DoS attack where the
* attacker directs a packet with forged destination address to us --
* this results in a wrong interface assignment, actually creating a DoS
* situation.
*
* This condition would persist until the next update of the interface
* list, but a continued attack would put us out of business again soon
* enough. Authentication alone does not help here, since it does not
* protect the UDP layer and leaves us open for a replay attack.
*
* So we do not update the adresses and wait until the next interface
* list update does the right thing for us.
*/
struct peer *
findpeer(
@ -291,61 +307,50 @@ findpeer(
srcadr = &rbufp->recv_srcadr;
hash = NTP_HASH_ADDR(srcadr);
for (p = peer_hash[hash]; p != NULL; p = p->adr_link) {
if (ADDR_PORT_EQ(srcadr, &p->srcadr)) {
/*
* if the association matching rules determine
* that this is not a valid combination, then
* look for the next valid peer association.
*/
*action = MATCH_ASSOC(p->hmode, pkt_mode);
/* [Bug 3072] ensure interface of peer matches */
if (p->dstadr != rbufp->dstadr)
continue;
/*
* A response to our manycastclient solicitation
* might be misassociated with an ephemeral peer
* already spun for the server. If the packet's
* org timestamp doesn't match the peer's, check
* if it matches the ACST prototype peer's. If
* so it is a redundant solicitation response,
* return AM_ERR to discard it. [Bug 1762]
*/
if (MODE_SERVER == pkt_mode &&
AM_PROCPKT == *action) {
pkt = &rbufp->recv_pkt;
NTOHL_FP(&pkt->org, &pkt_org);
if (!L_ISEQU(&p->aorg, &pkt_org) &&
findmanycastpeer(rbufp))
*action = AM_ERR;
}
/* ensure peer source address matches */
if ( ! ADDR_PORT_EQ(srcadr, &p->srcadr))
continue;
/* If the association matching rules determine that this
* is not a valid combination, then look for the next
* valid peer association.
*/
*action = MATCH_ASSOC(p->hmode, pkt_mode);
/*
* if an error was returned, exit back right
* here.
*/
if (*action == AM_ERR)
return NULL;
/*
* if a match is found, we stop our search.
*/
if (*action != AM_NOMATCH)
break;
/* A response to our manycastclient solicitation might
* be misassociated with an ephemeral peer already spun
* for the server. If the packet's org timestamp
* doesn't match the peer's, check if it matches the
* ACST prototype peer's. If so it is a redundant
* solicitation response, return AM_ERR to discard it.
* [Bug 1762]
*/
if (MODE_SERVER == pkt_mode && AM_PROCPKT == *action) {
pkt = &rbufp->recv_pkt;
NTOHL_FP(&pkt->org, &pkt_org);
if (!L_ISEQU(&p->aorg, &pkt_org) &&
findmanycastpeer(rbufp))
*action = AM_ERR;
}
/* if an error was returned, exit back right here. */
if (*action == AM_ERR)
return NULL;
/* if a match is found, we stop our search. */
if (*action != AM_NOMATCH)
break;
}
/*
* If no matching association is found
*/
if (NULL == p) {
/* If no matching association is found... */
if (NULL == p)
*action = MATCH_ASSOC(NO_PEER, pkt_mode);
} else if (p->dstadr != rbufp->dstadr) {
set_peerdstadr(p, rbufp->dstadr);
if (p->dstadr == rbufp->dstadr) {
DPRINTF(1, ("Changed %s local address to match response\n",
stoa(&p->srcadr)));
return findpeer(rbufp, pkt_mode, action);
}
}
return p;
}
@ -621,6 +626,12 @@ set_peerdstadr(
{
struct peer * unlinked;
DEBUG_INSIST(p != NULL);
if (p == NULL)
return;
/* check for impossible or identical assignment */
if (p->dstadr == dstadr)
return;
@ -632,6 +643,8 @@ set_peerdstadr(
(INT_MCASTIF & dstadr->flags) && MODE_CLIENT == p->hmode) {
return;
}
/* unlink from list if we have an address prior to assignment */
if (p->dstadr != NULL) {
p->dstadr->peercnt--;
UNLINK_SLIST(unlinked, p->dstadr->peers, p, ilink,
@ -640,8 +653,11 @@ set_peerdstadr(
stoa(&p->srcadr), latoa(p->dstadr),
latoa(dstadr));
}
p->dstadr = dstadr;
if (dstadr != NULL) {
/* link to list if we have an address after assignment */
if (p->dstadr != NULL) {
LINK_SLIST(dstadr->peers, p, ilink);
dstadr->peercnt++;
}

View File

@ -138,6 +138,7 @@ char *sys_ident = NULL; /* identity scheme */
* TOS and multicast mapping stuff
*/
int sys_floor = 0; /* cluster stratum floor */
u_char sys_bcpollbstep = 0; /* Broadcast Poll backstep gate */
int sys_ceiling = STRATUM_UNSPEC - 1; /* cluster stratum ceiling */
int sys_minsane = 1; /* minimum candidates */
int sys_minclock = NTP_MINCLOCK; /* minimum candidates */
@ -278,7 +279,7 @@ valid_NAK(
u_char hismode
)
{
int base_packet_length = MIN_V4_PKT_LEN;
int base_packet_length = MIN_V4_PKT_LEN;
int remainder_size;
struct pkt * rpkt;
int keyid;
@ -335,7 +336,7 @@ valid_NAK(
myorg = &peer->borg;
else
myorg = &peer->aorg;
if (L_ISZERO(&p_org) ||
L_ISZERO( myorg) ||
!L_ISEQU(&p_org, myorg)) {
@ -1450,22 +1451,66 @@ receive(
++bail;
}
/* too early? worth an error, too! */
/* too early? worth an error, too!
*
* [Bug 3113] Ensure that at least one poll
* interval has elapsed since the last **clean**
* packet was received. We limit the check to
* **clean** packets to prevent replayed packets
* and incorrectly authenticated packets, which
* we'll discard, from being used to create a
* denial of service condition.
*/
deadband = (1u << pkt->ppoll);
if (FLAG_BC_VOL & peer->flags)
deadband -= 3; /* allow greater fuzz after volley */
if ((current_time - peer->timelastrec) < deadband) {
if ((current_time - peer->timereceived) < deadband) {
msyslog(LOG_INFO, "receive: broadcast packet from %s arrived after %lu, not %lu seconds!",
stoa(&rbufp->recv_srcadr),
(current_time - peer->timelastrec),
(current_time - peer->timereceived),
deadband);
++bail;
}
/* Alert if time from the server is non-monotonic */
tdiff = p_xmt;
L_SUB(&tdiff, &peer->bxmt);
if (tdiff.l_i < 0) {
/* Alert if time from the server is non-monotonic.
*
* [Bug 3114] is about Broadcast mode replay DoS.
*
* Broadcast mode *assumes* a trusted network.
* Even so, it's nice to be robust in the face
* of attacks.
*
* If we get an authenticated broadcast packet
* with an "earlier" timestamp, it means one of
* two things:
*
* - the broadcast server had a backward step.
*
* - somebody is trying a replay attack.
*
* deadband: By default, we assume the broadcast
* network is trustable, so we take our accepted
* broadcast packets as we receive them. But
* some folks might want to take additional poll
* delays before believing a backward step.
*/
if (sys_bcpollbstep) {
/* pkt->ppoll or peer->ppoll ? */
deadband = (1u << pkt->ppoll)
* sys_bcpollbstep + 2;
} else {
deadband = 0;
}
if (L_ISZERO(&peer->bxmt)) {
tdiff.l_ui = tdiff.l_uf = 0;
} else {
tdiff = p_xmt;
L_SUB(&tdiff, &peer->bxmt);
}
if (tdiff.l_i < 0 &&
(current_time - peer->timereceived) < deadband)
{
msyslog(LOG_INFO, "receive: broadcast packet from %s contains non-monotonic timestamp: %#010x.%08x -> %#010x.%08x",
stoa(&rbufp->recv_srcadr),
peer->bxmt.l_ui, peer->bxmt.l_uf,
@ -1474,8 +1519,6 @@ receive(
++bail;
}
peer->bxmt = p_xmt;
if (bail) {
peer->timelastrec = current_time;
sys_declined++;
@ -1623,7 +1666,7 @@ receive(
peer->borg.l_ui, peer->borg.l_uf);
return;
}
/*
* Basic mode checks:
*
@ -1645,13 +1688,38 @@ receive(
} else if (peer->flip == 0) {
INSIST(0 != hisstratum);
INSIST(STRATUM_UNSPEC != hisstratum);
if (0) {
} else if (L_ISZERO(&p_org)) {
msyslog(LOG_INFO,
"receive: Got 0 origin timestamp from %s@%s xmt %#010x.%08x",
hm_str, ntoa(&peer->srcadr),
ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf));
char *action;
L_CLR(&peer->aorg);
/**/
switch (hismode) {
/* We allow 0org for: */
case UCHAR_MAX:
action = "Allow";
break;
/* We disallow 0org for: */
case MODE_UNSPEC:
case MODE_ACTIVE:
case MODE_PASSIVE:
case MODE_CLIENT:
case MODE_SERVER:
case MODE_BROADCAST:
action = "Drop";
peer->bogusorg++;
peer->flash |= TEST2; /* bogus */
break;
default:
INSIST(!"receive(): impossible hismode");
break;
}
/**/
msyslog(LOG_INFO,
"receive: %s 0 origin timestamp from %s@%s xmt %#010x.%08x",
action, hm_str, ntoa(&peer->srcadr),
ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf));
} else if (!L_ISEQU(&p_org, &peer->aorg)) {
/* are there cases here where we should bail? */
/* Should we set TEST2 if we decide to try xleave? */
@ -1800,6 +1868,12 @@ receive(
"receive: Bad broadcast auth (%d) from %s",
is_authentic, ntoa(&peer->srcadr));
}
/*
* Now that we know the packet is correctly authenticated,
* update peer->bxmt.
*/
peer->bxmt = p_xmt;
}
@ -1878,7 +1952,7 @@ receive(
peer->badauth++;
return;
}
break;
break;
case MODE_CLIENT: /* client mode */
#if 0 /* At this point, MODE_CONTROL is overloaded by MODE_BCLIENT */
@ -1886,14 +1960,14 @@ receive(
#endif
case MODE_PRIVATE: /* private mode */
case MODE_BCLIENT: /* broadcast client mode */
break;
break;
case MODE_UNSPEC: /* unspecified (old version) */
default:
msyslog(LOG_INFO,
"receive: Unexpected mode (%d) in packet from %s",
hismode, ntoa(&peer->srcadr));
break;
break;
}
@ -2695,6 +2769,7 @@ peer_clear(
)
{
u_char u;
l_fp bxmt = peer->bxmt; /* bcast clients retain this! */
#ifdef AUTOKEY
/*
@ -2731,6 +2806,10 @@ peer_clear(
peer->flash = peer_unfit(peer);
peer->jitter = LOGTOD(sys_precision);
/* Don't throw away our broadcast replay protection */
if (peer->hmode == MODE_BCLIENT)
peer->bxmt = bxmt;
/*
* If interleave mode, initialize the alternate origin switch.
*/
@ -3040,8 +3119,9 @@ clock_select(void)
* Leave the island immediately if the peer is
* unfit to synchronize.
*/
if (peer_unfit(peer))
if (peer_unfit(peer)) {
continue;
}
/*
* If this peer is an orphan parent, elect the
@ -3081,8 +3161,9 @@ clock_select(void)
* parent in ancestry so are excluded.
* See http://bugs.ntp.org/2050
*/
if (peer->stratum > sys_orphan)
if (peer->stratum > sys_orphan) {
continue;
}
#ifdef REFCLOCK
/*
* The following are special cases. We deal
@ -3531,15 +3612,15 @@ root_distance(
/*
* Root Distance (LAMBDA) is defined as:
* (delta + DELTA)/2 + epsilon + EPSILON + phi
* (delta + DELTA)/2 + epsilon + EPSILON + D
*
* where:
* delta is the round-trip delay
* DELTA is the root delay
* epsilon is the remote server precision + local precision
* epsilon is the peer dispersion
* + (15 usec each second)
* EPSILON is the root dispersion
* phi is the peer jitter statistic
* D is sys_jitter
*
* NB: Think hard about why we are using these values, and what
* the alternatives are, and the various pros/cons.
@ -3548,8 +3629,7 @@ root_distance(
* other worse choices.
*/
dtemp = (peer->delay + peer->rootdelay) / 2
+ LOGTOD(peer->precision)
+ LOGTOD(sys_precision)
+ peer->disp
+ clock_phi * (current_time - peer->update)
+ peer->rootdisp
+ peer->jitter;
@ -3995,6 +4075,10 @@ leap_smear_add_offs(
L_ADD(t, &leap_smear.offset);
/*
** XXX: Should the smear be added to the root dispersion?
*/
return;
}
@ -4425,8 +4509,9 @@ peer_unfit(
*/
if ( peer->leap == LEAP_NOTINSYNC
|| peer->stratum < sys_floor
|| peer->stratum >= sys_ceiling)
|| peer->stratum >= sys_ceiling) {
rval |= TEST10; /* bad synch or stratum */
}
/*
* A distance error for a remote peer occurs if the root
@ -4435,8 +4520,9 @@ peer_unfit(
*/
if ( !(peer->flags & FLAG_REFCLOCK)
&& root_distance(peer) >= sys_maxdist
+ clock_phi * ULOGTOD(peer->hpoll))
+ clock_phi * ULOGTOD(peer->hpoll)) {
rval |= TEST11; /* distance exceeded */
}
/*
* A loop error occurs if the remote peer is synchronized to the
@ -4444,15 +4530,17 @@ peer_unfit(
* server as the local peer but only if the remote peer is
* neither a reference clock nor an orphan.
*/
if (peer->stratum > 1 && local_refid(peer))
if (peer->stratum > 1 && local_refid(peer)) {
rval |= TEST12; /* synchronization loop */
}
/*
* An unreachable error occurs if the server is unreachable or
* the noselect bit is set.
*/
if (!peer->reach || (peer->flags & FLAG_NOSELECT))
if (!peer->reach || (peer->flags & FLAG_NOSELECT)) {
rval |= TEST13; /* unreachable */
}
peer->flash &= ~PEER_TEST_MASK;
peer->flash |= rval;
@ -4717,6 +4805,11 @@ proto_config(
/*
* tos command - arguments are double, sometimes cast to int
*/
case PROTO_BCPOLLBSTEP: /* Broadcast Poll Backstep gate (bcpollbstep) */
sys_bcpollbstep = (u_char)dvalue;
break;
case PROTO_BEACON: /* manycast beacon (beacon) */
sys_beacon = (int)dvalue;
break;

View File

@ -710,7 +710,7 @@ process_refclock_packet(
if (rio->io_input == NULL || (*rio->io_input)(rb) != 0) {
rio->recvcount++;
packets_received++;
handler_pkts++;
handler_pkts++;
(*rio->clock_recv)(rb);
}
}
@ -1208,6 +1208,7 @@ refclock_ppsapi(
"refclock_ppsapi: time_pps_create: %m");
return (0);
}
ZERO(ap->ts); /* [Bug 2689] defined INIT state */
}
return (1);
}
@ -1278,7 +1279,7 @@ refclock_pps(
struct refclockproc *pp;
pps_info_t pps_info;
struct timespec timeout;
double dtemp;
double dtemp, dcorr, trash;
/*
* We require the clock to be synchronized before setting the
@ -1293,15 +1294,14 @@ refclock_pps(
if (refclock_params(pp->sloppyclockflag, ap) < 1)
return (0);
}
timeout.tv_sec = 0;
timeout.tv_nsec = 0;
ZERO(timeout);
ZERO(pps_info);
if (time_pps_fetch(ap->handle, PPS_TSFMT_TSPEC, &pps_info,
&timeout) < 0) {
refclock_report(peer, CEVNT_FAULT);
return (0);
}
timeout = ap->ts;
timeout = ap->ts; /* save old timestamp for check */
if (ap->pps_params.mode & PPS_CAPTUREASSERT)
ap->ts = pps_info.assert_timestamp;
else if (ap->pps_params.mode & PPS_CAPTURECLEAR)
@ -1309,22 +1309,62 @@ refclock_pps(
else
return (0);
/* [Bug 2689] Discard the first sample we read -- if the PPS
* source is currently down / disconnected, we have read a
* potentially *very* stale value here. So if our old TS value
* is all-zero, we consider this sample unrealiable and drop it.
*
* Note 1: a better check would compare the PPS time stamp to
* the current system time and drop it if it's more than say 3s
* away.
*
* Note 2: If we ever again get an all-zero PPS sample, the next
* one will be discarded. This can happen every 136yrs and is
* unlikely to be ever observed.
*/
if (0 == (timeout.tv_sec | timeout.tv_nsec))
return (0);
/* If the PPS source fails to deliver a new sample between
* polls, it regurgitates the last sample. We do not want to
* process the same sample multiple times.
*/
if (0 == memcmp(&timeout, &ap->ts, sizeof(timeout)))
return (0);
/*
* Convert to signed fraction offset and stuff in median filter.
* Convert to signed fraction offset, apply fudge and properly
* fold the correction into the [-0.5s,0.5s] range. Handle
* excessive fudge times, too.
*/
dtemp = ap->ts.tv_nsec / 1e9;
dcorr = modf((pp->fudgetime1 - dtemp), &trash);
if (dcorr > 0.5)
dcorr -= 1.0;
else if (dcorr < -0.5)
dcorr += 1.0;
/* phase gate check: avoid wobbling by +/-1s when too close to
* the switch-over point. We allow +/-400ms max phase deviation.
* The trade-off is clear: The smaller the limit, the less
* sensitive to sampling noise the clock becomes. OTOH the
* system must get into phase gate range by other means for the
* PPS clock to lock in.
*/
if (fabs(dcorr) > 0.4)
return (0);
/*
* record this time stamp and stuff in median filter
*/
pp->lastrec.l_ui = (u_int32)ap->ts.tv_sec + JAN_1970;
dtemp = ap->ts.tv_nsec / 1e9;
pp->lastrec.l_uf = (u_int32)(dtemp * FRAC);
if (dtemp > .5)
dtemp -= 1.;
SAMPLE(-dtemp + pp->fudgetime1);
SAMPLE(dcorr);
#ifdef DEBUG
if (debug > 1)
printf("refclock_pps: %lu %f %f\n", current_time,
dtemp, pp->fudgetime1);
dcorr, pp->fudgetime1);
#endif
return (1);
}

View File

@ -1,7 +1,7 @@
/*
* EDIT THIS FILE WITH CAUTION (ntpd-opts.c)
*
* It has been AutoGen-ed June 2, 2016 at 07:32:42 AM by AutoGen 5.18.5
* It has been AutoGen-ed November 21, 2016 at 07:59:43 AM by AutoGen 5.18.5
* From the definitions ntpd-opts.def
* and the template file options
*
@ -75,7 +75,7 @@ extern FILE * option_usage_fp;
* static const strings for ntpd options
*/
static char const ntpd_opt_strs[3129] =
/* 0 */ "ntpd 4.2.8p8\n"
/* 0 */ "ntpd 4.2.8p9\n"
"Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
@ -205,12 +205,12 @@ static char const ntpd_opt_strs[3129] =
/* 2900 */ "output version information and exit\0"
/* 2936 */ "version\0"
/* 2944 */ "NTPD\0"
/* 2949 */ "ntpd - NTP daemon program - Ver. 4.2.8p8\n"
/* 2949 */ "ntpd - NTP daemon program - Ver. 4.2.8p9\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n"
"\t\t[ <server1> ... <serverN> ]\n\0"
/* 3080 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 3114 */ "\n\0"
/* 3116 */ "ntpd 4.2.8p8";
/* 3116 */ "ntpd 4.2.8p9";
/**
* ipv4 option description with
@ -1529,7 +1529,7 @@ static void bogus_function(void) {
translate option names.
*/
/* referenced via ntpdOptions.pzCopyright */
puts(_("ntpd 4.2.8p8\n\
puts(_("ntpd 4.2.8p9\n\
Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\
@ -1670,7 +1670,7 @@ implied warranty.\n"));
puts(_("output version information and exit"));
/* referenced via ntpdOptions.pzUsageTitle */
puts(_("ntpd - NTP daemon program - Ver. 4.2.8p8\n\
puts(_("ntpd - NTP daemon program - Ver. 4.2.8p9\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
\t\t[ <server1> ... <serverN> ]\n"));
@ -1678,7 +1678,7 @@ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
puts(_("\n"));
/* referenced via ntpdOptions.pzFullVersion */
puts(_("ntpd 4.2.8p8"));
puts(_("ntpd 4.2.8p9"));
/* referenced via ntpdOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>"));

View File

@ -1,7 +1,7 @@
/*
* EDIT THIS FILE WITH CAUTION (ntpd-opts.h)
*
* It has been AutoGen-ed June 2, 2016 at 07:32:40 AM by AutoGen 5.18.5
* It has been AutoGen-ed November 21, 2016 at 07:59:42 AM by AutoGen 5.18.5
* From the definitions ntpd-opts.def
* and the template file options
*
@ -106,9 +106,9 @@ typedef enum {
/** count of all options for ntpd */
#define OPTION_CT 38
/** ntpd version */
#define NTPD_VERSION "4.2.8p8"
#define NTPD_VERSION "4.2.8p9"
/** Full ntpd version text */
#define NTPD_FULL_VERSION "ntpd 4.2.8p8"
#define NTPD_FULL_VERSION "ntpd 4.2.8p9"
/**
* Interface defines for all options. Replace "n" with the UPPER_CASED

View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntpd 1ntpdman "02 Jun 2016" "4.2.8p8" "User Commands"
.TH ntpd 1ntpdman "21 Nov 2016" "4.2.8p9" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Jnai2U/ag-Ynaa1U)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-giaGkh/ag-tiayjh)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:36:01 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:01:50 AM by AutoGen 5.18.5
.\" From the definitions ntpd-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME

View File

@ -1,9 +1,9 @@
.Dd June 2 2016
.Dd November 21 2016
.Dt NTPD 1ntpdmdoc User Commands
.Os
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:36:22 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:02:08 AM by AutoGen 5.18.5
.\" From the definitions ntpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME

View File

@ -39,7 +39,7 @@ The program can operate in any of several modes, including client/server,
symmetric and broadcast modes, and with both symmetric-key and public-key
cryptography.
<p>This document applies to version 4.2.8p8 of <code>ntpd</code>.
<p>This document applies to version 4.2.8p9 of <code>ntpd</code>.
<ul class="menu">
<li><a accesskey="1" href="#ntpd-Description">ntpd Description</a>: Description
@ -220,7 +220,7 @@ the usage text by passing it through a pager program.
used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
<pre class="example">ntpd - NTP daemon program - Ver. 4.2.8p7
<pre class="example">ntpd - NTP daemon program - Ver. 4.2.8p9-RC
Usage: ntpd [ -&lt;flag&gt; [&lt;val&gt;] | --&lt;name&gt;[{=| }&lt;val&gt;] ]... \
[ &lt;server1&gt; ... &lt;serverN&gt; ]
Flg Arg Option-Name Description

View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntpd @NTPD_MS@ "02 Jun 2016" "4.2.8p8" "User Commands"
.TH ntpd @NTPD_MS@ "21 Nov 2016" "4.2.8p9" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Jnai2U/ag-Ynaa1U)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-giaGkh/ag-tiayjh)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:36:01 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:01:50 AM by AutoGen 5.18.5
.\" From the definitions ntpd-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME

View File

@ -1,9 +1,9 @@
.Dd June 2 2016
.Dd November 21 2016
.Dt NTPD @NTPD_MS@ User Commands
.Os
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:36:22 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:02:08 AM by AutoGen 5.18.5
.\" From the definitions ntpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME

View File

@ -949,7 +949,7 @@ add_clock_sample(
pp->lastref = stamp;
if (pp->coderecv == pp->codeproc)
refclock_report(peer, CEVNT_NOMINAL);
refclock_process_offset(pp, stamp, recvt, 0.0);
refclock_process_offset(pp, stamp, recvt, pp->fudgetime1);
}
/* ------------------------------------------------------------------ */

View File

@ -106,6 +106,10 @@
/* 2015/05/15 */
/* [Add] Support the SEIKO TIME SYSTEMS TDC-300 */
/* */
/* 2016/05/08 */
/* [Fix] C-DEX JST2000 */
/* Thanks to Mr. Kuramatsu for the report and the patch. */
/* */
/**********************************************************************/
#ifdef HAVE_CONFIG_H
@ -1499,9 +1503,9 @@ jjy_receive_cdex_jst2000 ( struct recvbuf *rbufp )
return JJY_RECEIVE_ERROR ;
}
/* JYYMMDD HHMMSSS */
/* JYYMMDDWHHMMSSS */
rc = sscanf ( pBuf, "J%2d%2d%2d %2d%2d%2d%1d",
rc = sscanf ( pBuf, "J%2d%2d%2d%*1d%2d%2d%2d%1d",
&up->year, &up->month, &up->day,
&up->hour, &up->minute, &up->second,
&up->msecond ) ;

View File

@ -89,6 +89,11 @@
/* Unix timestamp for the GPS epoch: January 6, 1980 */
#define GPS_EPOCH 315964800
/* Rata Die Number of first day of GPS epoch. This is the number of days
* since 0000-12-31 to 1980-01-06 in the proleptic Gregorian Calendar.
*/
#define RDN_GPS_EPOCH (4*146097 + 138431 + 1)
/* Double short to unsigned int */
#define DS2UI(p) ((getshort((p)[1]) << 16) | getshort((p)[0]))
@ -154,6 +159,10 @@ static char * jupiter_send (struct instance *, struct jheader *);
static void jupiter_shutdown(int, struct peer *);
static int jupiter_start (int, struct peer *);
static u_int get_full_week(u_int base_week, u_int gpos_week);
static u_int get_base_week(void);
/*
* Transfer vector
*/
@ -846,8 +855,14 @@ jupiter_parse_gpos(struct instance *instance, u_short *sp)
return ("Navigation solution not valid");
}
instance->gpos_gweek = jg->gweek;
instance->gpos_sweek = DS2UI(jg->sweek);
instance->gpos_gweek = get_full_week(get_base_week(),
getshort(jg->gweek));
/* according to the protocol spec, the seconds-in-week cannot
* exceed the nominal value: Is it really necessary to normalise
* the seconds???
*/
while(instance->gpos_sweek >= WEEKSECS) {
instance->gpos_sweek -= WEEKSECS;
++instance->gpos_gweek;
@ -1115,6 +1130,56 @@ jupiter_recv(struct instance *instance)
return (cc);
}
static u_int
get_base_week(void)
{
static int init_done /* = 0 */;
static u_int base_week;
/* Get the build date, convert to days since GPS epoch and
* finally weeks since GPS epoch. Note that the build stamp is
* trusted once it is fetched -- only dates before the GPS epoch
* are not permitted. This will permit proper synchronisation
* for a time range of 1024 weeks starting with 00:00:00 of the
* last Sunday on or before the build time.
*
* If the impossible happens and fetching the build date fails,
* a 1024-week cycle starting with 2016-01-03 is assumed to
* avoid catastropic errors. This will work until 2035-08-19.
*/
if (!init_done) {
struct calendar bd;
if (ntpcal_get_build_date(&bd)) {
int32_t days = ntpcal_date_to_rd(&bd);
if (days > RDN_GPS_EPOCH)
days -= RDN_GPS_EPOCH;
else
days = 0;
base_week = days / 7;
} else {
base_week = 1878; /* 2016-01-03, Sunday */
msyslog(LOG_ERR,
"refclock_jupiter: ntpcal_get_build_date() failed: %s",
"using 2016-01-03 as GPS base!");
}
init_done = 1;
}
return base_week;
}
static u_int
get_full_week(
u_int base_week,
u_int gpos_week
)
{
/* Periodic extension on base week. Since the period is 1024
* weeks and we do unsigned arithmetic here, we can do wonderful
* things with masks and the well-defined overflow behaviour.
*/
return base_week + ((gpos_week - base_week) & 1023);
}
#else /* not (REFCLOCK && CLOCK_JUPITER && HAVE_PPSAPI) */
int refclock_jupiter_bs;
#endif /* not (REFCLOCK && CLOCK_JUPITER && HAVE_PPSAPI) */

View File

@ -6,7 +6,7 @@
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpdc.texi)
#
# It has been AutoGen-ed June 2, 2016 at 07:36:54 AM by AutoGen 5.18.5
# It has been AutoGen-ed November 21, 2016 at 08:02:33 AM by AutoGen 5.18.5
# From the definitions ntpdc-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@ -76,7 +76,7 @@ with a status code of 0.
@exampleindent 0
@example
ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p8
ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p9
Usage: ntpdc [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...]
Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution

View File

@ -1,7 +1,7 @@
/*
* EDIT THIS FILE WITH CAUTION (ntpdc-opts.c)
*
* It has been AutoGen-ed June 2, 2016 at 07:36:34 AM by AutoGen 5.18.5
* It has been AutoGen-ed November 21, 2016 at 08:02:18 AM by AutoGen 5.18.5
* From the definitions ntpdc-opts.def
* and the template file options
*
@ -69,7 +69,7 @@ extern FILE * option_usage_fp;
* static const strings for ntpdc options
*/
static char const ntpdc_opt_strs[1911] =
/* 0 */ "ntpdc 4.2.8p8\n"
/* 0 */ "ntpdc 4.2.8p9\n"
"Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
@ -128,14 +128,14 @@ static char const ntpdc_opt_strs[1911] =
/* 1694 */ "no-load-opts\0"
/* 1707 */ "no\0"
/* 1710 */ "NTPDC\0"
/* 1716 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p8\n"
/* 1716 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p9\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0"
/* 1846 */ "$HOME\0"
/* 1852 */ ".\0"
/* 1854 */ ".ntprc\0"
/* 1861 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 1895 */ "\n\0"
/* 1897 */ "ntpdc 4.2.8p8";
/* 1897 */ "ntpdc 4.2.8p9";
/**
* ipv4 option description with
@ -796,7 +796,7 @@ static void bogus_function(void) {
translate option names.
*/
/* referenced via ntpdcOptions.pzCopyright */
puts(_("ntpdc 4.2.8p8\n\
puts(_("ntpdc 4.2.8p9\n\
Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\
@ -862,14 +862,14 @@ implied warranty.\n"));
puts(_("load options from a config file"));
/* referenced via ntpdcOptions.pzUsageTitle */
puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p8\n\
puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p9\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n"));
/* referenced via ntpdcOptions.pzExplain */
puts(_("\n"));
/* referenced via ntpdcOptions.pzFullVersion */
puts(_("ntpdc 4.2.8p8"));
puts(_("ntpdc 4.2.8p9"));
/* referenced via ntpdcOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>"));

View File

@ -1,7 +1,7 @@
/*
* EDIT THIS FILE WITH CAUTION (ntpdc-opts.h)
*
* It has been AutoGen-ed June 2, 2016 at 07:36:34 AM by AutoGen 5.18.5
* It has been AutoGen-ed November 21, 2016 at 08:02:17 AM by AutoGen 5.18.5
* From the definitions ntpdc-opts.def
* and the template file options
*
@ -83,9 +83,9 @@ typedef enum {
/** count of all options for ntpdc */
#define OPTION_CT 15
/** ntpdc version */
#define NTPDC_VERSION "4.2.8p8"
#define NTPDC_VERSION "4.2.8p9"
/** Full ntpdc version text */
#define NTPDC_FULL_VERSION "ntpdc 4.2.8p8"
#define NTPDC_FULL_VERSION "ntpdc 4.2.8p9"
/**
* Interface defines for all options. Replace "n" with the UPPER_CASED

View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntpdc 1ntpdcman "02 Jun 2016" "4.2.8p8" "User Commands"
.TH ntpdc 1ntpdcman "21 Nov 2016" "4.2.8p9" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-seaORW/ag-FeaGQW)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-gTaibj/ag-tTaaaj)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:36:50 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:02:29 AM by AutoGen 5.18.5
.\" From the definitions ntpdc-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME

View File

@ -1,9 +1,9 @@
.Dd June 2 2016
.Dd November 21 2016
.Dt NTPDC 1ntpdcmdoc User Commands
.Os
.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:36:58 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:02:35 AM by AutoGen 5.18.5
.\" From the definitions ntpdc-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME

View File

@ -36,7 +36,7 @@ display the time offset of the system clock relative to the server
clock. Run as root, it can correct the system clock to this offset as
well. It can be run as an interactive command or from a cron job.
<p>This document applies to version 4.2.8p8 of <code>ntpdc</code>.
<p>This document applies to version 4.2.8p9 of <code>ntpdc</code>.
<p>The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
IETF specification.
@ -152,7 +152,7 @@ the usage text by passing it through a pager program.
used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
<pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p8
<pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p9
Usage: ntpdc [ -&lt;flag&gt; [&lt;val&gt;] | --&lt;name&gt;[{=| }&lt;val&gt;] ]... [ host ...]
Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution

View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntpdc @NTPDC_MS@ "02 Jun 2016" "4.2.8p8" "User Commands"
.TH ntpdc @NTPDC_MS@ "21 Nov 2016" "4.2.8p9" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-seaORW/ag-FeaGQW)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-gTaibj/ag-tTaaaj)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:36:50 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:02:29 AM by AutoGen 5.18.5
.\" From the definitions ntpdc-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME

View File

@ -1,9 +1,9 @@
.Dd June 2 2016
.Dd November 21 2016
.Dt NTPDC @NTPDC_MS@ User Commands
.Os
.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:36:58 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:02:35 AM by AutoGen 5.18.5
.\" From the definitions ntpdc-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME

View File

@ -6,7 +6,7 @@
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpq.texi)
#
# It has been AutoGen-ed June 2, 2016 at 07:37:46 AM by AutoGen 5.18.5
# It has been AutoGen-ed November 21, 2016 at 08:03:06 AM by AutoGen 5.18.5
# From the definitions ntpq-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@ -848,7 +848,7 @@ with a status code of 0.
@exampleindent 0
@example
ntpq - standard NTP query program - Ver. 4.2.8p8
ntpq - standard NTP query program - Ver. 4.2.8p9
Usage: ntpq [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...]
Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution

View File

@ -1,7 +1,7 @@
/*
* EDIT THIS FILE WITH CAUTION (ntpq-opts.c)
*
* It has been AutoGen-ed June 2, 2016 at 07:37:05 AM by AutoGen 5.18.5
* It has been AutoGen-ed November 21, 2016 at 08:02:38 AM by AutoGen 5.18.5
* From the definitions ntpq-opts.def
* and the template file options
*
@ -69,7 +69,7 @@ extern FILE * option_usage_fp;
* static const strings for ntpq options
*/
static char const ntpq_opt_strs[1982] =
/* 0 */ "ntpq 4.2.8p8\n"
/* 0 */ "ntpq 4.2.8p9\n"
"Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
@ -132,13 +132,13 @@ static char const ntpq_opt_strs[1982] =
/* 1775 */ "no-load-opts\0"
/* 1788 */ "no\0"
/* 1791 */ "NTPQ\0"
/* 1796 */ "ntpq - standard NTP query program - Ver. 4.2.8p8\n"
/* 1796 */ "ntpq - standard NTP query program - Ver. 4.2.8p9\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0"
/* 1915 */ "$HOME\0"
/* 1921 */ ".\0"
/* 1923 */ ".ntprc\0"
/* 1930 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 1964 */ "ntpq 4.2.8p8\0"
/* 1964 */ "ntpq 4.2.8p9\0"
/* 1977 */ "hash";
/**
@ -841,7 +841,7 @@ static void bogus_function(void) {
translate option names.
*/
/* referenced via ntpqOptions.pzCopyright */
puts(_("ntpq 4.2.8p8\n\
puts(_("ntpq 4.2.8p9\n\
Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\
@ -910,11 +910,11 @@ implied warranty.\n"));
puts(_("load options from a config file"));
/* referenced via ntpqOptions.pzUsageTitle */
puts(_("ntpq - standard NTP query program - Ver. 4.2.8p8\n\
puts(_("ntpq - standard NTP query program - Ver. 4.2.8p9\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n"));
/* referenced via ntpqOptions.pzFullVersion */
puts(_("ntpq 4.2.8p8"));
puts(_("ntpq 4.2.8p9"));
/* referenced via ntpqOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>"));

View File

@ -1,7 +1,7 @@
/*
* EDIT THIS FILE WITH CAUTION (ntpq-opts.h)
*
* It has been AutoGen-ed June 2, 2016 at 07:37:04 AM by AutoGen 5.18.5
* It has been AutoGen-ed November 21, 2016 at 08:02:38 AM by AutoGen 5.18.5
* From the definitions ntpq-opts.def
* and the template file options
*
@ -84,9 +84,9 @@ typedef enum {
/** count of all options for ntpq */
#define OPTION_CT 16
/** ntpq version */
#define NTPQ_VERSION "4.2.8p8"
#define NTPQ_VERSION "4.2.8p9"
/** Full ntpq version text */
#define NTPQ_FULL_VERSION "ntpq 4.2.8p8"
#define NTPQ_FULL_VERSION "ntpq 4.2.8p9"
/**
* Interface defines for all options. Replace "n" with the UPPER_CASED

View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntpq 1ntpqman "02 Jun 2016" "4.2.8p8" "User Commands"
.TH ntpq 1ntpqman "21 Nov 2016" "4.2.8p9" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-pGa42X/ag-CGaW1X)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-nWaWmk/ag-AWaOlk)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:37:41 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:03:02 AM by AutoGen 5.18.5
.\" From the definitions ntpq-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME

View File

@ -1,9 +1,9 @@
.Dd June 2 2016
.Dd November 21 2016
.Dt NTPQ 1ntpqmdoc User Commands
.Os
.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:37:48 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:03:08 AM by AutoGen 5.18.5
.\" From the definitions ntpq-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME

View File

@ -34,6 +34,7 @@
#include "openssl/evp.h"
#include "openssl/objects.h"
#include "openssl/err.h"
#include "libssl_compat.h"
#endif
#include <ssl_applink.c>
@ -3582,7 +3583,7 @@ static void list_md_fn(const EVP_MD *m, const char *from, const char *to, void *
size_t len, n;
const char *name, *cp, **seen;
struct hstate *hstate = arg;
EVP_MD_CTX ctx;
EVP_MD_CTX *ctx;
u_int digest_len;
u_char digest[EVP_MAX_MD_SIZE];
@ -3613,8 +3614,10 @@ static void list_md_fn(const EVP_MD *m, const char *from, const char *to, void *
* Keep this consistent with keytype_from_text() in ssl_init.c.
*/
EVP_DigestInit(&ctx, EVP_get_digestbyname(name));
EVP_DigestFinal(&ctx, digest, &digest_len);
ctx = EVP_MD_CTX_new();
EVP_DigestInit(ctx, EVP_get_digestbyname(name));
EVP_DigestFinal(ctx, digest, &digest_len);
EVP_MD_CTX_free(ctx);
if (digest_len > (MAX_MAC_LEN - sizeof(keyid_t)))
return;

View File

@ -44,7 +44,7 @@ monitor the operational status
and determine the performance of
<code>ntpd</code>, the NTP daemon.
<p>This document applies to version 4.2.8p8 of <code>ntpq</code>.
<p>This document applies to version 4.2.8p9 of <code>ntpq</code>.
<ul class="menu">
<li><a accesskey="1" href="#ntpq-Description">ntpq Description</a>
@ -770,7 +770,7 @@ the usage text by passing it through a pager program.
used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
<pre class="example">ntpq - standard NTP query program - Ver. 4.2.8p7
<pre class="example">ntpq - standard NTP query program - Ver. 4.2.8p9-RC
Usage: ntpq [ -&lt;flag&gt; [&lt;val&gt;] | --&lt;name&gt;[{=| }&lt;val&gt;] ]... [ host ...]
Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution

View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntpq @NTPQ_MS@ "02 Jun 2016" "4.2.8p8" "User Commands"
.TH ntpq @NTPQ_MS@ "21 Nov 2016" "4.2.8p9" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-pGa42X/ag-CGaW1X)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-nWaWmk/ag-AWaOlk)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:37:41 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:03:02 AM by AutoGen 5.18.5
.\" From the definitions ntpq-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME

View File

@ -1,9 +1,9 @@
.Dd June 2 2016
.Dd November 21 2016
.Dt NTPQ @NTPQ_MS@ User Commands
.Os
.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:37:48 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:03:08 AM by AutoGen 5.18.5
.\" From the definitions ntpq-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME

View File

@ -6,7 +6,7 @@
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpsnmpd.texi)
#
# It has been AutoGen-ed June 2, 2016 at 07:39:15 AM by AutoGen 5.18.5
# It has been AutoGen-ed November 21, 2016 at 08:03:22 AM by AutoGen 5.18.5
# From the definitions ntpsnmpd-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@ -47,7 +47,7 @@ with a status code of 0.
@exampleindent 0
@example
ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p8
ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p9
Usage: ntpsnmpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
Flg Arg Option-Name Description
-n no nofork Do not fork

View File

@ -1,7 +1,7 @@
/*
* EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.c)
*
* It has been AutoGen-ed June 2, 2016 at 07:37:55 AM by AutoGen 5.18.5
* It has been AutoGen-ed November 21, 2016 at 08:03:11 AM by AutoGen 5.18.5
* From the definitions ntpsnmpd-opts.def
* and the template file options
*
@ -61,7 +61,7 @@ extern FILE * option_usage_fp;
* static const strings for ntpsnmpd options
*/
static char const ntpsnmpd_opt_strs[1610] =
/* 0 */ "ntpsnmpd 4.2.8p8\n"
/* 0 */ "ntpsnmpd 4.2.8p9\n"
"Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
@ -101,14 +101,14 @@ static char const ntpsnmpd_opt_strs[1610] =
/* 1414 */ "no-load-opts\0"
/* 1427 */ "no\0"
/* 1430 */ "NTPSNMPD\0"
/* 1439 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p8\n"
/* 1439 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p9\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0"
/* 1542 */ "$HOME\0"
/* 1548 */ ".\0"
/* 1550 */ ".ntprc\0"
/* 1557 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 1591 */ "\n\0"
/* 1593 */ "ntpsnmpd 4.2.8p8";
/* 1593 */ "ntpsnmpd 4.2.8p9";
/**
* nofork option description:
@ -554,7 +554,7 @@ static void bogus_function(void) {
translate option names.
*/
/* referenced via ntpsnmpdOptions.pzCopyright */
puts(_("ntpsnmpd 4.2.8p8\n\
puts(_("ntpsnmpd 4.2.8p9\n\
Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\
@ -599,14 +599,14 @@ implied warranty.\n"));
puts(_("load options from a config file"));
/* referenced via ntpsnmpdOptions.pzUsageTitle */
puts(_("ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p8\n\
puts(_("ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p9\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n"));
/* referenced via ntpsnmpdOptions.pzExplain */
puts(_("\n"));
/* referenced via ntpsnmpdOptions.pzFullVersion */
puts(_("ntpsnmpd 4.2.8p8"));
puts(_("ntpsnmpd 4.2.8p9"));
/* referenced via ntpsnmpdOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>"));

View File

@ -1,7 +1,7 @@
/*
* EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.h)
*
* It has been AutoGen-ed June 2, 2016 at 07:37:55 AM by AutoGen 5.18.5
* It has been AutoGen-ed November 21, 2016 at 08:03:11 AM by AutoGen 5.18.5
* From the definitions ntpsnmpd-opts.def
* and the template file options
*
@ -76,9 +76,9 @@ typedef enum {
/** count of all options for ntpsnmpd */
#define OPTION_CT 8
/** ntpsnmpd version */
#define NTPSNMPD_VERSION "4.2.8p8"
#define NTPSNMPD_VERSION "4.2.8p9"
/** Full ntpsnmpd version text */
#define NTPSNMPD_FULL_VERSION "ntpsnmpd 4.2.8p8"
#define NTPSNMPD_FULL_VERSION "ntpsnmpd 4.2.8p9"
/**
* Interface defines for all options. Replace "n" with the UPPER_CASED

View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntpsnmpd 1ntpsnmpdman "02 Jun 2016" "4.2.8p8" "User Commands"
.TH ntpsnmpd 1ntpsnmpdman "21 Nov 2016" "4.2.8p9" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-IPay_Y/ag-WPaq.Y)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-oTaGvl/ag-ATayul)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:39:11 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:03:18 AM by AutoGen 5.18.5
.\" From the definitions ntpsnmpd-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME

View File

@ -1,9 +1,9 @@
.Dd June 2 2016
.Dd November 21 2016
.Dt NTPSNMPD 1ntpsnmpdmdoc User Commands
.Os
.\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.mdoc)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:39:18 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:03:24 AM by AutoGen 5.18.5
.\" From the definitions ntpsnmpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME

View File

@ -42,7 +42,7 @@ Up:&nbsp;<a rel="up" accesskey="u" href="#dir">(dir)</a>
<p>The <code>ntpsnmpd</code> utility program is used to monitor NTP daemon <code>ntpd</code>
operations and determine performance. It uses the standard NTP mode 6 control
<p>This document applies to version 4.2.8p8 of <code>ntpsnmpd</code>.
<p>This document applies to version 4.2.8p9 of <code>ntpsnmpd</code>.
<ul class="menu">
<li><a accesskey="1" href="#ntpsnmpd-Description">ntpsnmpd Description</a>: Description

View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntpsnmpd @NTPSNMPD_MS@ "02 Jun 2016" "4.2.8p8" "User Commands"
.TH ntpsnmpd @NTPSNMPD_MS@ "21 Nov 2016" "4.2.8p9" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-IPay_Y/ag-WPaq.Y)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-oTaGvl/ag-ATayul)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:39:11 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:03:18 AM by AutoGen 5.18.5
.\" From the definitions ntpsnmpd-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME

View File

@ -1,9 +1,9 @@
.Dd June 2 2016
.Dd November 21 2016
.Dt NTPSNMPD @NTPSNMPD_MS@ User Commands
.Os
.\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.mdoc)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:39:18 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 08:03:24 AM by AutoGen 5.18.5
.\" From the definitions ntpsnmpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME

View File

@ -83,7 +83,7 @@ CLTAG=NTP_4_2_0
# - Numeric values increment
# - empty 'increments' to 1
# - NEW 'increments' to empty
point=8
point=9
### betapoint is normally modified by script.
# ntp-stable Beta number (betapoint)

View File

@ -34,21 +34,23 @@ use warnings;
my $bk_u = "bk changes -and:USER: | sort -u |";
chomp(my $bk_root = `bk root`);
my $A_path = "$bk_root/BitKeeper/etc/authors.txt";
my $A_dir = "$bk_root/BitKeeper/etc/Authors";
my $A_file = "$bk_root/BitKeeper/etc/authors.txt";
my %authors;
my $problem = 0;
die "bkroot: <$bk_root>, A_path: <$A_path>\n" if (! -r $A_path);
die "bkroot: <$bk_root>, A_dir: <$A_dir>\n" if (! -r $A_dir);
die "bkroot: <$bk_root>, A_file: <$A_file>\n" if (! -r $A_file);
# Process the authors.txt file
open(my $FILE, '<', $A_path) or die "Could not open <$A_path>: $!\n";
open(my $FILE, '<', $A_file) or die "Could not open <$A_file>: $!\n";
while (<$FILE>) {
chomp;
if (/^([\S]+) = ([\V]+) <([\w.-]+\@[\w.-]+)>$/) {
# print "Got '$1 = $2 <$3>'\n";
$authors{$1} = "";
} else {
print "In $A_path: unrecognized line: '$_'\n";
print "In $A_file: unrecognized line: '$_'\n";
$problem = 1;
}
}
@ -69,7 +71,7 @@ while (<BKU>) {
if (!defined($authors{$Name})) {
$problem = 1;
print "<$Name> is not a defined author!\n";
open(my $FILE, '>>', "$A_path/$name.txt") || die "Cannot create '$A_path/$name.txt': $!\n";
open(my $FILE, '>>', "$A_dir/$name.txt") || die "Cannot create '$A_dir/$name.txt': $!\n";
print $FILE "$Name = \n";
close($FILE);
}

View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH calc_tickadj 1calc_tickadjman "02 Jun 2016" "ntp (4.2.8p8)" "User Commands"
.TH calc_tickadj 1calc_tickadjman "21 Nov 2016" "ntp (4.2.8p9)" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-3laW2J/ag-ema41J)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-OyayV3/ag-1yaGU3)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:24:25 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 07:58:34 AM by AutoGen 5.18.5
.\" From the definitions calc_tickadj-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME

View File

@ -1,9 +1,9 @@
.Dd June 2 2016
.Dd November 21 2016
.Dt CALC_TICKADJ 1calc_tickadjmdoc User Commands
.Os
.\" EDIT THIS FILE WITH CAUTION (calc_tickadj-opts.mdoc)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:24:27 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 07:58:36 AM by AutoGen 5.18.5
.\" From the definitions calc_tickadj-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME

View File

@ -31,7 +31,7 @@ Up:&nbsp;<a rel="up" accesskey="u" href="#dir">(dir)</a>
<h2 class="unnumbered">calc_tickadj User's Manual</h2>
<p>This document describes the use of the NTP Project's <code>calc_tickadj</code> program.
This document applies to version 4.2.8p8 of <code>calc_tickadj</code>.
This document applies to version 4.2.8p9 of <code>calc_tickadj</code>.
<div class="shortcontents">
<h2>Short Contents</h2>

View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH calc_tickadj 1calc_tickadjman "02 Jun 2016" "ntp (4.2.8p8)" "User Commands"
.TH calc_tickadj 1calc_tickadjman "21 Nov 2016" "ntp (4.2.8p9)" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-3laW2J/ag-ema41J)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-OyayV3/ag-1yaGU3)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:24:25 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 07:58:34 AM by AutoGen 5.18.5
.\" From the definitions calc_tickadj-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME

View File

@ -1,9 +1,9 @@
.Dd June 2 2016
.Dd November 21 2016
.Dt CALC_TICKADJ 1calc_tickadjmdoc User Commands
.Os
.\" EDIT THIS FILE WITH CAUTION (calc_tickadj-opts.mdoc)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:24:27 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 07:58:36 AM by AutoGen 5.18.5
.\" From the definitions calc_tickadj-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME

View File

@ -6,7 +6,7 @@
#
# EDIT THIS FILE WITH CAUTION (invoke-calc_tickadj.texi)
#
# It has been AutoGen-ed June 2, 2016 at 07:24:29 AM by AutoGen 5.18.5
# It has been AutoGen-ed November 21, 2016 at 07:58:38 AM by AutoGen 5.18.5
# From the definitions calc_tickadj-opts.def
# and the template file agtexi-cmd.tpl
@end ignore

View File

@ -6,7 +6,7 @@
#
# EDIT THIS FILE WITH CAUTION (invoke-plot_summary.texi)
#
# It has been AutoGen-ed June 2, 2016 at 07:25:50 AM by AutoGen 5.18.5
# It has been AutoGen-ed November 21, 2016 at 07:59:26 AM by AutoGen 5.18.5
# From the definitions plot_summary-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@ -41,7 +41,7 @@ with a status code of 0.
@exampleindent 0
@example
plot_summary - plot statistics generated by summary script - Ver. 4.2.8p8
plot_summary - plot statistics generated by summary script - Ver. 4.2.8p9
USAGE: plot_summary [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
--directory=str Where the summary files are

View File

@ -6,7 +6,7 @@
#
# EDIT THIS FILE WITH CAUTION (invoke-summary.texi)
#
# It has been AutoGen-ed June 2, 2016 at 07:25:58 AM by AutoGen 5.18.5
# It has been AutoGen-ed November 21, 2016 at 07:59:32 AM by AutoGen 5.18.5
# From the definitions summary-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@ -42,7 +42,7 @@ with a status code of 0.
@exampleindent 0
@example
summary - compute various stastics from NTP stat files - Ver. 4.2.8p8
summary - compute various stastics from NTP stat files - Ver. 4.2.8p9
USAGE: summary [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
--directory=str Directory containing stat files

View File

@ -6,7 +6,7 @@
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp-wait.texi)
#
# It has been AutoGen-ed June 2, 2016 at 07:24:39 AM by AutoGen 5.18.5
# It has been AutoGen-ed November 21, 2016 at 07:58:47 AM by AutoGen 5.18.5
# From the definitions ntp-wait-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@ -61,7 +61,7 @@ with a status code of 0.
@exampleindent 0
@example
ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p8
ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p9
USAGE: ntp-wait [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
-n, --tries=num Number of times to check ntpd

View File

@ -1,6 +1,6 @@
# EDIT THIS FILE WITH CAUTION (ntp-wait-opts)
#
# It has been AutoGen-ed June 2, 2016 at 07:24:33 AM by AutoGen 5.18.5
# It has been AutoGen-ed November 21, 2016 at 07:58:41 AM by AutoGen 5.18.5
# From the definitions ntp-wait-opts.def
# and the template file perlopt
@ -40,7 +40,7 @@ sub processOptions {
'help|?', 'more-help'));
$usage = <<'USAGE';
ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p8
ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p9
USAGE: ntp-wait [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
-n, --tries=num Number of times to check ntpd

View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntp-wait 1ntp-waitman "02 Jun 2016" "ntp (4.2.8p8)" "User Commands"
.TH ntp-wait 1ntp-waitman "21 Nov 2016" "ntp (4.2.8p9)" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-IZaWqL/ag-WZa4pL)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-oRayj5/ag-CRaGi5)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:24:36 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 07:58:43 AM by AutoGen 5.18.5
.\" From the definitions ntp-wait-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME

View File

@ -1,9 +1,9 @@
.Dd June 2 2016
.Dd November 21 2016
.Dt NTP_WAIT 1ntp-waitmdoc User Commands
.Os
.\" EDIT THIS FILE WITH CAUTION (ntp-wait-opts.mdoc)
.\"
.\" It has been AutoGen-ed June 2, 2016 at 07:24:44 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed November 21, 2016 at 07:58:50 AM by AutoGen 5.18.5
.\" From the definitions ntp-wait-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME

Some files were not shown because too many files have changed in this diff Show More