diff options
172 files changed, 2804 insertions, 1715 deletions
diff --git a/ChangeLog b/ChangeLog index b4ee4247a8d6..f381a093cf94 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,68 @@ --- +(4.2.8p12) 2018/08/14 Released by Harlan Stenn <stenn@ntp.org> + +* [Sec 3505] CVE-2018-12327 - Arbitrary Code Execution Vulnerability + - fixed stack buffer overflow in the openhost() command-line call + of NTPQ/NTPDC <perlinger@ntp.org> +* [Sec 3012] noepeer tweaks. <stenn@ntp.org> +* [Bug 3521] Fix a logic bug in the INVALIDNAK checks. <stenn@ntp.org> +* [Bug 3509] Add support for running as non-root on FreeBSD, Darwin, + other TrustedBSD platforms + - applied patch by Ian Lepore <perlinger@ntp.org> +* [Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org> + - changed interaction with SCM to signal pending startup +* [Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org> + - applied patch by Gerry Garvey +* [Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org> + - applied patch by Gerry Garvey +* [Bug 3484] ntpq response from ntpd is incorrect when REFID is null <perlinger@ntp.org> + - rework of ntpq 'nextvar()' key/value parsing +* [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org> + - applied patch by Gerry Garvey (with mods) +* [Bug 3480] Refclock sample filter not cleared on clock STEP <perlinger@ntp.org> + - applied patch by Gerry Garvey +* [Bug 3479] ctl_putrefid() allows unsafe characters through to ntpq <perlinger@ntp.org> + - applied patch by Gerry Garvey (with mods) +* [Bug 3476]ctl_putstr() sends empty unquoted string [...] <perlinger@ntp.org> + - applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though +* [Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org> + - applied patch by Gerry Garvey +* [Bug 3474] Missing pmode in mode7 peer info response <perlinger@ntp.org> + - applied patch by Gerry Garvey +* [Bug 3471] Check for openssl/[ch]mac.h. HStenn. + - add #define ENABLE_CMAC support in configure. HStenn. +* [Bug 3470] ntpd4.2.8p11 fails to compile without OpenSSL <perlinger@ntp.org> +* [Bug 3469] Incomplete string compare [...] in is_refclk_addr <perlinger@ntp.org> + - patch by Stephen Friedl +* [Bug 3467] Potential memory fault in ntpq [...] <perlinger@ntp.org> + - fixed IO redirection and CTRL-C handling in ntq and ntpdc +* [Bug 3465] Default TTL values cannot be used <perlinger@ntp.org> +* [Bug 3461] refclock_shm.c: clear error status on clock recovery <perlinger@ntp.org> + - initial patch by Hal Murray; also fixed refclock_report() trouble +* [Bug 3460] Fix typo in ntpq.texi, reported by Kenyon Ralph. <stenn@ntp.org> +* [Bug 3456] Use uintptr_t rather than size_t to store an integer in a pointer + - According to Brooks Davis, there was only one location <perlinger@ntp.org> +* [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org> + - applied patch by Gerry Garvey +* [Bug 3445] Symmetric peer won't sync on startup <perlinger@ntp.org> + - applied patch by Gerry Garvey +* [Bug 3442] Fixes for ntpdate as suggested by Gerry Garvey, + with modifications + New macro REFID_ISTEXT() which is also used in ntpd/ntp_control.c. +* [Bug 3434] ntpd clears STA_UNSYNC on start <perlinger@ntp.org> + - applied patch by Miroslav Lichvar +* [Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov. +* [Bug 3121] Drop root privileges for the forked DNS worker <perlinger@ntp.org> + - integrated patch by Reinhard Max +* [Bug 2821] minor build issues <perlinger@ntp.org> + - applied patches by Christos Zoulas, including real bug fixes +* html/authopt.html: cleanup, from <stenn@ntp.org> +* ntpd/ntpd.c: DROPROOT cleanup. <stenn@ntp.org> +* Symmetric key range is 1-65535. Update docs. <stenn@ntp.org> +* html/authentic.html: cleanup, from <stenn@ntp.org> + +--- +(4.2.8p11) 2018/02/27 Released by Harlan Stenn <stenn@ntp.org> * [Sec 3454] Unauthenticated packet can reset authenticated interleave associations. HStenn. @@ -14,16 +78,16 @@ - applied patch by Sean Haugh * [Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org> * [Bug 3450] Dubious error messages from plausibility checks in get_systime() - - removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org> + - removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org> * [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org> - refactoring the MAC code, too * [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org * [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger@ntp.org> - - applied patch by ggarvey + - applied patch by ggarvey * [Bug 3438] Negative values and values > 999 days in... <perlinger@ntp.org> - - applied patch by ggarvey (with minor mods) + - applied patch by ggarvey (with minor mods) * [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain - - applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org> + - applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org> * [Bug 3435] anchor NTP era alignment <perlinger@ntp.org> * [Bug 3433] sntp crashes when run with -a. <stenn@ntp.org> * [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2" @@ -1,5 +1,5 @@ -- -NTP 4.2.8p11 (Harlan Stenn <stenn@ntp.org>, 2018/02/27) +NTP 4.2.8p12 (Harlan Stenn <stenn@ntp.org>, 2018/14/09) NOTE: this NEWS file will be undergoing more revisions. @@ -7,6 +7,77 @@ Focus: Security, Bug fixes, enhancements. Severity: MEDIUM +This release fixes a "hole" in the noepeer capability introduced to ntpd +in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by +ntpq and ntpdc. It also provides 26 other bugfixes, and 4 other improvements: + +* [Sec 3505] Buffer overflow in the openhost() call of ntpq and ntpdc. + +* [Sec 3012] Fix a hole in the new "noepeer" processing. + +* Bug Fixes: + [Bug 3521] Fix a logic bug in the INVALIDNAK checks. <stenn@ntp.org> + [Bug 3509] Add support for running as non-root on FreeBSD, Darwin, + other TrustedBSD platforms + - applied patch by Ian Lepore <perlinger@ntp.org> + [Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org> + - changed interaction with SCM to signal pending startup + [Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org> + - applied patch by Gerry Garvey + [Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org> + - applied patch by Gerry Garvey + [Bug 3484] ntpq response from ntpd is incorrect when REFID is null <perlinger@ntp.org> + - rework of ntpq 'nextvar()' key/value parsing + [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org> + - applied patch by Gerry Garvey (with mods) + [Bug 3480] Refclock sample filter not cleared on clock STEP <perlinger@ntp.org> + - applied patch by Gerry Garvey + [Bug 3479] ctl_putrefid() allows unsafe characters through to ntpq <perlinger@ntp.org> + - applied patch by Gerry Garvey (with mods) + [Bug 3476]ctl_putstr() sends empty unquoted string [...] <perlinger@ntp.org> + - applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though + [Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org> + - applied patch by Gerry Garvey + [Bug 3474] Missing pmode in mode7 peer info response <perlinger@ntp.org> + - applied patch by Gerry Garvey + [Bug 3471] Check for openssl/[ch]mac.h. HStenn. + - add #define ENABLE_CMAC support in configure. HStenn. + [Bug 3470] ntpd4.2.8p11 fails to compile without OpenSSL <perlinger@ntp.org> + [Bug 3469] Incomplete string compare [...] in is_refclk_addr <perlinger@ntp.org> + - patch by Stephen Friedl + [Bug 3467] Potential memory fault in ntpq [...] <perlinger@ntp.org> + - fixed IO redirection and CTRL-C handling in ntq and ntpdc + [Bug 3465] Default TTL values cannot be used <perlinger@ntp.org> + [Bug 3461] refclock_shm.c: clear error status on clock recovery <perlinger@ntp.org> + - initial patch by Hal Murray; also fixed refclock_report() trouble + [Bug 3460] Fix typo in ntpq.texi, reported by Kenyon Ralph. <stenn@ntp.org> + [Bug 3456] Use uintptr_t rather than size_t to store an integer in a pointer + - According to Brooks Davis, there was only one location <perlinger@ntp.org> + [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org> + - applied patch by Gerry Garvey + [Bug 3445] Symmetric peer won't sync on startup <perlinger@ntp.org> + - applied patch by Gerry Garvey + [Bug 3442] Fixes for ntpdate as suggested by Gerry Garvey, + with modifications + New macro REFID_ISTEXT() which is also used in ntpd/ntp_control.c. + [Bug 3434] ntpd clears STA_UNSYNC on start <perlinger@ntp.org> + - applied patch by Miroslav Lichvar + [Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov. + [Bug 3121] Drop root privileges for the forked DNS worker <perlinger@ntp.org> + - integrated patch by Reinhard Max + [Bug 2821] minor build issues <perlinger@ntp.org> + - applied patches by Christos Zoulas, including real bug fixes + html/authopt.html: cleanup, from <stenn@ntp.org> + ntpd/ntpd.c: DROPROOT cleanup. <stenn@ntp.org> + Symmetric key range is 1-65535. Update docs. <stenn@ntp.org> + +-- +NTP 4.2.8p11 (Harlan Stenn <stenn@ntp.org>, 2018/02/27) + +Focus: Security, Bug fixes, enhancements. + +Severity: MEDIUM + This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and provides 65 other non-security fixes and improvements: diff --git a/config.h.in b/config.h.in index 13f9bc838f15..e91f86b1f93a 100644 --- a/config.h.in +++ b/config.h.in @@ -311,6 +311,9 @@ /* Provide the explicit 127.0.0.0/8 martian filter? */ #undef ENABLE_BUG3020_FIX +/* Enable CMAC support? */ +#undef ENABLE_CMAC + /* nls support in libopts */ #undef ENABLE_NLS @@ -372,6 +375,14 @@ /* Define to 1 if you have the `daemon' function. */ #undef HAVE_DAEMON +/* Define to 1 if you have the declaration of `siglongjmp', and to 0 if you + don't. */ +#undef HAVE_DECL_SIGLONGJMP + +/* Define to 1 if you have the declaration of `sigsetjmp', and to 0 if you + don't. */ +#undef HAVE_DECL_SIGSETJMP + /* Define to 1 if you have the declaration of `strerror_r', and to 0 if you don't. */ #undef HAVE_DECL_STRERROR_R @@ -653,6 +664,12 @@ /* if you have NT Threads */ #undef HAVE_NT_THREADS +/* Define to 1 if you have the <openssl/cmac.h> header file. */ +#undef HAVE_OPENSSL_CMAC_H + +/* Define to 1 if you have the <openssl/hmac.h> header file. */ +#undef HAVE_OPENSSL_HMAC_H + /* Define to 1 if the system has the type `pid_t'. */ #undef HAVE_PID_T @@ -957,6 +974,9 @@ /* Define to 1 if you have the <sys/lock.h> header file. */ #undef HAVE_SYS_LOCK_H +/* Define to 1 if you have the <sys/mac.h> header file. */ +#undef HAVE_SYS_MAC_H + /* Define to 1 if you have the <sys/mman.h> header file. */ #undef HAVE_SYS_MMAN_H @@ -1117,6 +1137,9 @@ /* Do we have the TIO serial stuff? */ #undef HAVE_TIO_SERIAL_STUFF +/* Are TrustedBSD MAC policy privileges available? */ +#undef HAVE_TRUSTEDBSD_MAC + /* Define to 1 if the system has the type `uint16_t'. */ #undef HAVE_UINT16_T diff --git a/configure b/configure index 1ab45bc43888..0ba239416fac 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for ntp 4.2.8p11. +# Generated by GNU Autoconf 2.69 for ntp 4.2.8p12. # # Report bugs to <http://bugs.ntp.org./>. # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='ntp' PACKAGE_TARNAME='ntp' -PACKAGE_VERSION='4.2.8p11' -PACKAGE_STRING='ntp 4.2.8p11' +PACKAGE_VERSION='4.2.8p12' +PACKAGE_STRING='ntp 4.2.8p12' PACKAGE_BUGREPORT='http://bugs.ntp.org./' PACKAGE_URL='http://www.ntp.org./' @@ -968,6 +968,7 @@ enable_c99_snprintf enable_clockctl enable_linuxcaps enable_solarisprivs +enable_trustedbsd_mac with_arlib with_net_snmp_config enable_libseccomp @@ -1614,7 +1615,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ntp 4.2.8p11 to adapt to many kinds of systems. +\`configure' configures ntp 4.2.8p12 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1684,7 +1685,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ntp 4.2.8p11:";; + short | recursive ) echo "Configuration of ntp 4.2.8p12:";; esac cat <<\_ACEOF @@ -1731,6 +1732,8 @@ Optional Features and Packages: --enable-clockctl s Use /dev/clockctl for non-root clock control --enable-linuxcaps + Use Linux capabilities for non-root clock control --enable-solarisprivs + Use Solaris privileges for non-root clock control + --enable-trustedbsd-mac s Use TrustedBSD MAC policy for non-root clock + control --with-arlib - deprecated, arlib not distributed --with-net-snmp-config + =net-snmp-config --enable-libseccomp EXPERIMENTAL: enable support for libseccomp @@ -1923,7 +1926,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ntp configure 4.2.8p11 +ntp configure 4.2.8p12 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2632,7 +2635,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ntp $as_me 4.2.8p11, which was +It was created by ntp $as_me 4.2.8p12, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3633,7 +3636,7 @@ fi # Define the identity of the package. PACKAGE='ntp' - VERSION='4.2.8p11' + VERSION='4.2.8p12' cat >>confdefs.h <<_ACEOF @@ -24026,7 +24029,40 @@ esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_have_solarisprivs" >&5 $as_echo "$ntp_have_solarisprivs" >&6; } -case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs" in +for ac_header in sys/mac.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "sys/mac.h" "ac_cv_header_sys_mac_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_mac_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SYS_MAC_H 1 +_ACEOF + +fi + +done + + +# Check whether --enable-trustedbsd_mac was given. +if test "${enable_trustedbsd_mac+set}" = set; then : + enableval=$enable_trustedbsd_mac; ntp_use_trustedbsd_mac=$enableval + +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we should use TrustedBSD MAC privileges" >&5 +$as_echo_n "checking if we should use TrustedBSD MAC privileges... " >&6; } + +case "$ntp_use_trustedbsd_mac$ac_cv_header_sys_mac_h" in + yesyes) + +$as_echo "#define HAVE_TRUSTEDBSD_MAC 1" >>confdefs.h + +esac + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_use_trustedbsd_mac" >&5 +$as_echo "$ntp_use_trustedbsd_mac" >&6; } + +case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs$ntp_use_trustedbsd_mac" in *yes*) $as_echo "#define HAVE_DROPROOT 1" >>confdefs.h @@ -30311,6 +30347,19 @@ $as_echo "$ntp_openssl" >&6; } case "$ntp_openssl" in yes) + for ac_header in openssl/cmac.h openssl/hmac.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + $as_echo "#define OPENSSL /**/" >>confdefs.h @@ -30534,6 +30583,21 @@ LIBS="$NTPO_SAVED_LIBS" { ntp_openssl_from_pkg_config=; unset ntp_openssl_from_pkg_config;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we want to enable CMAC support" >&5 +$as_echo_n "checking if we want to enable CMAC support... " >&6; } +case "$ac_cv_header_openssl_cmac_h" in + yes) + +$as_echo "#define ENABLE_CMAC 1" >>confdefs.h + + ans="yes" + ;; + *) ans="no" + ;; +esac +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ans" >&5 +$as_echo "$ans" >&6; } + @@ -33223,6 +33287,32 @@ fi ### +ac_fn_c_check_decl "$LINENO" "sigsetjmp" "ac_cv_have_decl_sigsetjmp" "#include <setjmp.h> +" +if test "x$ac_cv_have_decl_sigsetjmp" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SIGSETJMP $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "siglongjmp" "ac_cv_have_decl_siglongjmp" "#include <setjmp.h> +" +if test "x$ac_cv_have_decl_siglongjmp" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SIGLONGJMP $ac_have_decl +_ACEOF + + +### + prefix_NONE= exec_prefix_NONE= @@ -33964,7 +34054,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ntp $as_me 4.2.8p11, which was +This file was extended by ntp $as_me 4.2.8p12, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -34031,7 +34121,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ntp config.status 4.2.8p11 +ntp config.status 4.2.8p12 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 4e7e06af6167..1f477c514188 100644 --- a/configure.ac +++ b/configure.ac @@ -3014,6 +3014,17 @@ AC_MSG_RESULT([$ans]) NTP_OPENSSL +AC_MSG_CHECKING([if we want to enable CMAC support]) +case "$ac_cv_header_openssl_cmac_h" in + yes) + AC_DEFINE([ENABLE_CMAC], [1], [Enable CMAC support?]) + ans="yes" + ;; + *) ans="no" + ;; +esac +AC_MSG_RESULT([$ans]) + NTP_CRYPTO_RAND # if we are using OpenSSL (--with-crypto), by default Autokey is enabled @@ -4380,6 +4391,10 @@ NTP_PROBLEM_TESTS ### +AC_CHECK_DECLS([sigsetjmp,siglongjmp], [], [], [[#include <setjmp.h>]]) + +### + AC_DEFINE_DIR([NTP_KEYSDIR], [sysconfdir], [Default location of crypto key info]) diff --git a/html/authentic.html b/html/authentic.html index 06bb67bc727a..52703e4566e5 100644 --- a/html/authentic.html +++ b/html/authentic.html @@ -1,91 +1,223 @@ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> -<head> -<meta http-equiv="content-type" content="text/html;charset=iso-8859-1"> -<meta name="generator" content="HTML Tidy, see www.w3.org"> -<title>Authentication Support</title> -<link href="scripts/style.css" type="text/css" rel="stylesheet"> -<style type="text/css"> -<!-- -<style1 { -color: #FF0000; - font-weight: bold; -} -.style1 {color: #FF0000} ---> -</style> -</head> -<body> -<h3>Authentication Support</h3> -<img src="pic/alice44.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a> -<p>Our resident cryptographer; now you see him, now you don't.</p> -<p>Last update: - <!-- #BeginDate format:En2m -->5-Feb-2016 09:13<!-- #EndDate --> - UTC</p> -<br clear="left"> -<h4>Related Links</h4> -<script type="text/javascript" language="javascript" src="scripts/hand.txt"></script> -<script type="text/javascript" language="javascript" src="scripts/authopt.txt"></script> -<h4>Table of Contents</h4> -<ul> - <li class="inline"><a href="#auth">Introduction</a></li> - <li class="inline"><a href="#symm">Symmetric Key Cryptography</a></li> - <li class="inline"><a href="#windows">Microsoft Windows Authentication</a></li> - <li class="inline"><a href="#pub">Public Key Cryptography</a></li> -</ul> -<hr> -<h4 id="auth">Introduction</h4> -<p>This page describes the various cryptographic authentication provisions in NTPv4. Authentication support allows the NTP client to verify that servers are in fact known and trusted and not intruders intending accidentally or intentionally to masquerade as a legitimate server. A detailed discussion of the NTP multi-layer security model and vulnerability analysis is in the white paper <a href="http://www.eecis.udel.edu/~mills/security.html">NTP Security Analysis</a>.</p> -<p> The NTPv3 specification (RFC-1305) defined an authentication scheme properly described as <em>symmetric key cryptography</em>. It used the Data Encryption Standard (DES) algorithm operating in cipher-block chaining (CBC) mode. Subsequently, this algorithm was replaced by the RSA Message Digest 5 (MD5) algorithm commonly called keyed-MD5. Either algorithm computes a message digest or one-way hash which can be used to verify the client has the same message digest as the server. The MD5 message digest algorithm is included in the distribution, so without further cryptographic support, the distribution can be freely exported.</p> -<p>If the OpenSSL cryptographic library is installed prior to building the distribution, all message digest algorithms included in the library may be used, including SHA and SHA1. However, if conformance to FIPS 140-2 is required, only a limited subset of these algorithms can be used. This library is available from <a href="http://www.openssl.org">http://www.openssl.org</a> and can be installed using the procedures outlined in the <a href="build.html">Building and Installing the Distribution</a> page. Once installed, the configure and build process automatically detects the library and links the library routines -required.</p> -<p>In addition to the symmetric key algorithms, this distribution includes support for the Autokey public key algorithms and protocol specified in RFC-5906 "Network Time Protocol Version 4: Autokey Specification". This support is available only if the OpenSSL library has been installed and the <tt>--enable-autokey</tt> option is used when the distribution is built.</p> -<p> Public key cryptography is generally considered more secure than symmetric key cryptography, since the security is based on private and public values which are generated by each participant and where the private value is never revealed. Autokey uses X.509 public certificates, which can be produced by commercial services, the OpenSSL application program, or the <a href="keygen.html"><tt>ntp-keygen</tt></a> utility program in the NTP software distribution.</p> -<p>Note that according to US law, NTP binaries including OpenSSL library components, including the OpenSSL library itself, cannot be exported outside the US without license from the US Department of Commerce. Builders outside the US are advised to obtain the OpenSSL library directly from OpenSSL, which is outside the US, and build outside the US.</p> -<p>Authentication is configured separately for each association using the <tt>key</tt> or <tt>autokey</tt> option of the <tt>server</tt> configuration command, as described in the <a href="confopt.html">Server Options</a> page. The <a href="keygen.html">ntp-keygen</a> page describes the files required for the various authentication schemes. Further details are in the briefings, papers and reports at the NTP project page linked from <a href="http://www.ntp.org">www.ntp.org</a>.</p> -<p>By default, the client sends non-authenticated packets and the server responds with non-authenticated packets. If the client sends authenticated packets, the server responds with authenticated packets if correct, or a crypto-NAK packet if not. In the case of unsolicited packets which might consume significant resources, such as broadcast or symmetric mode packets, authentication is required, unless overridden by a <tt>disable auth</tt> command. In the current climate of targeted broadcast or "letterbomb" attacks, defeating this requirement would be decidedly dangerous. In any case, the <tt>notrust </tt>flag, described on the <a href="authopt.html">Access Control Options</a> page, can be used to disable access to all but correctly authenticated clients.</p> -<h4 id="symm">Symmetric Key Cryptography</h4> -<p>The original NTPv3 specification (RFC-1305), as well as the current NTPv4 specification (RFC-5905), allows any one of possibly 65,534 message digest keys (excluding zero), each distinguished by a 32-bit key ID, to authenticate an association. The servers and clients involved must agree on the key ID, key type and key to authenticate NTP packets.</p> -<p>The message digest is a cryptographic hash computed by an algorithm such as MD5, SHA, or AES-128 CMAC. When authentication is specified, a message authentication code (MAC) is appended to the NTP packet header. The MAC consists of a 32-bit key identifier (key ID) followed by a 128- or 160-bit message digest. The algorithm computes the digest as the hash of a 128- or 160- bit message digest key concatenated with the NTP packet header fields with the exception of the MAC. On transmit, the message digest is computed and inserted in the MAC. On receive, the message digest is computed and compared with the MAC. The packet is accepted only if the two MACs are identical. If a discrepancy is found by the client, the client ignores the packet, but raises an alarm. If this happens at the server, the server returns a special message called a <em>crypto-NAK</em>. Since the crypto-NAK is protected by the loopback test, an intruder cannot disrupt the protocol by sending a bogus crypto-NAK.</p> -<p>Keys and related information are specified in a keys file, which must be distributed and stored using secure means beyond the scope of the NTP protocol itself. Besides the keys used for ordinary NTP associations, additional keys can be used as passwords for the <tt><a href="ntpq.html">ntpq</a></tt> and <tt><a href="ntpdc.html">ntpdc</a></tt> utility programs. Ordinarily, the <tt>ntp.keys</tt> file is generated by the <tt><a href="keygen.html">ntp-keygen</a></tt> program, but it can be constructed and edited using an ordinary text editor.</p> -<p> Each line of the keys file consists of three or four fields: a key ID in the range 1 to 65,534, inclusive, a key type, a message digest key consisting of a printable ASCII string less than 40 characters or a 40-character hex digit string, and an optional comma-separated list of IPs that are allowed to serve time. If the OpenSSL library is installed, the key type can be any message digest algorithm supported by the library. If the OpenSSL library is not installed, the only permitted key type is MD5.</p> -<table> - <caption style="caption-side: bottom;"> - Figure 1. Typical Symmetric Key File - </caption> - <tr><td style="border: 1px solid black; border-spacing: 0;"> - <pre style="color:grey;"> -# ntpkey_MD5key_bk.ntp.org.3595864945 -# Thu Dec 12 19:22:25 2013 + <head> + <meta http-equiv="content-type" content="text/html;charset=iso-8859-1"> + <meta name="generator" content="HTML Tidy, see www.w3.org"> + <title>Authentication Support</title> + <!-- Changed by: Harlan Stenn, 24-Jul-2018 --> + <link href="scripts/style.css" type="text/css" rel="stylesheet"> + <style type="text/css"> + <!-- + <style1 { + color: #FF0000; + font-weight: bold; + } + .style1 {color: #FF0000} + --> + </style> + </head> + <body> + <h3>Authentication Support</h3> + <img src="pic/alice44.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a> + <p>Our resident cryptographer; now you see him, now you don't.</p> + <p>Last update: + <!-- #BeginDate format:En2m -->24-Jul-2018 09:12<!-- #EndDate --> + UTC</p> + <br clear="left"> + <h4>Related Links</h4> + <script type="text/javascript" language="javascript" src="scripts/hand.txt"></script> + <script type="text/javascript" language="javascript" src="scripts/authopt.txt"></script> + <h4>Table of Contents</h4> + <ul> + <li class="inline"><a href="#auth">Introduction</a></li> + <li class="inline"><a href="#symm">Symmetric Key Cryptography</a></li> + <li class="inline"><a href="#windows">Microsoft Windows Authentication</a></li> + <li class="inline"><a href="#pub">Public Key Cryptography</a></li> + </ul> + <hr> + <h4 id="auth">Introduction</h4> + <p>This page describes the various cryptographic authentication + provisions in NTPv4. Authentication support allows the NTP client to + verify that servers are in fact known and trusted and not intruders + intending accidentally or intentionally to masquerade as a legitimate + server. A detailed discussion of the NTP multi-layer security model + and vulnerability analysis is in the white + paper <a href="http://www.eecis.udel.edu/~mills/security.html">NTP + Security Analysis</a>.</p> + <p>The NTPv3 specification (RFC-1305) defined an authentication scheme + properly described as <em>symmetric key cryptography</em>. It used + the Data Encryption Standard (DES) algorithm operating in cipher-block + chaining (CBC) mode. Subsequently, this algorithm was replaced by the + RSA Message Digest 5 (MD5) algorithm commonly called keyed-MD5. + Either algorithm computes a message digest or one-way hash which can + be used to verify the client has the same message digest as the + server. The MD5 message digest algorithm is included in the + distribution, so without further cryptographic support, the + distribution can be freely exported.</p> + <p>If the OpenSSL cryptographic library is installed prior to building + the distribution, all message digest algorithms included in the + library may be used, including SHA and SHA1. However, if conformance + to FIPS 140-2 is required, only a limited subset of these algorithms + can be used. This library is available + from <a href="http://www.openssl.org">http://www.openssl.org</a> and + can be installed using the procedures outlined in + the <a href="build.html">Building and Installing the Distribution</a> + page. Once installed, the configure and build process automatically + detects the library and links the library routines required.</p> + <p>In addition to the symmetric key algorithms, this distribution + includes support for the Autokey public key algorithms and protocol + specified in RFC-5906 "Network Time Protocol Version 4: Autokey + Specification". This support is available only if the OpenSSL + library has been installed and the <tt>--enable-autokey</tt> option is + used when the distribution is built.</p> + <p> Public key cryptography is generally considered more secure than + symmetric key cryptography, since the security is based on private and + public values which are generated by each participant and where the + private value is never revealed. Autokey uses X.509 public + certificates, which can be produced by commercial services, the + OpenSSL application program, or + the <a href="keygen.html"><tt>ntp-keygen</tt></a> utility program in + the NTP software distribution.</p> + <p>Note that according to US law, NTP binaries including OpenSSL library + components, including the OpenSSL library itself, cannot be exported + outside the US without license from the US Department of Commerce. + Builders outside the US are advised to obtain the OpenSSL library + directly from OpenSSL, which is outside the US, and build outside the + US.</p> + <p>Authentication is configured separately for each association using + the <tt>key</tt> or <tt>autokey</tt> option of the <tt>server</tt> + configuration command, as described in + the <a href="confopt.html">Server Options</a> page. + The <a href="keygen.html">ntp-keygen</a> page describes the files + required for the various authentication schemes. Further details are + in the briefings, papers and reports at the NTP project page linked + from <a href="http://www.ntp.org">www.ntp.org</a>.</p> + <p>By default, the client sends non-authenticated packets and the server + responds with non-authenticated packets. If the client sends + authenticated packets, the server responds with authenticated packets + if correct, or a crypto-NAK packet if not. In the case of unsolicited + packets which might consume significant resources, such as broadcast + or symmetric mode packets, authentication is required, unless + overridden by a <tt>disable auth</tt> command. In the current climate + of targeted broadcast or "letterbomb" attacks, defeating + this requirement would be decidedly dangerous. In any case, + the <tt>notrust </tt>flag, described on + the <a href="authopt.html">Access Control Options</a> page, can be + used to disable access to all but correctly authenticated clients.</p> + <h4 id="symm">Symmetric Key Cryptography</h4> + <p>The original NTPv3 specification (RFC-1305), as well as the current + NTPv4 specification (RFC-5905), allows any one of possibly 65,535 + message digest keys (excluding zero), each distinguished by a 32-bit + key ID, to authenticate an association. The servers and clients + involved must agree on the key ID, key type and key to authenticate + NTP packets.</p> + <p>The message digest is a cryptographic hash computed by an algorithm + such as MD5, SHA, or AES-128 CMAC. When authentication is specified, + a message authentication code (MAC) is appended to the NTP packet + header. The MAC consists of a 32-bit key identifier (key ID) followed + by a 128- or 160-bit message digest. The algorithm computes the + digest as the hash of a 128- or 160- bit message digest key + concatenated with the NTP packet header fields with the exception of + the MAC. On transmit, the message digest is computed and inserted in + the MAC. On receive, the message digest is computed and compared with + the MAC. The packet is accepted only if the two MACs are identical. + If a discrepancy is found by the client, the client ignores the + packet, but raises an alarm. If this happens at the server, the + server returns a special message called a <em>crypto-NAK</em>. Since + the crypto-NAK is protected by the loopback test, an intruder cannot + disrupt the protocol by sending a bogus crypto-NAK.</p> + <p>Keys and related information are specified in a keys file, which must + be distributed and stored using secure means beyond the scope of the + NTP protocol itself. Besides the keys used for ordinary NTP + associations, additional keys can be used as passwords for + the <tt><a href="ntpq.html">ntpq</a></tt> + and <tt><a href="ntpdc.html">ntpdc</a></tt> utility programs. + Ordinarily, the <tt>ntp.keys</tt> file is generated by + the <tt><a href="keygen.html">ntp-keygen</a></tt> program, but it can + be constructed and edited using an ordinary text editor.</p> + <p> Each line of the keys file consists of three or four fields: a key + ID in the range 1 to 65,535, inclusive, a key type, a message digest + key consisting of a printable ASCII string less than 40 characters or + a 40-character hex digit string, and an optional comma-separated list + of IPs that are allowed to serve time. If the OpenSSL library is + installed, the key type can be any message digest algorithm supported + by the library. If the OpenSSL library is not installed, the only + permitted key type is MD5.</p> + <table> + <caption style="caption-side: bottom;"> + Figure 1. Typical Symmetric Key File + </caption> + <tr><td style="border: 1px solid black; border-spacing: 0;"> + <pre style="color:grey;"> + # ntpkey_MD5key_bk.ntp.org.3595864945 + # Thu Dec 12 19:22:25 2013 -1 MD5 L";Nw<`.I<f4U0)247"i # MD5 key -2 MD5 &>l0%XXK9O'51VwV<xq~ # MD5 key -3 MD5 lb4zLW~d^!K:]RsD'qb6 # MD5 key -4 MD5 Yue:tL[+vR)M`n~bY,'? # MD5 key -5 MD5 B;fxlKgr/&4ZTbL6=RxA # MD5 key -6 MD5 4eYwa`o}3i@@V@..R9!l # MD5 key -7 MD5 `A.([h+;wTQ|xfi%Sn_! # MD5 key -8 MD5 45:V,r4]l6y^JH6"Sh?F # MD5 key -9 MD5 3-5vcn*6l29DS?Xdsg)* # MD5 key -10 MD5 2late4Me # MD5 key -11 SHA1 a27872d3030a9025b8446c751b4551a7629af65c # SHA1 key -12 SHA1 21bc3b4865dbb9e920902abdccb3e04ff97a5e74 # SHA1 key -13 SHA1 2b7736fe24fef5ba85ae11594132ab5d6f6daba9 # SHA1 key -14 SHA a5332809c8878dd3a5b918819108a111509aeceb # SHA key -15 MD2 2fe16c88c760ff2f16d4267e36c1aa6c926e6964 # MD2 key -16 MD4 b2691811dc19cfc0e2f9bcacd74213f29812183d # MD4 key -17 MD5 e4d6735b8bdad58ec5ffcb087300a17f7fef1f7c # MD5 key -18 MDC2 a8d5e2315c025bf3a79174c87fbd10477de2eabc # MDC2 key -19 RIPEMD160 77ca332cafb30e3cafb174dcd5b80ded7ba9b3d2 # RIPEMD160 key -20 AES128CMAC f92ff73eee86c1e7dc638d6489a04e4e555af878 # AES128CMAC key - </pre></td></tr></table> -<p>Figure 1 shows a typical keys file used by the reference implementation when the OpenSSL library is installed. In this figure, for key IDs in he range 1-10, the key is interpreted as a printable ASCII string. For key IDs in the range 11-20, the key is a 40-character hex digit string. The key is truncated or zero-filled internally to either 128 or 160 bits, depending on the key type. The line can be edited later or new lines can be added to change any field. The key can be changed to a password, such as <tt>2late4Me</tt> for key ID 10. Note that two or more keys files can be combined in any order as long as the key IDs are distinct.</p> -<p>When <tt>ntpd</tt> is started, it reads the keys file specified by the <tt>keys</tt> command and installs the keys in the key cache. However, individual keys must be activated with the <tt>trustedkey</tt> configuration command before use. This allows, for instance, the installation of possibly several batches of keys and then activating a key remotely using <tt>ntpq</tt> or <tt>ntpdc</tt>. The <tt>requestkey</tt> command selects the key ID used as the password for the <tt>ntpdc</tt> utility, while the <tt>controlkey</tt> command selects the key ID used as the password for the <tt>ntpq</tt> utility.</p> -<h4 id="windows">Microsoft Windows Authentication</h4> -<p>In addition to the above means, <tt>ntpd</tt> now supports Microsoft Windows MS-SNTP authentication using Active Directory services. This support was contributed by the Samba Team and is still in development. It is enabled using the <tt>mssntp</tt> flag of the <tt>restrict</tt> command described on the <a href="accopt.html#restrict">Access Control Options</a> page. <span class="style1">Note: Potential users should be aware that these services involve a TCP connection to another process that could potentially block, denying services to other users. Therefore, this flag should be used only for a dedicated server with no clients other than MS-SNTP.</span></p> -<h4 id="pub">Public Key Cryptography</h4> -<p>See the <a href="autokey.html">Autokey Public-Key Authentication</a> page.</p> -<hr> -<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script> -</body> + 1 MD5 L";Nw<`.I<f4U0)247"i # MD5 key + 2 MD5 &>l0%XXK9O'51VwV<xq~ # MD5 key + 3 MD5 lb4zLW~d^!K:]RsD'qb6 # MD5 key + 4 MD5 Yue:tL[+vR)M`n~bY,'? # MD5 key + 5 MD5 B;fxlKgr/&4ZTbL6=RxA # MD5 key + 6 MD5 4eYwa`o}3i@@V@..R9!l # MD5 key + 7 MD5 `A.([h+;wTQ|xfi%Sn_! # MD5 key + 8 MD5 45:V,r4]l6y^JH6"Sh?F # MD5 key + 9 MD5 3-5vcn*6l29DS?Xdsg)* # MD5 key + 10 MD5 2late4Me # MD5 key + 11 SHA1 a27872d3030a9025b8446c751b4551a7629af65c # SHA1 key + 12 SHA1 21bc3b4865dbb9e920902abdccb3e04ff97a5e74 # SHA1 key + 13 SHA1 2b7736fe24fef5ba85ae11594132ab5d6f6daba9 # SHA1 key + 14 SHA a5332809c8878dd3a5b918819108a111509aeceb # SHA key + 15 MD2 2fe16c88c760ff2f16d4267e36c1aa6c926e6964 # MD2 key + 16 MD4 b2691811dc19cfc0e2f9bcacd74213f29812183d # MD4 key + 17 MD5 e4d6735b8bdad58ec5ffcb087300a17f7fef1f7c # MD5 key + 18 MDC2 a8d5e2315c025bf3a79174c87fbd10477de2eabc # MDC2 key + 19 RIPEMD160 77ca332cafb30e3cafb174dcd5b80ded7ba9b3d2 # RIPEMD160 key + 20 AES128CMAC f92ff73eee86c1e7dc638d6489a04e4e555af878 # AES128CMAC key + 21 MD5 sampo 10.1.2.3/24 + </pre></td></tr></table> + <p>Figure 1 shows a typical symmetric keys file used by the reference + implementation when the OpenSSL library is installed. Each line of + the file contains three or four fields. The first field is an integer + between 1 and 65535, inclusive, representing the key identifier. The + second field is the digest algorithm, which in the absence of the + OpenSSL library must be <tt>MD5</tt>, which designates the MD5 message + digest algorithm. The third field is the key. The optional fourth + field is one or more comma-separated IPs. An IP may end with an + optional <tt>/subnetbits</tt> suffix, which limits the acceptance of + the key identifier to packets claiming to be from the described IP + space. In this example, for the key IDs in the range 1-10 the key is + interpreted as a printable ASCII string. For the key IDs in the range + 11-20, the key is a 40-character hex digit string. In either case, + the key is truncated or zero-filled internally to either 128 or 160 + bits, depending on the key type. The line can be edited later or new + lines can be added to change any field. The key can be changed to a + password, such as <tt>2late4Me</tt> for key ID 10. Note that two or + more keys files can be combined in any order as long as the key IDs + are distinct.</p> + <p>When <tt>ntpd</tt> is started, it reads the keys file specified by + the <tt>keys</tt> command and installs the keys in the key cache. + However, individual keys must be activated with + the <tt>trustedkey</tt> configuration command before use. This + allows, for instance, the installation of possibly several batches of + keys and then activating a key remotely using <tt>ntpq</tt> + or <tt>ntpdc</tt>. The <tt>requestkey</tt> command selects the key ID + used as the password for the <tt>ntpdc</tt> utility, while + the <tt>controlkey</tt> command selects the key ID used as the + password for the <tt>ntpq</tt> utility.</p> + <h4 id="windows">Microsoft Windows Authentication</h4> + <p>In addition to the above means, <tt>ntpd</tt> now supports Microsoft + Windows MS-SNTP authentication using Active Directory services. This + support was contributed by the Samba Team and is still in development. + It is enabled using the <tt>mssntp</tt> flag of the <tt>restrict</tt> + command described on the <a href="accopt.html#restrict">Access Control + Options</a> page. <span class="style1">Note: Potential users should + be aware that these services involve a TCP connection to another + process that could potentially block, denying services to other users. + Therefore, this flag should be used only for a dedicated server with + no clients other than MS-SNTP.</span></p> + <h4 id="pub">Public Key Cryptography</h4> + <p>See the <a href="autokey.html">Autokey Public-Key Authentication</a> + page.</p> + <hr> + <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script> + </body> </html> diff --git a/html/authopt.html b/html/authopt.html index 9504deb8ad69..c9484ef9ad5c 100644 --- a/html/authopt.html +++ b/html/authopt.html @@ -4,6 +4,7 @@ <meta http-equiv="content-type" content="text/html;charset=iso-8859-1"> <meta name="generator" content="HTML Tidy, see www.w3.org"> <title>Authentication Commands and Options</title> +<!-- Changed by: stenn, 25-May-2018 --> <link href="scripts/style.css" type="text/css" rel="stylesheet"> <style type="text/css"> .style1 { @@ -17,7 +18,7 @@ <img src="pic/alice44.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a> <p>Our resident cryptographer; now you see him, now you don't.</p> <p>Last update: - <!-- #BeginDate format:En2m -->15-Oct-2011 01:00<!-- #EndDate --> + <!-- #BeginDate format:En2m -->24-Jul-2018 07:27<!-- #EndDate --> UTC</p> <br clear="left"> <h4>Related Links</h4> @@ -28,65 +29,65 @@ <p>Unless noted otherwise, further information about these commands is on the <a href="authentic.html">Authentication Support</a> page.</p> <dl> <dt id=automax><tt>automax [<i>logsec</i>]</tt></dt> - <dd>Specifies the interval between regenerations of the session key list used with the Autokey protocol, as a power of 2 in seconds. Note that the size of the key list for each association depends on this interval and the current poll interval. The default interval is 12 (about 1.1 hr). For poll intervals above the specified interval, a session key list with a single entry will be regenerated for every message sent. See the <a href="autokey.html">Autokey Public Key Authentication</a> page for further information.</dd> + <dd>Specifies the interval between regenerations of the session key list used with the Autokey protocol, as a power of 2 in seconds. Note that the size of the key list for each association depends on this interval and the current poll interval. The default interval is 12 (about 1.1 hr). For poll intervals above the specified interval, a session key list with a single entry will be regenerated for every message sent. See the <a href="autokey.html">Autokey Public Key Authentication</a> page for further information.</dd> <dt id="controlkey"><tt>controlkey <i>keyid</i></tt></dt> <dd>Specifies the key ID for the <a href="ntpq.html"><tt>ntpq</tt></a> utility, which uses the - standard protocol defined in RFC-1305. The <tt><i>keyid</i></tt> argument is the key ID for a <a href="#trustedkey">trusted - key</a>, where the value can be in the range 1 to 65534, + standard protocol defined in RFC-1305. The <tt><i>keyid</i></tt> argument is the key ID for a <a href="#trustedkey">trusted + key</a>, where the value can be in the range 1 to 65535, inclusive.</dd> - <dt id="crypto"><tt>crypto [digest</tt> <em><tt>digest</tt></em><tt>]</tt> <tt>[host <i>name</i>] [ident <i>name</i>] [pw <i>password</i>] [randfile <i>file</i>]</tt></dt> + <dt id="crypto"><tt>crypto [digest <i>digest</i>] [host <i>name</i>] [ident <i>name</i>] [pw <i>password</i>] [randfile <i>file</i>]</tt></dt> <dd>This command activates the Autokey public key cryptography - and loads the required host keys and certificate. If one or more files - are unspecified, the default names are used. Unless + and loads the required host keys and certificate. If one or more files + are unspecified, the default names are used. Unless the complete path and name of the file are specified, the location of a file is relative to the keys directory specified in the <tt>keysdir</tt> configuration - command with default <tt>/usr/local/etc</tt>. See the <a href="autokey.html">Autokey Public Key Authentication</a> page for further information. Following are the options.</dd> + command with default <tt>/usr/local/etc</tt>. See the <a href="autokey.html">Autokey Public Key Authentication</a> page for further information. Following are the options.</dd> <dd> <dl> - <dt><tt>digest</tt> <em><tt>digest</tt></em></dt> + <dt><tt>digest</tt> <i>digest</i></dt> <dd> </dd> <dd>Specify the message digest algorithm, with default MD5. If the OpenSSL library is installed, <tt><i>digest</i></tt> can be be any message digest algorithm supported - by the library. The current selections are: <tt>MD2</tt>, <tt>MD4</tt>, <tt>MD5,</tt> <tt>MDC2</tt>, <tt>RIPEMD160</tt>, <tt>SHA</tt> and <tt>SHA1</tt>. All - participants in an Autokey subnet must use the same algorithm. The Autokey message digest algorithm is separate and distinct from the symmetric - key message digest algorithm. Note: If compliance with FIPS 140-2 is required, + by the library. The current selections are: <tt>MD2</tt>, <tt>MD4</tt>, <tt>MD5,</tt> <tt>MDC2</tt>, <tt>RIPEMD160</tt>, <tt>SHA</tt> and <tt>SHA1</tt>. All + participants in an Autokey subnet must use the same algorithm. The Autokey message digest algorithm is separate and distinct from the symmetric + key message digest algorithm. Note: If compliance with FIPS 140-2 is required, the algorithm must be ether <tt>SHA</tt> or <tt>SHA1</tt>.</dd> <dt><tt>host <i>name</i></tt></dt> - <dd>Specify the cryptographic media names for the host, sign and certificate files. If this option is not specified, the default name is the string returned by the Unix <tt>gethostname()</tt> routine.</dd> + <dd>Specify the cryptographic media names for the host, sign and certificate files. If this option is not specified, the default name is the string returned by the Unix <tt>gethostname()</tt> routine.</dd> <dd><span class="style1">Note: In the latest Autokey version, this option has no effect other than to change the cryptographic media file names.</span></dd> <dt><tt>ident <i>group</i></tt></dt> - <dd>Specify the cryptographic media names for the identity scheme files. If this option is not specified, the default name is the string returned by the Unix <tt>gethostname()</tt> routine.</dd> + <dd>Specify the cryptographic media names for the identity scheme files. If this option is not specified, the default name is the string returned by the Unix <tt>gethostname()</tt> routine.</dd> <dd><span class="style1">Note: In the latest Autokey version, this option has no effect other than to change the cryptographic media file names.</span></dd> <dt><tt>pw <i>password</i></tt></dt> - <dd>Specifies the password to decrypt files previously encrypted by the <tt>ntp-keygen</tt> program with the <tt>-p</tt> option. If this option is not specified, the default password is the string returned by the Unix <tt>gethostname()</tt> routine. </dd> + <dd>Specifies the password to decrypt files previously encrypted by the <tt>ntp-keygen</tt> program with the <tt>-p</tt> option. If this option is not specified, the default password is the string returned by the Unix <tt>gethostname()</tt> routine.</dd> <dt><tt>randfile <i>file</i></tt></dt> - <dd>Specifies the location of the random seed file used by the OpenSSL library. The defaults are described on the <a href="keygen.html"><tt>ntp-keygen</tt> page</a>.</dd> + <dd>Specifies the location of the random seed file used by the OpenSSL library. The defaults are described on the <a href="keygen.html"><tt>ntp-keygen</tt> page</a>.</dd> </dl> </dd> <dt id="ident"><tt>ident <i>group</i></tt></dt> - <dd>Specifies the group name for ephemeral associations mobilized by broadcast and symmetric passive modes. See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</dd> + <dd>Specifies the group name for ephemeral associations mobilized by broadcast and symmetric passive modes. See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</dd> <dt id="keys"><tt>keys <i>path</i></tt></dt> - <dd>Specifies the complete directory path for the key file containing the key IDs, key types and keys used by <tt>ntpd</tt>, <tt>ntpq</tt> and <tt>ntpdc</tt> when operating with symmetric key cryptography. The format of the keyfile is described on the <a href="keygen.html"><tt>ntp-keygen</tt> page</a>. This is the same operation as the <tt>-k</tt> command line option. Note that the directory path for Autokey cryptographic media is specified by the <tt>keysdir</tt> command.</dd> + <dd>Specifies the complete directory path for the key file containing the key IDs, key types and keys used by <tt>ntpd</tt>, <tt>ntpq</tt> and <tt>ntpdc</tt> when operating with symmetric key cryptography. The format of the keyfile is described on the <a href="keygen.html"><tt>ntp-keygen</tt> page</a>. This is the same operation as the <tt>-k</tt> command line option. Note that the directory path for Autokey cryptographic media is specified by the <tt>keysdir</tt> command.</dd> <dt id="keysdir"><tt>keysdir <i>path</i></tt></dt> - <dd>Specifies the complete directory path for the Autokey cryptographic keys, parameters and certificates. The default is <tt>/usr/local/etc/</tt>. Note that the path for the symmetric keys file is specified by the <tt>keys</tt> command.</dd> + <dd>Specifies the complete directory path for the Autokey cryptographic keys, parameters and certificates. The default is <tt>/usr/local/etc/</tt>. Note that the path for the symmetric keys file is specified by the <tt>keys</tt> command.</dd> <dt id="requestkey"><tt>requestkey <i>keyid</i></tt></dt> <dd>Specifies the key ID for the <a href="ntpdc.html"><tt>ntpdc</tt></a> utility program, which - uses a proprietary protocol specific to this implementation of <tt>ntpd</tt>. The <tt><i>keyid</i></tt> argument is a key ID + uses a proprietary protocol specific to this implementation of <tt>ntpd</tt>. The <tt><i>keyid</i></tt> argument is a key ID for a <a href="#trustedkey">trusted key</a>, in the range 1 to - 65534, inclusive.</dd> + 65535, inclusive.</dd> <dt id="revoke"><tt>revoke [<i>logsec</i>]</tt></dt> <dd>Specifies the interval between re-randomization of certain cryptographic values used by the Autokey scheme, as a power of 2 in seconds, with default 17 (36 hr). See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</dd> <dt id="trustedkey"><tt>trustedkey [<i>keyid</i> | (<i>lowid</i> ... <i>highid</i>)] [...]</tt></dt> <dd>Specifies the key ID(s) which are trusted for the purposes of authenticating peers with symmetric key cryptography. Key IDs used to authenticate <tt>ntpq</tt> and <tt>ntpdc</tt> operations - must be listed here and additionally be enabled with <a href="#controlkey">controlkey</a> and/or <a href="#requestkey">requestkey</a>. The authentication + must be listed here and additionally be enabled with <a href="#controlkey">controlkey</a> and/or <a href="#requestkey">requestkey</a>. The authentication procedure for time transfer requires that both the local and remote NTP servers employ the same key ID and secret for this purpose, although different keys IDs may be used with different - servers. Ranges of trusted key IDs may be specified: <tt>trustedkey (1 ... 19) 1000 (100 ... 199)</tt> enables the - lowest 120 key IDs which start with the digit 1. The spaces + servers. Ranges of trusted key IDs may be specified: <tt>trustedkey (1 ... 19) 1000 (100 ... 199)</tt> enables the + lowest 120 key IDs which start with the digit 1. The spaces surrounding the ellipsis are required when specifying a range.</dd> </dl> <hr> diff --git a/html/confopt.html b/html/confopt.html index b964d245b3d8..f214f0f1f07c 100644 --- a/html/confopt.html +++ b/html/confopt.html @@ -13,7 +13,7 @@ Walt Kelly</a> <p>The chicken is getting configuration advice.</p> <p>Last update: - <!-- #BeginDate format:En2m -->10-Mar-2014 05:01<!-- #EndDate --> + <!-- #BeginDate format:En2m -->24-Jul-2018 07:27<!-- #EndDate --> UTC</p> <br clear="left"> <h4>Related Links</h4> @@ -67,7 +67,7 @@ Walt Kelly</a> <dt><tt>ident</tt> <em><tt>group</tt></em></dt> <dd>Specify the group name for the association. See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</dd> <dt><tt>key</tt> <i><tt>key</tt></i></dt> - <dd>Send and receive packets authenticated by the symmetric key scheme described in the <a href="authentic.html">Authentication Support</a> page. The <i><tt>key</tt></i> specifies the key identifier with values from 1 to 65534, inclusive. This option is mutually exclusive with the <tt>autokey</tt> option.</dd> <dt><tt>minpoll <i>minpoll<br> + <dd>Send and receive packets authenticated by the symmetric key scheme described in the <a href="authentic.html">Authentication Support</a> page. The <i><tt>key</tt></i> specifies the key identifier with values from 1 to 65535, inclusive. This option is mutually exclusive with the <tt>autokey</tt> option.</dd> <dt><tt>minpoll <i>minpoll<br> </i></tt><tt>maxpoll <i>maxpoll</i></tt></dt> <dd>These options specify the minimum and maximum poll intervals for NTP messages, in seconds as a power of two. The maximum poll interval defaults to 10 (1024 s), but can be increased by the <tt>maxpoll</tt> option to an upper limit of 17 (36 hr). The minimum poll interval defaults to 6 (64 s), but can be decreased by the <tt>minpoll</tt> option to a lower limit of 3 (8 s). Additional information about this option is on the <a href="poll.html">Poll Program</a> page.</dd> <dt><tt>mode <i>option</i></tt></dt> diff --git a/html/keygen.html b/html/keygen.html index 4f10a28d2a85..51577e38b71a 100644 --- a/html/keygen.html +++ b/html/keygen.html @@ -11,7 +11,7 @@ <p><img src="pic/alice23.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a></p> <p>Alice holds the key.</p> <p>Last update: - <!-- #BeginDate format:En2m -->11-Jan-2018 11:55<!-- #EndDate --> + <!-- #BeginDate format:En2m -->24-Jul-2018 07:27<!-- #EndDate --> UTC</p> <br clear="left"> <h4>Related Links</h4> @@ -313,7 +313,7 @@ </pre></td></tr></table> <p>Figure 1 shows a typical symmetric keys file used by the reference implementation. Each line of the file contains three or four fields, - first an integer between 1 and 65534, inclusive, representing the key + first an integer between 1 and 65535, inclusive, representing the key identifier used in the <tt>server</tt> and <tt>peer</tt> configuration commands. Second is the key type for the message digest algorithm, which in the absence of the OpenSSL library must be <tt>MD5</tt> to diff --git a/html/ntpdate.html b/html/ntpdate.html index 9216b6c0526b..56e100da3814 100644 --- a/html/ntpdate.html +++ b/html/ntpdate.html @@ -11,7 +11,7 @@ <img src="pic/rabbit.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a> <p>I told you it was eyeball and wristwatch.</p> <p>Last update: - <!-- #BeginDate format:En2m -->9-Feb-2014 03:34<!-- #EndDate --> + <!-- #BeginDate format:En2m -->21-Jul-2018 04:09<!-- #EndDate --> UTC</p> <br clear="left"> <hr> @@ -63,7 +63,7 @@ Protocol (SNTP) Client</a> page. After a suitable period of mourning, the <tt>n <dt><tt>-s</tt></dt> <dd>Divert logging output from the standard output (default) to the system <tt>syslog</tt> facility. This is designed primarily for convenience of <tt>cron</tt> scripts.</dd> <dt><tt>-t <i>timeout</i></tt></dt> - <dd>Specify the maximum time waiting for a server response as the value <i>timeout</i>, in seconds and fraction. The value is is rounded to a multiple of 0.2 seconds. The default is 1 second, a value suitable for polling across a LAN.</dd> + <dd>Specify the maximum time waiting for a server response as the value <i>timeout</i>, in seconds and fraction. The value is is rounded to a multiple of 0.2 seconds. The default is 2 seconds, a value suitable for polling across a LAN.</dd> <dt><tt>-u</tt></dt> <dd>Direct <tt>ntpdate</tt> to use an unprivileged port for outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronize with hosts beyond the firewall. Note that the <tt>-d</tt> option always uses unprivileged ports. <dt><tt>-<i>v</i></tt></dt> diff --git a/include/ntp.h b/include/ntp.h index fb739c756848..cfbb7d2e7a47 100644 --- a/include/ntp.h +++ b/include/ntp.h @@ -610,6 +610,18 @@ struct pkt { #define STRATUM_TO_PKT(s) ((u_char)(((s) == (STRATUM_UNSPEC)) ?\ (STRATUM_PKT_UNSPEC) : (s))) + +/* + * A test to determine if the refid should be interpreted as text string. + * This is usually the case for a refclock, which has stratum 0 internally, + * which results in sys_stratum 1 if the refclock becomes system peer, or + * in case of a kiss-of-death (KoD) packet that has STRATUM_PKT_UNSPEC (==0) + * in the packet which is converted to STRATUM_UNSPEC when the packet + * is evaluated. + */ +#define REFID_ISTEXT(s) (((s) <= 1) || ((s) >= STRATUM_UNSPEC)) + + /* * Event codes. Used for reporting errors/events to the control module */ diff --git a/include/ntp_md5.h b/include/ntp_md5.h index 01b417a80516..06c90b2d2faf 100644 --- a/include/ntp_md5.h +++ b/include/ntp_md5.h @@ -7,8 +7,13 @@ #define NTP_MD5_H #ifdef OPENSSL -# include "openssl/evp.h" +# include <openssl/evp.h> # include "libssl_compat.h" +# ifdef HAVE_OPENSSL_CMAC_H +# include <openssl/cmac.h> +# define CMAC "AES128CMAC" +# define AES_128_KEY_SIZE 16 +# endif /*HAVE_OPENSSL_CMAC_H*/ #else /* !OPENSSL follows */ /* * Provide OpenSSL-alike MD5 API if we're not using OpenSSL diff --git a/libntp/a_md5encrypt.c b/libntp/a_md5encrypt.c index 7dc7e7ecf40d..8c046f4e93c9 100644 --- a/libntp/a_md5encrypt.c +++ b/libntp/a_md5encrypt.c @@ -12,12 +12,6 @@ #include "ntp_md5.h" /* provides OpenSSL digest API */ #include "isc/string.h" -#ifdef OPENSSL -# include "openssl/cmac.h" -# define CMAC "AES128CMAC" -# define AES_128_KEY_SIZE 16 -#endif - typedef struct { const void * buf; size_t len; @@ -28,7 +22,7 @@ typedef struct { size_t len; } rwbuffT; -#ifdef OPENSSL +#if defined(OPENSSL) && defined(ENABLE_CMAC) static size_t cmac_ctx_size( CMAC_CTX * ctx) @@ -42,7 +36,7 @@ cmac_ctx_size( } return mlen; } -#endif /*OPENSSL*/ +#endif /*OPENSSL && ENABLE_CMAC*/ static size_t make_mac( @@ -63,6 +57,7 @@ make_mac( INIT_SSL(); /* Check if CMAC key type specific code required */ +# ifdef ENABLE_CMAC if (ktype == NID_cmac) { CMAC_CTX * ctx = NULL; void const * keyptr = key->buf; @@ -100,7 +95,9 @@ make_mac( if (ctx) CMAC_CTX_cleanup(ctx); } - else { /* generic MAC handling */ + else +# endif /*ENABLE_CMAC*/ + { /* generic MAC handling */ EVP_MD_CTX * ctx = EVP_MD_CTX_new(); u_int uilen = 0; @@ -153,7 +150,7 @@ make_mac( if (ktype == NID_md5) { EVP_MD_CTX * ctx = EVP_MD_CTX_new(); - uint uilen = 0; + u_int uilen = 0; if (digest->len < 16) { msyslog(LOG_ERR, "%s", "MAC encrypt: MAC md5 buf too small."); diff --git a/libntp/ntp_calendar.c b/libntp/ntp_calendar.c index a550d5d3a2c7..f8b7db4ea501 100644 --- a/libntp/ntp_calendar.c +++ b/libntp/ntp_calendar.c @@ -1873,7 +1873,7 @@ basedate_eval_string( goto buildstamp; } - rc = scanf(str, "%lu%n", &ned, &nc); + rc = sscanf(str, "%lu%n", &ned, &nc); if (rc == 1 && (size_t)nc == sl) { if (ned <= INT32_MAX) return (int32_t)ned; diff --git a/libntp/prettydate.c b/libntp/prettydate.c index 25b085ef28fb..deacc26bbe2b 100644 --- a/libntp/prettydate.c +++ b/libntp/prettydate.c @@ -170,6 +170,11 @@ common_prettydate( LIB_GETBUF(bp); + if (ts->l_ui == 0 && ts->l_uf == 0) { + strlcpy (bp, "(no time)", LIB_BUFLENGTH); + return (bp); + } + /* get & fix milliseconds */ ntps = ts->l_ui; msec = ts->l_uf / 4294967; /* fract / (2 ** 32 / 1000) */ diff --git a/libntp/ssl_init.c b/libntp/ssl_init.c index 96d9d0838bd7..925893257b7f 100644 --- a/libntp/ssl_init.c +++ b/libntp/ssl_init.c @@ -13,16 +13,16 @@ #include <lib_strbuf.h> #ifdef OPENSSL -# include "openssl/cmac.h" -# include "openssl/crypto.h" -# include "openssl/err.h" -# include "openssl/evp.h" -# include "openssl/opensslv.h" +# include <openssl/crypto.h> +# include <openssl/err.h> +# include <openssl/evp.h> +# include <openssl/opensslv.h> # include "libssl_compat.h" - -# define CMAC_LENGTH 16 -# define CMAC "AES128CMAC" - +# ifdef HAVE_OPENSSL_CMAC_H +# include <openssl/cmac.h> +# define CMAC_LENGTH 16 +# define CMAC "AES128CMAC" +# endif /*HAVE_OPENSSL_CMAC_H*/ int ssl_init_done; #if OPENSSL_VERSION_NUMBER < 0x10100000L @@ -126,6 +126,7 @@ keytype_from_text( key_type = OBJ_sn2nid(upcased); +# ifdef ENABLE_CMAC if (!key_type && !strncmp(CMAC, upcased, strlen(CMAC) + 1)) { key_type = NID_cmac; @@ -134,6 +135,7 @@ keytype_from_text( __FILE__, __LINE__, __func__, CMAC); } } +# endif /*ENABLE_CMAC*/ #else key_type = 0; @@ -153,6 +155,7 @@ keytype_from_text( digest_len = (md) ? EVP_MD_size(md) : 0; if (!md || digest_len <= 0) { +# ifdef ENABLE_CMAC if (key_type == NID_cmac) { digest_len = CMAC_LENGTH; @@ -160,7 +163,9 @@ keytype_from_text( fprintf(stderr, "%s:%d:%s():%s:len\n", __FILE__, __LINE__, __func__, CMAC); } - } else { + } else +# endif /*ENABLE_CMAC*/ + { fprintf(stderr, "key type %s is not supported by OpenSSL\n", keytype_name(key_type)); @@ -209,6 +214,7 @@ keytype_name( INIT_SSL(); name = OBJ_nid2sn(nid); +# ifdef ENABLE_CMAC if (NID_cmac == nid) { name = CMAC; @@ -217,6 +223,7 @@ keytype_name( __FILE__, __LINE__, __func__, CMAC); } } else +# endif /*ENABLE_CMAC*/ if (NULL == name) { name = unknown_type; } diff --git a/libntp/syssignal.c b/libntp/syssignal.c index 5e496a95f26d..cc87bffc5d58 100644 --- a/libntp/syssignal.c +++ b/libntp/syssignal.c @@ -138,12 +138,13 @@ set_ctrl_c_hook( if (NULL == c_hook) { handler = SIG_DFL; - ctrl_c_hook = NULL; + signal_no_reset(SIGINT, handler); + ctrl_c_hook = c_hook; } else { - handler = &sigint_handler; ctrl_c_hook = c_hook; + handler = &sigint_handler; + signal_no_reset(SIGINT, handler); } - signal_no_reset(SIGINT, handler); } #else /* SYS_WINNT follows */ /* diff --git a/libntp/work_fork.c b/libntp/work_fork.c index 2aa2d5cd3046..cce686f239cc 100644 --- a/libntp/work_fork.c +++ b/libntp/work_fork.c @@ -89,6 +89,8 @@ netwrite( } +int set_user_group_ids(void); + /* === functions === */ /* * exit_worker() @@ -592,6 +594,8 @@ fork_blocking_child( init_logging("ntp_intres", 0, FALSE); setup_logfile(NULL); + (void) set_user_group_ids(); + /* * And now back to the portable code */ diff --git a/libntp/work_thread.c b/libntp/work_thread.c index 433290c4c9a7..03a5647bea36 100644 --- a/libntp/work_thread.c +++ b/libntp/work_thread.c @@ -56,6 +56,17 @@ # define THREAD_MAXSTACKSIZE THREAD_MINSTACKSIZE #endif +/* need a good integer to store a pointer... */ +#ifndef UINTPTR_T +# if defined(UINTPTR_MAX) +# define UINTPTR_T uintptr_t +# elif defined(UINT_PTR) +# define UINTPTR_T UINT_PTR +# else +# define UINTPTR_T size_t +# endif +#endif + #ifdef SYS_WINNT @@ -66,7 +77,7 @@ static BOOL same_os_sema(const sem_ref obj, void * osobj); #else -# define thread_exit(c) pthread_exit((void*)(size_t)(c)) +# define thread_exit(c) pthread_exit((void*)(UINTPTR_T)(c)) # define tickle_sem sem_post void * blocking_thread(void *); static void block_thread_signals(sigset_t *); @@ -374,7 +385,9 @@ send_blocking_resp_internal( if (empty) { # ifdef WORK_PIPE - write(c->resp_write_pipe, "", 1); + if (1 != write(c->resp_write_pipe, "", 1)) + msyslog(LOG_WARNING, "async resolver: %s", + "failed to notify main thread!"); # else tickle_sem(c->responses_pending); # endif diff --git a/ntpd/complete.conf.in b/ntpd/complete.conf.in index 2747098d7fcc..66fcbaa478de 100644 --- a/ntpd/complete.conf.in +++ b/ntpd/complete.conf.in @@ -21,7 +21,7 @@ crypto digest md5 host myhostname ident wedent pw cryptopass randfile /.rnd revoke 10 keysdir "/etc/ntp/keys" keys "/etc/ntp.keys" -trustedkey 1 2 3 4 5 6 7 8 9 10 11 12 (14 ... 16) 18 (32768 ... 65534) +trustedkey 1 2 3 4 5 6 7 8 9 10 11 12 (14 ... 16) 18 (32768 ... 65535) controlkey 12 requestkey 12 enable auth ntp monitor stats diff --git a/ntpd/invoke-ntp.conf.texi b/ntpd/invoke-ntp.conf.texi index 7e8a4dc54031..7e675877e8e2 100644 --- a/ntpd/invoke-ntp.conf.texi +++ b/ntpd/invoke-ntp.conf.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi) # -# It has been AutoGen-ed February 27, 2018 at 05:14:34 PM by AutoGen 5.18.5 +# It has been AutoGen-ed August 14, 2018 at 08:29:07 AM by AutoGen 5.18.5 # From the definitions ntp.conf.def # and the template file agtexi-file.tpl @end ignore @@ -284,7 +284,7 @@ option. All packets sent to and received from the server or peer are to include authentication fields encrypted using the specified @kbd{key} -identifier with values from 1 to 65534, inclusive. +identifier with values from 1 to 65535, inclusive. The default is to include no encryption field. @item @code{minpoll} @kbd{minpoll} @@ -543,7 +543,7 @@ and reports at the NTP project page linked from @code{http://www.ntp.org/}. @subsubsection Symmetric-Key Cryptography The original RFC-1305 specification allows any one of possibly -65,534 keys, each distinguished by a 32-bit key identifier, to +65,535 keys, each distinguished by a 32-bit key identifier, to authenticate an association. The servers and clients involved must agree on the key and key identifier to @@ -827,7 +827,7 @@ The @kbd{key} argument is the key identifier for a trusted key, where the value can be in the -range 1 to 65,534, inclusive. +range 1 to 65,535, inclusive. @item @code{crypto} @code{[@code{cert} @kbd{file}]} @code{[@code{leap} @kbd{file}]} @code{[@code{randfile} @kbd{file}]} @code{[@code{host} @kbd{file}]} @code{[@code{sign} @kbd{file}]} @code{[@code{gq} @kbd{file}]} @code{[@code{gqpar} @kbd{file}]} @code{[@code{iffpar} @kbd{file}]} @code{[@code{mvpar} @kbd{file}]} @code{[@code{pw} @kbd{password}]} This command requires the OpenSSL library. It activates public key @@ -920,7 +920,7 @@ The @kbd{key} argument is a key identifier for the trusted key, where the value can be in the range 1 to -65,534, inclusive. +65,535, inclusive. @item @code{revoke} @kbd{logsec} Specifies the interval between re-randomization of certain cryptographic values used by the Autokey scheme, as a power of 2 in @@ -947,7 +947,7 @@ servers. The @kbd{key} arguments are 32-bit unsigned -integers with values from 1 to 65,534. +integers with values from 1 to 65,535. @end table @subsubsection Error Codes The following error codes are reported via the NTP control diff --git a/ntpd/invoke-ntp.keys.texi b/ntpd/invoke-ntp.keys.texi index d729fc075a28..a1f1e9520517 100644 --- a/ntpd/invoke-ntp.keys.texi +++ b/ntpd/invoke-ntp.keys.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi) # -# It has been AutoGen-ed February 27, 2018 at 05:14:37 PM by AutoGen 5.18.5 +# It has been AutoGen-ed August 14, 2018 at 08:29:10 AM by AutoGen 5.18.5 # From the definitions ntp.keys.def # and the template file agtexi-file.tpl @end ignore @@ -29,7 +29,7 @@ statement in the configuration file. While key number 0 is fixed by the NTP standard (as 56 zero bits) and may not be changed, -one or more keys numbered between 1 and 65534 +one or more keys numbered between 1 and 65535 may be arbitrarily set in the keys file. The key file uses the same comment conventions @@ -42,7 +42,7 @@ Key entries use a fixed format of the form where @kbd{keyno} -is a positive integer (between 1 and 65534), +is a positive integer (between 1 and 65535), @kbd{type} is the message digest algorithm, @kbd{key} diff --git a/ntpd/invoke-ntpd.texi b/ntpd/invoke-ntpd.texi index 28f132df4d5a..b50529401e55 100644 --- a/ntpd/invoke-ntpd.texi +++ b/ntpd/invoke-ntpd.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntpd.texi) # -# It has been AutoGen-ed February 27, 2018 at 05:14:39 PM by AutoGen 5.18.5 +# It has been AutoGen-ed August 14, 2018 at 08:29:12 AM by AutoGen 5.18.5 # From the definitions ntpd-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -142,7 +142,7 @@ with a status code of 0. @exampleindent 0 @example -ntpd - NTP daemon program - Ver. 4.2.8p11 +ntpd - NTP daemon program - Ver. 4.2.8p12 Usage: ntpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \ [ <server1> ... <serverN> ] Flg Arg Option-Name Description diff --git a/ntpd/ntp.conf.5man b/ntpd/ntp.conf.5man index 1a506336a71d..e1f061cfeb0a 100644 --- a/ntpd/ntp.conf.5man +++ b/ntpd/ntp.conf.5man @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntp.conf 5man "27 Feb 2018" "4.2.8p11" "File Formats" +.TH ntp.conf 5man "14 Aug 2018" "4.2.8p12" "File Formats" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LkaqTP/ag-XkaiSP) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-2caiQA/ag-bdaaPA) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:14:22 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:28:54 AM by AutoGen 5.18.5 .\" From the definitions ntp.conf.def .\" and the template file agman-cmd.tpl .SH NAME @@ -326,7 +326,7 @@ option. All packets sent to and received from the server or peer are to include authentication fields encrypted using the specified \f\*[I-Font]key\f[] -identifier with values from 1 to 65534, inclusive. +identifier with values from 1 to 65535, inclusive. The default is to include no encryption field. .TP 7 @@ -611,7 +611,7 @@ and reports at the NTP project page linked from \f[C]http://www.ntp.org/\f[]. .SS Symmetric-Key Cryptography The original RFC-1305 specification allows any one of possibly -65,534 keys, each distinguished by a 32-bit key identifier, to +65,535 keys, each distinguished by a 32-bit key identifier, to authenticate an association. The servers and clients involved must agree on the key and key identifier to @@ -932,7 +932,7 @@ The \f\*[I-Font]key\f[] argument is the key identifier for a trusted key, where the value can be in the -range 1 to 65,534, inclusive. +range 1 to 65,535, inclusive. .TP 7 .NOP \f\*[B-Font]crypto\f[] [\f\*[B-Font]cert\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]leap\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]randfile\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]host\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]sign\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gq\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gqpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]iffpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]mvpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]pw\f[] \f\*[I-Font]password\f[]] This command requires the OpenSSL library. @@ -1038,7 +1038,7 @@ The \f\*[I-Font]key\f[] argument is a key identifier for the trusted key, where the value can be in the range 1 to -65,534, inclusive. +65,535, inclusive. .TP 7 .NOP \f\*[B-Font]revoke\f[] \f\*[I-Font]logsec\f[] Specifies the interval between re-randomization of certain @@ -1067,7 +1067,7 @@ servers. The \f\*[I-Font]key\f[] arguments are 32-bit unsigned -integers with values from 1 to 65,534. +integers with values from 1 to 65,535. .PP .SS Error Codes The following error codes are reported via the NTP control diff --git a/ntpd/ntp.conf.5mdoc b/ntpd/ntp.conf.5mdoc index 7286c811c2ce..d31c6b761132 100644 --- a/ntpd/ntp.conf.5mdoc +++ b/ntpd/ntp.conf.5mdoc @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt NTP_CONF 5mdoc File Formats .Os .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:14:42 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:29:15 AM by AutoGen 5.18.5 .\" From the definitions ntp.conf.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -325,7 +325,7 @@ option. All packets sent to and received from the server or peer are to include authentication fields encrypted using the specified .Ar key -identifier with values from 1 to 65534, inclusive. +identifier with values from 1 to 65535, inclusive. The default is to include no encryption field. .It Cm minpoll Ar minpoll @@ -583,7 +583,7 @@ and reports at the NTP project page linked from .Li http://www.ntp.org/ . .Ss Symmetric\-Key Cryptography The original RFC\-1305 specification allows any one of possibly -65,534 keys, each distinguished by a 32\-bit key identifier, to +65,535 keys, each distinguished by a 32\-bit key identifier, to authenticate an association. The servers and clients involved must agree on the key and key identifier to @@ -877,7 +877,7 @@ The .Ar key argument is the key identifier for a trusted key, where the value can be in the -range 1 to 65,534, inclusive. +range 1 to 65,535, inclusive. .It Xo Ic crypto .Op Cm cert Ar file .Op Cm leap Ar file @@ -981,7 +981,7 @@ The .Ar key argument is a key identifier for the trusted key, where the value can be in the range 1 to -65,534, inclusive. +65,535, inclusive. .It Ic revoke Ar logsec Specifies the interval between re\-randomization of certain cryptographic values used by the Autokey scheme, as a power of 2 in @@ -1008,7 +1008,7 @@ servers. The .Ar key arguments are 32\-bit unsigned -integers with values from 1 to 65,534. +integers with values from 1 to 65,535. .El .Ss Error Codes The following error codes are reported via the NTP control diff --git a/ntpd/ntp.conf.def b/ntpd/ntp.conf.def index 4af7742168ef..9684fb12065c 100644 --- a/ntpd/ntp.conf.def +++ b/ntpd/ntp.conf.def @@ -327,7 +327,7 @@ option. All packets sent to and received from the server or peer are to include authentication fields encrypted using the specified .Ar key -identifier with values from 1 to 65534, inclusive. +identifier with values from 1 to 65535, inclusive. The default is to include no encryption field. .It Cm minpoll Ar minpoll @@ -585,7 +585,7 @@ and reports at the NTP project page linked from .Li http://www.ntp.org/ . .Ss Symmetric-Key Cryptography The original RFC-1305 specification allows any one of possibly -65,534 keys, each distinguished by a 32-bit key identifier, to +65,535 keys, each distinguished by a 32-bit key identifier, to authenticate an association. The servers and clients involved must agree on the key and key identifier to @@ -879,7 +879,7 @@ The .Ar key argument is the key identifier for a trusted key, where the value can be in the -range 1 to 65,534, inclusive. +range 1 to 65,535, inclusive. .It Xo Ic crypto .Op Cm cert Ar file .Op Cm leap Ar file @@ -983,7 +983,7 @@ The .Ar key argument is a key identifier for the trusted key, where the value can be in the range 1 to -65,534, inclusive. +65,535, inclusive. .It Ic revoke Ar logsec Specifies the interval between re-randomization of certain cryptographic values used by the Autokey scheme, as a power of 2 in @@ -1010,7 +1010,7 @@ servers. The .Ar key arguments are 32-bit unsigned -integers with values from 1 to 65,534. +integers with values from 1 to 65,535. .El .Ss Error Codes The following error codes are reported via the NTP control diff --git a/ntpd/ntp.conf.html b/ntpd/ntp.conf.html index 2d477e2f33d5..5439ff7a7f37 100644 --- a/ntpd/ntp.conf.html +++ b/ntpd/ntp.conf.html @@ -33,7 +33,7 @@ Up: <a rel="up" accesskey="u" href="#dir">(dir)</a> <p>This document describes the configuration file for the NTP Project's <code>ntpd</code> program. - <p>This document applies to version 4.2.8p11 of <code>ntp.conf</code>. + <p>This document applies to version 4.2.8p12 of <code>ntp.conf</code>. <div class="shortcontents"> <h2>Short Contents</h2> @@ -329,7 +329,7 @@ option. <br><dt><code>key</code> <kbd>key</kbd><dd>All packets sent to and received from the server or peer are to include authentication fields encrypted using the specified <kbd>key</kbd> -identifier with values from 1 to 65534, inclusive. +identifier with values from 1 to 65535, inclusive. The default is to include no encryption field. <br><dt><code>minpoll</code> <kbd>minpoll</kbd><br><dt><code>maxpoll</code> <kbd>maxpoll</kbd><dd>These options specify the minimum and maximum poll intervals @@ -584,7 +584,7 @@ and reports at the NTP project page linked from <h5 class="subsubsection">Symmetric-Key Cryptography</h5> <p>The original RFC-1305 specification allows any one of possibly -65,534 keys, each distinguished by a 32-bit key identifier, to +65,535 keys, each distinguished by a 32-bit key identifier, to authenticate an association. The servers and clients involved must agree on the key and key identifier to @@ -876,7 +876,7 @@ The <kbd>key</kbd> argument is the key identifier for a trusted key, where the value can be in the -range 1 to 65,534, inclusive. +range 1 to 65,535, inclusive. <br><dt><code>crypto</code> <code>[cert </code><kbd>file</kbd><code>]</code> <code>[leap </code><kbd>file</kbd><code>]</code> <code>[randfile </code><kbd>file</kbd><code>]</code> <code>[host </code><kbd>file</kbd><code>]</code> <code>[sign </code><kbd>file</kbd><code>]</code> <code>[gq </code><kbd>file</kbd><code>]</code> <code>[gqpar </code><kbd>file</kbd><code>]</code> <code>[iffpar </code><kbd>file</kbd><code>]</code> <code>[mvpar </code><kbd>file</kbd><code>]</code> <code>[pw </code><kbd>password</kbd><code>]</code><dd>This command requires the OpenSSL library. It activates public key cryptography, selects the message digest and signature @@ -956,7 +956,7 @@ The <kbd>key</kbd> argument is a key identifier for the trusted key, where the value can be in the range 1 to -65,534, inclusive. +65,535, inclusive. <br><dt><code>revoke</code> <kbd>logsec</kbd><dd>Specifies the interval between re-randomization of certain cryptographic values used by the Autokey scheme, as a power of 2 in seconds. @@ -981,7 +981,7 @@ servers. The <kbd>key</kbd> arguments are 32-bit unsigned -integers with values from 1 to 65,534. +integers with values from 1 to 65,535. </dl> <h5 class="subsubsection">Error Codes</h5> diff --git a/ntpd/ntp.conf.man.in b/ntpd/ntp.conf.man.in index 0f2b21191f96..8f6c99c98503 100644 --- a/ntpd/ntp.conf.man.in +++ b/ntpd/ntp.conf.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntp.conf 5 "27 Feb 2018" "4.2.8p11" "File Formats" +.TH ntp.conf 5 "14 Aug 2018" "4.2.8p12" "File Formats" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LkaqTP/ag-XkaiSP) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-2caiQA/ag-bdaaPA) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:14:22 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:28:54 AM by AutoGen 5.18.5 .\" From the definitions ntp.conf.def .\" and the template file agman-cmd.tpl .SH NAME @@ -326,7 +326,7 @@ option. All packets sent to and received from the server or peer are to include authentication fields encrypted using the specified \f\*[I-Font]key\f[] -identifier with values from 1 to 65534, inclusive. +identifier with values from 1 to 65535, inclusive. The default is to include no encryption field. .TP 7 @@ -611,7 +611,7 @@ and reports at the NTP project page linked from \f[C]http://www.ntp.org/\f[]. .SS Symmetric-Key Cryptography The original RFC-1305 specification allows any one of possibly -65,534 keys, each distinguished by a 32-bit key identifier, to +65,535 keys, each distinguished by a 32-bit key identifier, to authenticate an association. The servers and clients involved must agree on the key and key identifier to @@ -932,7 +932,7 @@ The \f\*[I-Font]key\f[] argument is the key identifier for a trusted key, where the value can be in the -range 1 to 65,534, inclusive. +range 1 to 65,535, inclusive. .TP 7 .NOP \f\*[B-Font]crypto\f[] [\f\*[B-Font]cert\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]leap\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]randfile\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]host\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]sign\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gq\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gqpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]iffpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]mvpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]pw\f[] \f\*[I-Font]password\f[]] This command requires the OpenSSL library. @@ -1038,7 +1038,7 @@ The \f\*[I-Font]key\f[] argument is a key identifier for the trusted key, where the value can be in the range 1 to -65,534, inclusive. +65,535, inclusive. .TP 7 .NOP \f\*[B-Font]revoke\f[] \f\*[I-Font]logsec\f[] Specifies the interval between re-randomization of certain @@ -1067,7 +1067,7 @@ servers. The \f\*[I-Font]key\f[] arguments are 32-bit unsigned -integers with values from 1 to 65,534. +integers with values from 1 to 65,535. .PP .SS Error Codes The following error codes are reported via the NTP control diff --git a/ntpd/ntp.conf.mdoc.in b/ntpd/ntp.conf.mdoc.in index 321acc99da05..3fa7f8d34707 100644 --- a/ntpd/ntp.conf.mdoc.in +++ b/ntpd/ntp.conf.mdoc.in @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt NTP_CONF 5 File Formats .Os .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:14:42 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:29:15 AM by AutoGen 5.18.5 .\" From the definitions ntp.conf.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -325,7 +325,7 @@ option. All packets sent to and received from the server or peer are to include authentication fields encrypted using the specified .Ar key -identifier with values from 1 to 65534, inclusive. +identifier with values from 1 to 65535, inclusive. The default is to include no encryption field. .It Cm minpoll Ar minpoll @@ -583,7 +583,7 @@ and reports at the NTP project page linked from .Li http://www.ntp.org/ . .Ss Symmetric\-Key Cryptography The original RFC\-1305 specification allows any one of possibly -65,534 keys, each distinguished by a 32\-bit key identifier, to +65,535 keys, each distinguished by a 32\-bit key identifier, to authenticate an association. The servers and clients involved must agree on the key and key identifier to @@ -877,7 +877,7 @@ The .Ar key argument is the key identifier for a trusted key, where the value can be in the -range 1 to 65,534, inclusive. +range 1 to 65,535, inclusive. .It Xo Ic crypto .Op Cm cert Ar file .Op Cm leap Ar file @@ -981,7 +981,7 @@ The .Ar key argument is a key identifier for the trusted key, where the value can be in the range 1 to -65,534, inclusive. +65,535, inclusive. .It Ic revoke Ar logsec Specifies the interval between re\-randomization of certain cryptographic values used by the Autokey scheme, as a power of 2 in @@ -1008,7 +1008,7 @@ servers. The .Ar key arguments are 32\-bit unsigned -integers with values from 1 to 65,534. +integers with values from 1 to 65,535. .El .Ss Error Codes The following error codes are reported via the NTP control diff --git a/ntpd/ntp.keys.5man b/ntpd/ntp.keys.5man index b107e02ea2a0..e52d94d3e423 100644 --- a/ntpd/ntp.keys.5man +++ b/ntpd/ntp.keys.5man @@ -1,8 +1,8 @@ -.TH ntp.keys 5man "27 Feb 2018" "4.2.8p11" "File Formats" +.TH ntp.keys 5man "14 Aug 2018" "4.2.8p12" "File Formats" .\" .\" EDIT THIS FILE WITH CAUTION (ntp.man) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:14:26 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:28:59 AM by AutoGen 5.18.5 .\" From the definitions ntp.keys.def .\" and the template file agman-file.tpl .Sh NAME @@ -54,7 +54,7 @@ statement in the configuration file. While key number 0 is fixed by the NTP standard (as 56 zero bits) and may not be changed, -one or more keys numbered between 1 and 65534 +one or more keys numbered between 1 and 65535 may be arbitrarily set in the keys file. .sp \n(Ppu .ne 2 @@ -73,7 +73,7 @@ Key entries use a fixed format of the form where \f\*[I-Font]keyno\f[] -is a positive integer (between 1 and 65534), +is a positive integer (between 1 and 65535), \f\*[I-Font]type\f[] is the message digest algorithm, \f\*[I-Font]key\f[] diff --git a/ntpd/ntp.keys.5mdoc b/ntpd/ntp.keys.5mdoc index bec3980fc357..8f4190c813b2 100644 --- a/ntpd/ntp.keys.5mdoc +++ b/ntpd/ntp.keys.5mdoc @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt NTP_KEYS 5mdoc File Formats .Os SunOS 5.10 .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:14:46 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:29:18 AM by AutoGen 5.18.5 .\" From the definitions ntp.keys.def .\" and the template file agmdoc-file.tpl .Sh NAME @@ -37,7 +37,7 @@ statement in the configuration file. While key number 0 is fixed by the NTP standard (as 56 zero bits) and may not be changed, -one or more keys numbered between 1 and 65534 +one or more keys numbered between 1 and 65535 may be arbitrarily set in the keys file. .Pp The key file uses the same comment conventions @@ -48,7 +48,7 @@ Key entries use a fixed format of the form .Pp where .Ar keyno -is a positive integer (between 1 and 65534), +is a positive integer (between 1 and 65535), .Ar type is the message digest algorithm, .Ar key diff --git a/ntpd/ntp.keys.def b/ntpd/ntp.keys.def index 88dd2aac3e08..e73ce4d06a1b 100644 --- a/ntpd/ntp.keys.def +++ b/ntpd/ntp.keys.def @@ -36,7 +36,7 @@ statement in the configuration file. While key number 0 is fixed by the NTP standard (as 56 zero bits) and may not be changed, -one or more keys numbered between 1 and 65534 +one or more keys numbered between 1 and 65535 may be arbitrarily set in the keys file. .Pp The key file uses the same comment conventions @@ -47,7 +47,7 @@ Key entries use a fixed format of the form .Pp where .Ar keyno -is a positive integer (between 1 and 65534), +is a positive integer (between 1 and 65535), .Ar type is the message digest algorithm, .Ar key diff --git a/ntpd/ntp.keys.html b/ntpd/ntp.keys.html index 28a4076aaa00..25fb763f1d32 100644 --- a/ntpd/ntp.keys.html +++ b/ntpd/ntp.keys.html @@ -33,7 +33,7 @@ Up: <a rel="up" accesskey="u" href="#dir">(dir)</a> <p>This document describes the symmetric key file for the NTP Project's <code>ntpd</code> program. - <p>This document applies to version 4.2.8p11 of <code>ntp.keys</code>. + <p>This document applies to version 4.2.8p12 of <code>ntp.keys</code>. <div class="shortcontents"> <h2>Short Contents</h2> @@ -86,7 +86,7 @@ statement in the configuration file. While key number 0 is fixed by the NTP standard (as 56 zero bits) and may not be changed, -one or more keys numbered between 1 and 65534 +one or more keys numbered between 1 and 65535 may be arbitrarily set in the keys file. <p>The key file uses the same comment conventions @@ -97,7 +97,7 @@ Key entries use a fixed format of the form </pre> <p>where <kbd>keyno</kbd> -is a positive integer (between 1 and 65534), +is a positive integer (between 1 and 65535), <kbd>type</kbd> is the message digest algorithm, <kbd>key</kbd> diff --git a/ntpd/ntp.keys.man.in b/ntpd/ntp.keys.man.in index 3712747d4475..fd85bb8f5700 100644 --- a/ntpd/ntp.keys.man.in +++ b/ntpd/ntp.keys.man.in @@ -1,8 +1,8 @@ -.TH ntp.keys 5 "27 Feb 2018" "4.2.8p11" "File Formats" +.TH ntp.keys 5 "14 Aug 2018" "4.2.8p12" "File Formats" .\" .\" EDIT THIS FILE WITH CAUTION (ntp.man) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:14:26 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:28:59 AM by AutoGen 5.18.5 .\" From the definitions ntp.keys.def .\" and the template file agman-file.tpl .Sh NAME @@ -54,7 +54,7 @@ statement in the configuration file. While key number 0 is fixed by the NTP standard (as 56 zero bits) and may not be changed, -one or more keys numbered between 1 and 65534 +one or more keys numbered between 1 and 65535 may be arbitrarily set in the keys file. .sp \n(Ppu .ne 2 @@ -73,7 +73,7 @@ Key entries use a fixed format of the form where \f\*[I-Font]keyno\f[] -is a positive integer (between 1 and 65534), +is a positive integer (between 1 and 65535), \f\*[I-Font]type\f[] is the message digest algorithm, \f\*[I-Font]key\f[] diff --git a/ntpd/ntp.keys.mdoc.in b/ntpd/ntp.keys.mdoc.in index 6dc4f88c4815..26bb78ecec06 100644 --- a/ntpd/ntp.keys.mdoc.in +++ b/ntpd/ntp.keys.mdoc.in @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt NTP_KEYS 5 File Formats .Os SunOS 5.10 .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:14:46 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:29:18 AM by AutoGen 5.18.5 .\" From the definitions ntp.keys.def .\" and the template file agmdoc-file.tpl .Sh NAME @@ -37,7 +37,7 @@ statement in the configuration file. While key number 0 is fixed by the NTP standard (as 56 zero bits) and may not be changed, -one or more keys numbered between 1 and 65534 +one or more keys numbered between 1 and 65535 may be arbitrarily set in the keys file. .Pp The key file uses the same comment conventions @@ -48,7 +48,7 @@ Key entries use a fixed format of the form .Pp where .Ar keyno -is a positive integer (between 1 and 65534), +is a positive integer (between 1 and 65535), .Ar type is the message digest algorithm, .Ar key diff --git a/ntpd/ntp_config.c b/ntpd/ntp_config.c index 003b1534a9c4..89c920c1ecb6 100644 --- a/ntpd/ntp_config.c +++ b/ntpd/ntp_config.c @@ -364,7 +364,7 @@ static u_int32 get_match(const char *, struct masks *); static u_int32 get_logmask(const char *); static int/*BOOL*/ is_refclk_addr(const address_node * addr); -static void appendstr(char *, size_t, char *); +static void appendstr(char *, size_t, const char *); #ifndef SIM @@ -382,14 +382,14 @@ static void fatal_error(const char *fmt, ...) #endif { va_list va; - + va_start(va, fmt); mvsyslog(LOG_EMERG, fmt, va); va_end(va); _exit(1); } - + /* FUNCTIONS FOR INITIALIZATION * ---------------------------- */ @@ -742,7 +742,7 @@ dump_config_tree( atrv->value.i); } break; - + case T_Double: fprintf(df, " %s %s", keyword(atrv->attr), @@ -938,7 +938,7 @@ dump_config_tree( if (T_Source == flag_tok_fifo->i) { s = "source"; break; - } + } } } else { const char *ap = rest_node->addr->address; @@ -1446,7 +1446,7 @@ create_unpeer_node( /* accumulate with overflow retention */ u = (10 * u + *pch - '0') | (u & 0xFF000000u); } - + if (!*pch && u <= ASSOCID_MAX) { my_node->assocID = (associd_t)u; my_node->addr = NULL; @@ -2132,7 +2132,7 @@ config_tos( * since three variables with interdependecies are involved. We * just log an error but do not stop: This might be caused by * remote config, and it might be fixed by remote config, too. - */ + */ int l_maxclock = sys_maxclock; int l_minclock = sys_minclock; int l_minsane = sys_minsane; @@ -2162,7 +2162,7 @@ config_tos( tos->value.d = 0; } break; - + case T_Ceiling: val = tos->value.d; if (val > STRATUM_UNSPEC - 1) { @@ -2207,7 +2207,7 @@ config_tos( " - daemon will not operate properly!", l_minsane, l_minclock, l_maxclock); } - + /* -*- phase two: forward the values to the protocol machinery */ tos = HEAD_PFIFO(ptree->orphan_cmds); for (; tos != NULL; tos = tos->link) { @@ -3383,6 +3383,10 @@ config_ttl( size_t i = 0; int_node *curr_ttl; + /* [Bug 3465] There is a built-in default for the TTLs. We must + * overwrite 'sys_ttlmax' if we change that preset, and leave it + * alone otherwise! + */ curr_ttl = HEAD_PFIFO(ptree->ttl); for (; curr_ttl != NULL; curr_ttl = curr_ttl->link) { if (i < COUNTOF(sys_ttl)) @@ -3392,7 +3396,8 @@ config_ttl( "ttl: Number of TTL entries exceeds %zu. Ignoring TTL %d...", COUNTOF(sys_ttl), curr_ttl->i); } - sys_ttlmax = (i) ? (i - 1) : 0; + if (0 != i) /* anything written back at all? */ + sys_ttlmax = i - 1; } #endif /* !SIM */ @@ -3621,10 +3626,8 @@ config_fudge( err_flag = 1; msyslog(LOG_ERR, "unrecognized fudge reference clock address %s, line ignored", - stoa(&addr_sock)); - } - - if (!ISREFCLOCKADR(&addr_sock)) { + addr_node->address); + } else if (!ISREFCLOCKADR(&addr_sock)) { err_flag = 1; msyslog(LOG_ERR, "inappropriate address %s for the fudge command, line ignored", @@ -3696,7 +3699,7 @@ config_fudge( msyslog(LOG_ERR, "Unexpected fudge flag %s (%d) for %s", token_name(curr_opt->attr), - curr_opt->attr, stoa(&addr_sock)); + curr_opt->attr, addr_node->address); exit(curr_opt->attr ? curr_opt->attr : 1); } } @@ -4565,7 +4568,7 @@ config_ntpd( if (config_tos_clock(ptree)) clamp_systime(); } - + config_nic_rules(ptree, input_from_files); config_monitor(ptree); config_auth(ptree); @@ -4845,7 +4848,7 @@ is_refclk_addr( const address_node * addr ) { - return addr && addr->address && !strncmp(addr->address, "127.127.", 6); + return addr && addr->address && !strncmp(addr->address, "127.127.", 8); } static void @@ -5463,7 +5466,7 @@ static void appendstr( char *string, size_t s, - char *new + const char *new ) { if (*string != '\0') { diff --git a/ntpd/ntp_control.c b/ntpd/ntp_control.c index d98f6aa50886..48cd908f9a84 100644 --- a/ntpd/ntp_control.c +++ b/ntpd/ntp_control.c @@ -916,7 +916,7 @@ is_safe_filename(const char * name) u_int widx, bidx, mask; if ( ! (name && *name)) return FALSE; - + mask = 1u; while (0 != (widx = (u_char)*name++)) { bidx = (widx & 15) << 1; @@ -955,7 +955,7 @@ save_config( * level. On POSIX systems we could allow '\\' but such * filenames are tricky to manipulate from a shell, so just * reject both types of slashes on all platforms. - */ + */ /* TALOS-CAN-0062: block directory traversal for VMS, too */ static const char * illegal_in_filename = #if defined(VMS) @@ -983,8 +983,8 @@ save_config( # if defined(_O_TEXT) /* windows, again */ | _O_TEXT #endif - ; - + ; + char filespec[128]; char filename[128]; char fullpath[512]; @@ -1046,7 +1046,7 @@ save_config( /* copy data directly as we exactly know the size */ memcpy(filespec, reqpt, reqlen); filespec[reqlen] = '\0'; - + /* * allow timestamping of the saved config filename with * strftime() format such as: @@ -1110,7 +1110,7 @@ save_config( */ prc = snprintf(fullpath, sizeof(fullpath), "%s%s", saveconfigdir, filename); - if (prc < 0 || prc >= sizeof(fullpath)) { + if (prc < 0 || (size_t)prc >= sizeof(fullpath)) { ctl_printf("saveconfig exceeded maximum path length (%u)", (u_int)sizeof(fullpath)); ctl_flushpkt(0); @@ -1127,8 +1127,8 @@ save_config( fptr = fdopen(fd, "w"); if (NULL == fptr || -1 == dump_all_config_trees(fptr, 1)) { - ctl_printf("Unable to save configuration to file '%s': %m", - filename); + ctl_printf("Unable to save configuration to file '%s': %s", + filename, strerror(errno)); msyslog(LOG_ERR, "saveconfig %s from %s failed", filename, stoa(&rbufp->recv_srcadr)); @@ -1154,7 +1154,7 @@ save_config( #else /* !SAVECONFIG follows */ ctl_printf("%s", "saveconfig unavailable, configured with --disable-saveconfig"); -#endif +#endif ctl_flushpkt(0); } @@ -1506,11 +1506,11 @@ ctl_putdata_ex( } else { datanotbinflag = TRUE; add_len = 3; - + if (datasent) { *datapt++ = ','; datalinelen++; - + /* sum up total length */ for (argi = 0, src_len = 0; argi < argc; ++argi) src_len += argv[argi].len; @@ -1539,14 +1539,14 @@ ctl_putdata_ex( /* Not enough room in this one, flush it out. */ if (src_len < cur_len) cur_len = src_len; - + memcpy(datapt, src_ptr, cur_len); datapt += cur_len; datalinelen += cur_len; src_ptr += cur_len; src_len -= cur_len; - + ctl_flushpkt(CTL_MORE); cur_len = (size_t)(dataend - datapt); } @@ -1571,7 +1571,7 @@ ctl_putdata( ) { CtlMemBufT args[1]; - + args[0].buf = dp; args[0].len = dlen; ctl_putdata_ex(args, 1, bin); @@ -1594,7 +1594,7 @@ ctl_putstr( ) { CtlMemBufT args[4]; - + args[0].buf = tag; args[0].len = strlen(tag); if (data && len) { @@ -1606,7 +1606,9 @@ ctl_putstr( args[3].len = 1; ctl_putdata_ex(args, 4, FALSE); } else { - ctl_putdata_ex(args, 1, FALSE); + args[1].buf = "=\"\""; + args[1].len = 3; + ctl_putdata_ex(args, 2, FALSE); } } @@ -1628,17 +1630,17 @@ ctl_putunqstr( ) { CtlMemBufT args[3]; - + args[0].buf = tag; args[0].len = strlen(tag); + args[1].buf = "="; + args[1].len = 1; if (data && len) { - args[1].buf = "="; - args[1].len = 1; - args[2].buf = data; - args[2].len = len; - ctl_putdata_ex(args, 3, FALSE); + args[2].buf = data; + args[2].len = len; + ctl_putdata_ex(args, 3, FALSE); } else { - ctl_putdata_ex(args, 1, FALSE); + ctl_putdata_ex(args, 2, FALSE); } } @@ -1656,7 +1658,7 @@ ctl_putdblf( { char buffer[40]; int rc; - + rc = snprintf(buffer, sizeof(buffer), (use_f ? "%.*f" : "%.*g"), precision, d); @@ -1677,7 +1679,7 @@ ctl_putuint( int rc; rc = snprintf(buffer, sizeof(buffer), "%lu", uval); - INSIST(rc >= 0 && rc < sizeof(buffer)); + INSIST(rc >= 0 && (size_t)rc < sizeof(buffer)); ctl_putunqstr(tag, buffer, rc); } @@ -1716,7 +1718,7 @@ ctl_putfs( { char buffer[16]; int rc; - + time_t fstamp = (time_t)uval - JAN_1970; struct tm *tm = gmtime(&fstamp); @@ -1744,7 +1746,7 @@ ctl_puthex( { char buffer[24]; /* must fit 64bit int! */ int rc; - + rc = snprintf(buffer, sizeof(buffer), "0x%lx", uval); INSIST(rc >= 0 && (size_t)rc < sizeof(buffer)); ctl_putunqstr(tag, buffer, rc); @@ -1762,9 +1764,9 @@ ctl_putint( { char buffer[24]; /*must fit 64bit int */ int rc; - + rc = snprintf(buffer, sizeof(buffer), "%ld", ival); - INSIST(rc >= 0 && rc < sizeof(buffer)); + INSIST(rc >= 0 && (size_t)rc < sizeof(buffer)); ctl_putunqstr(tag, buffer, rc); } @@ -1780,7 +1782,7 @@ ctl_putts( { char buffer[24]; int rc; - + rc = snprintf(buffer, sizeof(buffer), "0x%08lx.%08lx", (u_long)ts->l_ui, (u_long)ts->l_uf); @@ -1800,7 +1802,7 @@ ctl_putadr( ) { const char *cq; - + if (NULL == addr) cq = numtoa(addr32); else @@ -1827,7 +1829,9 @@ ctl_putrefid( bytes.w = refid; for (nc = 0; nc < sizeof(bytes.b) && bytes.b[nc]; ++nc) - if (!isprint(bytes.b[nc])) + if ( !isprint(bytes.b[nc]) + || isspace(bytes.b[nc]) + || bytes.b[nc] == ',' ) bytes.b[nc] = '.'; ctl_putunqstr(tag, (const char*)bytes.b, nc); } @@ -1874,11 +1878,11 @@ ctl_printf( va_list va; char fmtbuf[128]; int rc; - + va_start(va, fmt); rc = vsnprintf(fmtbuf, sizeof(fmtbuf), fmt, va); va_end(va); - if (rc < 0 || rc >= sizeof(fmtbuf)) + if (rc < 0 || (size_t)rc >= sizeof(fmtbuf)) strcpy(fmtbuf + sizeof(fmtbuf) - strlen(ellipsis) - 1, ellipsis); ctl_putdata(fmtbuf, strlen(fmtbuf), 0); @@ -1951,10 +1955,10 @@ ctl_putsys( break; case CS_REFID: - if (sys_stratum > 1 && sys_stratum < STRATUM_UNSPEC) - ctl_putadr(sys_var[varid].text, sys_refid, NULL); - else + if (REFID_ISTEXT(sys_stratum)) ctl_putrefid(sys_var[varid].text, sys_refid); + else + ctl_putadr(sys_var[varid].text, sys_refid, NULL); break; case CS_REFTIME: @@ -2678,11 +2682,10 @@ ctl_putpeer( break; } #endif - if (p->stratum > 1 && p->stratum < STRATUM_UNSPEC) - ctl_putadr(peer_var[id].text, p->refid, - NULL); - else + if (REFID_ISTEXT(p->stratum)) ctl_putrefid(peer_var[id].text, p->refid); + else + ctl_putadr(peer_var[id].text, p->refid, NULL); break; case CP_REFTIME: @@ -3061,7 +3064,7 @@ ctl_getitem( * packet; If it's EOV, it will never be NULL again until the * variable is found and processed in a given 'var_list'. (That * is, a result is returned that is neither NULL nor EOV). - */ + */ static const struct ctl_var eol = { 0, EOV, NULL }; static char buf[128]; static u_long quiet_until; @@ -3101,7 +3104,7 @@ ctl_getitem( ++plhead; while (plhead != pltail && isspace((u_char)pltail[-1])) --pltail; - + /* check payload size, terminate packet on overflow */ plsize = (size_t)(pltail - plhead); if (plsize >= sizeof(buf)) @@ -3126,7 +3129,7 @@ ctl_getitem( * variable lists after an EoV was returned. (Such a behavior * actually caused Bug 3008.) */ - + if (NULL == var_list) return &eol; @@ -3647,7 +3650,7 @@ static u_int32 derive_nonce( /* [Bug 3457] set flags and don't kill them again */ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_DigestInit_ex(ctx, EVP_get_digestbynid(NID_md5), NULL); -# else +# else EVP_DigestInit(ctx, EVP_get_digestbynid(NID_md5)); # endif EVP_DigestUpdate(ctx, salt, sizeof(salt)); @@ -3944,7 +3947,7 @@ static void read_mru_list( int restrict_mask ) { - static const char nulltxt[1] = { '\0' }; + static const char nulltxt[1] = { '\0' }; static const char nonce_text[] = "nonce"; static const char frags_text[] = "frags"; static const char limit_text[] = "limit"; @@ -3954,7 +3957,7 @@ static void read_mru_list( static const char maxlstint_text[] = "maxlstint"; static const char laddr_text[] = "laddr"; static const char resaxx_fmt[] = "0x%hx"; - + u_int limit; u_short frags; u_short resall; diff --git a/ntpd/ntp_io.c b/ntpd/ntp_io.c index ed5f0dcaff40..b89b996e9310 100644 --- a/ntpd/ntp_io.c +++ b/ntpd/ntp_io.c @@ -1612,6 +1612,34 @@ set_wildcard_reuse( } #endif /* OS_NEEDS_REUSEADDR_FOR_IFADDRBIND */ +static isc_boolean_t +check_flags( + sockaddr_u *psau, + const char *name, + u_int32 flags + ) +{ +#if defined(SIOCGIFAFLAG_IN) + struct ifreq ifr; + int fd; + + if (psau->sa.sa_family != AF_INET) + return ISC_FALSE; + if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) + return ISC_FALSE; + ZERO(ifr); + memcpy(&ifr.ifr_addr, &psau->sa, sizeof(ifr.ifr_addr)); + strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); + if (ioctl(fd, SIOCGIFAFLAG_IN, &ifr) < 0) { + close(fd); + return ISC_FALSE; + } + close(fd); + if ((ifr.ifr_addrflags & flags) != 0) + return ISC_TRUE; +#endif /* SIOCGIFAFLAG_IN */ + return ISC_FALSE; +} static isc_boolean_t check_flags6( @@ -1661,19 +1689,32 @@ is_valid( const char *name ) { - u_int32 flags6; + u_int32 flags; - flags6 = 0; + flags = 0; + switch (psau->sa.sa_family) { + case AF_INET: +#ifdef IN_IFF_DETACHED + flags |= IN_IFF_DETACHED; +#endif +#ifdef IN_IFF_TENTATIVE + flags |= IN_IFF_TENTATIVE; +#endif + return check_flags(psau, name, flags) ? ISC_FALSE : ISC_TRUE; + case AF_INET6: #ifdef IN6_IFF_DEPARTED - flags6 |= IN6_IFF_DEPARTED; + flags |= IN6_IFF_DEPARTED; #endif #ifdef IN6_IFF_DETACHED - flags6 |= IN6_IFF_DETACHED; + flags |= IN6_IFF_DETACHED; #endif #ifdef IN6_IFF_TENTATIVE - flags6 |= IN6_IFF_TENTATIVE; + flags |= IN6_IFF_TENTATIVE; #endif - return check_flags6(psau, name, flags6) ? ISC_FALSE : ISC_TRUE; + return check_flags6(psau, name, flags) ? ISC_FALSE : ISC_TRUE; + default: + return ISC_FALSE; + } } /* @@ -3092,7 +3133,7 @@ sendpkt( int cc; int rc; u_char cttl; - l_fp fp_zero = { 0, 0 }; + l_fp fp_zero = { { 0 }, 0 }; ismcast = IS_MCAST(dest); if (!ismcast) diff --git a/ntpd/ntp_loopfilter.c b/ntpd/ntp_loopfilter.c index 8d44fb17db4e..924d5738b1e4 100644 --- a/ntpd/ntp_loopfilter.c +++ b/ntpd/ntp_loopfilter.c @@ -1099,10 +1099,14 @@ start_kern_loop(void) pll_control = TRUE; ZERO(ntv); ntv.modes = MOD_BITS; - ntv.status = STA_PLL; - ntv.maxerror = MAXDISPERSE; - ntv.esterror = MAXDISPERSE; - ntv.constant = sys_poll; /* why is it that here constant is unconditionally set to sys_poll, whereas elsewhere is is modified depending on nanosecond vs. microsecond kernel? */ + ntv.status = STA_PLL | STA_UNSYNC; + ntv.maxerror = MAXDISPERSE * 1.0e6; + ntv.esterror = MAXDISPERSE * 1.0e6; + ntv.constant = sys_poll; + /* ^^^^^^^^ why is it that here constant is + * unconditionally set to sys_poll, whereas elsewhere is is + * modified depending on nanosecond vs. microsecond kernel? + */ #ifdef SIGSYS /* * Use sigsetjmp() to save state and then call ntp_adjtime(); if diff --git a/ntpd/ntp_parser.c b/ntpd/ntp_parser.c index 782019cdfa0c..8156a5f51f4d 100644 --- a/ntpd/ntp_parser.c +++ b/ntpd/ntp_parser.c @@ -62,7 +62,7 @@ /* Copy the first part of user declarations. */ -#line 11 "../../ntpd/ntp_parser.y" /* yacc.c:339 */ +#line 11 "ntp_parser.y" /* yacc.c:339 */ #ifdef HAVE_CONFIG_H # include <config.h> @@ -76,6 +76,7 @@ #include "ntp_scanner.h" #include "ntp_config.h" #include "ntp_crypto.h" + #include "ntp_calendar.h" #include "ntpsim.h" /* HMS: Do we really want this all the time? */ /* SK: It might be a good idea to always @@ -96,7 +97,7 @@ # define ONLY_SIM(a) NULL #endif -#line 100 "ntp_parser.c" /* yacc.c:339 */ +#line 101 "ntp_parser.c" /* yacc.c:339 */ # ifndef YY_NULLPTR # if defined __cplusplus && 201103L <= __cplusplus @@ -540,7 +541,7 @@ extern int yydebug; union YYSTYPE { -#line 51 "../../ntpd/ntp_parser.y" /* yacc.c:355 */ +#line 52 "ntp_parser.y" /* yacc.c:355 */ char * String; double Double; @@ -559,7 +560,7 @@ union YYSTYPE script_info * Sim_script; script_info_fifo * Sim_script_fifo; -#line 563 "ntp_parser.c" /* yacc.c:355 */ +#line 564 "ntp_parser.c" /* yacc.c:355 */ }; typedef union YYSTYPE YYSTYPE; @@ -576,7 +577,7 @@ int yyparse (void); /* Copy the second part of user declarations. */ -#line 580 "ntp_parser.c" /* yacc.c:358 */ +#line 581 "ntp_parser.c" /* yacc.c:358 */ #ifdef short # undef short @@ -893,39 +894,39 @@ static const yytype_uint8 yytranslate[] = /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ static const yytype_uint16 yyrline[] = { - 0, 377, 377, 381, 382, 383, 398, 399, 400, 401, - 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, - 419, 429, 430, 431, 432, 433, 437, 438, 443, 448, - 450, 456, 457, 465, 466, 467, 471, 476, 477, 478, - 479, 480, 481, 482, 483, 487, 489, 494, 495, 496, - 497, 498, 499, 503, 508, 517, 527, 528, 538, 540, - 542, 544, 555, 562, 564, 569, 571, 573, 575, 577, - 587, 593, 594, 602, 604, 616, 617, 618, 619, 620, - 629, 634, 639, 647, 649, 651, 653, 658, 659, 660, - 661, 662, 663, 664, 665, 666, 670, 671, 680, 682, - 691, 701, 706, 714, 715, 716, 717, 718, 719, 720, - 721, 726, 727, 735, 745, 754, 769, 774, 775, 779, - 780, 784, 785, 786, 787, 788, 789, 790, 799, 803, - 807, 815, 823, 831, 846, 861, 874, 875, 895, 896, - 904, 905, 906, 907, 908, 909, 910, 911, 912, 913, - 914, 915, 916, 917, 918, 919, 920, 924, 929, 937, - 942, 943, 944, 948, 953, 961, 966, 967, 968, 969, - 970, 971, 972, 973, 981, 991, 996, 1004, 1006, 1008, - 1017, 1019, 1024, 1025, 1029, 1030, 1031, 1032, 1040, 1045, - 1050, 1058, 1063, 1064, 1065, 1074, 1076, 1081, 1086, 1094, - 1096, 1113, 1114, 1115, 1116, 1117, 1118, 1122, 1123, 1124, - 1125, 1126, 1127, 1135, 1140, 1145, 1153, 1158, 1159, 1160, - 1161, 1162, 1163, 1164, 1165, 1166, 1167, 1176, 1177, 1178, - 1185, 1192, 1199, 1215, 1234, 1236, 1238, 1240, 1242, 1244, - 1251, 1256, 1257, 1258, 1262, 1266, 1275, 1276, 1280, 1281, - 1282, 1286, 1297, 1315, 1327, 1332, 1334, 1339, 1340, 1348, - 1350, 1358, 1363, 1371, 1396, 1403, 1413, 1414, 1418, 1419, - 1420, 1421, 1425, 1426, 1427, 1431, 1436, 1441, 1449, 1450, - 1451, 1452, 1453, 1454, 1455, 1465, 1470, 1478, 1483, 1491, - 1493, 1497, 1502, 1507, 1515, 1520, 1528, 1537, 1538, 1542, - 1543, 1547, 1555, 1573, 1577, 1582, 1590, 1595, 1596, 1600, - 1605, 1613, 1618, 1623, 1628, 1633, 1641, 1646, 1651, 1659, - 1664, 1665, 1666, 1667, 1668 + 0, 378, 378, 382, 383, 384, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 420, 430, 431, 432, 433, 434, 438, 439, 444, 449, + 451, 457, 458, 466, 467, 468, 472, 477, 478, 479, + 480, 481, 482, 483, 484, 488, 490, 495, 496, 497, + 498, 499, 500, 504, 509, 518, 528, 529, 539, 541, + 543, 545, 556, 563, 565, 570, 572, 574, 576, 578, + 588, 594, 595, 603, 605, 617, 618, 619, 620, 621, + 630, 635, 640, 648, 650, 652, 654, 659, 660, 661, + 662, 663, 664, 665, 666, 667, 671, 672, 681, 683, + 692, 702, 707, 715, 716, 717, 718, 719, 720, 721, + 722, 727, 728, 736, 746, 755, 770, 775, 776, 780, + 781, 785, 786, 787, 788, 789, 790, 791, 800, 804, + 808, 816, 824, 832, 847, 862, 875, 876, 896, 897, + 905, 906, 907, 908, 909, 910, 911, 912, 913, 914, + 915, 916, 917, 918, 919, 920, 921, 925, 930, 938, + 943, 944, 945, 949, 954, 962, 967, 968, 969, 970, + 971, 972, 973, 974, 982, 992, 997, 1005, 1007, 1009, + 1018, 1020, 1025, 1026, 1030, 1031, 1032, 1033, 1041, 1046, + 1051, 1059, 1064, 1065, 1066, 1075, 1077, 1082, 1087, 1095, + 1097, 1114, 1115, 1116, 1117, 1118, 1119, 1123, 1124, 1125, + 1126, 1127, 1128, 1136, 1141, 1146, 1154, 1159, 1160, 1161, + 1162, 1163, 1164, 1165, 1166, 1167, 1168, 1177, 1178, 1179, + 1186, 1193, 1200, 1216, 1235, 1237, 1239, 1241, 1243, 1245, + 1252, 1257, 1258, 1259, 1263, 1267, 1276, 1277, 1281, 1282, + 1283, 1287, 1298, 1316, 1328, 1333, 1335, 1340, 1341, 1349, + 1351, 1359, 1364, 1372, 1397, 1404, 1414, 1415, 1419, 1420, + 1421, 1422, 1426, 1427, 1428, 1432, 1437, 1442, 1450, 1451, + 1452, 1453, 1454, 1455, 1456, 1466, 1471, 1479, 1484, 1492, + 1494, 1498, 1503, 1508, 1516, 1521, 1529, 1538, 1539, 1543, + 1544, 1548, 1556, 1574, 1578, 1583, 1591, 1596, 1597, 1601, + 1606, 1614, 1619, 1624, 1629, 1634, 1642, 1647, 1652, 1660, + 1665, 1666, 1667, 1668, 1669 }; #endif @@ -2126,7 +2127,7 @@ yyreduce: switch (yyn) { case 5: -#line 384 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 385 "ntp_parser.y" /* yacc.c:1646 */ { /* I will need to incorporate much more fine grained * error messages. The following should suffice for @@ -2139,85 +2140,85 @@ yyreduce: ip_ctx->errpos.nline, ip_ctx->errpos.ncol); } -#line 2143 "ntp_parser.c" /* yacc.c:1646 */ +#line 2144 "ntp_parser.c" /* yacc.c:1646 */ break; case 20: -#line 420 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 421 "ntp_parser.y" /* yacc.c:1646 */ { peer_node *my_node; my_node = create_peer_node((yyvsp[-2].Integer), (yyvsp[-1].Address_node), (yyvsp[0].Attr_val_fifo)); APPEND_G_FIFO(cfgt.peers, my_node); } -#line 2154 "ntp_parser.c" /* yacc.c:1646 */ +#line 2155 "ntp_parser.c" /* yacc.c:1646 */ break; case 27: -#line 439 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 440 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Address_node) = create_address_node((yyvsp[0].String), (yyvsp[-1].Integer)); } -#line 2160 "ntp_parser.c" /* yacc.c:1646 */ +#line 2161 "ntp_parser.c" /* yacc.c:1646 */ break; case 28: -#line 444 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 445 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Address_node) = create_address_node((yyvsp[0].String), AF_UNSPEC); } -#line 2166 "ntp_parser.c" /* yacc.c:1646 */ +#line 2167 "ntp_parser.c" /* yacc.c:1646 */ break; case 29: -#line 449 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 450 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Integer) = AF_INET; } -#line 2172 "ntp_parser.c" /* yacc.c:1646 */ +#line 2173 "ntp_parser.c" /* yacc.c:1646 */ break; case 30: -#line 451 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 452 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Integer) = AF_INET6; } -#line 2178 "ntp_parser.c" /* yacc.c:1646 */ +#line 2179 "ntp_parser.c" /* yacc.c:1646 */ break; case 31: -#line 456 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 457 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = NULL; } -#line 2184 "ntp_parser.c" /* yacc.c:1646 */ +#line 2185 "ntp_parser.c" /* yacc.c:1646 */ break; case 32: -#line 458 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 459 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2193 "ntp_parser.c" /* yacc.c:1646 */ +#line 2194 "ntp_parser.c" /* yacc.c:1646 */ break; case 36: -#line 472 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 473 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[0].Integer)); } -#line 2199 "ntp_parser.c" /* yacc.c:1646 */ +#line 2200 "ntp_parser.c" /* yacc.c:1646 */ break; case 45: -#line 488 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 489 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); } -#line 2205 "ntp_parser.c" /* yacc.c:1646 */ +#line 2206 "ntp_parser.c" /* yacc.c:1646 */ break; case 46: -#line 490 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 491 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_uval((yyvsp[-1].Integer), (yyvsp[0].Integer)); } -#line 2211 "ntp_parser.c" /* yacc.c:1646 */ +#line 2212 "ntp_parser.c" /* yacc.c:1646 */ break; case 53: -#line 504 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 505 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); } -#line 2217 "ntp_parser.c" /* yacc.c:1646 */ +#line 2218 "ntp_parser.c" /* yacc.c:1646 */ break; case 55: -#line 518 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 519 "ntp_parser.y" /* yacc.c:1646 */ { unpeer_node *my_node; @@ -2225,85 +2226,85 @@ yyreduce: if (my_node) APPEND_G_FIFO(cfgt.unpeers, my_node); } -#line 2229 "ntp_parser.c" /* yacc.c:1646 */ +#line 2230 "ntp_parser.c" /* yacc.c:1646 */ break; case 58: -#line 539 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 540 "ntp_parser.y" /* yacc.c:1646 */ { cfgt.broadcastclient = 1; } -#line 2235 "ntp_parser.c" /* yacc.c:1646 */ +#line 2236 "ntp_parser.c" /* yacc.c:1646 */ break; case 59: -#line 541 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 542 "ntp_parser.y" /* yacc.c:1646 */ { CONCAT_G_FIFOS(cfgt.manycastserver, (yyvsp[0].Address_fifo)); } -#line 2241 "ntp_parser.c" /* yacc.c:1646 */ +#line 2242 "ntp_parser.c" /* yacc.c:1646 */ break; case 60: -#line 543 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 544 "ntp_parser.y" /* yacc.c:1646 */ { CONCAT_G_FIFOS(cfgt.multicastclient, (yyvsp[0].Address_fifo)); } -#line 2247 "ntp_parser.c" /* yacc.c:1646 */ +#line 2248 "ntp_parser.c" /* yacc.c:1646 */ break; case 61: -#line 545 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 546 "ntp_parser.y" /* yacc.c:1646 */ { cfgt.mdnstries = (yyvsp[0].Integer); } -#line 2253 "ntp_parser.c" /* yacc.c:1646 */ +#line 2254 "ntp_parser.c" /* yacc.c:1646 */ break; case 62: -#line 556 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 557 "ntp_parser.y" /* yacc.c:1646 */ { attr_val *atrv; atrv = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); APPEND_G_FIFO(cfgt.vars, atrv); } -#line 2264 "ntp_parser.c" /* yacc.c:1646 */ +#line 2265 "ntp_parser.c" /* yacc.c:1646 */ break; case 63: -#line 563 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 564 "ntp_parser.y" /* yacc.c:1646 */ { cfgt.auth.control_key = (yyvsp[0].Integer); } -#line 2270 "ntp_parser.c" /* yacc.c:1646 */ +#line 2271 "ntp_parser.c" /* yacc.c:1646 */ break; case 64: -#line 565 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 566 "ntp_parser.y" /* yacc.c:1646 */ { cfgt.auth.cryptosw++; CONCAT_G_FIFOS(cfgt.auth.crypto_cmd_list, (yyvsp[0].Attr_val_fifo)); } -#line 2279 "ntp_parser.c" /* yacc.c:1646 */ +#line 2280 "ntp_parser.c" /* yacc.c:1646 */ break; case 65: -#line 570 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 571 "ntp_parser.y" /* yacc.c:1646 */ { cfgt.auth.keys = (yyvsp[0].String); } -#line 2285 "ntp_parser.c" /* yacc.c:1646 */ +#line 2286 "ntp_parser.c" /* yacc.c:1646 */ break; case 66: -#line 572 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 573 "ntp_parser.y" /* yacc.c:1646 */ { cfgt.auth.keysdir = (yyvsp[0].String); } -#line 2291 "ntp_parser.c" /* yacc.c:1646 */ +#line 2292 "ntp_parser.c" /* yacc.c:1646 */ break; case 67: -#line 574 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 575 "ntp_parser.y" /* yacc.c:1646 */ { cfgt.auth.request_key = (yyvsp[0].Integer); } -#line 2297 "ntp_parser.c" /* yacc.c:1646 */ +#line 2298 "ntp_parser.c" /* yacc.c:1646 */ break; case 68: -#line 576 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 577 "ntp_parser.y" /* yacc.c:1646 */ { cfgt.auth.revoke = (yyvsp[0].Integer); } -#line 2303 "ntp_parser.c" /* yacc.c:1646 */ +#line 2304 "ntp_parser.c" /* yacc.c:1646 */ break; case 69: -#line 578 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 579 "ntp_parser.y" /* yacc.c:1646 */ { /* [Bug 948] leaves it open if appending or * replacing the trusted key list is the right @@ -2313,38 +2314,38 @@ yyreduce: DESTROY_G_FIFO(cfgt.auth.trusted_key_list, destroy_attr_val); /* remove for append */ CONCAT_G_FIFOS(cfgt.auth.trusted_key_list, (yyvsp[0].Attr_val_fifo)); } -#line 2317 "ntp_parser.c" /* yacc.c:1646 */ +#line 2318 "ntp_parser.c" /* yacc.c:1646 */ break; case 70: -#line 588 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 589 "ntp_parser.y" /* yacc.c:1646 */ { cfgt.auth.ntp_signd_socket = (yyvsp[0].String); } -#line 2323 "ntp_parser.c" /* yacc.c:1646 */ +#line 2324 "ntp_parser.c" /* yacc.c:1646 */ break; case 71: -#line 593 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 594 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = NULL; } -#line 2329 "ntp_parser.c" /* yacc.c:1646 */ +#line 2330 "ntp_parser.c" /* yacc.c:1646 */ break; case 72: -#line 595 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 596 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2338 "ntp_parser.c" /* yacc.c:1646 */ +#line 2339 "ntp_parser.c" /* yacc.c:1646 */ break; case 73: -#line 603 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 604 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); } -#line 2344 "ntp_parser.c" /* yacc.c:1646 */ +#line 2345 "ntp_parser.c" /* yacc.c:1646 */ break; case 74: -#line 605 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 606 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = NULL; cfgt.auth.revoke = (yyvsp[0].Integer); @@ -2353,65 +2354,65 @@ yyreduce: "please use 'revoke %d' instead.", cfgt.auth.revoke, cfgt.auth.revoke); } -#line 2357 "ntp_parser.c" /* yacc.c:1646 */ +#line 2358 "ntp_parser.c" /* yacc.c:1646 */ break; case 80: -#line 630 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 631 "ntp_parser.y" /* yacc.c:1646 */ { CONCAT_G_FIFOS(cfgt.orphan_cmds, (yyvsp[0].Attr_val_fifo)); } -#line 2363 "ntp_parser.c" /* yacc.c:1646 */ +#line 2364 "ntp_parser.c" /* yacc.c:1646 */ break; case 81: -#line 635 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 636 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2372 "ntp_parser.c" /* yacc.c:1646 */ +#line 2373 "ntp_parser.c" /* yacc.c:1646 */ break; case 82: -#line 640 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 641 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2381 "ntp_parser.c" /* yacc.c:1646 */ +#line 2382 "ntp_parser.c" /* yacc.c:1646 */ break; case 83: -#line 648 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 649 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_dval((yyvsp[-1].Integer), (double)(yyvsp[0].Integer)); } -#line 2387 "ntp_parser.c" /* yacc.c:1646 */ +#line 2388 "ntp_parser.c" /* yacc.c:1646 */ break; case 84: -#line 650 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 651 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_dval((yyvsp[-1].Integer), (yyvsp[0].Double)); } -#line 2393 "ntp_parser.c" /* yacc.c:1646 */ +#line 2394 "ntp_parser.c" /* yacc.c:1646 */ break; case 85: -#line 652 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 653 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_dval((yyvsp[-1].Integer), (double)(yyvsp[0].Integer)); } -#line 2399 "ntp_parser.c" /* yacc.c:1646 */ +#line 2400 "ntp_parser.c" /* yacc.c:1646 */ break; case 86: -#line 654 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 655 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_ival(T_Basedate, (yyvsp[0].Integer)); } -#line 2405 "ntp_parser.c" /* yacc.c:1646 */ +#line 2406 "ntp_parser.c" /* yacc.c:1646 */ break; case 98: -#line 681 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 682 "ntp_parser.y" /* yacc.c:1646 */ { CONCAT_G_FIFOS(cfgt.stats_list, (yyvsp[0].Int_fifo)); } -#line 2411 "ntp_parser.c" /* yacc.c:1646 */ +#line 2412 "ntp_parser.c" /* yacc.c:1646 */ break; case 99: -#line 683 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 684 "ntp_parser.y" /* yacc.c:1646 */ { if (lex_from_file()) { cfgt.stats_dir = (yyvsp[0].String); @@ -2420,55 +2421,55 @@ yyreduce: yyerror("statsdir remote configuration ignored"); } } -#line 2424 "ntp_parser.c" /* yacc.c:1646 */ +#line 2425 "ntp_parser.c" /* yacc.c:1646 */ break; case 100: -#line 692 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 693 "ntp_parser.y" /* yacc.c:1646 */ { filegen_node *fgn; fgn = create_filegen_node((yyvsp[-1].Integer), (yyvsp[0].Attr_val_fifo)); APPEND_G_FIFO(cfgt.filegen_opts, fgn); } -#line 2435 "ntp_parser.c" /* yacc.c:1646 */ +#line 2436 "ntp_parser.c" /* yacc.c:1646 */ break; case 101: -#line 702 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 703 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Int_fifo) = (yyvsp[-1].Int_fifo); APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[0].Integer))); } -#line 2444 "ntp_parser.c" /* yacc.c:1646 */ +#line 2445 "ntp_parser.c" /* yacc.c:1646 */ break; case 102: -#line 707 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 708 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Int_fifo) = NULL; APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[0].Integer))); } -#line 2453 "ntp_parser.c" /* yacc.c:1646 */ +#line 2454 "ntp_parser.c" /* yacc.c:1646 */ break; case 111: -#line 726 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 727 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = NULL; } -#line 2459 "ntp_parser.c" /* yacc.c:1646 */ +#line 2460 "ntp_parser.c" /* yacc.c:1646 */ break; case 112: -#line 728 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 729 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2468 "ntp_parser.c" /* yacc.c:1646 */ +#line 2469 "ntp_parser.c" /* yacc.c:1646 */ break; case 113: -#line 736 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 737 "ntp_parser.y" /* yacc.c:1646 */ { if (lex_from_file()) { (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); @@ -2478,11 +2479,11 @@ yyreduce: yyerror("filegen file remote config ignored"); } } -#line 2482 "ntp_parser.c" /* yacc.c:1646 */ +#line 2483 "ntp_parser.c" /* yacc.c:1646 */ break; case 114: -#line 746 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 747 "ntp_parser.y" /* yacc.c:1646 */ { if (lex_from_file()) { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); @@ -2491,11 +2492,11 @@ yyreduce: yyerror("filegen type remote config ignored"); } } -#line 2495 "ntp_parser.c" /* yacc.c:1646 */ +#line 2496 "ntp_parser.c" /* yacc.c:1646 */ break; case 115: -#line 755 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 756 "ntp_parser.y" /* yacc.c:1646 */ { const char *err; @@ -2510,33 +2511,33 @@ yyreduce: yyerror(err); } } -#line 2514 "ntp_parser.c" /* yacc.c:1646 */ +#line 2515 "ntp_parser.c" /* yacc.c:1646 */ break; case 116: -#line 770 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 771 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[0].Integer)); } -#line 2520 "ntp_parser.c" /* yacc.c:1646 */ +#line 2521 "ntp_parser.c" /* yacc.c:1646 */ break; case 128: -#line 800 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 801 "ntp_parser.y" /* yacc.c:1646 */ { CONCAT_G_FIFOS(cfgt.discard_opts, (yyvsp[0].Attr_val_fifo)); } -#line 2528 "ntp_parser.c" /* yacc.c:1646 */ +#line 2529 "ntp_parser.c" /* yacc.c:1646 */ break; case 129: -#line 804 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 805 "ntp_parser.y" /* yacc.c:1646 */ { CONCAT_G_FIFOS(cfgt.mru_opts, (yyvsp[0].Attr_val_fifo)); } -#line 2536 "ntp_parser.c" /* yacc.c:1646 */ +#line 2537 "ntp_parser.c" /* yacc.c:1646 */ break; case 130: -#line 808 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 809 "ntp_parser.y" /* yacc.c:1646 */ { restrict_node *rn; @@ -2544,11 +2545,11 @@ yyreduce: lex_current()->curpos.nline); APPEND_G_FIFO(cfgt.restrict_opts, rn); } -#line 2548 "ntp_parser.c" /* yacc.c:1646 */ +#line 2549 "ntp_parser.c" /* yacc.c:1646 */ break; case 131: -#line 816 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 817 "ntp_parser.y" /* yacc.c:1646 */ { restrict_node *rn; @@ -2556,11 +2557,11 @@ yyreduce: lex_current()->curpos.nline); APPEND_G_FIFO(cfgt.restrict_opts, rn); } -#line 2560 "ntp_parser.c" /* yacc.c:1646 */ +#line 2561 "ntp_parser.c" /* yacc.c:1646 */ break; case 132: -#line 824 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 825 "ntp_parser.y" /* yacc.c:1646 */ { restrict_node *rn; @@ -2568,11 +2569,11 @@ yyreduce: lex_current()->curpos.nline); APPEND_G_FIFO(cfgt.restrict_opts, rn); } -#line 2572 "ntp_parser.c" /* yacc.c:1646 */ +#line 2573 "ntp_parser.c" /* yacc.c:1646 */ break; case 133: -#line 832 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 833 "ntp_parser.y" /* yacc.c:1646 */ { restrict_node *rn; @@ -2587,11 +2588,11 @@ yyreduce: lex_current()->curpos.nline); APPEND_G_FIFO(cfgt.restrict_opts, rn); } -#line 2591 "ntp_parser.c" /* yacc.c:1646 */ +#line 2592 "ntp_parser.c" /* yacc.c:1646 */ break; case 134: -#line 847 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 848 "ntp_parser.y" /* yacc.c:1646 */ { restrict_node *rn; @@ -2606,11 +2607,11 @@ yyreduce: lex_current()->curpos.nline); APPEND_G_FIFO(cfgt.restrict_opts, rn); } -#line 2610 "ntp_parser.c" /* yacc.c:1646 */ +#line 2611 "ntp_parser.c" /* yacc.c:1646 */ break; case 135: -#line 862 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 863 "ntp_parser.y" /* yacc.c:1646 */ { restrict_node * rn; @@ -2619,17 +2620,17 @@ yyreduce: NULL, NULL, (yyvsp[-1].Integer), (yyvsp[0].Int_fifo), lex_current()->curpos.nline); APPEND_G_FIFO(cfgt.restrict_opts, rn); } -#line 2623 "ntp_parser.c" /* yacc.c:1646 */ +#line 2624 "ntp_parser.c" /* yacc.c:1646 */ break; case 136: -#line 874 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 875 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Integer) = -1; } -#line 2629 "ntp_parser.c" /* yacc.c:1646 */ +#line 2630 "ntp_parser.c" /* yacc.c:1646 */ break; case 137: -#line 876 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 877 "ntp_parser.y" /* yacc.c:1646 */ { if (((yyvsp[0].Integer) < -1) || ((yyvsp[0].Integer) > 100)) { struct FILE_INFO * ip_ctx; @@ -2645,115 +2646,115 @@ yyreduce: } (yyval.Integer) = (yyvsp[0].Integer); } -#line 2649 "ntp_parser.c" /* yacc.c:1646 */ +#line 2650 "ntp_parser.c" /* yacc.c:1646 */ break; case 138: -#line 895 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 896 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Int_fifo) = NULL; } -#line 2655 "ntp_parser.c" /* yacc.c:1646 */ +#line 2656 "ntp_parser.c" /* yacc.c:1646 */ break; case 139: -#line 897 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 898 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Int_fifo) = (yyvsp[-1].Int_fifo); APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[0].Integer))); } -#line 2664 "ntp_parser.c" /* yacc.c:1646 */ +#line 2665 "ntp_parser.c" /* yacc.c:1646 */ break; case 157: -#line 925 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 926 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2673 "ntp_parser.c" /* yacc.c:1646 */ +#line 2674 "ntp_parser.c" /* yacc.c:1646 */ break; case 158: -#line 930 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 931 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2682 "ntp_parser.c" /* yacc.c:1646 */ +#line 2683 "ntp_parser.c" /* yacc.c:1646 */ break; case 159: -#line 938 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 939 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); } -#line 2688 "ntp_parser.c" /* yacc.c:1646 */ +#line 2689 "ntp_parser.c" /* yacc.c:1646 */ break; case 163: -#line 949 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 950 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2697 "ntp_parser.c" /* yacc.c:1646 */ +#line 2698 "ntp_parser.c" /* yacc.c:1646 */ break; case 164: -#line 954 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 955 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2706 "ntp_parser.c" /* yacc.c:1646 */ +#line 2707 "ntp_parser.c" /* yacc.c:1646 */ break; case 165: -#line 962 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 963 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); } -#line 2712 "ntp_parser.c" /* yacc.c:1646 */ +#line 2713 "ntp_parser.c" /* yacc.c:1646 */ break; case 174: -#line 982 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 983 "ntp_parser.y" /* yacc.c:1646 */ { addr_opts_node *aon; aon = create_addr_opts_node((yyvsp[-1].Address_node), (yyvsp[0].Attr_val_fifo)); APPEND_G_FIFO(cfgt.fudge, aon); } -#line 2723 "ntp_parser.c" /* yacc.c:1646 */ +#line 2724 "ntp_parser.c" /* yacc.c:1646 */ break; case 175: -#line 992 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 993 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2732 "ntp_parser.c" /* yacc.c:1646 */ +#line 2733 "ntp_parser.c" /* yacc.c:1646 */ break; case 176: -#line 997 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 998 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2741 "ntp_parser.c" /* yacc.c:1646 */ +#line 2742 "ntp_parser.c" /* yacc.c:1646 */ break; case 177: -#line 1005 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1006 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_dval((yyvsp[-1].Integer), (yyvsp[0].Double)); } -#line 2747 "ntp_parser.c" /* yacc.c:1646 */ +#line 2748 "ntp_parser.c" /* yacc.c:1646 */ break; case 178: -#line 1007 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1008 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); } -#line 2753 "ntp_parser.c" /* yacc.c:1646 */ +#line 2754 "ntp_parser.c" /* yacc.c:1646 */ break; case 179: -#line 1009 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1010 "ntp_parser.y" /* yacc.c:1646 */ { if ((yyvsp[0].Integer) >= 0 && (yyvsp[0].Integer) <= 16) { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); @@ -2762,89 +2763,89 @@ yyreduce: yyerror("fudge factor: stratum value not in [0..16], ignored"); } } -#line 2766 "ntp_parser.c" /* yacc.c:1646 */ +#line 2767 "ntp_parser.c" /* yacc.c:1646 */ break; case 180: -#line 1018 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1019 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); } -#line 2772 "ntp_parser.c" /* yacc.c:1646 */ +#line 2773 "ntp_parser.c" /* yacc.c:1646 */ break; case 181: -#line 1020 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1021 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); } -#line 2778 "ntp_parser.c" /* yacc.c:1646 */ +#line 2779 "ntp_parser.c" /* yacc.c:1646 */ break; case 188: -#line 1041 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1042 "ntp_parser.y" /* yacc.c:1646 */ { CONCAT_G_FIFOS(cfgt.rlimit, (yyvsp[0].Attr_val_fifo)); } -#line 2784 "ntp_parser.c" /* yacc.c:1646 */ +#line 2785 "ntp_parser.c" /* yacc.c:1646 */ break; case 189: -#line 1046 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1047 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2793 "ntp_parser.c" /* yacc.c:1646 */ +#line 2794 "ntp_parser.c" /* yacc.c:1646 */ break; case 190: -#line 1051 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1052 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2802 "ntp_parser.c" /* yacc.c:1646 */ +#line 2803 "ntp_parser.c" /* yacc.c:1646 */ break; case 191: -#line 1059 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1060 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); } -#line 2808 "ntp_parser.c" /* yacc.c:1646 */ +#line 2809 "ntp_parser.c" /* yacc.c:1646 */ break; case 195: -#line 1075 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1076 "ntp_parser.y" /* yacc.c:1646 */ { CONCAT_G_FIFOS(cfgt.enable_opts, (yyvsp[0].Attr_val_fifo)); } -#line 2814 "ntp_parser.c" /* yacc.c:1646 */ +#line 2815 "ntp_parser.c" /* yacc.c:1646 */ break; case 196: -#line 1077 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1078 "ntp_parser.y" /* yacc.c:1646 */ { CONCAT_G_FIFOS(cfgt.disable_opts, (yyvsp[0].Attr_val_fifo)); } -#line 2820 "ntp_parser.c" /* yacc.c:1646 */ +#line 2821 "ntp_parser.c" /* yacc.c:1646 */ break; case 197: -#line 1082 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1083 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2829 "ntp_parser.c" /* yacc.c:1646 */ +#line 2830 "ntp_parser.c" /* yacc.c:1646 */ break; case 198: -#line 1087 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1088 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2838 "ntp_parser.c" /* yacc.c:1646 */ +#line 2839 "ntp_parser.c" /* yacc.c:1646 */ break; case 199: -#line 1095 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1096 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[0].Integer)); } -#line 2844 "ntp_parser.c" /* yacc.c:1646 */ +#line 2845 "ntp_parser.c" /* yacc.c:1646 */ break; case 200: -#line 1097 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1098 "ntp_parser.y" /* yacc.c:1646 */ { if (lex_from_file()) { (yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[0].Integer)); @@ -2858,74 +2859,74 @@ yyreduce: yyerror(err_str); } } -#line 2862 "ntp_parser.c" /* yacc.c:1646 */ +#line 2863 "ntp_parser.c" /* yacc.c:1646 */ break; case 213: -#line 1136 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1137 "ntp_parser.y" /* yacc.c:1646 */ { CONCAT_G_FIFOS(cfgt.tinker, (yyvsp[0].Attr_val_fifo)); } -#line 2868 "ntp_parser.c" /* yacc.c:1646 */ +#line 2869 "ntp_parser.c" /* yacc.c:1646 */ break; case 214: -#line 1141 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1142 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2877 "ntp_parser.c" /* yacc.c:1646 */ +#line 2878 "ntp_parser.c" /* yacc.c:1646 */ break; case 215: -#line 1146 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1147 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2886 "ntp_parser.c" /* yacc.c:1646 */ +#line 2887 "ntp_parser.c" /* yacc.c:1646 */ break; case 216: -#line 1154 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1155 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_dval((yyvsp[-1].Integer), (yyvsp[0].Double)); } -#line 2892 "ntp_parser.c" /* yacc.c:1646 */ +#line 2893 "ntp_parser.c" /* yacc.c:1646 */ break; case 229: -#line 1179 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1180 "ntp_parser.y" /* yacc.c:1646 */ { attr_val *av; av = create_attr_dval((yyvsp[-1].Integer), (yyvsp[0].Double)); APPEND_G_FIFO(cfgt.vars, av); } -#line 2903 "ntp_parser.c" /* yacc.c:1646 */ +#line 2904 "ntp_parser.c" /* yacc.c:1646 */ break; case 230: -#line 1186 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1187 "ntp_parser.y" /* yacc.c:1646 */ { attr_val *av; av = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); APPEND_G_FIFO(cfgt.vars, av); } -#line 2914 "ntp_parser.c" /* yacc.c:1646 */ +#line 2915 "ntp_parser.c" /* yacc.c:1646 */ break; case 231: -#line 1193 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1194 "ntp_parser.y" /* yacc.c:1646 */ { attr_val *av; av = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); APPEND_G_FIFO(cfgt.vars, av); } -#line 2925 "ntp_parser.c" /* yacc.c:1646 */ +#line 2926 "ntp_parser.c" /* yacc.c:1646 */ break; case 232: -#line 1200 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1201 "ntp_parser.y" /* yacc.c:1646 */ { char error_text[64]; attr_val *av; @@ -2941,11 +2942,11 @@ yyreduce: yyerror(error_text); } } -#line 2945 "ntp_parser.c" /* yacc.c:1646 */ +#line 2946 "ntp_parser.c" /* yacc.c:1646 */ break; case 233: -#line 1216 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1217 "ntp_parser.y" /* yacc.c:1646 */ { if (!lex_from_file()) { YYFREE((yyvsp[-1].String)); /* avoid leak */ @@ -2964,68 +2965,68 @@ yyreduce: } YYFREE((yyvsp[-1].String)); /* avoid leak */ } -#line 2968 "ntp_parser.c" /* yacc.c:1646 */ +#line 2969 "ntp_parser.c" /* yacc.c:1646 */ break; case 234: -#line 1235 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1236 "ntp_parser.y" /* yacc.c:1646 */ { lex_flush_stack(); } -#line 2974 "ntp_parser.c" /* yacc.c:1646 */ +#line 2975 "ntp_parser.c" /* yacc.c:1646 */ break; case 235: -#line 1237 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1238 "ntp_parser.y" /* yacc.c:1646 */ { /* see drift_parm below for actions */ } -#line 2980 "ntp_parser.c" /* yacc.c:1646 */ +#line 2981 "ntp_parser.c" /* yacc.c:1646 */ break; case 236: -#line 1239 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1240 "ntp_parser.y" /* yacc.c:1646 */ { CONCAT_G_FIFOS(cfgt.logconfig, (yyvsp[0].Attr_val_fifo)); } -#line 2986 "ntp_parser.c" /* yacc.c:1646 */ +#line 2987 "ntp_parser.c" /* yacc.c:1646 */ break; case 237: -#line 1241 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1242 "ntp_parser.y" /* yacc.c:1646 */ { CONCAT_G_FIFOS(cfgt.phone, (yyvsp[0].String_fifo)); } -#line 2992 "ntp_parser.c" /* yacc.c:1646 */ +#line 2993 "ntp_parser.c" /* yacc.c:1646 */ break; case 238: -#line 1243 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1244 "ntp_parser.y" /* yacc.c:1646 */ { APPEND_G_FIFO(cfgt.setvar, (yyvsp[0].Set_var)); } -#line 2998 "ntp_parser.c" /* yacc.c:1646 */ +#line 2999 "ntp_parser.c" /* yacc.c:1646 */ break; case 239: -#line 1245 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1246 "ntp_parser.y" /* yacc.c:1646 */ { addr_opts_node *aon; aon = create_addr_opts_node((yyvsp[-1].Address_node), (yyvsp[0].Attr_val_fifo)); APPEND_G_FIFO(cfgt.trap, aon); } -#line 3009 "ntp_parser.c" /* yacc.c:1646 */ +#line 3010 "ntp_parser.c" /* yacc.c:1646 */ break; case 240: -#line 1252 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1253 "ntp_parser.y" /* yacc.c:1646 */ { CONCAT_G_FIFOS(cfgt.ttl, (yyvsp[0].Attr_val_fifo)); } -#line 3015 "ntp_parser.c" /* yacc.c:1646 */ +#line 3016 "ntp_parser.c" /* yacc.c:1646 */ break; case 245: -#line 1267 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1268 "ntp_parser.y" /* yacc.c:1646 */ { #ifndef LEAP_SMEAR yyerror("Built without LEAP_SMEAR support."); #endif } -#line 3025 "ntp_parser.c" /* yacc.c:1646 */ +#line 3026 "ntp_parser.c" /* yacc.c:1646 */ break; case 251: -#line 1287 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1288 "ntp_parser.y" /* yacc.c:1646 */ { if (lex_from_file()) { attr_val *av; @@ -3036,11 +3037,11 @@ yyreduce: yyerror("driftfile remote configuration ignored"); } } -#line 3040 "ntp_parser.c" /* yacc.c:1646 */ +#line 3041 "ntp_parser.c" /* yacc.c:1646 */ break; case 252: -#line 1298 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1299 "ntp_parser.y" /* yacc.c:1646 */ { if (lex_from_file()) { attr_val *av; @@ -3057,11 +3058,11 @@ yyreduce: yyerror("driftfile remote configuration ignored"); } } -#line 3061 "ntp_parser.c" /* yacc.c:1646 */ +#line 3062 "ntp_parser.c" /* yacc.c:1646 */ break; case 253: -#line 1315 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1316 "ntp_parser.y" /* yacc.c:1646 */ { if (lex_from_file()) { attr_val *av; @@ -3071,71 +3072,71 @@ yyreduce: yyerror("driftfile remote configuration ignored"); } } -#line 3075 "ntp_parser.c" /* yacc.c:1646 */ +#line 3076 "ntp_parser.c" /* yacc.c:1646 */ break; case 254: -#line 1328 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1329 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Set_var) = create_setvar_node((yyvsp[-3].String), (yyvsp[-1].String), (yyvsp[0].Integer)); } -#line 3081 "ntp_parser.c" /* yacc.c:1646 */ +#line 3082 "ntp_parser.c" /* yacc.c:1646 */ break; case 256: -#line 1334 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1335 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Integer) = 0; } -#line 3087 "ntp_parser.c" /* yacc.c:1646 */ +#line 3088 "ntp_parser.c" /* yacc.c:1646 */ break; case 257: -#line 1339 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1340 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = NULL; } -#line 3093 "ntp_parser.c" /* yacc.c:1646 */ +#line 3094 "ntp_parser.c" /* yacc.c:1646 */ break; case 258: -#line 1341 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1342 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3102 "ntp_parser.c" /* yacc.c:1646 */ +#line 3103 "ntp_parser.c" /* yacc.c:1646 */ break; case 259: -#line 1349 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1350 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); } -#line 3108 "ntp_parser.c" /* yacc.c:1646 */ +#line 3109 "ntp_parser.c" /* yacc.c:1646 */ break; case 260: -#line 1351 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1352 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), estrdup((yyvsp[0].Address_node)->address)); destroy_address_node((yyvsp[0].Address_node)); } -#line 3117 "ntp_parser.c" /* yacc.c:1646 */ +#line 3118 "ntp_parser.c" /* yacc.c:1646 */ break; case 261: -#line 1359 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1360 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3126 "ntp_parser.c" /* yacc.c:1646 */ +#line 3127 "ntp_parser.c" /* yacc.c:1646 */ break; case 262: -#line 1364 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1365 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3135 "ntp_parser.c" /* yacc.c:1646 */ +#line 3136 "ntp_parser.c" /* yacc.c:1646 */ break; case 263: -#line 1372 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1373 "ntp_parser.y" /* yacc.c:1646 */ { char prefix; char * type; @@ -3157,141 +3158,141 @@ yyreduce: (yyval.Attr_val) = create_attr_sval(prefix, estrdup(type)); YYFREE((yyvsp[0].String)); } -#line 3161 "ntp_parser.c" /* yacc.c:1646 */ +#line 3162 "ntp_parser.c" /* yacc.c:1646 */ break; case 264: -#line 1397 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1398 "ntp_parser.y" /* yacc.c:1646 */ { nic_rule_node *nrn; nrn = create_nic_rule_node((yyvsp[0].Integer), NULL, (yyvsp[-1].Integer)); APPEND_G_FIFO(cfgt.nic_rules, nrn); } -#line 3172 "ntp_parser.c" /* yacc.c:1646 */ +#line 3173 "ntp_parser.c" /* yacc.c:1646 */ break; case 265: -#line 1404 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1405 "ntp_parser.y" /* yacc.c:1646 */ { nic_rule_node *nrn; nrn = create_nic_rule_node(0, (yyvsp[0].String), (yyvsp[-1].Integer)); APPEND_G_FIFO(cfgt.nic_rules, nrn); } -#line 3183 "ntp_parser.c" /* yacc.c:1646 */ +#line 3184 "ntp_parser.c" /* yacc.c:1646 */ break; case 275: -#line 1432 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1433 "ntp_parser.y" /* yacc.c:1646 */ { CONCAT_G_FIFOS(cfgt.reset_counters, (yyvsp[0].Int_fifo)); } -#line 3189 "ntp_parser.c" /* yacc.c:1646 */ +#line 3190 "ntp_parser.c" /* yacc.c:1646 */ break; case 276: -#line 1437 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1438 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Int_fifo) = (yyvsp[-1].Int_fifo); APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[0].Integer))); } -#line 3198 "ntp_parser.c" /* yacc.c:1646 */ +#line 3199 "ntp_parser.c" /* yacc.c:1646 */ break; case 277: -#line 1442 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1443 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Int_fifo) = NULL; APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[0].Integer))); } -#line 3207 "ntp_parser.c" /* yacc.c:1646 */ +#line 3208 "ntp_parser.c" /* yacc.c:1646 */ break; case 285: -#line 1466 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1467 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), create_int_node((yyvsp[0].Integer))); } -#line 3216 "ntp_parser.c" /* yacc.c:1646 */ +#line 3217 "ntp_parser.c" /* yacc.c:1646 */ break; case 286: -#line 1471 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1472 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), create_int_node((yyvsp[0].Integer))); } -#line 3225 "ntp_parser.c" /* yacc.c:1646 */ +#line 3226 "ntp_parser.c" /* yacc.c:1646 */ break; case 287: -#line 1479 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1480 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3234 "ntp_parser.c" /* yacc.c:1646 */ +#line 3235 "ntp_parser.c" /* yacc.c:1646 */ break; case 288: -#line 1484 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1485 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3243 "ntp_parser.c" /* yacc.c:1646 */ +#line 3244 "ntp_parser.c" /* yacc.c:1646 */ break; case 289: -#line 1492 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1493 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_ival('i', (yyvsp[0].Integer)); } -#line 3249 "ntp_parser.c" /* yacc.c:1646 */ +#line 3250 "ntp_parser.c" /* yacc.c:1646 */ break; case 291: -#line 1498 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1499 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_rangeval('-', (yyvsp[-3].Integer), (yyvsp[-1].Integer)); } -#line 3255 "ntp_parser.c" /* yacc.c:1646 */ +#line 3256 "ntp_parser.c" /* yacc.c:1646 */ break; case 292: -#line 1503 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1504 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.String_fifo) = (yyvsp[-1].String_fifo); APPEND_G_FIFO((yyval.String_fifo), create_string_node((yyvsp[0].String))); } -#line 3264 "ntp_parser.c" /* yacc.c:1646 */ +#line 3265 "ntp_parser.c" /* yacc.c:1646 */ break; case 293: -#line 1508 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1509 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.String_fifo) = NULL; APPEND_G_FIFO((yyval.String_fifo), create_string_node((yyvsp[0].String))); } -#line 3273 "ntp_parser.c" /* yacc.c:1646 */ +#line 3274 "ntp_parser.c" /* yacc.c:1646 */ break; case 294: -#line 1516 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1517 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Address_fifo) = (yyvsp[-1].Address_fifo); APPEND_G_FIFO((yyval.Address_fifo), (yyvsp[0].Address_node)); } -#line 3282 "ntp_parser.c" /* yacc.c:1646 */ +#line 3283 "ntp_parser.c" /* yacc.c:1646 */ break; case 295: -#line 1521 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1522 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Address_fifo) = NULL; APPEND_G_FIFO((yyval.Address_fifo), (yyvsp[0].Address_node)); } -#line 3291 "ntp_parser.c" /* yacc.c:1646 */ +#line 3292 "ntp_parser.c" /* yacc.c:1646 */ break; case 296: -#line 1529 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1530 "ntp_parser.y" /* yacc.c:1646 */ { if ((yyvsp[0].Integer) != 0 && (yyvsp[0].Integer) != 1) { yyerror("Integer value is not boolean (0 or 1). Assuming 1"); @@ -3300,35 +3301,35 @@ yyreduce: (yyval.Integer) = (yyvsp[0].Integer); } } -#line 3304 "ntp_parser.c" /* yacc.c:1646 */ +#line 3305 "ntp_parser.c" /* yacc.c:1646 */ break; case 297: -#line 1537 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1538 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Integer) = 1; } -#line 3310 "ntp_parser.c" /* yacc.c:1646 */ +#line 3311 "ntp_parser.c" /* yacc.c:1646 */ break; case 298: -#line 1538 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1539 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Integer) = 0; } -#line 3316 "ntp_parser.c" /* yacc.c:1646 */ +#line 3317 "ntp_parser.c" /* yacc.c:1646 */ break; case 299: -#line 1542 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1543 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Double) = (double)(yyvsp[0].Integer); } -#line 3322 "ntp_parser.c" /* yacc.c:1646 */ +#line 3323 "ntp_parser.c" /* yacc.c:1646 */ break; case 301: -#line 1548 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1549 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Integer) = basedate_eval_string((yyvsp[0].String)); YYFREE((yyvsp[0].String)); } -#line 3328 "ntp_parser.c" /* yacc.c:1646 */ +#line 3329 "ntp_parser.c" /* yacc.c:1646 */ break; case 302: -#line 1556 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1557 "ntp_parser.y" /* yacc.c:1646 */ { sim_node *sn; @@ -3338,125 +3339,125 @@ yyreduce: /* Revert from ; to \n for end-of-command */ old_config_style = 1; } -#line 3342 "ntp_parser.c" /* yacc.c:1646 */ +#line 3343 "ntp_parser.c" /* yacc.c:1646 */ break; case 303: -#line 1573 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1574 "ntp_parser.y" /* yacc.c:1646 */ { old_config_style = 0; } -#line 3348 "ntp_parser.c" /* yacc.c:1646 */ +#line 3349 "ntp_parser.c" /* yacc.c:1646 */ break; case 304: -#line 1578 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1579 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = (yyvsp[-2].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[-1].Attr_val)); } -#line 3357 "ntp_parser.c" /* yacc.c:1646 */ +#line 3358 "ntp_parser.c" /* yacc.c:1646 */ break; case 305: -#line 1583 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1584 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[-1].Attr_val)); } -#line 3366 "ntp_parser.c" /* yacc.c:1646 */ +#line 3367 "ntp_parser.c" /* yacc.c:1646 */ break; case 306: -#line 1591 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1592 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_dval((yyvsp[-2].Integer), (yyvsp[0].Double)); } -#line 3372 "ntp_parser.c" /* yacc.c:1646 */ +#line 3373 "ntp_parser.c" /* yacc.c:1646 */ break; case 309: -#line 1601 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1602 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Sim_server_fifo) = (yyvsp[-1].Sim_server_fifo); APPEND_G_FIFO((yyval.Sim_server_fifo), (yyvsp[0].Sim_server)); } -#line 3381 "ntp_parser.c" /* yacc.c:1646 */ +#line 3382 "ntp_parser.c" /* yacc.c:1646 */ break; case 310: -#line 1606 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1607 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Sim_server_fifo) = NULL; APPEND_G_FIFO((yyval.Sim_server_fifo), (yyvsp[0].Sim_server)); } -#line 3390 "ntp_parser.c" /* yacc.c:1646 */ +#line 3391 "ntp_parser.c" /* yacc.c:1646 */ break; case 311: -#line 1614 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1615 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Sim_server) = ONLY_SIM(create_sim_server((yyvsp[-4].Address_node), (yyvsp[-2].Double), (yyvsp[-1].Sim_script_fifo))); } -#line 3396 "ntp_parser.c" /* yacc.c:1646 */ +#line 3397 "ntp_parser.c" /* yacc.c:1646 */ break; case 312: -#line 1619 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1620 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Double) = (yyvsp[-1].Double); } -#line 3402 "ntp_parser.c" /* yacc.c:1646 */ +#line 3403 "ntp_parser.c" /* yacc.c:1646 */ break; case 313: -#line 1624 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1625 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Address_node) = (yyvsp[0].Address_node); } -#line 3408 "ntp_parser.c" /* yacc.c:1646 */ +#line 3409 "ntp_parser.c" /* yacc.c:1646 */ break; case 314: -#line 1629 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1630 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Sim_script_fifo) = (yyvsp[-1].Sim_script_fifo); APPEND_G_FIFO((yyval.Sim_script_fifo), (yyvsp[0].Sim_script)); } -#line 3417 "ntp_parser.c" /* yacc.c:1646 */ +#line 3418 "ntp_parser.c" /* yacc.c:1646 */ break; case 315: -#line 1634 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1635 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Sim_script_fifo) = NULL; APPEND_G_FIFO((yyval.Sim_script_fifo), (yyvsp[0].Sim_script)); } -#line 3426 "ntp_parser.c" /* yacc.c:1646 */ +#line 3427 "ntp_parser.c" /* yacc.c:1646 */ break; case 316: -#line 1642 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1643 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Sim_script) = ONLY_SIM(create_sim_script_info((yyvsp[-3].Double), (yyvsp[-1].Attr_val_fifo))); } -#line 3432 "ntp_parser.c" /* yacc.c:1646 */ +#line 3433 "ntp_parser.c" /* yacc.c:1646 */ break; case 317: -#line 1647 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1648 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = (yyvsp[-2].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[-1].Attr_val)); } -#line 3441 "ntp_parser.c" /* yacc.c:1646 */ +#line 3442 "ntp_parser.c" /* yacc.c:1646 */ break; case 318: -#line 1652 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1653 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[-1].Attr_val)); } -#line 3450 "ntp_parser.c" /* yacc.c:1646 */ +#line 3451 "ntp_parser.c" /* yacc.c:1646 */ break; case 319: -#line 1660 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +#line 1661 "ntp_parser.y" /* yacc.c:1646 */ { (yyval.Attr_val) = create_attr_dval((yyvsp[-2].Integer), (yyvsp[0].Double)); } -#line 3456 "ntp_parser.c" /* yacc.c:1646 */ +#line 3457 "ntp_parser.c" /* yacc.c:1646 */ break; -#line 3460 "ntp_parser.c" /* yacc.c:1646 */ +#line 3461 "ntp_parser.c" /* yacc.c:1646 */ default: break; } /* User semantic actions sometimes alter yychar, and that requires @@ -3684,7 +3685,7 @@ yyreturn: #endif return yyresult; } -#line 1671 "../../ntpd/ntp_parser.y" /* yacc.c:1906 */ +#line 1672 "ntp_parser.y" /* yacc.c:1906 */ void diff --git a/ntpd/ntp_parser.h b/ntpd/ntp_parser.h index 308c2d40583a..e24b3f41c61d 100644 --- a/ntpd/ntp_parser.h +++ b/ntpd/ntp_parser.h @@ -454,7 +454,7 @@ extern int yydebug; union YYSTYPE { -#line 51 "../../ntpd/ntp_parser.y" /* yacc.c:1909 */ +#line 52 "ntp_parser.y" /* yacc.c:1909 */ char * String; double Double; diff --git a/ntpd/ntp_parser.y b/ntpd/ntp_parser.y index 02c7342196e5..e4da9739767a 100644 --- a/ntpd/ntp_parser.y +++ b/ntpd/ntp_parser.y @@ -21,6 +21,7 @@ #include "ntp_scanner.h" #include "ntp_config.h" #include "ntp_crypto.h" + #include "ntp_calendar.h" #include "ntpsim.h" /* HMS: Do we really want this all the time? */ /* SK: It might be a good idea to always diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c index fb8a837db5c2..73ada6b442ba 100644 --- a/ntpd/ntp_proto.c +++ b/ntpd/ntp_proto.c @@ -33,7 +33,7 @@ /* * This macro defines the authentication state. If x is 1 authentication - * is required; othewise it is optional. + * is required; otherwise it is optional. */ #define AUTH(x, y) ((x) ? (y) == AUTH_OK \ : (y) == AUTH_OK || (y) == AUTH_NONE) @@ -272,7 +272,7 @@ kiss_code_check( } -/* +/* * Check that NAK is valid */ nak_code @@ -315,7 +315,7 @@ valid_NAK( return INVALIDNAK; } - /* + /* * Make sure that the extra field in the packet is all zeros */ rpkt = &rbufp->recv_pkt; @@ -324,10 +324,13 @@ valid_NAK( return INVALIDNAK; } - /* - * Only valid if peer uses a key + /* + * During the first few packets of the autokey dance there will + * not (yet) be a keyid, but in this case FLAG_SKEY is set. + * So the NAK is invalid if either there's no peer, or + * if the keyid is 0 and FLAG_SKEY is not set. */ - if (!peer || !peer->keyid || !(peer->flags & FLAG_SKEY)) { + if (!peer || (!peer->keyid && !(peer->flags & FLAG_SKEY))) { return INVALIDNAK; } @@ -372,6 +375,13 @@ transmit( hpoll = peer->hpoll; /* + * If we haven't received anything (even if unsync) since last + * send, reset ppoll. + */ + if (peer->outdate > peer->timelastrec && !peer->reach) + peer->ppoll = peer->maxpoll; + + /* * In broadcast mode the poll interval is never changed from * minpoll. */ @@ -645,7 +655,7 @@ receive( hisleap = PKT_LEAP(pkt->li_vn_mode); hismode = (int)PKT_MODE(pkt->li_vn_mode); hisstratum = PKT_TO_STRATUM(pkt->stratum); - DPRINTF(2, ("receive: at %ld %s<-%s ippeerlimit %d mode %d iflags %s restrict %s org %#010x.%08x xmt %#010x.%08x\n", + DPRINTF(1, ("receive: at %ld %s<-%s ippeerlimit %d mode %d iflags %s restrict %s org %#010x.%08x xmt %#010x.%08x\n", current_time, stoa(&rbufp->dstadr->sin), stoa(&rbufp->recv_srcadr), r4a.ippeerlimit, hismode, build_iflags(rbufp->dstadr->flags), @@ -737,7 +747,7 @@ receive( } else { DPRINTF(2, ("receive: drop: MODE_UNSPEC\n")); sys_badlength++; - return; /* invalid mode */ + return; /* invalid mode */ } } @@ -841,7 +851,7 @@ receive( /* ** Packet Data Verification Layer ** - ** This layer verifies the packet data content. If + ** This layer verifies the packet data content. If ** authentication is required, a MAC must be present. ** If a MAC is present, it must validate. ** Crypto-NAK? Look - a shiny thing! @@ -949,7 +959,7 @@ receive( if (0 != peer) { peer->badNAK++; } - msyslog(LOG_ERR, "Invalid-NAK error at %ld %s<-%s", + msyslog(LOG_ERR, "Invalid-NAK error at %ld %s<-%s", current_time, stoa(dstadr_sin), stoa(&rbufp->recv_srcadr)); return; } @@ -957,7 +967,7 @@ receive( if (has_mac == 0) { restrict_mask &= ~RES_MSSNTP; is_authentic = AUTH_NONE; /* not required */ - DPRINTF(2, ("receive: at %ld %s<-%s mode %d/%s:%s len %d org %#010x.%08x xmt %#010x.%08x NOMAC\n", + DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s len %d org %#010x.%08x xmt %#010x.%08x NOMAC\n", current_time, stoa(dstadr_sin), stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str, authlen, @@ -966,7 +976,7 @@ receive( } else if (crypto_nak_test == VALIDNAK) { restrict_mask &= ~RES_MSSNTP; is_authentic = AUTH_CRYPTO; /* crypto-NAK */ - DPRINTF(2, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org %#010x.%08x xmt %#010x.%08x MAC4\n", + DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org %#010x.%08x xmt %#010x.%08x CRYPTONAK\n", current_time, stoa(dstadr_sin), stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str, skeyid, authlen + has_mac, is_authentic, @@ -989,13 +999,19 @@ receive( && (memcmp(zero_key, (char *)pkt + authlen + 4, MAX_MD5_LEN - 4) == 0)) { is_authentic = AUTH_NONE; + DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s len %d org %#010x.%08x xmt %#010x.%08x SIGND\n", + current_time, stoa(dstadr_sin), + stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str, + authlen, + ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf), + ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf))); #endif /* HAVE_NTP_SIGND */ } else { /* * has_mac is not 0 * Not a VALID_NAK - * Not an MS-SNTP SIGND packet + * Not an MS-SNTP SIGND packet * * So there is a MAC here. */ @@ -1054,7 +1070,7 @@ receive( ANY_INTERFACE_CHOOSE(&rbufp->recv_srcadr)) { DPRINTF(2, ("receive: drop: BCAST from wildcard\n")); sys_restricted++; - return; /* no wildcard */ + return; /* no wildcard */ } pkeyid = 0; if (!SOCK_UNSPEC(&rbufp->dstadr->bcast)) @@ -1106,7 +1122,7 @@ receive( if (crypto_flags && skeyid > NTP_MAXKEY) authtrust(skeyid, 0); #endif /* AUTOKEY */ - DPRINTF(2, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org %#010x.%08x xmt %#010x.%08x\n", + DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org %#010x.%08x xmt %#010x.%08x MAC\n", current_time, stoa(dstadr_sin), stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str, skeyid, authlen + has_mac, is_authentic, @@ -1198,6 +1214,8 @@ receive( * client association; a symmetric active packet mobilizes a * symmetric passive association. */ + DPRINTF(1, ("receive: MATCH_ASSOC dispatch: mode %d/%s:%s \n", + hismode, hm_str, am_str)); switch (retcode) { /* @@ -1373,7 +1391,7 @@ receive( if (NULL == peer) { DPRINTF(2, ("receive: AM_MANYCAST drop: duplicate\n")); sys_declined++; - return; /* ignore duplicate */ + return; /* ignore duplicate */ } /* @@ -1511,10 +1529,10 @@ receive( * is fixed at this value. */ peer = newpeer(&rbufp->recv_srcadr, NULL, match_ep, - r4a.ippeerlimit, MODE_CLIENT, hisversion, - pkt->ppoll, pkt->ppoll, - FLAG_BC_VOL | FLAG_IBURST | FLAG_PREEMPT, MDF_BCLNT, - 0, skeyid, sys_ident); + r4a.ippeerlimit, MODE_CLIENT, hisversion, + pkt->ppoll, pkt->ppoll, + FLAG_BC_VOL | FLAG_IBURST | FLAG_PREEMPT, MDF_BCLNT, + 0, skeyid, sys_ident); if (NULL == peer) { DPRINTF(2, ("receive: AM_NEWBCL drop: empty newpeer() failed\n")); sys_restricted++; @@ -1529,15 +1547,19 @@ receive( return; /* hooray */ /* - * This is the first packet received from a symmetric active - * peer. If the packet is authentic, the first he sent, and - * RES_NOEPEER is not enabled, mobilize a passive association - * If not, kiss the frog. + * This is the first packet received from a potential ephemeral + * symmetric active peer. First, deal with broken Windows clients. + * Then, if NOEPEER is enabled, drop it. If the packet meets our + * authenticty requirements and is the first he sent, mobilize + * a passive association. + * Otherwise, kiss the frog. * * There are cases here where we do not call record_raw_stats(). */ case AM_NEWPASS: + DEBUG_REQUIRE(MODE_ACTIVE == hismode); + #ifdef AUTOKEY /* * Do not respond if not the same group. @@ -1551,27 +1573,33 @@ receive( if (!AUTH(sys_authenticate | (restrict_mask & (RES_NOPEER | RES_DONTTRUST)), is_authentic) ) { - if (0 == (restrict_mask & RES_NOEPEER)) { - /* - * If authenticated but cannot mobilize an - * association, send a symmetric passive - * response without mobilizing an association. - * This is for drat broken Windows clients. See - * Microsoft KB 875424 for preferred workaround. - */ - if (AUTH(restrict_mask & RES_DONTTRUST, - is_authentic)) { - fast_xmit(rbufp, MODE_PASSIVE, skeyid, - restrict_mask); - return; /* hooray */ - } - if (is_authentic == AUTH_ERROR) { - fast_xmit(rbufp, MODE_ACTIVE, 0, - restrict_mask); - sys_restricted++; - return; - } + /* + * If authenticated but cannot mobilize an + * association, send a symmetric passive + * response without mobilizing an association. + * This is for drat broken Windows clients. See + * Microsoft KB 875424 for preferred workaround. + */ + if (AUTH(restrict_mask & RES_DONTTRUST, + is_authentic)) { + fast_xmit(rbufp, MODE_PASSIVE, skeyid, + restrict_mask); + return; /* hooray */ } + /* HMS: Why is this next set of lines a feature? */ + if (is_authentic == AUTH_ERROR) { + fast_xmit(rbufp, MODE_PASSIVE, 0, + restrict_mask); + sys_restricted++; + return; + } + + if (restrict_mask & RES_NOEPEER) { + DPRINTF(2, ("receive: AM_NEWPASS drop: NOEPEER\n")); + sys_declined++; + return; + } + /* [Bug 2941] * If we got here, the packet isn't part of an * existing association, either isn't correctly @@ -1593,6 +1621,12 @@ receive( return; } + if (restrict_mask & RES_NOEPEER) { + DPRINTF(2, ("receive: AM_NEWPASS drop: NOEPEER\n")); + sys_declined++; + return; + } + /* * Do not respond if synchronized and if stratum is * below the floor or at or above the ceiling. Note, @@ -1670,8 +1704,8 @@ receive( } /* This is error-worthy */ - if (pkt->ppoll < peer->minpoll || - pkt->ppoll > peer->maxpoll ) { + if ( pkt->ppoll < peer->minpoll + || pkt->ppoll > peer->maxpoll) { msyslog(LOG_INFO, "receive: broadcast poll of %u from %s is out-of-range (%d to %d)!", pkt->ppoll, stoa(&rbufp->recv_srcadr), peer->minpoll, peer->maxpoll); @@ -1719,7 +1753,7 @@ receive( * network is trustable, so we take our accepted * broadcast packets as we receive them. But * some folks might want to take additional poll - * delays before believing a backward step. + * delays before believing a backward step. */ if (sys_bcpollbstep) { /* pkt->ppoll or peer->ppoll ? */ @@ -1735,8 +1769,8 @@ receive( tdiff = p_xmt; L_SUB(&tdiff, &peer->bxmt); } - if (tdiff.l_i < 0 && - (current_time - peer->timereceived) < deadband) + if ( tdiff.l_i < 0 + && (current_time - peer->timereceived) < deadband) { msyslog(LOG_INFO, "receive: broadcast packet from %s contains non-monotonic timestamp: %#010x.%08x -> %#010x.%08x", stoa(&rbufp->recv_srcadr), @@ -2431,6 +2465,7 @@ process_packet( peer->seldisptoolarge++; DPRINTF(1, ("packet: flash header %04x\n", peer->flash)); + poll_update(peer, peer->hpoll); /* ppoll updated? */ return; } @@ -2586,7 +2621,7 @@ process_packet( * between the unicast timestamp and the broadcast * timestamp. This works for both basic and interleaved * modes. - * [Bug 3031] Don't keep this peer when the delay + * [Bug 3031] Don't keep this peer when the delay * calculation gives reason to suspect clock steps. * This is assumed for delays > 50ms. */ @@ -2977,8 +3012,6 @@ poll_update( } else { if (peer->retry > 0) hpoll = peer->minpoll; - else if (!(peer->reach)) - hpoll = peer->hpoll; else hpoll = min(peer->ppoll, peer->hpoll); #ifdef REFCLOCK @@ -3072,6 +3105,10 @@ peer_clear( peer->stratum = STRATUM_UNSPEC; memcpy(&peer->refid, ident, 4); #ifdef REFCLOCK + } else { + /* Clear refclock sample filter */ + peer->procptr->codeproc = 0; + peer->procptr->coderecv = 0; } #endif @@ -3987,7 +4024,7 @@ peer_xmit( DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d len %zu xmt %#010x.%08x\n", current_time, peer->dstadr ? stoa(&peer->dstadr->sin) : "-", - stoa(&peer->srcadr), peer->hmode, sendlen, + stoa(&peer->srcadr), peer->hmode, sendlen, xmt_tx.l_ui, xmt_tx.l_uf)); return; } @@ -4330,7 +4367,7 @@ leap_smear_add_offs( return; } -#endif /* LEAP_SMEAR */ +#endif /* LEAP_SMEAR */ /* diff --git a/ntpd/ntp_refclock.c b/ntpd/ntp_refclock.c index a0dbd4ca83b6..d109b7115793 100644 --- a/ntpd/ntp_refclock.c +++ b/ntpd/ntp_refclock.c @@ -112,7 +112,7 @@ refclock_report( /* ignore others */ break; } - if (pp->lastevent < 15) + if ((code != CEVNT_NOMINAL) && (pp->lastevent < 15)) pp->lastevent++; if (pp->currentstatus != code) { pp->currentstatus = (u_char)code; diff --git a/ntpd/ntp_request.c b/ntpd/ntp_request.c index e541f7c51198..19d9b0d829c5 100644 --- a/ntpd/ntp_request.c +++ b/ntpd/ntp_request.c @@ -890,6 +890,7 @@ peer_info ( ip->flags |= INFO_FLAG_SHORTLIST; ip->leap = pp->leap; ip->hmode = pp->hmode; + ip->pmode = pp->pmode; ip->keyid = pp->keyid; ip->stratum = pp->stratum; ip->ppoll = pp->ppoll; diff --git a/ntpd/ntpd-opts.c b/ntpd/ntpd-opts.c index 47b080872f6f..82656cf61535 100644 --- a/ntpd/ntpd-opts.c +++ b/ntpd/ntpd-opts.c @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpd-opts.c) * - * It has been AutoGen-ed February 27, 2018 at 05:13:19 PM by AutoGen 5.18.5 + * It has been AutoGen-ed August 14, 2018 at 08:27:45 AM by AutoGen 5.18.5 * From the definitions ntpd-opts.def * and the template file options * @@ -75,7 +75,7 @@ extern FILE * option_usage_fp; * static const strings for ntpd options */ static char const ntpd_opt_strs[3132] = -/* 0 */ "ntpd 4.2.8p11\n" +/* 0 */ "ntpd 4.2.8p12\n" "Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n" "This is free software. It is licensed for use, modification and\n" "redistribution under the terms of the NTP License, copies of which\n" @@ -205,12 +205,12 @@ static char const ntpd_opt_strs[3132] = /* 2901 */ "output version information and exit\0" /* 2937 */ "version\0" /* 2945 */ "NTPD\0" -/* 2950 */ "ntpd - NTP daemon program - Ver. 4.2.8p11\n" +/* 2950 */ "ntpd - NTP daemon program - Ver. 4.2.8p12\n" "Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n" "\t\t[ <server1> ... <serverN> ]\n\0" /* 3082 */ "http://bugs.ntp.org, bugs@ntp.org\0" /* 3116 */ "\n\0" -/* 3118 */ "ntpd 4.2.8p11"; +/* 3118 */ "ntpd 4.2.8p12"; /** * ipv4 option description with @@ -1529,7 +1529,7 @@ static void bogus_function(void) { translate option names. */ /* referenced via ntpdOptions.pzCopyright */ - puts(_("ntpd 4.2.8p11\n\ + puts(_("ntpd 4.2.8p12\n\ Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n\ This is free software. It is licensed for use, modification and\n\ redistribution under the terms of the NTP License, copies of which\n\ @@ -1670,7 +1670,7 @@ implied warranty.\n")); puts(_("output version information and exit")); /* referenced via ntpdOptions.pzUsageTitle */ - puts(_("ntpd - NTP daemon program - Ver. 4.2.8p11\n\ + puts(_("ntpd - NTP daemon program - Ver. 4.2.8p12\n\ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\ \t\t[ <server1> ... <serverN> ]\n")); @@ -1678,7 +1678,7 @@ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\ puts(_("\n")); /* referenced via ntpdOptions.pzFullVersion */ - puts(_("ntpd 4.2.8p11")); + puts(_("ntpd 4.2.8p12")); /* referenced via ntpdOptions.pzFullUsage */ puts(_("<<<NOT-FOUND>>>")); diff --git a/ntpd/ntpd-opts.h b/ntpd/ntpd-opts.h index 3372d4d8e41b..60299c6bb2cc 100644 --- a/ntpd/ntpd-opts.h +++ b/ntpd/ntpd-opts.h @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpd-opts.h) * - * It has been AutoGen-ed February 27, 2018 at 05:13:17 PM by AutoGen 5.18.5 + * It has been AutoGen-ed August 14, 2018 at 08:27:44 AM by AutoGen 5.18.5 * From the definitions ntpd-opts.def * and the template file options * @@ -106,9 +106,9 @@ typedef enum { /** count of all options for ntpd */ #define OPTION_CT 38 /** ntpd version */ -#define NTPD_VERSION "4.2.8p11" +#define NTPD_VERSION "4.2.8p12" /** Full ntpd version text */ -#define NTPD_FULL_VERSION "ntpd 4.2.8p11" +#define NTPD_FULL_VERSION "ntpd 4.2.8p12" /** * Interface defines for all options. Replace "n" with the UPPER_CASED diff --git a/ntpd/ntpd.1ntpdman b/ntpd/ntpd.1ntpdman index ec02e0c177f9..c9e93181ef43 100644 --- a/ntpd/ntpd.1ntpdman +++ b/ntpd/ntpd.1ntpdman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntpd 1ntpdman "27 Feb 2018" "4.2.8p11" "User Commands" +.TH ntpd 1ntpdman "14 Aug 2018" "4.2.8p12" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Ffa4WQ/ag-RfaWVQ) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-jbaWTB/ag-ubaOSB) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:14:30 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:29:02 AM by AutoGen 5.18.5 .\" From the definitions ntpd-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/ntpd/ntpd.1ntpdmdoc b/ntpd/ntpd.1ntpdmdoc index 339d2cff04a2..33a90324810d 100644 --- a/ntpd/ntpd.1ntpdmdoc +++ b/ntpd/ntpd.1ntpdmdoc @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt NTPD 1ntpdmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:14:47 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:29:20 AM by AutoGen 5.18.5 .\" From the definitions ntpd-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/ntpd/ntpd.c b/ntpd/ntpd.c index d4204efd8d39..b477a71804bf 100644 --- a/ntpd/ntpd.c +++ b/ntpd/ntpd.c @@ -104,6 +104,10 @@ #endif #endif +#ifdef SYS_WINNT +# include "ntservice.h" +#endif + #ifdef _AIX # include <ulimit.h> #endif /* _AIX */ @@ -123,6 +127,9 @@ #if defined(HAVE_PRIV_H) && defined(HAVE_SOLARIS_PRIVS) # include <priv.h> #endif /* HAVE_PRIV_H */ +#if defined(HAVE_TRUSTEDBSD_MAC) +# include <sys/mac.h> +#endif /* HAVE_TRUSTEDBSD_MAC */ #endif /* HAVE_DROPROOT */ #if defined (LIBSECCOMP) && (KERN_SECCOMP) @@ -182,7 +189,6 @@ char *group; /* group to switch to */ const char *chrootdir; /* directory to chroot to */ uid_t sw_uid; gid_t sw_gid; -char *endp; struct group *gr; struct passwd *pw; #endif /* HAVE_DROPROOT */ @@ -523,6 +529,219 @@ set_process_priority(void) } #endif /* !SIM */ +#if !defined(SIM) && !defined(SYS_WINNT) +/* + * Detach from terminal (much like daemon()) + * Nothe that this function calls exit() + */ +static void +detach_from_terminal( + int pipe_fds[2], + long wait_sync, + const char *logfilename + ) +{ + int rc; + int exit_code; +# if !defined(HAVE_SETSID) && !defined (HAVE_SETPGID) && defined(TIOCNOTTY) + int fid; +# endif +# ifdef _AIX + struct sigaction sa; +# endif + + rc = fork(); + if (-1 == rc) { + exit_code = (errno) ? errno : -1; + msyslog(LOG_ERR, "fork: %m"); + exit(exit_code); + } + if (rc > 0) { + /* parent */ + exit_code = wait_child_sync_if(pipe_fds[0], + wait_sync); + exit(exit_code); + } + + /* + * child/daemon + * close all open files excepting waitsync_fd_to_close. + * msyslog() unreliable until after init_logging(). + */ + closelog(); + if (syslog_file != NULL) { + fclose(syslog_file); + syslog_file = NULL; + syslogit = TRUE; + } + close_all_except(waitsync_fd_to_close); + INSIST(0 == open("/dev/null", 0) && 1 == dup2(0, 1) \ + && 2 == dup2(0, 2)); + + init_logging(progname, 0, TRUE); + /* we lost our logfile (if any) daemonizing */ + setup_logfile(logfilename); + +# ifdef SYS_DOMAINOS + { + uid_$t puid; + status_$t st; + + proc2_$who_am_i(&puid); + proc2_$make_server(&puid, &st); + } +# endif /* SYS_DOMAINOS */ +# ifdef HAVE_SETSID + if (setsid() == (pid_t)-1) + msyslog(LOG_ERR, "setsid(): %m"); +# elif defined(HAVE_SETPGID) + if (setpgid(0, 0) == -1) + msyslog(LOG_ERR, "setpgid(): %m"); +# else /* !HAVE_SETSID && !HAVE_SETPGID follows */ +# ifdef TIOCNOTTY + fid = open("/dev/tty", 2); + if (fid >= 0) { + ioctl(fid, (u_long)TIOCNOTTY, NULL); + close(fid); + } +# endif /* TIOCNOTTY */ + ntp_setpgrp(0, getpid()); +# endif /* !HAVE_SETSID && !HAVE_SETPGID */ +# ifdef _AIX + /* Don't get killed by low-on-memory signal. */ + sa.sa_handler = catch_danger; + sigemptyset(&sa.sa_mask); + sa.sa_flags = SA_RESTART; + sigaction(SIGDANGER, &sa, NULL); +# endif /* _AIX */ + + return; +} + +#ifdef HAVE_DROPROOT +/* + * Map user name/number to user ID +*/ +static int +map_user( + ) +{ + char *endp; + + if (isdigit((unsigned char)*user)) { + sw_uid = (uid_t)strtoul(user, &endp, 0); + if (*endp != '\0') + goto getuser; + + if ((pw = getpwuid(sw_uid)) != NULL) { + free(user); + user = estrdup(pw->pw_name); + sw_gid = pw->pw_gid; + } else { + errno = 0; + msyslog(LOG_ERR, "Cannot find user ID %s", user); + return 0; + } + + } else { +getuser: + errno = 0; + if ((pw = getpwnam(user)) != NULL) { + sw_uid = pw->pw_uid; + sw_gid = pw->pw_gid; + } else { + if (errno) + msyslog(LOG_ERR, "getpwnam(%s) failed: %m", user); + else + msyslog(LOG_ERR, "Cannot find user `%s'", user); + return 0; + } + } + + return 1; +} + +/* + * Map group name/number to group ID +*/ +static int +map_group( + ) +{ + char *endp; + + if (isdigit((unsigned char)*group)) { + sw_gid = (gid_t)strtoul(group, &endp, 0); + if (*endp != '\0') + goto getgroup; + } else { +getgroup: + if ((gr = getgrnam(group)) != NULL) { + sw_gid = gr->gr_gid; + } else { + errno = 0; + msyslog(LOG_ERR, "Cannot find group `%s'", group); + return 0; + } + } + + return 1; +} + +/* + * Change (effective) user and group IDs, also initialize the supplementary group access list + */ +int +set_user_group_ids( + ) +{ + /* If the the user was already mapped, no need to map it again */ + if ((NULL != user) && (0 == sw_uid)) { + if (0 == map_user()) + exit (-1); + } + /* same applies for the group */ + if ((NULL != group) && (0 == sw_gid)) { + if (0 == map_group()) + exit (-1); + } + + if (user && initgroups(user, sw_gid)) { + msyslog(LOG_ERR, "Cannot initgroups() to user `%s': %m", user); + return 0; + } + if (group && setgid(sw_gid)) { + msyslog(LOG_ERR, "Cannot setgid() to group `%s': %m", group); + return 0; + } + if (group && setegid(sw_gid)) { + msyslog(LOG_ERR, "Cannot setegid() to group `%s': %m", group); + return 0; + } + if (group) { + if (0 != setgroups(1, &sw_gid)) { + msyslog(LOG_ERR, "setgroups(1, %d) failed: %m", sw_gid); + return 0; + } + } + else if (pw) + if (0 != initgroups(pw->pw_name, pw->pw_gid)) { + msyslog(LOG_ERR, "initgroups(<%s>, %d) filed: %m", pw->pw_name, pw->pw_gid); + return 0; + } + if (user && setuid(sw_uid)) { + msyslog(LOG_ERR, "Cannot setuid() to user `%s': %m", user); + return 0; + } + if (user && seteuid(sw_uid)) { + msyslog(LOG_ERR, "Cannot seteuid() to user `%s': %m", user); + return 0; + } + + return 1; +} +#endif /* HAVE_DROPROOT */ +#endif /* !SIM */ /* * Main program. Initialize us, disconnect us from the tty if necessary, @@ -549,12 +768,6 @@ ntpdmain( int pipe_fds[2]; int rc; int exit_code; -# ifdef _AIX - struct sigaction sa; -# endif -# if !defined(HAVE_SETSID) && !defined (HAVE_SETPGID) && defined(TIOCNOTTY) - int fid; -# endif # endif /* HAVE_WORKING_FORK*/ # ifdef SCO5_CLOCK int fd; @@ -634,7 +847,12 @@ ntpdmain( /* MPE lacks the concept of root */ # if defined(HAVE_GETUID) && !defined(MPE) uid = getuid(); - if (uid && !HAVE_OPT( SAVECONFIGQUIT )) { + if (uid && !HAVE_OPT( SAVECONFIGQUIT ) +# if defined(HAVE_TRUSTEDBSD_MAC) + /* We can run as non-root if the mac_ntpd policy is enabled. */ + && mac_is_present("ntpd") != 1 +# endif + ) { msyslog_term = TRUE; msyslog(LOG_ERR, "must be run as root, not uid %ld", (long)uid); @@ -718,6 +936,11 @@ ntpdmain( init_lib(); # ifdef SYS_WINNT /* + * Make sure the service is initialized before we do anything else + */ + ntservice_init(); + + /* * Start interpolation thread, must occur before first * get_systime() */ @@ -736,70 +959,7 @@ ntpdmain( if (!nofork) { # ifdef HAVE_WORKING_FORK - rc = fork(); - if (-1 == rc) { - exit_code = (errno) ? errno : -1; - msyslog(LOG_ERR, "fork: %m"); - exit(exit_code); - } - if (rc > 0) { - /* parent */ - exit_code = wait_child_sync_if(pipe_fds[0], - wait_sync); - exit(exit_code); - } - - /* - * child/daemon - * close all open files excepting waitsync_fd_to_close. - * msyslog() unreliable until after init_logging(). - */ - closelog(); - if (syslog_file != NULL) { - fclose(syslog_file); - syslog_file = NULL; - syslogit = TRUE; - } - close_all_except(waitsync_fd_to_close); - INSIST(0 == open("/dev/null", 0) && 1 == dup2(0, 1) \ - && 2 == dup2(0, 2)); - - init_logging(progname, 0, TRUE); - /* we lost our logfile (if any) daemonizing */ - setup_logfile(logfilename); - -# ifdef SYS_DOMAINOS - { - uid_$t puid; - status_$t st; - - proc2_$who_am_i(&puid); - proc2_$make_server(&puid, &st); - } -# endif /* SYS_DOMAINOS */ -# ifdef HAVE_SETSID - if (setsid() == (pid_t)-1) - msyslog(LOG_ERR, "setsid(): %m"); -# elif defined(HAVE_SETPGID) - if (setpgid(0, 0) == -1) - msyslog(LOG_ERR, "setpgid(): %m"); -# else /* !HAVE_SETSID && !HAVE_SETPGID follows */ -# ifdef TIOCNOTTY - fid = open("/dev/tty", 2); - if (fid >= 0) { - ioctl(fid, (u_long)TIOCNOTTY, NULL); - close(fid); - } -# endif /* TIOCNOTTY */ - ntp_setpgrp(0, getpid()); -# endif /* !HAVE_SETSID && !HAVE_SETPGID */ -# ifdef _AIX - /* Don't get killed by low-on-memory signal. */ - sa.sa_handler = catch_danger; - sigemptyset(&sa.sa_mask); - sa.sa_flags = SA_RESTART; - sigaction(SIGDANGER, &sa, NULL); -# endif /* _AIX */ + detach_from_terminal(pipe_fds, wait_sync, logfilename); # endif /* HAVE_WORKING_FORK */ } @@ -972,51 +1132,12 @@ ntpdmain( # endif /* HAVE_LINUX_CAPABILITIES || HAVE_SOLARIS_PRIVS */ if (user != NULL) { - if (isdigit((unsigned char)*user)) { - sw_uid = (uid_t)strtoul(user, &endp, 0); - if (*endp != '\0') - goto getuser; - - if ((pw = getpwuid(sw_uid)) != NULL) { - free(user); - user = estrdup(pw->pw_name); - sw_gid = pw->pw_gid; - } else { - errno = 0; - msyslog(LOG_ERR, "Cannot find user ID %s", user); - exit (-1); - } - - } else { -getuser: - errno = 0; - if ((pw = getpwnam(user)) != NULL) { - sw_uid = pw->pw_uid; - sw_gid = pw->pw_gid; - } else { - if (errno) - msyslog(LOG_ERR, "getpwnam(%s) failed: %m", user); - else - msyslog(LOG_ERR, "Cannot find user `%s'", user); - exit (-1); - } - } + if (0 == map_user()) + exit (-1); } if (group != NULL) { - if (isdigit((unsigned char)*group)) { - sw_gid = (gid_t)strtoul(group, &endp, 0); - if (*endp != '\0') - goto getgroup; - } else { -getgroup: - if ((gr = getgrnam(group)) != NULL) { - sw_gid = gr->gr_gid; - } else { - errno = 0; - msyslog(LOG_ERR, "Cannot find group `%s'", group); - exit (-1); - } - } + if (0 == map_group()) + exit (-1); } if (chrootdir ) { @@ -1050,39 +1171,20 @@ getgroup: exit(-1); } # endif /* HAVE_SOLARIS_PRIVS */ - if (user && initgroups(user, sw_gid)) { - msyslog(LOG_ERR, "Cannot initgroups() to user `%s': %m", user); - exit (-1); - } - if (group && setgid(sw_gid)) { - msyslog(LOG_ERR, "Cannot setgid() to group `%s': %m", group); - exit (-1); - } - if (group && setegid(sw_gid)) { - msyslog(LOG_ERR, "Cannot setegid() to group `%s': %m", group); - exit (-1); - } - if (group) { - if (0 != setgroups(1, &sw_gid)) { - msyslog(LOG_ERR, "setgroups(1, %d) failed: %m", sw_gid); - exit (-1); - } - } - else if (pw) - if (0 != initgroups(pw->pw_name, pw->pw_gid)) { - msyslog(LOG_ERR, "initgroups(<%s>, %d) filed: %m", pw->pw_name, pw->pw_gid); - exit (-1); - } - if (user && setuid(sw_uid)) { - msyslog(LOG_ERR, "Cannot setuid() to user `%s': %m", user); - exit (-1); - } - if (user && seteuid(sw_uid)) { - msyslog(LOG_ERR, "Cannot seteuid() to user `%s': %m", user); + if (0 == set_user_group_ids()) + exit(-1); + +# if defined(HAVE_TRUSTEDBSD_MAC) + /* + * To manipulate system time and (re-)bind to NTP_PORT as needed + * following interface changes, we must either run as uid 0 or + * the mac_ntpd policy module must be enabled. + */ + if (sw_uid != 0 && mac_is_present("ntpd") != 1) { + msyslog(LOG_ERR, "Need MAC 'ntpd' policy enabled to drop root privileges"); exit (-1); } - -# if !defined(HAVE_LINUX_CAPABILITIES) && !defined(HAVE_SOLARIS_PRIVS) +# elif !defined(HAVE_LINUX_CAPABILITIES) && !defined(HAVE_SOLARIS_PRIVS) /* * for now assume that the privilege to bind to privileged ports * is associated with running with uid 0 - should be refined on @@ -1245,6 +1347,10 @@ int scmp_sc[] = { } #endif /* LIBSECCOMP and KERN_SECCOMP */ +#ifdef SYS_WINNT + ntservice_isup(); +#endif + # ifdef HAVE_IO_COMPLETION_PORT for (;;) { diff --git a/ntpd/ntpd.html b/ntpd/ntpd.html index 3af0cc546bbf..64198eff79a1 100644 --- a/ntpd/ntpd.html +++ b/ntpd/ntpd.html @@ -39,7 +39,7 @@ The program can operate in any of several modes, including client/server, symmetric and broadcast modes, and with both symmetric-key and public-key cryptography. - <p>This document applies to version 4.2.8p11 of <code>ntpd</code>. + <p>This document applies to version 4.2.8p12 of <code>ntpd</code>. <ul class="menu"> <li><a accesskey="1" href="#ntpd-Description">ntpd Description</a>: Description @@ -220,7 +220,7 @@ the usage text by passing it through a pager program. used to select the program, defaulting to <span class="file">more</span>. Both will exit with a status code of 0. -<pre class="example">ntpd - NTP daemon program - Ver. 4.2.8p10 +<pre class="example">ntpd - NTP daemon program - Ver. 4.2.8p11 Usage: ntpd [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \ [ <server1> ... <serverN> ] Flg Arg Option-Name Description diff --git a/ntpd/ntpd.man.in b/ntpd/ntpd.man.in index d3f94c65409b..c32ceb3c8f7f 100644 --- a/ntpd/ntpd.man.in +++ b/ntpd/ntpd.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntpd @NTPD_MS@ "27 Feb 2018" "4.2.8p11" "User Commands" +.TH ntpd @NTPD_MS@ "14 Aug 2018" "4.2.8p12" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Ffa4WQ/ag-RfaWVQ) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-jbaWTB/ag-ubaOSB) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:14:30 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:29:02 AM by AutoGen 5.18.5 .\" From the definitions ntpd-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/ntpd/ntpd.mdoc.in b/ntpd/ntpd.mdoc.in index 53b1f4176a14..a9383b128d6a 100644 --- a/ntpd/ntpd.mdoc.in +++ b/ntpd/ntpd.mdoc.in @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt NTPD @NTPD_MS@ User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:14:47 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:29:20 AM by AutoGen 5.18.5 .\" From the definitions ntpd-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/ntpd/rc_cmdlength.c b/ntpd/rc_cmdlength.c index 922312e62a7b..240fa0afbbdd 100644 --- a/ntpd/rc_cmdlength.c +++ b/ntpd/rc_cmdlength.c @@ -5,6 +5,8 @@ # include <unistd.h> #endif +// XXX: Move to header. +size_t remoteconfig_cmdlength( const char *, const char *); /* Bug 2853 */ /* evaluate the length of the command sequence. This breaks at the first diff --git a/ntpd/refclock_datum.c b/ntpd/refclock_datum.c index 9795cfadaab2..09d72c6af492 100644 --- a/ntpd/refclock_datum.c +++ b/ntpd/refclock_datum.c @@ -485,7 +485,8 @@ datum_pts_receive( struct recvbuf *rbufp ) { - int i, nb; + int i; + size_t nb; l_fp tstmp; struct peer *p; struct datum_pts_unit *datum_pts; diff --git a/ntpd/refclock_gpsdjson.c b/ntpd/refclock_gpsdjson.c index c2d41ff07f17..78a4fc82fcc9 100644 --- a/ntpd/refclock_gpsdjson.c +++ b/ntpd/refclock_gpsdjson.c @@ -1136,7 +1136,7 @@ json_token_skip( const json_ctx * ctx, tok_ref tid) { - if (tid >= 0 && (u_int)tid < ctx->ntok) { + if (tid >= 0 && tid < ctx->ntok) { int len = ctx->tok[tid].size; /* For arrays and objects, the size is the number of * ITEMS in the compound. Thats the number of objects in @@ -1164,7 +1164,7 @@ json_token_skip( /* The next condition should never be true, but paranoia * prevails... */ - if (tid < 0 || (u_int)tid > ctx->ntok) + if (tid < 0 || tid > ctx->ntok) tid = ctx->ntok; } return tid; diff --git a/ntpd/refclock_jupiter.c b/ntpd/refclock_jupiter.c index 84d089d2dd45..dbed272467ed 100644 --- a/ntpd/refclock_jupiter.c +++ b/ntpd/refclock_jupiter.c @@ -139,8 +139,7 @@ static void jupiter_canmsg (struct instance *, u_int); static u_short jupiter_cksum (u_short *, u_int); static int jupiter_config (struct instance *); static void jupiter_debug (struct peer *, const char *, - const char *, ...) - __attribute__ ((format (printf, 3, 4))); + const char *, ...) NTP_PRINTF(3, 4); static const char * jupiter_parse_t (struct instance *, u_short *); static const char * jupiter_parse_gpos (struct instance *, u_short *); static void jupiter_platform (struct instance *, u_int); diff --git a/ntpd/refclock_shm.c b/ntpd/refclock_shm.c index f031a395cb99..da38355b4c21 100644 --- a/ntpd/refclock_shm.c +++ b/ntpd/refclock_shm.c @@ -340,6 +340,7 @@ shm_poll( if (pp->coderecv != pp->codeproc) { /* have some samples, everything OK */ pp->lastref = pp->lastrec; + refclock_report(peer, CEVNT_NOMINAL); refclock_receive(peer); } else if (NULL == up->shm) { /* is this possible at all? */ /* we're out of business without SHM access */ diff --git a/ntpd/refclock_true.c b/ntpd/refclock_true.c index 2799f3ee5dee..35901392da0e 100644 --- a/ntpd/refclock_true.c +++ b/ntpd/refclock_true.c @@ -640,7 +640,7 @@ true_send( size_t len = strlen(cmd); true_debug(peer, "Send '%s'\n", cmd); - if (write(pp->io.fd, cmd, (unsigned)len) != len) + if (write(pp->io.fd, cmd, len) != (ssize_t)len) refclock_report(peer, CEVNT_FAULT); else pp->polls++; diff --git a/ntpdate/ntpdate.c b/ntpdate/ntpdate.c index 14cf22b5d167..03d9552dd4b4 100644 --- a/ntpdate/ntpdate.c +++ b/ntpdate/ntpdate.c @@ -154,7 +154,7 @@ char const *progname; /* * Systemwide parameters and flags */ -int sys_samples = DEFSAMPLES; /* number of samples/server */ +int sys_samples = 0; /* number of samples/server, will be modified later */ u_long sys_timeout = DEFTIMEOUT; /* timeout time, in TIMER_HZ units */ struct server *sys_servers; /* the server list */ int sys_numservers = 0; /* number of servers to poll */ @@ -220,7 +220,7 @@ void input_handler (void); static int l_adj_systime (l_fp *); static int l_step_systime (l_fp *); -static void printserver (struct server *, FILE *); +static void print_server (struct server *, FILE *); #ifdef SYS_WINNT int on = 1; @@ -429,7 +429,7 @@ ntpdatemain ( default: break; } - + if (errflg) { (void) fprintf(stderr, "usage: %s [-46bBdqsuv] [-a key#] [-e delay] [-k file] [-p samples] [-o version#] [-t timeo] server ...\n", @@ -437,6 +437,14 @@ ntpdatemain ( exit(2); } + /* + * If number of Samples (-p) not specified by user: + * - if a simple_query (-q) just ONE will do + * - otherwise the normal is DEFSAMPLES + */ + if (sys_samples == 0) + sys_samples = (simple_query ? 1 : DEFSAMPLES); + if (debug || simple_query) { #ifdef HAVE_SETVBUF static char buf[BUFSIZ]; @@ -651,9 +659,6 @@ transmit( { struct pkt xpkt; - if (debug) - printf("transmit(%s)\n", stoa(&server->srcadr)); - if (server->filter_nextpt < server->xmtcnt) { l_fp ts; /* @@ -674,6 +679,9 @@ transmit( return; } + if (debug) + printf("transmit(%s)\n", stoa(&server->srcadr)); + /* * If we're here, send another message to the server. Fill in * the packet and let 'er rip. @@ -849,7 +857,7 @@ receive( NTOHL_FP(&rpkt->xmt, &server->org); /* - * Make sure the server is at least somewhat sane. If not, try + * Make sure the server is at least somewhat sane. If not, try * again. */ if (L_ISZERO(&rec) || !L_ISHIS(&server->org, &rec)) { @@ -956,7 +964,7 @@ clock_filter( int ord[NTP_SHIFT]; INSIST((0 < sys_samples) && (sys_samples <= NTP_SHIFT)); - + /* * Sort indices into increasing delay order */ @@ -1042,15 +1050,15 @@ clock_select(void) /* * This first chunk of code is supposed to go through all * servers we know about to find the NTP_MAXLIST servers which - * are most likely to succeed. We run through the list + * are most likely to succeed. We run through the list * doing the sanity checks and trying to insert anyone who - * looks okay. We are at all times aware that we should + * looks okay. We are at all times aware that we should * only keep samples from the top two strata and we only need * NTP_MAXLIST of them. */ nlist = 0; /* none yet */ for (server = sys_servers; server != NULL; server = server->next_server) { - if (server->delay == 0) { + if (server->stratum == 0) { if (debug) printf("%s: Server dropped: no data\n", ntoa(&server->srcadr)); continue; /* no data */ @@ -1062,25 +1070,25 @@ clock_select(void) } if (server->delay > NTP_MAXWGT) { if (debug) - printf("%s: Server dropped: server too far away\n", + printf("%s: Server dropped: server too far away\n", ntoa(&server->srcadr)); continue; /* too far away */ } if (server->leap == LEAP_NOTINSYNC) { if (debug) - printf("%s: Server dropped: Leap not in sync\n", ntoa(&server->srcadr)); + printf("%s: Server dropped: leap not in sync\n", ntoa(&server->srcadr)); continue; /* he's in trouble */ } if (!L_ISHIS(&server->org, &server->reftime)) { if (debug) - printf("%s: Server dropped: server is very broken\n", + printf("%s: Server dropped: server is very broken\n", ntoa(&server->srcadr)); continue; /* very broken host */ } if ((server->org.l_ui - server->reftime.l_ui) >= NTP_MAXAGE) { if (debug) - printf("%s: Server dropped: Server has gone too long without sync\n", + printf("%s: Server dropped: server has gone too long without sync\n", ntoa(&server->srcadr)); continue; /* too long without sync */ } @@ -1256,8 +1264,10 @@ clock_adjust(void) server = clock_select(); if (debug || simple_query) { + if (debug) + printf ("\n"); for (sp = sys_servers; sp != NULL; sp = sp->next_server) - printserver(sp, stdout); + print_server(sp, stdout); } if (server == 0) { @@ -1283,31 +1293,17 @@ clock_adjust(void) } if (dostep) { - if (simple_query || debug || l_step_systime(&server->offset)){ + if (simple_query || l_step_systime(&server->offset)){ msyslog(LOG_NOTICE, "step time server %s offset %s sec", stoa(&server->srcadr), lfptoa(&server->offset, 6)); } } else { -#ifndef SYS_WINNT if (simple_query || l_adj_systime(&server->offset)) { msyslog(LOG_NOTICE, "adjust time server %s offset %s sec", stoa(&server->srcadr), lfptoa(&server->offset, 6)); } -#else - /* The NT SetSystemTimeAdjustment() call achieves slewing by - * changing the clock frequency. This means that we cannot specify - * it to slew the clock by a definite amount and then stop like - * the Unix adjtime() routine. We can technically adjust the clock - * frequency, have ntpdate sleep for a while, and then wake - * up and reset the clock frequency, but this might cause some - * grief if the user attempts to run ntpd immediately after - * ntpdate and the socket is in use. - */ - printf("\nThe -b option is required by ntpdate on Windows NT platforms\n"); - exit(1); -#endif /* SYS_WINNT */ } return(0); } @@ -1440,7 +1436,7 @@ findserver( if (SRCPORT(addr) != NTP_PORT) return 0; - for (server = sys_servers; server != NULL; + for (server = sys_servers; server != NULL; server = server->next_server) { if (SOCK_EQ(addr, &server->srcadr)) return server; @@ -1451,7 +1447,7 @@ findserver( } } - if (mc_server != NULL) { + if (mc_server != NULL) { struct server *sp; @@ -1494,7 +1490,7 @@ timer(void) * who's event timers have expired. Give these to * the transmit routine. */ - for (server = sys_servers; server != NULL; + for (server = sys_servers; server != NULL; server = server->next_server) { if (server->event_time != 0 && server->event_time <= current_time) @@ -1520,7 +1516,7 @@ alarming( alarm_flag++; } #else /* SYS_WINNT follows */ -void CALLBACK +void CALLBACK alarming(UINT uTimerID, UINT uMsg, DWORD dwUser, DWORD dw1, DWORD dw2) { UNUSED_ARG(uTimerID); UNUSED_ARG(uMsg); UNUSED_ARG(dwUser); @@ -1605,24 +1601,26 @@ init_alarm(void) #else /* SYS_WINNT follows */ _tzset(); - /* - * Get privileges needed for fiddling with the clock - */ + if (!simple_query && !debug) { + /* + * Get privileges needed for fiddling with the clock + */ - /* get the current process token handle */ - if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) { - msyslog(LOG_ERR, "OpenProcessToken failed: %m"); - exit(1); + /* get the current process token handle */ + if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) { + msyslog(LOG_ERR, "OpenProcessToken failed: %m"); + exit(1); + } + /* get the LUID for system-time privilege. */ + LookupPrivilegeValue(NULL, SE_SYSTEMTIME_NAME, &tkp.Privileges[0].Luid); + tkp.PrivilegeCount = 1; /* one privilege to set */ + tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; + /* get set-time privilege for this process. */ + AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,(PTOKEN_PRIVILEGES) NULL, 0); + /* cannot test return value of AdjustTokenPrivileges. */ + if (GetLastError() != ERROR_SUCCESS) + msyslog(LOG_ERR, "AdjustTokenPrivileges failed: %m"); } - /* get the LUID for system-time privilege. */ - LookupPrivilegeValue(NULL, SE_SYSTEMTIME_NAME, &tkp.Privileges[0].Luid); - tkp.PrivilegeCount = 1; /* one privilege to set */ - tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; - /* get set-time privilege for this process. */ - AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,(PTOKEN_PRIVILEGES) NULL, 0); - /* cannot test return value of AdjustTokenPrivileges. */ - if (GetLastError() != ERROR_SUCCESS) - msyslog(LOG_ERR, "AdjustTokenPrivileges failed: %m"); /* * Set up timer interrupts for every 2**EVENT_TIMEOUT seconds @@ -1996,7 +1994,6 @@ input_handler(void) } -#if !defined SYS_WINNT && !defined SYS_CYGWIN32 /* * adj_systime - do a big long slew of the system time */ @@ -2041,15 +2038,30 @@ l_adj_systime( adjtv.tv_usec = -adjtv.tv_usec; } - if (adjtv.tv_usec != 0 && !debug) { + if (!debug && (adjtv.tv_usec != 0)) { + /* A time correction needs to be applied. */ +#if !defined SYS_WINNT && !defined SYS_CYGWIN32 + /* Slew the time on systems that support this. */ if (adjtime(&adjtv, &oadjtv) < 0) { msyslog(LOG_ERR, "Can't adjust the time of day: %m"); exit(1); } +#else /* SYS_WINNT or SYS_CYGWIN32 is defined */ + /* + * The NT SetSystemTimeAdjustment() call achieves slewing by + * changing the clock frequency. This means that we cannot specify + * it to slew the clock by a definite amount and then stop like + * the Unix adjtime() routine. We can technically adjust the clock + * frequency, have ntpdate sleep for a while, and then wake + * up and reset the clock frequency, but this might cause some + * grief if the user attempts to run ntpd immediately after + * ntpdate and the socket is in use. + */ + printf("\nSlewing the system time is not supported on Windows. Use the -b option to step the time.\n"); +#endif /* defined SYS_WINNT || defined SYS_CYGWIN32 */ } return 1; } -#endif /* SYS_WINNT */ /* @@ -2068,11 +2080,14 @@ l_step_systime( int isneg; int n; - if (debug) return 1; + if (debug) + return 1; + /* * Take the absolute value of the offset */ ftmp = *ts; + if (L_ISNEG(&ftmp)) { L_NEG(&ftmp); isneg = 1; @@ -2082,9 +2097,9 @@ l_step_systime( if (ftmp.l_ui >= 3) { /* Step it and slew - we might win */ LFPTOD(ts, dtemp); n = step_systime(dtemp); - if (!n) - return n; - if (isneg) + if (n == 0) + return 0; + if (isneg) /* WTF! */ ts->l_ui = ~0; else ts->l_ui = ~0; @@ -2113,12 +2128,12 @@ l_step_systime( } -/* XXX ELIMINATE printserver similar in ntptrace.c, ntpdate.c */ +/* XXX ELIMINATE print_server similar in ntptrace.c, ntpdate.c */ /* - * printserver - print detail information for a server + * print_server - print detail information for a server */ static void -printserver( +print_server( register struct server *pp, FILE *fp ) @@ -2127,6 +2142,9 @@ printserver( char junk[5]; const char *str; + if (pp->stratum == 0) /* Nothing received => nothing to print */ + return; + if (!debug) { (void) fprintf(fp, "server %s, stratum %d, offset %s, delay %s\n", stoa(&pp->srcadr), pp->stratum, @@ -2143,17 +2161,20 @@ printserver( pp->leap & 0x1 ? '1' : '0', pp->trust); - if (pp->stratum == 1) { - junk[4] = 0; - memmove(junk, (char *)&pp->refid, 4); + if (REFID_ISTEXT(pp->stratum)) { + str = (char *) &pp->refid; + for (i=0; i<4 && str[i]; i++) { + junk[i] = (isprint(str[i]) ? str[i] : '.'); + } + junk[i] = 0; // force terminating 0 str = junk; } else { - str = stoa(&pp->srcadr); + str = numtoa(pp->refid); } (void) fprintf(fp, - "refid [%s], delay %s, dispersion %s\n", - str, fptoa((s_fp)pp->delay, 5), - ufptoa(pp->dispersion, 5)); + "refid [%s], root delay %s, root dispersion %s\n", + str, fptoa((s_fp)pp->rootdelay, 6), + ufptoa(pp->rootdisp, 6)); (void) fprintf(fp, "transmitted %d, in filter %d\n", pp->xmtcnt, pp->filter_nextpt); @@ -2165,21 +2186,23 @@ printserver( (void) fprintf(fp, "transmit timestamp: %s\n", prettydate(&pp->xmt)); - (void) fprintf(fp, "filter delay: "); - for (i = 0; i < NTP_SHIFT; i++) { - (void) fprintf(fp, " %-8.8s", fptoa(pp->filter_delay[i], 5)); - if (i == (NTP_SHIFT>>1)-1) - (void) fprintf(fp, "\n "); - } - (void) fprintf(fp, "\n"); + if (sys_samples > 1) { + (void) fprintf(fp, "filter delay: "); + for (i = 0; i < NTP_SHIFT; i++) { + (void) fprintf(fp, " %-8.8s", fptoa(pp->filter_delay[i], 5)); + if (i == (NTP_SHIFT>>1)-1) + (void) fprintf(fp, "\n "); + } + (void) fprintf(fp, "\n"); - (void) fprintf(fp, "filter offset:"); - for (i = 0; i < PEER_SHIFT; i++) { - (void) fprintf(fp, " %-8.8s", lfptoa(&pp->filter_offset[i], 6)); - if (i == (PEER_SHIFT>>1)-1) - (void) fprintf(fp, "\n "); + (void) fprintf(fp, "filter offset:"); + for (i = 0; i < PEER_SHIFT; i++) { + (void) fprintf(fp, " %-8.8s", lfptoa(&pp->filter_offset[i], 6)); + if (i == (PEER_SHIFT>>1)-1) + (void) fprintf(fp, "\n "); + } + (void) fprintf(fp, "\n"); } - (void) fprintf(fp, "\n"); (void) fprintf(fp, "delay %s, dispersion %s\n", fptoa((s_fp)pp->delay, 5), ufptoa(pp->dispersion, 5)); @@ -2227,7 +2250,7 @@ isc_boolean_t ntp_port_inuse(int af, u_short port) * Check if NTP socket is already in use on this system * This is only for Windows Systems, as they tend not to fail on the real bind() below */ - + SOCKET checksocket; struct sockaddr_in checkservice; checksocket = socket(af, SOCK_DGRAM, 0); diff --git a/ntpdc/invoke-ntpdc.texi b/ntpdc/invoke-ntpdc.texi index 94e4230ae5ab..bd1f7cd143be 100644 --- a/ntpdc/invoke-ntpdc.texi +++ b/ntpdc/invoke-ntpdc.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntpdc.texi) # -# It has been AutoGen-ed February 27, 2018 at 05:15:06 PM by AutoGen 5.18.5 +# It has been AutoGen-ed August 14, 2018 at 08:29:40 AM by AutoGen 5.18.5 # From the definitions ntpdc-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -76,7 +76,7 @@ with a status code of 0. @exampleindent 0 @example -ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p11 +ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p12 Usage: ntpdc [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...] Flg Arg Option-Name Description -4 no ipv4 Force IPv4 DNS name resolution diff --git a/ntpdc/ntpdc-opts.c b/ntpdc/ntpdc-opts.c index 4b7c102a32a8..4f4ac440b9be 100644 --- a/ntpdc/ntpdc-opts.c +++ b/ntpdc/ntpdc-opts.c @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpdc-opts.c) * - * It has been AutoGen-ed February 27, 2018 at 05:14:56 PM by AutoGen 5.18.5 + * It has been AutoGen-ed August 14, 2018 at 08:29:29 AM by AutoGen 5.18.5 * From the definitions ntpdc-opts.def * and the template file options * @@ -69,7 +69,7 @@ extern FILE * option_usage_fp; * static const strings for ntpdc options */ static char const ntpdc_opt_strs[1914] = -/* 0 */ "ntpdc 4.2.8p11\n" +/* 0 */ "ntpdc 4.2.8p12\n" "Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n" "This is free software. It is licensed for use, modification and\n" "redistribution under the terms of the NTP License, copies of which\n" @@ -128,14 +128,14 @@ static char const ntpdc_opt_strs[1914] = /* 1695 */ "no-load-opts\0" /* 1708 */ "no\0" /* 1711 */ "NTPDC\0" -/* 1717 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p11\n" +/* 1717 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p12\n" "Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0" /* 1848 */ "$HOME\0" /* 1854 */ ".\0" /* 1856 */ ".ntprc\0" /* 1863 */ "http://bugs.ntp.org, bugs@ntp.org\0" /* 1897 */ "\n\0" -/* 1899 */ "ntpdc 4.2.8p11"; +/* 1899 */ "ntpdc 4.2.8p12"; /** * ipv4 option description with @@ -796,7 +796,7 @@ static void bogus_function(void) { translate option names. */ /* referenced via ntpdcOptions.pzCopyright */ - puts(_("ntpdc 4.2.8p11\n\ + puts(_("ntpdc 4.2.8p12\n\ Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n\ This is free software. It is licensed for use, modification and\n\ redistribution under the terms of the NTP License, copies of which\n\ @@ -862,14 +862,14 @@ implied warranty.\n")); puts(_("load options from a config file")); /* referenced via ntpdcOptions.pzUsageTitle */ - puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p11\n\ + puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p12\n\ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n")); /* referenced via ntpdcOptions.pzExplain */ puts(_("\n")); /* referenced via ntpdcOptions.pzFullVersion */ - puts(_("ntpdc 4.2.8p11")); + puts(_("ntpdc 4.2.8p12")); /* referenced via ntpdcOptions.pzFullUsage */ puts(_("<<<NOT-FOUND>>>")); diff --git a/ntpdc/ntpdc-opts.h b/ntpdc/ntpdc-opts.h index f0c49781f0e1..3c3a67ad033b 100644 --- a/ntpdc/ntpdc-opts.h +++ b/ntpdc/ntpdc-opts.h @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpdc-opts.h) * - * It has been AutoGen-ed February 27, 2018 at 05:14:56 PM by AutoGen 5.18.5 + * It has been AutoGen-ed August 14, 2018 at 08:29:28 AM by AutoGen 5.18.5 * From the definitions ntpdc-opts.def * and the template file options * @@ -83,9 +83,9 @@ typedef enum { /** count of all options for ntpdc */ #define OPTION_CT 15 /** ntpdc version */ -#define NTPDC_VERSION "4.2.8p11" +#define NTPDC_VERSION "4.2.8p12" /** Full ntpdc version text */ -#define NTPDC_FULL_VERSION "ntpdc 4.2.8p11" +#define NTPDC_FULL_VERSION "ntpdc 4.2.8p12" /** * Interface defines for all options. Replace "n" with the UPPER_CASED diff --git a/ntpdc/ntpdc.1ntpdcman b/ntpdc/ntpdc.1ntpdcman index 6e19ef6fd6ac..2f86d8c16a02 100644 --- a/ntpdc/ntpdc.1ntpdcman +++ b/ntpdc/ntpdc.1ntpdcman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntpdc 1ntpdcman "27 Feb 2018" "4.2.8p11" "User Commands" +.TH ntpdc 1ntpdcman "14 Aug 2018" "4.2.8p12" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-MnaqKS/ag-YnaiJS) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-uwaqJD/ag-GwaiID) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:15:03 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:29:36 AM by AutoGen 5.18.5 .\" From the definitions ntpdc-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/ntpdc/ntpdc.1ntpdcmdoc b/ntpdc/ntpdc.1ntpdcmdoc index 9b3858290844..7fa961c82022 100644 --- a/ntpdc/ntpdc.1ntpdcmdoc +++ b/ntpdc/ntpdc.1ntpdcmdoc @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt NTPDC 1ntpdcmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:15:09 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:29:43 AM by AutoGen 5.18.5 .\" From the definitions ntpdc-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/ntpdc/ntpdc.c b/ntpdc/ntpdc.c index 3aeaddc1ae0c..c54596e32f94 100644 --- a/ntpdc/ntpdc.c +++ b/ntpdc/ntpdc.c @@ -226,15 +226,27 @@ static const char *chosts[MAXHOSTS]; #define STREQ(a, b) (*(a) == *(b) && strcmp((a), (b)) == 0) /* - * Jump buffer for longjumping back to the command level + * Jump buffer for longjumping back to the command level. + * + * See ntpq/ntpq.c for an explanation why 'sig{set,long}jmp()' is used + * when available. */ -static jmp_buf interrupt_buf; -static volatile int jump = 0; +#if HAVE_DECL_SIGSETJMP && HAVE_DECL_SIGLONGJMP +# define JMP_BUF sigjmp_buf +# define SETJMP(x) sigsetjmp((x), 1) +# define LONGJMP(x, v) siglongjmp((x),(v)) +#else +# define JMP_BUF jmp_buf +# define SETJMP(x) setjmp((x)) +# define LONGJMP(x, v) longjmp((x),(v)) +#endif +static JMP_BUF interrupt_buf; +static volatile int jump = 0; /* * Pointer to current output unit */ -static FILE *current_output; +static FILE *current_output = NULL; /* * Command table imported from ntpdc_ops.c @@ -275,7 +287,6 @@ ntpdcmain( char *argv[] ) { - delay_time.l_ui = 0; delay_time.l_uf = DEFDELAY; @@ -352,7 +363,7 @@ ntpdcmain( #ifndef SYS_WINNT /* Under NT cannot handle SIGINT, WIN32 spawns a handler */ if (interactive) - (void) signal_no_reset(SIGINT, abortcmd); + (void) signal_no_reset(SIGINT, abortcmd); #endif /* SYS_WINNT */ /* @@ -393,31 +404,28 @@ openhost( ) { char temphost[LENHOSTNAME]; - int a_info, i; + int a_info; struct addrinfo hints, *ai = NULL; sockaddr_u addr; size_t octets; - register const char *cp; + const char *cp; char name[LENHOSTNAME]; char service[5]; /* * We need to get by the [] if they were entered */ - - cp = hname; - - if (*cp == '[') { - cp++; - for (i = 0; *cp && *cp != ']'; cp++, i++) - name[i] = *cp; - if (*cp == ']') { - name[i] = '\0'; - hname = name; - } else { + if (*hname == '[') { + cp = strchr(hname + 1, ']'); + if (!cp || (octets = (size_t)(cp - hname) - 1) >= sizeof(name)) { + errno = EINVAL; + warning("%s", "bad hostname/address"); return 0; } - } + memcpy(name, hname + 1, octets); + name[octets] = '\0'; + hname = name; + } /* * First try to resolve it as an ip address and if that fails, @@ -944,7 +952,7 @@ sendrequest( if (!maclen) { fprintf(stderr, "Key not found\n"); return 1; - } else if (maclen != (int)(info_auth_hashlen + sizeof(keyid_t))) { + } else if (maclen != (size_t)(info_auth_hashlen + sizeof(keyid_t))) { fprintf(stderr, "%zu octet MAC, %zu expected with %zu octet digest\n", maclen, (info_auth_hashlen + sizeof(keyid_t)), @@ -1118,12 +1126,14 @@ abortcmd( int sig ) { - if (current_output == stdout) - (void) fflush(stdout); + (void)fflush(stdout); putc('\n', stderr); - (void) fflush(stderr); - if (jump) longjmp(interrupt_buf, 1); + (void)fflush(stderr); + if (jump) { + jump = 0; + LONGJMP(interrupt_buf, 1); + } } #endif /* SYS_WINNT */ @@ -1235,14 +1245,22 @@ docmd( current_output = stdout; } - if (interactive && setjmp(interrupt_buf)) { - return; + if (interactive) { + if ( ! SETJMP(interrupt_buf)) { + jump = 1; + (xcmd->handler)(&pcmd, current_output); + jump = 0; + } else { + fflush(current_output); + fputs("\n >>> command aborted <<<\n", stderr); + fflush(stderr); + } } else { - jump = 1; - (xcmd->handler)(&pcmd, current_output); jump = 0; - if (current_output != stdout) - (void) fclose(current_output); + (xcmd->handler)(&pcmd, current_output); + } + if ((NULL != current_output) && (stdout != current_output)) { + (void)fclose(current_output); current_output = NULL; } } diff --git a/ntpdc/ntpdc.html b/ntpdc/ntpdc.html index e133ec7b0b36..42049927aade 100644 --- a/ntpdc/ntpdc.html +++ b/ntpdc/ntpdc.html @@ -36,7 +36,7 @@ display the time offset of the system clock relative to the server clock. Run as root, it can correct the system clock to this offset as well. It can be run as an interactive command or from a cron job. - <p>This document applies to version 4.2.8p11 of <code>ntpdc</code>. + <p>This document applies to version 4.2.8p12 of <code>ntpdc</code>. <p>The program implements the SNTP protocol as defined by RFC 5905, the NTPv4 IETF specification. @@ -152,7 +152,7 @@ the usage text by passing it through a pager program. used to select the program, defaulting to <span class="file">more</span>. Both will exit with a status code of 0. -<pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p11 +<pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p12 Usage: ntpdc [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...] Flg Arg Option-Name Description -4 no ipv4 Force IPv4 DNS name resolution diff --git a/ntpdc/ntpdc.man.in b/ntpdc/ntpdc.man.in index 4b31f2e5cc8c..f26cf234ddd7 100644 --- a/ntpdc/ntpdc.man.in +++ b/ntpdc/ntpdc.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntpdc @NTPDC_MS@ "27 Feb 2018" "4.2.8p11" "User Commands" +.TH ntpdc @NTPDC_MS@ "14 Aug 2018" "4.2.8p12" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-MnaqKS/ag-YnaiJS) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-uwaqJD/ag-GwaiID) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:15:03 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:29:36 AM by AutoGen 5.18.5 .\" From the definitions ntpdc-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/ntpdc/ntpdc.mdoc.in b/ntpdc/ntpdc.mdoc.in index 3720f930f7b0..0cd97be06c5c 100644 --- a/ntpdc/ntpdc.mdoc.in +++ b/ntpdc/ntpdc.mdoc.in @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt NTPDC @NTPDC_MS@ User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:15:09 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:29:43 AM by AutoGen 5.18.5 .\" From the definitions ntpdc-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/ntpq/invoke-ntpq.texi b/ntpq/invoke-ntpq.texi index 69f20883ccd2..ebd4affd71d5 100644 --- a/ntpq/invoke-ntpq.texi +++ b/ntpq/invoke-ntpq.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntpq.texi) # -# It has been AutoGen-ed February 27, 2018 at 05:15:26 PM by AutoGen 5.18.5 +# It has been AutoGen-ed August 14, 2018 at 08:30:02 AM by AutoGen 5.18.5 # From the definitions ntpq-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -944,7 +944,7 @@ with a status code of 0. @exampleindent 0 @example -ntpq - standard NTP query program - Ver. 4.2.8p11 +ntpq - standard NTP query program - Ver. 4.2.8p12 Usage: ntpq [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...] Flg Arg Option-Name Description -4 no ipv4 Force IPv4 name resolution diff --git a/ntpq/ntpq-opts.c b/ntpq/ntpq-opts.c index 602d40f945cf..15723d68bff8 100644 --- a/ntpq/ntpq-opts.c +++ b/ntpq/ntpq-opts.c @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpq-opts.c) * - * It has been AutoGen-ed February 27, 2018 at 05:15:12 PM by AutoGen 5.18.5 + * It has been AutoGen-ed August 14, 2018 at 08:29:47 AM by AutoGen 5.18.5 * From the definitions ntpq-opts.def * and the template file options * @@ -69,7 +69,7 @@ extern FILE * option_usage_fp; * static const strings for ntpq options */ static char const ntpq_opt_strs[1977] = -/* 0 */ "ntpq 4.2.8p11\n" +/* 0 */ "ntpq 4.2.8p12\n" "Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n" "This is free software. It is licensed for use, modification and\n" "redistribution under the terms of the NTP License, copies of which\n" @@ -132,13 +132,13 @@ static char const ntpq_opt_strs[1977] = /* 1768 */ "no-load-opts\0" /* 1781 */ "no\0" /* 1784 */ "NTPQ\0" -/* 1789 */ "ntpq - standard NTP query program - Ver. 4.2.8p11\n" +/* 1789 */ "ntpq - standard NTP query program - Ver. 4.2.8p12\n" "Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0" /* 1909 */ "$HOME\0" /* 1915 */ ".\0" /* 1917 */ ".ntprc\0" /* 1924 */ "http://bugs.ntp.org, bugs@ntp.org\0" -/* 1958 */ "ntpq 4.2.8p11\0" +/* 1958 */ "ntpq 4.2.8p12\0" /* 1972 */ "hash"; /** @@ -841,7 +841,7 @@ static void bogus_function(void) { translate option names. */ /* referenced via ntpqOptions.pzCopyright */ - puts(_("ntpq 4.2.8p11\n\ + puts(_("ntpq 4.2.8p12\n\ Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n\ This is free software. It is licensed for use, modification and\n\ redistribution under the terms of the NTP License, copies of which\n\ @@ -910,11 +910,11 @@ implied warranty.\n")); puts(_("load options from a config file")); /* referenced via ntpqOptions.pzUsageTitle */ - puts(_("ntpq - standard NTP query program - Ver. 4.2.8p11\n\ + puts(_("ntpq - standard NTP query program - Ver. 4.2.8p12\n\ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n")); /* referenced via ntpqOptions.pzFullVersion */ - puts(_("ntpq 4.2.8p11")); + puts(_("ntpq 4.2.8p12")); /* referenced via ntpqOptions.pzFullUsage */ puts(_("<<<NOT-FOUND>>>")); diff --git a/ntpq/ntpq-opts.h b/ntpq/ntpq-opts.h index ce90e50d9c8f..1ff3a0af6dfd 100644 --- a/ntpq/ntpq-opts.h +++ b/ntpq/ntpq-opts.h @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpq-opts.h) * - * It has been AutoGen-ed February 27, 2018 at 05:15:12 PM by AutoGen 5.18.5 + * It has been AutoGen-ed August 14, 2018 at 08:29:47 AM by AutoGen 5.18.5 * From the definitions ntpq-opts.def * and the template file options * @@ -84,9 +84,9 @@ typedef enum { /** count of all options for ntpq */ #define OPTION_CT 16 /** ntpq version */ -#define NTPQ_VERSION "4.2.8p11" +#define NTPQ_VERSION "4.2.8p12" /** Full ntpq version text */ -#define NTPQ_FULL_VERSION "ntpq 4.2.8p11" +#define NTPQ_FULL_VERSION "ntpq 4.2.8p12" /** * Interface defines for all options. Replace "n" with the UPPER_CASED diff --git a/ntpq/ntpq-subs.c b/ntpq/ntpq-subs.c index acc175d197de..8495e2059ef6 100644 --- a/ntpq/ntpq-subs.c +++ b/ntpq/ntpq-subs.c @@ -446,6 +446,7 @@ doaddvlist( len = strlen(vars); while (nextvar(&len, &vars, &name, &value)) { + INSIST(name && value); vl = findlistvar(vlist, name); if (NULL == vl) { fprintf(stderr, "Variable list full\n"); @@ -481,6 +482,7 @@ dormvlist( len = strlen(vars); while (nextvar(&len, &vars, &name, &value)) { + INSIST(name && value); vl = findlistvar(vlist, name); if (vl == 0 || vl->name == 0) { (void) fprintf(stderr, "Variable `%s' not found\n", @@ -1153,7 +1155,7 @@ printassoc( * Output a header */ (void) fprintf(fp, - "\nind assid status conf reach auth condition last_event cnt\n"); + "ind assid status conf reach auth condition last_event cnt\n"); (void) fprintf(fp, "===========================================================\n"); for (i = 0; i < numassoc; i++) { @@ -1475,31 +1477,36 @@ prettyinterval( } if (diff <= 2048) { - snprintf(buf, cb, "%ld", diff); + snprintf(buf, cb, "%u", (unsigned int)diff); return buf; } diff = (diff + 29) / 60; if (diff <= 300) { - snprintf(buf, cb, "%ldm", diff); + snprintf(buf, cb, "%um", (unsigned int)diff); return buf; } diff = (diff + 29) / 60; if (diff <= 96) { - snprintf(buf, cb, "%ldh", diff); + snprintf(buf, cb, "%uh", (unsigned int)diff); return buf; } diff = (diff + 11) / 24; if (diff <= 999) { - snprintf(buf, cb, "%ldd", diff); + snprintf(buf, cb, "%ud", (unsigned int)diff); return buf; } /* years are only approximated... */ diff = (long)floor(diff / 365.25 + 0.5); - snprintf(buf, cb, "%ldy", diff); + if (diff <= 999) { + snprintf(buf, cb, "%uy", (unsigned int)diff); + return buf; + } + /* Ok, this amounts to infinity... */ + strlcpy(buf, "INF", cb); return buf; } @@ -1638,10 +1645,14 @@ doprintpeers( l_fp rec; l_fp ts; u_long poll_sec; + u_long flash = 0; char type = '?'; - char whenbuf[8], pollbuf[8]; char clock_name[LENHOSTNAME]; - + char whenbuf[12], pollbuf[12]; + /* [Bug 3482] formally whenbuf & pollbuf should be able to hold + * a full signed int. Not that we would use that much string + * data for it... + */ get_systime(&ts); have_srchost = FALSE; @@ -1657,6 +1668,7 @@ doprintpeers( ZERO(estdisp); while (nextvar(&datalen, &data, &name, &value)) { + INSIST(name && value); if (!strcmp("srcadr", name) || !strcmp("peeradr", name)) { if (!decodenetnum(value, &srcadr)) @@ -1771,6 +1783,8 @@ doprintpeers( } else if (!strcmp("reftime", name)) { if (!decodets(value, &reftime)) L_CLR(&reftime); + } else if (!strcmp("flash", name)) { + decodeuint(value, &flash); } else { // fprintf(stderr, "UNRECOGNIZED name=%s ", name); } @@ -1850,7 +1864,9 @@ doprintpeers( + 1 + 15 + 1, ""); else fprintf(fp, "%c%-15.15s ", c, clock_name); - if (!have_da_rid) { + if ((flash & TEST12) && (pvl != opeervarlist)) { + drlen = fprintf(fp, "(loop)"); + } else if (!have_da_rid) { drlen = 0; } else { drlen = strlen(dstadr_refid); @@ -2381,7 +2397,7 @@ fetch_nonce( return FALSE; } chars = rsize - (sizeof(nonce_eq) - 1); - if (chars >= (int)cb_nonce) + if (chars >= cb_nonce) return FALSE; memcpy(nonce, rdata + sizeof(nonce_eq) - 1, chars); nonce[chars] = '\0'; @@ -2647,6 +2663,7 @@ collect_mru_list( have_addr_older = FALSE; have_last_older = FALSE; while (!qres && nextvar(&rsize, &rdata, &tag, &val)) { + INSIST(tag && val); if (debug > 1) fprintf(stderr, "nextvar gave: %s = %s\n", tag, val); @@ -3391,11 +3408,9 @@ ifstats( fields = 0; ui = 0; while (nextvar(&dsize, &datap, &tag, &val)) { + INSIST(tag && val); if (debug > 1) - fprintf(stderr, "nextvar gave: %s = %s\n", tag, - (NULL == val) - ? "" - : val); + fprintf(stderr, "nextvar gave: %s = %s\n", tag, val); comprende = FALSE; switch(tag[0]) { @@ -3407,7 +3422,7 @@ ifstats( case 'b': if (1 == sscanf(tag, bcast_fmt, &ui) && - (NULL == val || + ('\0' == *val || decodenetnum(val, &row.bcast))) comprende = TRUE; break; @@ -3433,7 +3448,6 @@ ifstats( case 'n': if (1 == sscanf(tag, name_fmt, &ui)) { /* strip quotes */ - INSIST(val); len = strlen(val); if (len >= 2 && len - 2 < sizeof(row.name)) { @@ -3607,11 +3621,9 @@ reslist( fields = 0; ui = 0; while (nextvar(&dsize, &datap, &tag, &val)) { + INSIST(tag && val); if (debug > 1) - fprintf(stderr, "nextvar gave: %s = %s\n", tag, - (NULL == val) - ? "" - : val); + fprintf(stderr, "nextvar gave: %s = %s\n", tag, val); comprende = FALSE; switch(tag[0]) { @@ -3718,8 +3730,7 @@ collect_display_vdc( * the retrieved values. */ while (nextvar(&rsize, &rdata, &tag, &val)) { - if (NULL == val) - continue; + INSIST(tag && val); n = 0; for (pvdc = table; pvdc->tag != NULL; pvdc++) { len = strlen(pvdc->tag); @@ -3944,9 +3955,9 @@ monstats( ) { static vdc monstats_vdc[] = { - VDC_INIT("mru_enabled", "enabled: ", NTP_STR), + VDC_INIT("mru_enabled", "enabled: ", NTP_STR), VDC_INIT("mru_depth", "addresses: ", NTP_STR), - VDC_INIT("mru_deepest", "peak addresses: ", NTP_STR), + VDC_INIT("mru_deepest", "peak addresses: ", NTP_STR), VDC_INIT("mru_maxdepth", "maximum addresses: ", NTP_STR), VDC_INIT("mru_mindepth", "reclaim above count:", NTP_STR), VDC_INIT("mru_maxage", "reclaim older than: ", NTP_STR), diff --git a/ntpq/ntpq.1ntpqman b/ntpq/ntpq.1ntpqman index 2ef8a3275175..11d2883f8ee9 100644 --- a/ntpq/ntpq.1ntpqman +++ b/ntpq/ntpq.1ntpqman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntpq 1ntpqman "27 Feb 2018" "4.2.8p11" "User Commands" +.TH ntpq 1ntpqman "14 Aug 2018" "4.2.8p12" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-D4aGRT/ag-Q4ayQT) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-_XaWRE/ag-lYaOQE) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:15:22 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:29:58 AM by AutoGen 5.18.5 .\" From the definitions ntpq-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/ntpq/ntpq.1ntpqmdoc b/ntpq/ntpq.1ntpqmdoc index 1d801e91036e..ca3f206ff70d 100644 --- a/ntpq/ntpq.1ntpqmdoc +++ b/ntpq/ntpq.1ntpqmdoc @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt NTPQ 1ntpqmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:15:28 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:30:05 AM by AutoGen 5.18.5 .\" From the definitions ntpq-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/ntpq/ntpq.c b/ntpq/ntpq.c index 17c2f17d3885..6e7a5c375175 100644 --- a/ntpq/ntpq.c +++ b/ntpq/ntpq.c @@ -32,18 +32,20 @@ #include "ntp_lineedit.h" #include "ntp_debug.h" #ifdef OPENSSL -#include "openssl/evp.h" -#include "openssl/objects.h" -#include "openssl/err.h" -#ifdef SYS_WINNT -# include "openssl/opensslv.h" -# if !defined(HAVE_EVP_MD_DO_ALL_SORTED) && OPENSSL_VERSION_NUMBER > 0x10000000L -# define HAVE_EVP_MD_DO_ALL_SORTED 1 +# include "openssl/evp.h" +# include "openssl/objects.h" +# include "openssl/err.h" +# ifdef SYS_WINNT +# include "openssl/opensslv.h" +# if !defined(HAVE_EVP_MD_DO_ALL_SORTED) && OPENSSL_VERSION_NUMBER > 0x10000000L +# define HAVE_EVP_MD_DO_ALL_SORTED 1 +# endif +# endif +# include "libssl_compat.h" +# ifdef HAVE_OPENSSL_CMAC_H +# include <openssl/cmac.h> +# define CMAC "AES128CMAC" # endif -#endif -#include "libssl_compat.h" - -#define CMAC "AES128CMAC" #endif #include <ssl_applink.c> @@ -111,10 +113,6 @@ int rawmode = 0; */ u_char pktversion = NTP_OLDVERSION + 1; -/* - * Don't jump if no set jmp. - */ -volatile int jump = 0; /* * Format values @@ -218,10 +216,8 @@ static void raw (struct parse *, FILE *); static void cooked (struct parse *, FILE *); static void authenticate (struct parse *, FILE *); static void ntpversion (struct parse *, FILE *); -static void warning (const char *, ...) - __attribute__((__format__(__printf__, 1, 2))); -static void error (const char *, ...) - __attribute__((__format__(__printf__, 1, 2))); +static void warning (const char *, ...) NTP_PRINTF(1, 2); +static void error (const char *, ...) NTP_PRINTF(1, 2); static u_long getkeyid (const char *); static void atoascii (const char *, size_t, char *, size_t); static void cookedprint (int, size_t, const char *, int, int, FILE *); @@ -231,10 +227,20 @@ static void output (FILE *, const char *, const char *); static void endoutput (FILE *); static void outputarr (FILE *, char *, int, l_fp *); static int assoccmp (const void *, const void *); -static void on_ctrlc (void); u_short varfmt (const char *); + void ntpq_custom_opt_handler(tOptions *, tOptDesc *); + +#ifndef BUILD_AS_LIB +static char *list_digest_names(void); +static char *insert_cmac (char *list); +static void on_ctrlc (void); static int my_easprintf (char**, const char *, ...) NTP_PRINTF(2, 3); -void ntpq_custom_opt_handler (tOptions *, tOptDesc *); +# if defined(OPENSSL) && defined(HAVE_EVP_MD_DO_ALL_SORTED) +static void list_md_fn (const EVP_MD *m, const char *from, + const char *to, void *arg); +# endif /* defined(OPENSSL) && defined(HAVE_EVP_MD_DO_ALL_SORTED) */ +#endif /* !defined(BUILD_AS_LIB) */ + /* read a character from memory and expand to integer */ static inline int @@ -246,14 +252,6 @@ pgetc( } -#ifdef OPENSSL -# ifdef HAVE_EVP_MD_DO_ALL_SORTED -static void list_md_fn(const EVP_MD *m, const char *from, - const char *to, void *arg ); -# endif -#endif -static char *insert_cmac(char *list); -static char *list_digest_names(void); /* * Built-in commands we understand @@ -422,14 +420,34 @@ chost chosts[MAXHOSTS]; #define STREQ(a, b) (*(a) == *(b) && strcmp((a), (b)) == 0) /* - * Jump buffer for longjumping back to the command level + * Jump buffer for longjumping back to the command level. + * + * Since we do this from a signal handler, we use 'sig{set,long}jmp()' + * if available. The signal is blocked by default during the excution of + * a signal handler, and it is unspecified if '{set,long}jmp()' save and + * restore the signal mask. They do on BSD, it depends on the GLIBC + * version on Linux, and the gods know what happens on other OSes... + * + * So we use the 'sig{set,long}jmp()' functions where available, because + * for them the semantics are well-defined. If we have to fall back to + * '{set,long}jmp()', the CTRL-C handling might be a bit erratic. */ -jmp_buf interrupt_buf; +#if HAVE_DECL_SIGSETJMP && HAVE_DECL_SIGLONGJMP +# define JMP_BUF sigjmp_buf +# define SETJMP(x) sigsetjmp((x), 1) +# define LONGJMP(x, v) siglongjmp((x),(v)) +#else +# define JMP_BUF jmp_buf +# define SETJMP(x) setjmp((x)) +# define LONGJMP(x, v) longjmp((x),(v)) +#endif +static JMP_BUF interrupt_buf; +static volatile int jump = 0; /* * Points at file being currently printed into */ -FILE *current_output; +FILE *current_output = NULL; /* * Command table imported from ntpdc_ops.c @@ -608,10 +626,10 @@ ntpqmain( } else { for (ihost = 0; ihost < numhosts; ihost++) { if (openhost(chosts[ihost].name, chosts[ihost].fam)) { - if (ihost) + if (ihost && current_output) fputc('\n', current_output); for (icmd = 0; icmd < numcmds; icmd++) { - if (icmd) + if (icmd && current_output) fputc('\n', current_output); docmd(ccmds[icmd]); } @@ -636,29 +654,26 @@ openhost( { const char svc[] = "ntp"; char temphost[LENHOSTNAME]; - int a_info, i; + int a_info; struct addrinfo hints, *ai; sockaddr_u addr; size_t octets; - register const char *cp; + const char *cp; char name[LENHOSTNAME]; /* * We need to get by the [] if they were entered */ - - cp = hname; - - if (*cp == '[') { - cp++; - for (i = 0; *cp && *cp != ']'; cp++, i++) - name[i] = *cp; - if (*cp == ']') { - name[i] = '\0'; - hname = name; - } else { + if (*hname == '[') { + cp = strchr(hname + 1, ']'); + if (!cp || (octets = (size_t)(cp - hname) - 1) >= sizeof(name)) { + errno = EINVAL; + warning("%s", "bad hostname/address"); return 0; } + memcpy(name, hname + 1, octets); + name[octets] = '\0'; + hname = name; } /* @@ -1568,7 +1583,7 @@ abortcmd(void) (void) fflush(stderr); if (jump) { jump = 0; - longjmp(interrupt_buf, 1); + LONGJMP(interrupt_buf, 1); } return TRUE; } @@ -1656,23 +1671,29 @@ docmd( perror(""); return; } - i = 1; /* flag we need a close */ } else { current_output = stdout; - i = 0; /* flag no close */ } - if (interactive && setjmp(interrupt_buf)) { - jump = 0; - return; + if (interactive) { + if ( ! SETJMP(interrupt_buf)) { + jump = 1; + (xcmd->handler)(&pcmd, current_output); + jump = 0; + } else { + fflush(current_output); + fputs("\n >>> command aborted <<<\n", stderr); + fflush(stderr); + } + } else { - jump++; + jump = 0; (xcmd->handler)(&pcmd, current_output); - jump = 0; /* HMS: 961106: was after fclose() */ - if (i) (void) fclose(current_output); } - - return; + if ((NULL != current_output) && (stdout != current_output)) { + (void)fclose(current_output); + current_output = NULL; + } } @@ -2504,7 +2525,7 @@ ntp_poll( /* * showdrefid2str - return a string explanation of the value of drefid */ -static char * +static const char * showdrefid2str(void) { switch (drefid) { @@ -3055,10 +3076,146 @@ trunc_left( char circ_buf[NUMCB][CBLEN]; int nextcb = 0; +/* -------------------------------------------------------------------- + * Parsing a response value list + * + * This sounds simple (and it actually is not really hard) but it has + * some pitfalls. + * + * Rule1: CR/LF is never embedded in an item + * Rule2: An item is a name, optionally followed by a value + * Rule3: The value is separated from the name by a '=' + * Rule4: Items are separated by a ',' + * Rule5: values can be quoted by '"', in which case they can contain + * arbitrary characters but *not* '"', CR and LF + * + * There are a few implementations out there that require a somewhat + * relaxed attitude when parsing a value list, especially since we want + * to copy names and values into local buffers. If these would overflow, + * the item should be skipped without terminating the parsing sequence. + * + * Also, for empty values, there might be a '=' after the name or not; + * we treat that equivalent. + * + * Parsing an item definitely breaks on a CR/LF. If an item is not + * followed by a comma (','), parsing stops. In the middle of a quoted + * character sequence CR/LF terminates the parsing finally without + * returning a value. + * + * White space and other noise is ignored when parsing the data buffer; + * only CR, LF, ',', '=' and '"' are characters with a special meaning. + * White space is stripped from the names and values *after* working + * through the buffer, before making the local copies. If whitespace + * stripping results in an empty name, parsing resumes. + */ + +/* + * nextvar parsing helpers + */ + +/* predicate: allowed chars inside a quoted string */ +static int/*BOOL*/ cp_qschar(int ch) +{ + return ch && (ch != '"' && ch != '\r' && ch != '\n'); +} + +/* predicate: allowed chars inside an unquoted string */ +static int/*BOOL*/ cp_uqchar(int ch) +{ + return ch && (ch != ',' && ch != '"' && ch != '\r' && ch != '\n'); +} + +/* predicate: allowed chars inside a value name */ +static int/*BOOL*/ cp_namechar(int ch) +{ + return ch && (ch != ',' && ch != '=' && ch != '\r' && ch != '\n'); +} + +/* predicate: characters *between* list items. We're relaxed here. */ +static int/*BOOL*/ cp_ivspace(int ch) +{ + return (ch == ',' || (ch > 0 && ch <= ' ')); +} + +/* get current character (or NUL when on end) */ +static inline int +pf_getch( + const char ** datap, + const char * endp + ) +{ + return (*datap != endp) + ? *(const unsigned char*)*datap + : '\0'; +} + +/* get next character (or NUL when on end) */ +static inline int +pf_nextch( + const char ** datap, + const char * endp + ) +{ + return (*datap != endp && ++(*datap) != endp) + ? *(const unsigned char*)*datap + : '\0'; +} + +static size_t +str_strip( + const char ** datap, + size_t len + ) +{ + static const char empty[] = ""; + + if (*datap && len) { + const char * cpl = *datap; + const char * cpr = cpl + len; + + while (cpl != cpr && *(const unsigned char*)cpl <= ' ') + ++cpl; + while (cpl != cpr && *(const unsigned char*)(cpr - 1) <= ' ') + --cpr; + *datap = cpl; + len = (size_t)(cpr - cpl); + } else { + *datap = empty; + len = 0; + } + return len; +} + +static void +pf_error( + const char * what, + const char * where, + const char * whend + ) +{ +# ifndef BUILD_AS_LIB + + FILE * ofp = (debug > 0) ? stdout : stderr; + size_t len = (size_t)(whend - where); + + if (len > 50) /* *must* fit into an 'int'! */ + len = 50; + fprintf(ofp, "nextvar: %s: '%.*s'\n", + what, (int)len, where); + +# else /*defined(BUILD_AS_LIB)*/ + + UNUSED_ARG(what); + UNUSED_ARG(where); + UNUSED_ARG(whend); + +# endif /*defined(BUILD_AS_LIB)*/ +} + /* * nextvar - find the next variable in the buffer */ -int +int/*BOOL*/ nextvar( size_t *datalen, const char **datap, @@ -3066,92 +3223,124 @@ nextvar( char **vvalue ) { - const char *cp; - const char *np; - const char *cpend; - size_t srclen; - size_t len; - static char name[MAXVARLEN]; - static char value[MAXVALLEN]; - - cp = *datap; - cpend = cp + *datalen; - - /* - * Space past commas and white space - */ - while (cp < cpend && (*cp == ',' || isspace(pgetc(cp)))) - cp++; - if (cp >= cpend) - return 0; + enum PState { sDone, sInit, sName, sValU, sValQ }; + + static char name[MAXVARLEN], value[MAXVALLEN]; - /* - * Copy name until we hit a ',', an '=', a '\r' or a '\n'. Backspace - * over any white space and terminate it. - */ - srclen = strcspn(cp, ",=\r\n"); - srclen = min(srclen, (size_t)(cpend - cp)); - len = srclen; - while (len > 0 && isspace(pgetc(&cp[len - 1]))) - len--; - if (len >= sizeof(name)) - return 0; - if (len > 0) - memcpy(name, cp, len); - name[len] = '\0'; - *vname = name; - cp += srclen; + const char *cp, *cpend; + const char *np, *vp; + size_t nlen, vlen; + int ch; + enum PState st; + + cpend = *datap + *datalen; - /* - * Check if we hit the end of the buffer or a ','. If so we are done. - */ - if (cp >= cpend || *cp == ',' || *cp == '\r' || *cp == '\n') { - if (cp < cpend) - cp++; - *datap = cp; - *datalen = size2int_sat(cpend - cp); - *vvalue = NULL; - return 1; + again: + np = vp = NULL; + nlen = vlen = 0; + + st = sInit; + ch = pf_getch(datap, cpend); + + while (st != sDone) { + switch (st) + { + case sInit: /* handle inter-item chars */ + while (cp_ivspace(ch)) + ch = pf_nextch(datap, cpend); + if (cp_namechar(ch)) { + np = *datap; + cp = np; + st = sName; + ch = pf_nextch(datap, cpend); + } else { + goto final_done; + } + break; + + case sName: /* collect name */ + while (cp_namechar(ch)) + ch = pf_nextch(datap, cpend); + nlen = (size_t)(*datap - np); + if (ch == '=') { + ch = pf_nextch(datap, cpend); + vp = *datap; + st = sValU; + } else { + if (ch != ',') + *datap = cpend; + st = sDone; + } + break; + + case sValU: /* collect unquoted part(s) of value */ + while (cp_uqchar(ch)) + ch = pf_nextch(datap, cpend); + if (ch == '"') { + ch = pf_nextch(datap, cpend); + st = sValQ; + } else { + vlen = (size_t)(*datap - vp); + if (ch != ',') + *datap = cpend; + st = sDone; + } + break; + + case sValQ: /* collect quoted part(s) of value */ + while (cp_qschar(ch)) + ch = pf_nextch(datap, cpend); + if (ch == '"') { + ch = pf_nextch(datap, cpend); + st = sValU; + } else { + pf_error("no closing quote, stop", cp, cpend); + goto final_done; + } + break; + + default: + pf_error("state machine error, stop", *datap, cpend); + goto final_done; + } } - /* - * So far, so good. Copy out the value + /* If name or value do not fit their buffer, croak and start + * over. If there's no name at all after whitespace stripping, + * redo silently. */ - cp++; /* past '=' */ - while (cp < cpend && (isspace(pgetc(cp)) && *cp != '\r' && *cp != '\n')) - cp++; - np = cp; - if ('"' == *np) { - do { - np++; - } while (np < cpend && '"' != *np); - if (np < cpend && '"' == *np) - np++; - } else { - while (np < cpend && ',' != *np && '\r' != *np) - np++; + nlen = str_strip(&np, nlen); + vlen = str_strip(&vp, vlen); + + if (nlen == 0) { + goto again; + } + if (nlen >= sizeof(name)) { + pf_error("runaway name", np, cpend); + goto again; + } + if (vlen >= sizeof(value)) { + pf_error("runaway value", vp, cpend); + goto again; } - len = np - cp; - if (np > cpend || len >= sizeof(value) || - (np < cpend && ',' != *np && '\r' != *np)) - return 0; - memcpy(value, cp, len); - /* - * Trim off any trailing whitespace - */ - while (len > 0 && isspace(pgetc(&value[len - 1]))) - len--; - value[len] = '\0'; - /* - * Return this. All done. - */ - if (np < cpend && ',' == *np) - np++; - *datap = np; - *datalen = size2int_sat(cpend - np); + /* copy name and value into NUL-terminated buffers */ + memcpy(name, np, nlen); + name[nlen] = '\0'; + *vname = name; + + memcpy(value, vp, vlen); + value[vlen] = '\0'; *vvalue = value; - return 1; + + /* check if there's more to do or if we are finshed */ + *datalen = (size_t)(cpend - *datap); + return TRUE; + + final_done: + *datap = cpend; + *datalen = 0; + return FALSE; } @@ -3318,11 +3507,11 @@ outputarr( * Hack to align delay and offset values */ for (i = (int)strlen(name); i < 11; i++) - *bp++ = ' '; + *bp++ = ' '; for (i = narr; i > 0; i--) { - if (i != narr) - *bp++ = ' '; + if (i != (size_t)narr) + *bp++ = ' '; cp = lfptoms(lfp, 2); len = strlen(cp); if (len > 7) { @@ -3346,44 +3535,61 @@ tstflags( u_long val ) { - register char *cp, *s; - size_t cb; - register int i; - register const char *sep; +# if CBLEN < 10 +# error BLEN is too small -- increase! +# endif + + char *cp, *s; + size_t cb, i; + int l; - sep = ""; s = cp = circ_buf[nextcb]; if (++nextcb >= NUMCB) nextcb = 0; cb = sizeof(circ_buf[0]); - snprintf(cp, cb, "%02lx", val); - cp += strlen(cp); - cb -= strlen(cp); + l = snprintf(cp, cb, "%02lx", val); + if (l < 0 || (size_t)l >= cb) + goto fail; + cp += l; + cb -= l; if (!val) { - strlcat(cp, " ok", cb); - cp += strlen(cp); - cb -= strlen(cp); + l = strlcat(cp, " ok", cb); + if ((size_t)l >= cb) + goto fail; + cp += l; + cb -= l; } else { - if (cb) { - *cp++ = ' '; - cb--; - } - for (i = 0; i < (int)COUNTOF(tstflagnames); i++) { + const char *sep; + + sep = " "; + for (i = 0; i < COUNTOF(tstflagnames); i++) { if (val & 0x1) { - snprintf(cp, cb, "%s%s", sep, - tstflagnames[i]); + l = snprintf(cp, cb, "%s%s", sep, + tstflagnames[i]); + if (l < 0) + goto fail; + if ((size_t)l >= cb) { + cp += cb - 4; + cb = 4; + l = strlcpy (cp, "...", cb); + cp += l; + cb -= l; + break; + } sep = ", "; - cp += strlen(cp); - cb -= strlen(cp); + cp += l; + cb -= l; } val >>= 1; } } - if (cb) - *cp = '\0'; return s; + + fail: + *cp = '\0'; + return s; } /* @@ -3630,220 +3836,218 @@ ntpq_custom_opt_handler( # define K_DELIM_STR ", " struct hstate { - char *list; - const char **seen; - int idx; + char *list; + const char **seen; + int idx; }; +# ifndef BUILD_AS_LIB static void list_md_fn(const EVP_MD *m, const char *from, const char *to, void *arg) { - size_t len, n, digest_len; - const char *name, **seen; - struct hstate *hstate = arg; - char *cp; - - /* m is MD obj, from is name or alias, to is base name for alias */ - if (!m || !from || to) { - return; /* Ignore aliases */ - } - - /* Discard MACs that NTP won't accept. */ - /* Keep this consistent with keytype_from_text() in ssl_init.c. */ - if (EVP_MD_size(m) > (MAX_MAC_LEN - sizeof(keyid_t))) { - return; - } - - name = EVP_MD_name(m); + size_t len, n; + const char *name, **seen; + struct hstate *hstate = arg; + const char *cp; + + /* m is MD obj, from is name or alias, to is base name for alias */ + if (!m || !from || to) + return; /* Ignore aliases */ - /* Lowercase names aren't accepted by keytype_from_text in ssl_init.c */ + /* Discard MACs that NTP won't accept. */ + /* Keep this consistent with keytype_from_text() in ssl_init.c. */ + if (EVP_MD_size(m) > (MAX_MAC_LEN - sizeof(keyid_t))) + return; + + name = EVP_MD_name(m); + + /* Lowercase names aren't accepted by keytype_from_text in ssl_init.c */ + + for (cp = name; *cp; cp++) + if (islower((unsigned char)*cp)) + return; - for (cp = name; *cp; cp++) { - if (islower((unsigned char)*cp)) { - return; - } - } + len = (cp - name) + 1; + + /* There are duplicates. Discard if name has been seen. */ + + for (seen = hstate->seen; *seen; seen++) + if (!strcmp(*seen, name)) + return; - len = (cp - name) + 1; + n = (seen - hstate->seen) + 2; + hstate->seen = erealloc(hstate->seen, n * sizeof(*seen)); + hstate->seen[n-2] = name; + hstate->seen[n-1] = NULL; + + if (hstate->list != NULL) + len += strlen(hstate->list); - /* There are duplicates. Discard if name has been seen. */ + len += (hstate->idx >= K_PER_LINE) + ? strlen(K_NL_PFX_STR) + : strlen(K_DELIM_STR); - for (seen = hstate->seen; *seen; seen++) { - if (!strcmp(*seen, name)) { - return; + if (hstate->list == NULL) { + hstate->list = (char *)emalloc(len); + hstate->list[0] = '\0'; + } else { + hstate->list = (char *)erealloc(hstate->list, len); } - } - - n = (seen - hstate->seen) + 2; - hstate->seen = erealloc(hstate->seen, n * sizeof(*seen)); - hstate->seen[n-2] = name; - hstate->seen[n-1] = NULL; - - if (hstate->list != NULL) { - len += strlen(hstate->list); - } - - len += (hstate->idx >= K_PER_LINE) - ? strlen(K_NL_PFX_STR) - : strlen(K_DELIM_STR); - - if (hstate->list == NULL) { - hstate->list = (char *)emalloc(len); - hstate->list[0] = '\0'; - } else { - hstate->list = (char *)erealloc(hstate->list, len); - } - - sprintf(hstate->list + strlen(hstate->list), "%s%s", - ((hstate->idx >= K_PER_LINE) ? K_NL_PFX_STR : K_DELIM_STR), - name); - - if (hstate->idx >= K_PER_LINE) { - hstate->idx = 1; - } else { - hstate->idx++; - } + + sprintf(hstate->list + strlen(hstate->list), "%s%s", + ((hstate->idx >= K_PER_LINE) ? K_NL_PFX_STR : K_DELIM_STR), + name); + + if (hstate->idx >= K_PER_LINE) + hstate->idx = 1; + else + hstate->idx++; } +# endif /* !defined(BUILD_AS_LIB) */ - +# ifndef BUILD_AS_LIB /* Insert CMAC into SSL digests list */ static char * insert_cmac(char *list) { - int insert; - size_t len; - - - /* If list empty, we need to insert CMAC on new line */ - insert = (!list || !*list); - - if (insert) { - len = strlen(K_NL_PFX_STR) + strlen(CMAC); - list = (char *)erealloc(list, len + 1); - sprintf(list, "%s%s", K_NL_PFX_STR, CMAC); - } else { /* List not empty */ - /* Check if CMAC already in list - future proofing */ - const char *cmac_sn; - char *cmac_p; - - cmac_sn = OBJ_nid2sn(NID_cmac); - cmac_p = list; - insert = cmac_sn != NULL && *cmac_sn != '\0'; +#ifdef ENABLE_CMAC + int insert; + size_t len; - /* CMAC in list if found, followed by nul char or ',' */ - while (insert && NULL != (cmac_p = strstr(cmac_p, cmac_sn))) { - cmac_p += strlen(cmac_sn); - /* Still need to insert if not nul and not ',' */ - insert = *cmac_p && ',' != *cmac_p; - } - /* Find proper insertion point */ + /* If list empty, we need to insert CMAC on new line */ + insert = (!list || !*list); + if (insert) { - char *last_nl; - char *point; - char *delim; - int found; - - /* Default to start if list empty */ - found = 0; - delim = list; - len = strlen(list); - - /* While new lines */ - while (delim < list + len && *delim && - !strncmp(K_NL_PFX_STR, delim, strlen(K_NL_PFX_STR))) { - point = delim + strlen(K_NL_PFX_STR); - - /* While digest names on line */ - while (point < list + len && *point) { - /* Another digest after on same or next line? */ - delim = strstr( point, K_DELIM_STR); - last_nl = strstr( point, K_NL_PFX_STR); - - /* No - end of list */ - if (!delim && !last_nl) { - delim = list + len; - } else - /* New line and no delim or before delim? */ - if (last_nl && (!delim || last_nl < delim)) { - delim = last_nl; - } - - /* Found insertion point where CMAC before entry? */ - if (strncmp(CMAC, point, delim - point) < 0) { - found = 1; - break; - } - - if (delim < list + len && *delim && - !strncmp(K_DELIM_STR, delim, strlen(K_DELIM_STR))) { - point += strlen(K_DELIM_STR); - } else { - break; - } - } /* While digest names on line */ - } /* While new lines */ - - /* If found in list */ - if (found) { - /* insert cmac and delim */ - /* Space for list could move - save offset */ - ptrdiff_t p_offset = point - list; - len += strlen(CMAC) + strlen(K_DELIM_STR); + len = strlen(K_NL_PFX_STR) + strlen(CMAC); list = (char *)erealloc(list, len + 1); - point = list + p_offset; - /* move to handle src/dest overlap */ - memmove(point + strlen(CMAC) + strlen(K_DELIM_STR), + sprintf(list, "%s%s", K_NL_PFX_STR, CMAC); + } else { /* List not empty */ + /* Check if CMAC already in list - future proofing */ + const char *cmac_sn; + char *cmac_p; + + cmac_sn = OBJ_nid2sn(NID_cmac); + cmac_p = list; + insert = cmac_sn != NULL && *cmac_sn != '\0'; + + /* CMAC in list if found, followed by nul char or ',' */ + while (insert && NULL != (cmac_p = strstr(cmac_p, cmac_sn))) { + cmac_p += strlen(cmac_sn); + /* Still need to insert if not nul and not ',' */ + insert = *cmac_p && ',' != *cmac_p; + } + + /* Find proper insertion point */ + if (insert) { + char *last_nl; + char *point; + char *delim; + int found; + + /* Default to start if list empty */ + found = 0; + delim = list; + len = strlen(list); + + /* While new lines */ + while (delim < list + len && *delim && + !strncmp(K_NL_PFX_STR, delim, strlen(K_NL_PFX_STR))) { + point = delim + strlen(K_NL_PFX_STR); + + /* While digest names on line */ + while (point < list + len && *point) { + /* Another digest after on same or next line? */ + delim = strstr( point, K_DELIM_STR); + last_nl = strstr( point, K_NL_PFX_STR); + + /* No - end of list */ + if (!delim && !last_nl) { + delim = list + len; + } else + /* New line and no delim or before delim? */ + if (last_nl && (!delim || last_nl < delim)) { + delim = last_nl; + } + + /* Found insertion point where CMAC before entry? */ + if (strncmp(CMAC, point, delim - point) < 0) { + found = 1; + break; + } + + if (delim < list + len && *delim && + !strncmp(K_DELIM_STR, delim, strlen(K_DELIM_STR))) { + point += strlen(K_DELIM_STR); + } else { + break; + } + } /* While digest names on line */ + } /* While new lines */ + + /* If found in list */ + if (found) { + /* insert cmac and delim */ + /* Space for list could move - save offset */ + ptrdiff_t p_offset = point - list; + len += strlen(CMAC) + strlen(K_DELIM_STR); + list = (char *)erealloc(list, len + 1); + point = list + p_offset; + /* move to handle src/dest overlap */ + memmove(point + strlen(CMAC) + strlen(K_DELIM_STR), point, strlen(point) + 1); - strncpy(point, CMAC, strlen(CMAC)); - strncpy(point + strlen(CMAC), K_DELIM_STR, strlen(K_DELIM_STR)); - } else { /* End of list */ - /* append delim and cmac */ - len += strlen(K_DELIM_STR) + strlen(CMAC); - list = (char *)erealloc(list, len + 1); - strcpy(list + strlen(list), K_DELIM_STR); - strcpy(list + strlen(list), CMAC); - } - } /* insert */ - } /* List not empty */ - - return list; + strncpy(point, CMAC, strlen(CMAC)); + strncpy(point + strlen(CMAC), K_DELIM_STR, strlen(K_DELIM_STR)); + } else { /* End of list */ + /* append delim and cmac */ + len += strlen(K_DELIM_STR) + strlen(CMAC); + list = (char *)erealloc(list, len + 1); + strcpy(list + strlen(list), K_DELIM_STR); + strcpy(list + strlen(list), CMAC); + } + } /* insert */ + } /* List not empty */ +#endif /*ENABLE_CMAC*/ + return list; } +# endif /* !defined(BUILD_AS_LIB) */ # endif #endif +#ifndef BUILD_AS_LIB static char * list_digest_names(void) { - char *list = NULL; - + char *list = NULL; + #ifdef OPENSSL # ifdef HAVE_EVP_MD_DO_ALL_SORTED - struct hstate hstate = { NULL, NULL, K_PER_LINE+1 }; - - /* replace calloc(1, sizeof(const char *)) */ - hstate.seen = (const char **)emalloc_zero(sizeof(const char *)); - - INIT_SSL(); - EVP_MD_do_all_sorted(list_md_fn, &hstate); - list = hstate.list; - free(hstate.seen); - - list = insert_cmac(list); /* Insert CMAC into SSL digests list */ - + struct hstate hstate = { NULL, NULL, K_PER_LINE+1 }; + + /* replace calloc(1, sizeof(const char *)) */ + hstate.seen = (const char **)emalloc_zero(sizeof(const char *)); + + INIT_SSL(); + EVP_MD_do_all_sorted(list_md_fn, &hstate); + list = hstate.list; + free(hstate.seen); + + list = insert_cmac(list); /* Insert CMAC into SSL digests list */ + # else - list = (char *)emalloc(sizeof("md5, others (upgrade to OpenSSL-1.0 for full list)")); - strcpy(list, "md5, others (upgrade to OpenSSL-1.0 for full list)"); + list = (char *)emalloc(sizeof("md5, others (upgrade to OpenSSL-1.0 for full list)")); + strcpy(list, "md5, others (upgrade to OpenSSL-1.0 for full list)"); # endif #else - list = (char *)emalloc(sizeof("md5")); - strcpy(list, "md5"); + list = (char *)emalloc(sizeof("md5")); + strcpy(list, "md5"); #endif - - return list; + + return list; } +#endif /* !defined(BUILD_AS_LIB) */ #define CTRLC_STACK_MAX 4 static volatile size_t ctrlc_stack_len = 0; @@ -3881,6 +4085,7 @@ pop_ctrl_c_handler( return FALSE; } +#ifndef BUILD_AS_LIB static void on_ctrlc(void) { @@ -3889,7 +4094,9 @@ on_ctrlc(void) if ((*ctrlc_stack[--size])()) break; } +#endif /* !defined(BUILD_AS_LIB) */ +#ifndef BUILD_AS_LIB static int my_easprintf( char ** ppinto, @@ -3927,3 +4134,4 @@ my_easprintf( *ppinto = buf; return prc; } +#endif /* !defined(BUILD_AS_LIB) */ diff --git a/ntpq/ntpq.html b/ntpq/ntpq.html index 55aafc834ac2..d9daed6dedcd 100644 --- a/ntpq/ntpq.html +++ b/ntpq/ntpq.html @@ -44,7 +44,7 @@ monitor the operational status and determine the performance of <code>ntpd</code>, the NTP daemon. - <p>This document applies to version 4.2.8p11 of <code>ntpq</code>. + <p>This document applies to version 4.2.8p12 of <code>ntpq</code>. <ul class="menu"> <li><a accesskey="1" href="#ntpq-Description">ntpq Description</a> @@ -855,7 +855,7 @@ the usage text by passing it through a pager program. used to select the program, defaulting to <span class="file">more</span>. Both will exit with a status code of 0. -<pre class="example">ntpq - standard NTP query program - Ver. 4.2.8p10 +<pre class="example">ntpq - standard NTP query program - Ver. 4.2.8p11 Usage: ntpq [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...] Flg Arg Option-Name Description -4 no ipv4 Force IPv4 name resolution @@ -1284,7 +1284,7 @@ The password must correspond to the key ID configured in <code>ntp.conf</code> f <br><dt><code><a name="raw"></a> raw</code><dd>Display server messages as received and without reformatting. - <br><dt><code><a name="timeout"></a> timeout </code><kbd>millseconds</kbd><dd>Specify a timeout period for responses to server queries. + <br><dt><code><a name="timeout"></a> timeout </code><kbd>milliseconds</kbd><dd>Specify a timeout period for responses to server queries. The default is about 5000 milliseconds. Note that since <code>ntpq</code> retries each query once after a timeout the total waiting time for a timeout will be twice the timeout value set. diff --git a/ntpq/ntpq.man.in b/ntpq/ntpq.man.in index d28d30c74b39..d9f229abbe79 100644 --- a/ntpq/ntpq.man.in +++ b/ntpq/ntpq.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntpq @NTPQ_MS@ "27 Feb 2018" "4.2.8p11" "User Commands" +.TH ntpq @NTPQ_MS@ "14 Aug 2018" "4.2.8p12" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-D4aGRT/ag-Q4ayQT) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-_XaWRE/ag-lYaOQE) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:15:22 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:29:58 AM by AutoGen 5.18.5 .\" From the definitions ntpq-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/ntpq/ntpq.mdoc.in b/ntpq/ntpq.mdoc.in index e0804f1615ef..60b361c53b4b 100644 --- a/ntpq/ntpq.mdoc.in +++ b/ntpq/ntpq.mdoc.in @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt NTPQ @NTPQ_MS@ User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:15:28 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:30:05 AM by AutoGen 5.18.5 .\" From the definitions ntpq-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/ntpq/ntpq.texi b/ntpq/ntpq.texi index 55261789767a..260a5ab61f1c 100644 --- a/ntpq/ntpq.texi +++ b/ntpq/ntpq.texi @@ -186,7 +186,7 @@ Exit @code{ntpq}. @item @anchor{raw} @code{raw} Display server messages as received and without reformatting. -@item @anchor{timeout} @code{timeout @kbd{millseconds}} +@item @anchor{timeout} @code{timeout @kbd{milliseconds}} Specify a timeout period for responses to server queries. The default is about 5000 milliseconds. Note that since @code{ntpq} retries each query once after a timeout diff --git a/ntpsnmpd/invoke-ntpsnmpd.texi b/ntpsnmpd/invoke-ntpsnmpd.texi index 90fd00d14c00..34b283df7723 100644 --- a/ntpsnmpd/invoke-ntpsnmpd.texi +++ b/ntpsnmpd/invoke-ntpsnmpd.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntpsnmpd.texi) # -# It has been AutoGen-ed February 27, 2018 at 05:15:36 PM by AutoGen 5.18.5 +# It has been AutoGen-ed August 14, 2018 at 08:30:14 AM by AutoGen 5.18.5 # From the definitions ntpsnmpd-opts.def # and the template file agtexi-cmd.tpl @end ignore diff --git a/ntpsnmpd/ntpsnmpd-opts.c b/ntpsnmpd/ntpsnmpd-opts.c index 8e957bc791bc..76fd86ba73a4 100644 --- a/ntpsnmpd/ntpsnmpd-opts.c +++ b/ntpsnmpd/ntpsnmpd-opts.c @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.c) * - * It has been AutoGen-ed February 27, 2018 at 05:15:31 PM by AutoGen 5.18.5 + * It has been AutoGen-ed August 14, 2018 at 08:30:08 AM by AutoGen 5.18.5 * From the definitions ntpsnmpd-opts.def * and the template file options * @@ -61,7 +61,7 @@ extern FILE * option_usage_fp; * static const strings for ntpsnmpd options */ static char const ntpsnmpd_opt_strs[1613] = -/* 0 */ "ntpsnmpd 4.2.8p11\n" +/* 0 */ "ntpsnmpd 4.2.8p12\n" "Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n" "This is free software. It is licensed for use, modification and\n" "redistribution under the terms of the NTP License, copies of which\n" @@ -101,14 +101,14 @@ static char const ntpsnmpd_opt_strs[1613] = /* 1415 */ "no-load-opts\0" /* 1428 */ "no\0" /* 1431 */ "NTPSNMPD\0" -/* 1440 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p11\n" +/* 1440 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p12\n" "Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0" /* 1544 */ "$HOME\0" /* 1550 */ ".\0" /* 1552 */ ".ntprc\0" /* 1559 */ "http://bugs.ntp.org, bugs@ntp.org\0" /* 1593 */ "\n\0" -/* 1595 */ "ntpsnmpd 4.2.8p11"; +/* 1595 */ "ntpsnmpd 4.2.8p12"; /** * nofork option description: @@ -554,7 +554,7 @@ static void bogus_function(void) { translate option names. */ /* referenced via ntpsnmpdOptions.pzCopyright */ - puts(_("ntpsnmpd 4.2.8p11\n\ + puts(_("ntpsnmpd 4.2.8p12\n\ Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n\ This is free software. It is licensed for use, modification and\n\ redistribution under the terms of the NTP License, copies of which\n\ @@ -599,14 +599,14 @@ implied warranty.\n")); puts(_("load options from a config file")); /* referenced via ntpsnmpdOptions.pzUsageTitle */ - puts(_("ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p11\n\ + puts(_("ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p12\n\ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n")); /* referenced via ntpsnmpdOptions.pzExplain */ puts(_("\n")); /* referenced via ntpsnmpdOptions.pzFullVersion */ - puts(_("ntpsnmpd 4.2.8p11")); + puts(_("ntpsnmpd 4.2.8p12")); /* referenced via ntpsnmpdOptions.pzFullUsage */ puts(_("<<<NOT-FOUND>>>")); diff --git a/ntpsnmpd/ntpsnmpd-opts.h b/ntpsnmpd/ntpsnmpd-opts.h index 5219659d371b..571589122cc6 100644 --- a/ntpsnmpd/ntpsnmpd-opts.h +++ b/ntpsnmpd/ntpsnmpd-opts.h @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.h) * - * It has been AutoGen-ed February 27, 2018 at 05:15:31 PM by AutoGen 5.18.5 + * It has been AutoGen-ed August 14, 2018 at 08:30:08 AM by AutoGen 5.18.5 * From the definitions ntpsnmpd-opts.def * and the template file options * @@ -76,9 +76,9 @@ typedef enum { /** count of all options for ntpsnmpd */ #define OPTION_CT 8 /** ntpsnmpd version */ -#define NTPSNMPD_VERSION "4.2.8p11" +#define NTPSNMPD_VERSION "4.2.8p12" /** Full ntpsnmpd version text */ -#define NTPSNMPD_FULL_VERSION "ntpsnmpd 4.2.8p11" +#define NTPSNMPD_FULL_VERSION "ntpsnmpd 4.2.8p12" /** * Interface defines for all options. Replace "n" with the UPPER_CASED diff --git a/ntpsnmpd/ntpsnmpd.1ntpsnmpdman b/ntpsnmpd/ntpsnmpd.1ntpsnmpdman index 2d5015634503..edea2f2316cf 100644 --- a/ntpsnmpd/ntpsnmpd.1ntpsnmpdman +++ b/ntpsnmpd/ntpsnmpd.1ntpsnmpdman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntpsnmpd 1ntpsnmpdman "27 Feb 2018" "4.2.8p11" "User Commands" +.TH ntpsnmpd 1ntpsnmpdman "14 Aug 2018" "4.2.8p12" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-_Ia4FU/ag-lJaWEU) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-vVaOGF/ag-HVaGFF) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:15:33 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:30:10 AM by AutoGen 5.18.5 .\" From the definitions ntpsnmpd-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc b/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc index b7aa23e3450b..f032cb20d969 100644 --- a/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc +++ b/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt NTPSNMPD 1ntpsnmpdmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:15:39 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:30:16 AM by AutoGen 5.18.5 .\" From the definitions ntpsnmpd-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/ntpsnmpd/ntpsnmpd.html b/ntpsnmpd/ntpsnmpd.html index c12d7669b231..45dc4b25fc2e 100644 --- a/ntpsnmpd/ntpsnmpd.html +++ b/ntpsnmpd/ntpsnmpd.html @@ -42,7 +42,7 @@ Up: <a rel="up" accesskey="u" href="#dir">(dir)</a> <p>The <code>ntpsnmpd</code> utility program is used to monitor NTP daemon <code>ntpd</code> operations and determine performance. It uses the standard NTP mode 6 control - <p>This document applies to version 4.2.8p11 of <code>ntpsnmpd</code>. + <p>This document applies to version 4.2.8p12 of <code>ntpsnmpd</code>. <ul class="menu"> <li><a accesskey="1" href="#ntpsnmpd-Description">ntpsnmpd Description</a>: Description diff --git a/ntpsnmpd/ntpsnmpd.man.in b/ntpsnmpd/ntpsnmpd.man.in index 4c4a392ddc3e..5d2a641d7cc5 100644 --- a/ntpsnmpd/ntpsnmpd.man.in +++ b/ntpsnmpd/ntpsnmpd.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntpsnmpd @NTPSNMPD_MS@ "27 Feb 2018" "4.2.8p11" "User Commands" +.TH ntpsnmpd @NTPSNMPD_MS@ "14 Aug 2018" "4.2.8p12" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-_Ia4FU/ag-lJaWEU) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-vVaOGF/ag-HVaGFF) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:15:33 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:30:10 AM by AutoGen 5.18.5 .\" From the definitions ntpsnmpd-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/ntpsnmpd/ntpsnmpd.mdoc.in b/ntpsnmpd/ntpsnmpd.mdoc.in index e383e0c10312..536b6341041a 100644 --- a/ntpsnmpd/ntpsnmpd.mdoc.in +++ b/ntpsnmpd/ntpsnmpd.mdoc.in @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt NTPSNMPD @NTPSNMPD_MS@ User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:15:39 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:30:16 AM by AutoGen 5.18.5 .\" From the definitions ntpsnmpd-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/packageinfo.sh b/packageinfo.sh index 0f45fbfbb5e0..80b99edecbc0 100644 --- a/packageinfo.sh +++ b/packageinfo.sh @@ -83,7 +83,7 @@ CLTAG=NTP_4_2_0 # - Numeric values increment # - empty 'increments' to 1 # - NEW 'increments' to empty -point=11 +point=12 ### betapoint is normally modified by script. # ntp-stable Beta number (betapoint) diff --git a/ports/winnt/include/ntservice.h b/ports/winnt/include/ntservice.h index f44335fdb3b9..46c5bd657f08 100644 --- a/ports/winnt/include/ntservice.h +++ b/ports/winnt/include/ntservice.h @@ -22,6 +22,7 @@ #define NTP_SERVICE_NAME "ntpd" void ntservice_init(void); +void ntservice_isup(void); void UpdateSCM(DWORD); void WINAPI ServiceControl(DWORD dwCtrlCode); void ntservice_shutdown(void); diff --git a/ports/winnt/ntpd/nt_clockstuff.c b/ports/winnt/ntpd/nt_clockstuff.c index fdb3c475fbd0..b937c34030f8 100644 --- a/ports/winnt/ntpd/nt_clockstuff.c +++ b/ports/winnt/ntpd/nt_clockstuff.c @@ -659,12 +659,6 @@ init_winnt_time(void) if (winnt_time_initialized) return; - /* - * Make sure the service is initialized - * before we do anything else - */ - ntservice_init(); - /* Set up the Console Handler */ if (!SetConsoleCtrlHandler(OnConsoleEvent, TRUE)) { msyslog(LOG_ERR, "Can't set console control handler: %m"); diff --git a/ports/winnt/ntpd/ntservice.c b/ports/winnt/ntpd/ntservice.c index 2b9bc64caf53..01aad478426a 100644 --- a/ports/winnt/ntpd/ntservice.c +++ b/ports/winnt/ntpd/ntservice.c @@ -46,10 +46,10 @@ extern int accept_wildcard_if_for_winnt; /* * Forward declarations */ -void uninit_io_completion_port(); -int ntpdmain(int argc, char *argv[]); -void WINAPI ServiceControl(DWORD dwCtrlCode); -void ntservice_exit(void); +extern void uninit_io_completion_port(); +extern int ntpdmain(int argc, char *argv[]); +extern void WINAPI ServiceControl(DWORD dwCtrlCode); +extern void ntservice_exit(void); #ifdef WRAP_DBG_MALLOC void *wrap_dbg_malloc(size_t s, const char *f, int l); @@ -147,7 +147,8 @@ int main( * Initialize the Service by registering it. */ void -ntservice_init() { +ntservice_init(void) +{ char ConsoleTitle[256]; if (!foreground) { @@ -156,10 +157,10 @@ ntservice_init() { ServiceControl); if (!hServiceStatus) { NTReportError(NTP_SERVICE_NAME, - "could not register service control handler"); + "could not register with SCM"); exit(1); } - UpdateSCM(SERVICE_RUNNING); + UpdateSCM(SERVICE_START_PENDING); } else { snprintf(ConsoleTitle, sizeof(ConsoleTitle), "NTP Version %s", Version); @@ -192,18 +193,32 @@ ntservice_init() { atexit( ntservice_exit ); } +void +ntservice_isup(void) +{ + if (!foreground) { + /* Register handler with the SCM */ + if (!hServiceStatus) { + NTReportError(NTP_SERVICE_NAME, + "could not report to SCM"); + exit(1); + } + UpdateSCM(SERVICE_RUNNING); + } +} /* * Routine to check if the service is stopping * because the computer is shutting down */ BOOL -ntservice_systemisshuttingdown() { +ntservice_systemisshuttingdown(void) +{ return computer_shutting_down; } void -ntservice_exit( void ) +ntservice_exit(void) { uninit_io_completion_port(); Sleep( 200 ); //##++ @@ -266,9 +281,15 @@ ServiceControl( /* * Tell the Service Control Manager the state of the service. */ -void UpdateSCM(DWORD state) { - SERVICE_STATUS ss; +void +UpdateSCM( + DWORD state + ) +{ static DWORD dwState = SERVICE_STOPPED; + static DWORD dwCheck = 0; + + SERVICE_STATUS ss; if (hServiceStatus) { if (state) @@ -277,12 +298,26 @@ void UpdateSCM(DWORD state) { ZERO(ss); ss.dwServiceType |= SERVICE_WIN32_OWN_PROCESS; ss.dwCurrentState = dwState; - ss.dwControlsAccepted = SERVICE_ACCEPT_STOP | - SERVICE_ACCEPT_SHUTDOWN; - ss.dwCheckPoint = 0; - ss.dwServiceSpecificExitCode = 0; - ss.dwWin32ExitCode = NO_ERROR; - ss.dwWaitHint = dwState == SERVICE_STOP_PENDING ? 5000 : 1000; + /* ss.dwServiceSpecificExitCode = 0; default by ZERO(ss) */ + /* ss.dwWin32ExitCode = NO_ERROR; default by ZERO(ss) */ + + switch (dwState) { + case SERVICE_START_PENDING: + ss.dwControlsAccepted = 0; + ss.dwWaitHint = 15000; + ss.dwCheckPoint = ++dwCheck; + break; + case SERVICE_STOP_PENDING: + ss.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN; + ss.dwWaitHint = 3000; + ss.dwCheckPoint = ++dwCheck; + break; + default: + ss.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN; + ss.dwWaitHint = 1000; + ss.dwCheckPoint = dwCheck = 0; + break; + } SetServiceStatus(hServiceStatus, &ss); } diff --git a/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman b/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman index 33c6a436406b..8fa228e8a13f 100644 --- a/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman +++ b/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH calc_tickadj 1calc_tickadjman "27 Feb 2018" "ntp (4.2.8p11)" "User Commands" +.TH calc_tickadj 1calc_tickadjman "14 Aug 2018" "ntp (4.2.8p12)" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-mfaiQP/ag-zfaqPP) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-98aG9a/ag-j9aG8a) .\" -.\" It has been AutoGen-ed February 27, 2018 at 10:49:40 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:08:53 AM by AutoGen 5.18.5 .\" From the definitions calc_tickadj-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc b/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc index 075524066715..467f1e8e2266 100644 --- a/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc +++ b/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt CALC_TICKADJ 1calc_tickadjmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (calc_tickadj-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 10:49:43 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:08:56 AM by AutoGen 5.18.5 .\" From the definitions calc_tickadj-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/calc_tickadj/calc_tickadj.html b/scripts/calc_tickadj/calc_tickadj.html index 930d90ce8eb0..baba8c71883b 100644 --- a/scripts/calc_tickadj/calc_tickadj.html +++ b/scripts/calc_tickadj/calc_tickadj.html @@ -31,7 +31,7 @@ Up: <a rel="up" accesskey="u" href="#dir">(dir)</a> <h2 class="unnumbered">calc_tickadj User's Manual</h2> <p>This document describes the use of the NTP Project's <code>calc_tickadj</code> program. -This document applies to version 4.2.8p11 of <code>calc_tickadj</code>. +This document applies to version 4.2.8p12 of <code>calc_tickadj</code>. <div class="shortcontents"> <h2>Short Contents</h2> diff --git a/scripts/calc_tickadj/calc_tickadj.man.in b/scripts/calc_tickadj/calc_tickadj.man.in index 33c6a436406b..8fa228e8a13f 100644 --- a/scripts/calc_tickadj/calc_tickadj.man.in +++ b/scripts/calc_tickadj/calc_tickadj.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH calc_tickadj 1calc_tickadjman "27 Feb 2018" "ntp (4.2.8p11)" "User Commands" +.TH calc_tickadj 1calc_tickadjman "14 Aug 2018" "ntp (4.2.8p12)" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-mfaiQP/ag-zfaqPP) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-98aG9a/ag-j9aG8a) .\" -.\" It has been AutoGen-ed February 27, 2018 at 10:49:40 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:08:53 AM by AutoGen 5.18.5 .\" From the definitions calc_tickadj-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/calc_tickadj/calc_tickadj.mdoc.in b/scripts/calc_tickadj/calc_tickadj.mdoc.in index 075524066715..467f1e8e2266 100644 --- a/scripts/calc_tickadj/calc_tickadj.mdoc.in +++ b/scripts/calc_tickadj/calc_tickadj.mdoc.in @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt CALC_TICKADJ 1calc_tickadjmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (calc_tickadj-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 10:49:43 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:08:56 AM by AutoGen 5.18.5 .\" From the definitions calc_tickadj-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/calc_tickadj/invoke-calc_tickadj.texi b/scripts/calc_tickadj/invoke-calc_tickadj.texi index 9c4b7ed2f500..e88fea882dc2 100644 --- a/scripts/calc_tickadj/invoke-calc_tickadj.texi +++ b/scripts/calc_tickadj/invoke-calc_tickadj.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-calc_tickadj.texi) # -# It has been AutoGen-ed February 27, 2018 at 10:49:45 AM by AutoGen 5.18.5 +# It has been AutoGen-ed August 14, 2018 at 08:08:59 AM by AutoGen 5.18.5 # From the definitions calc_tickadj-opts.def # and the template file agtexi-cmd.tpl @end ignore diff --git a/scripts/invoke-plot_summary.texi b/scripts/invoke-plot_summary.texi index e2c7d958a3e6..d4616e2e946e 100644 --- a/scripts/invoke-plot_summary.texi +++ b/scripts/invoke-plot_summary.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-plot_summary.texi) # -# It has been AutoGen-ed February 27, 2018 at 04:55:58 PM by AutoGen 5.18.5 +# It has been AutoGen-ed August 14, 2018 at 08:09:41 AM by AutoGen 5.18.5 # From the definitions plot_summary-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -41,7 +41,7 @@ with a status code of 0. @exampleindent 0 @example -plot_summary - plot statistics generated by summary script - Ver. 4.2.8p11 +plot_summary - plot statistics generated by summary script - Ver. 4.2.8p12 USAGE: plot_summary [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... --directory=str Where the summary files are diff --git a/scripts/invoke-summary.texi b/scripts/invoke-summary.texi index 2a6d5a4fbbb6..e39457883a7f 100644 --- a/scripts/invoke-summary.texi +++ b/scripts/invoke-summary.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-summary.texi) # -# It has been AutoGen-ed February 27, 2018 at 04:56:04 PM by AutoGen 5.18.5 +# It has been AutoGen-ed August 14, 2018 at 08:09:47 AM by AutoGen 5.18.5 # From the definitions summary-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -42,7 +42,7 @@ with a status code of 0. @exampleindent 0 @example -summary - compute various stastics from NTP stat files - Ver. 4.2.8p11 +summary - compute various stastics from NTP stat files - Ver. 4.2.8p12 USAGE: summary [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... --directory=str Directory containing stat files diff --git a/scripts/ntp-wait/invoke-ntp-wait.texi b/scripts/ntp-wait/invoke-ntp-wait.texi index 786f3b7e26cc..83bc954d857a 100644 --- a/scripts/ntp-wait/invoke-ntp-wait.texi +++ b/scripts/ntp-wait/invoke-ntp-wait.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntp-wait.texi) # -# It has been AutoGen-ed February 27, 2018 at 10:49:53 AM by AutoGen 5.18.5 +# It has been AutoGen-ed August 14, 2018 at 08:09:07 AM by AutoGen 5.18.5 # From the definitions ntp-wait-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -61,7 +61,7 @@ with a status code of 0. @exampleindent 0 @example -ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p11 +ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p12 USAGE: ntp-wait [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... -n, --tries=num Number of times to check ntpd diff --git a/scripts/ntp-wait/ntp-wait-opts b/scripts/ntp-wait/ntp-wait-opts index 4e6c4a01bbf9..47c4c1ac8a05 100644 --- a/scripts/ntp-wait/ntp-wait-opts +++ b/scripts/ntp-wait/ntp-wait-opts @@ -1,6 +1,6 @@ # EDIT THIS FILE WITH CAUTION (ntp-wait-opts) # -# It has been AutoGen-ed February 27, 2018 at 10:49:48 AM by AutoGen 5.18.5 +# It has been AutoGen-ed August 14, 2018 at 08:09:02 AM by AutoGen 5.18.5 # From the definitions ntp-wait-opts.def # and the template file perlopt @@ -40,7 +40,7 @@ sub processOptions { 'help|?', 'more-help')); $usage = <<'USAGE'; -ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p11 +ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p12 USAGE: ntp-wait [ -<flag> [<val>] | --<name>[{=| }<val>] ]... -n, --tries=num Number of times to check ntpd diff --git a/scripts/ntp-wait/ntp-wait.1ntp-waitman b/scripts/ntp-wait/ntp-wait.1ntp-waitman index 43158be1cd74..d73885ad545b 100644 --- a/scripts/ntp-wait/ntp-wait.1ntp-waitman +++ b/scripts/ntp-wait/ntp-wait.1ntp-waitman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntp-wait 1ntp-waitman "27 Feb 2018" "ntp (4.2.8p11)" "User Commands" +.TH ntp-wait 1ntp-waitman "14 Aug 2018" "ntp (4.2.8p12)" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-tuay0Q/ag-GuaGZQ) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-GBaimc/ag-SBaqlc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 10:49:50 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:04 AM by AutoGen 5.18.5 .\" From the definitions ntp-wait-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc b/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc index bd33fc9fa6fb..44ffe648c40b 100644 --- a/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc +++ b/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt NTP_WAIT 1ntp-waitmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntp-wait-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 10:49:55 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:10 AM by AutoGen 5.18.5 .\" From the definitions ntp-wait-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/ntp-wait/ntp-wait.html b/scripts/ntp-wait/ntp-wait.html index ef8e53e88b71..3679e8ba6c49 100644 --- a/scripts/ntp-wait/ntp-wait.html +++ b/scripts/ntp-wait/ntp-wait.html @@ -39,7 +39,7 @@ until the system's time has stabilized and synchronized, and only then start any applicaitons (like database servers) that require accurate and stable time. - <p>This document applies to version 4.2.8p11 of <code>ntp-wait</code>. + <p>This document applies to version 4.2.8p12 of <code>ntp-wait</code>. <div class="shortcontents"> <h2>Short Contents</h2> @@ -114,7 +114,7 @@ the usage text by passing it through a pager program. used to select the program, defaulting to <span class="file">more</span>. Both will exit with a status code of 0. -<pre class="example">ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p11 +<pre class="example">ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p12 USAGE: ntp-wait [ -<flag> [<val>] | --<name>[{=| }<val>] ]... -n, --tries=num Number of times to check ntpd diff --git a/scripts/ntp-wait/ntp-wait.man.in b/scripts/ntp-wait/ntp-wait.man.in index c113287fe0b6..1b41badc0a82 100644 --- a/scripts/ntp-wait/ntp-wait.man.in +++ b/scripts/ntp-wait/ntp-wait.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntp-wait @NTP_WAIT_MS@ "27 Feb 2018" "ntp (4.2.8p11)" "User Commands" +.TH ntp-wait @NTP_WAIT_MS@ "14 Aug 2018" "ntp (4.2.8p12)" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-tuay0Q/ag-GuaGZQ) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-GBaimc/ag-SBaqlc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 10:49:50 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:04 AM by AutoGen 5.18.5 .\" From the definitions ntp-wait-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/ntp-wait/ntp-wait.mdoc.in b/scripts/ntp-wait/ntp-wait.mdoc.in index c7927156703a..127f14f5caba 100644 --- a/scripts/ntp-wait/ntp-wait.mdoc.in +++ b/scripts/ntp-wait/ntp-wait.mdoc.in @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt NTP_WAIT @NTP_WAIT_MS@ User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntp-wait-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 10:49:55 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:10 AM by AutoGen 5.18.5 .\" From the definitions ntp-wait-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/ntpsweep/invoke-ntpsweep.texi b/scripts/ntpsweep/invoke-ntpsweep.texi index 17a7b6e7b8d5..60c1f7bff162 100644 --- a/scripts/ntpsweep/invoke-ntpsweep.texi +++ b/scripts/ntpsweep/invoke-ntpsweep.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntpsweep.texi) # -# It has been AutoGen-ed February 27, 2018 at 10:49:59 AM by AutoGen 5.18.5 +# It has been AutoGen-ed August 14, 2018 at 08:09:13 AM by AutoGen 5.18.5 # From the definitions ntpsweep-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -45,7 +45,7 @@ with a status code of 0. @exampleindent 0 @example -ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p11 +ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p12 USAGE: ntpsweep [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [hostfile] -l, --host-list=str Host to execute actions on diff --git a/scripts/ntpsweep/ntpsweep-opts b/scripts/ntpsweep/ntpsweep-opts index 06dc7ce4f74b..c754a3f45576 100644 --- a/scripts/ntpsweep/ntpsweep-opts +++ b/scripts/ntpsweep/ntpsweep-opts @@ -1,6 +1,6 @@ # EDIT THIS FILE WITH CAUTION (ntpsweep-opts) # -# It has been AutoGen-ed February 27, 2018 at 10:49:57 AM by AutoGen 5.18.5 +# It has been AutoGen-ed August 14, 2018 at 08:09:11 AM by AutoGen 5.18.5 # From the definitions ntpsweep-opts.def # and the template file perlopt @@ -43,7 +43,7 @@ sub processOptions { 'help|?', 'more-help')); $usage = <<'USAGE'; -ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p11 +ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p12 USAGE: ntpsweep [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [hostfile] -l, --host-list=str Host to execute actions on diff --git a/scripts/ntpsweep/ntpsweep.1ntpsweepman b/scripts/ntpsweep/ntpsweep.1ntpsweepman index 34a48a8bd226..fa4ab4bd0b22 100644 --- a/scripts/ntpsweep/ntpsweep.1ntpsweepman +++ b/scripts/ntpsweep/ntpsweep.1ntpsweepman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntpsweep 1ntpsweepman "27 Feb 2018" "ntp (4.2.8p11)" "User Commands" +.TH ntpsweep 1ntpsweepman "14 Aug 2018" "ntp (4.2.8p12)" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-cfaGaS/ag-pfaO_R) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-csaqyd/ag-psayxd) .\" -.\" It has been AutoGen-ed February 27, 2018 at 10:50:01 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:15 AM by AutoGen 5.18.5 .\" From the definitions ntpsweep-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc b/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc index d3b142f48e8a..43c44a2b52d2 100644 --- a/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc +++ b/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt NTPSWEEP 1ntpsweepmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpsweep-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 10:50:04 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:18 AM by AutoGen 5.18.5 .\" From the definitions ntpsweep-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/ntpsweep/ntpsweep.html b/scripts/ntpsweep/ntpsweep.html index b44457bc5c6c..8c9737e95f81 100644 --- a/scripts/ntpsweep/ntpsweep.html +++ b/scripts/ntpsweep/ntpsweep.html @@ -30,7 +30,7 @@ Up: <a rel="up" accesskey="u" href="#dir">(dir)</a> <p>This document describes the use of the NTP Project's <code>ntpsweep</code> program. - <p>This document applies to version 4.2.8p11 of <code>ntpsweep</code>. + <p>This document applies to version 4.2.8p12 of <code>ntpsweep</code>. <div class="shortcontents"> <h2>Short Contents</h2> @@ -90,7 +90,7 @@ the usage text by passing it through a pager program. used to select the program, defaulting to <span class="file">more</span>. Both will exit with a status code of 0. -<pre class="example">ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p11 +<pre class="example">ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p12 USAGE: ntpsweep [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [hostfile] -l, --host-list=str Host to execute actions on diff --git a/scripts/ntpsweep/ntpsweep.man.in b/scripts/ntpsweep/ntpsweep.man.in index 34a48a8bd226..fa4ab4bd0b22 100644 --- a/scripts/ntpsweep/ntpsweep.man.in +++ b/scripts/ntpsweep/ntpsweep.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntpsweep 1ntpsweepman "27 Feb 2018" "ntp (4.2.8p11)" "User Commands" +.TH ntpsweep 1ntpsweepman "14 Aug 2018" "ntp (4.2.8p12)" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-cfaGaS/ag-pfaO_R) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-csaqyd/ag-psayxd) .\" -.\" It has been AutoGen-ed February 27, 2018 at 10:50:01 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:15 AM by AutoGen 5.18.5 .\" From the definitions ntpsweep-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/ntpsweep/ntpsweep.mdoc.in b/scripts/ntpsweep/ntpsweep.mdoc.in index d3b142f48e8a..43c44a2b52d2 100644 --- a/scripts/ntpsweep/ntpsweep.mdoc.in +++ b/scripts/ntpsweep/ntpsweep.mdoc.in @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt NTPSWEEP 1ntpsweepmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpsweep-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 10:50:04 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:18 AM by AutoGen 5.18.5 .\" From the definitions ntpsweep-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/ntptrace/invoke-ntptrace.texi b/scripts/ntptrace/invoke-ntptrace.texi index f10f347f0fb1..072434f22494 100644 --- a/scripts/ntptrace/invoke-ntptrace.texi +++ b/scripts/ntptrace/invoke-ntptrace.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntptrace.texi) # -# It has been AutoGen-ed February 27, 2018 at 10:50:11 AM by AutoGen 5.18.5 +# It has been AutoGen-ed August 14, 2018 at 08:09:25 AM by AutoGen 5.18.5 # From the definitions ntptrace-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -62,7 +62,7 @@ with a status code of 0. @exampleindent 0 @example -ntptrace - Trace peers of an NTP server - Ver. 4.2.8p11 +ntptrace - Trace peers of an NTP server - Ver. 4.2.8p12 USAGE: ntptrace [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [host] -n, --numeric Print IP addresses instead of hostnames diff --git a/scripts/ntptrace/ntptrace-opts b/scripts/ntptrace/ntptrace-opts index 17f513ab2749..5e15567def8a 100644 --- a/scripts/ntptrace/ntptrace-opts +++ b/scripts/ntptrace/ntptrace-opts @@ -1,6 +1,6 @@ # EDIT THIS FILE WITH CAUTION (ntptrace-opts) # -# It has been AutoGen-ed February 27, 2018 at 10:50:06 AM by AutoGen 5.18.5 +# It has been AutoGen-ed August 14, 2018 at 08:09:20 AM by AutoGen 5.18.5 # From the definitions ntptrace-opts.def # and the template file perlopt @@ -40,7 +40,7 @@ sub processOptions { 'help|?', 'more-help')); $usage = <<'USAGE'; -ntptrace - Trace peers of an NTP server - Ver. 4.2.8p11 +ntptrace - Trace peers of an NTP server - Ver. 4.2.8p12 USAGE: ntptrace [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [host] -n, --numeric Print IP addresses instead of hostnames diff --git a/scripts/ntptrace/ntptrace.1ntptraceman b/scripts/ntptrace/ntptrace.1ntptraceman index 2c4e1b0e33bb..f9c3b53bc80e 100644 --- a/scripts/ntptrace/ntptrace.1ntptraceman +++ b/scripts/ntptrace/ntptrace.1ntptraceman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntptrace 1ntptraceman "27 Feb 2018" "ntp (4.2.8p11)" "User Commands" +.TH ntptrace 1ntptraceman "14 Aug 2018" "ntp (4.2.8p12)" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-wXa4cT/ag-JXaacT) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-n1aOAe/ag-B1aWze) .\" -.\" It has been AutoGen-ed February 27, 2018 at 10:50:08 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:22 AM by AutoGen 5.18.5 .\" From the definitions ntptrace-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/ntptrace/ntptrace.1ntptracemdoc b/scripts/ntptrace/ntptrace.1ntptracemdoc index f4c355c30038..fc8301ba1417 100644 --- a/scripts/ntptrace/ntptrace.1ntptracemdoc +++ b/scripts/ntptrace/ntptrace.1ntptracemdoc @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt NTPTRACE 1ntptracemdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntptrace-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 10:50:13 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:27 AM by AutoGen 5.18.5 .\" From the definitions ntptrace-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/ntptrace/ntptrace.html b/scripts/ntptrace/ntptrace.html index 53a16e9e0777..3026102e667d 100644 --- a/scripts/ntptrace/ntptrace.html +++ b/scripts/ntptrace/ntptrace.html @@ -31,7 +31,7 @@ Up: <a rel="up" accesskey="u" href="#dir">(dir)</a> <h2 class="unnumbered">Simple Network Time Protocol User Manual</h2> <p>This document describes the use of the NTP Project's <code>ntptrace</code> program. -This document applies to version 4.2.8p11 of <code>ntptrace</code>. +This document applies to version 4.2.8p12 of <code>ntptrace</code>. <div class="shortcontents"> <h2>Short Contents</h2> @@ -107,7 +107,7 @@ the usage text by passing it through a pager program. used to select the program, defaulting to <span class="file">more</span>. Both will exit with a status code of 0. -<pre class="example">ntptrace - Trace peers of an NTP server - Ver. 4.2.8p11 +<pre class="example">ntptrace - Trace peers of an NTP server - Ver. 4.2.8p12 USAGE: ntptrace [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [host] -n, --numeric Print IP addresses instead of hostnames diff --git a/scripts/ntptrace/ntptrace.man.in b/scripts/ntptrace/ntptrace.man.in index 756e60e1a689..fb47716fd8af 100644 --- a/scripts/ntptrace/ntptrace.man.in +++ b/scripts/ntptrace/ntptrace.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntptrace @NTPTRACE_MS@ "27 Feb 2018" "ntp (4.2.8p11)" "User Commands" +.TH ntptrace @NTPTRACE_MS@ "14 Aug 2018" "ntp (4.2.8p12)" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-wXa4cT/ag-JXaacT) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-n1aOAe/ag-B1aWze) .\" -.\" It has been AutoGen-ed February 27, 2018 at 10:50:08 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:22 AM by AutoGen 5.18.5 .\" From the definitions ntptrace-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/ntptrace/ntptrace.mdoc.in b/scripts/ntptrace/ntptrace.mdoc.in index 7a50cafafa83..2d02bd81191f 100644 --- a/scripts/ntptrace/ntptrace.mdoc.in +++ b/scripts/ntptrace/ntptrace.mdoc.in @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt NTPTRACE @NTPTRACE_MS@ User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntptrace-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 10:50:13 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:27 AM by AutoGen 5.18.5 .\" From the definitions ntptrace-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/plot_summary-opts b/scripts/plot_summary-opts index 462150bb8406..0e2c8ce132de 100644 --- a/scripts/plot_summary-opts +++ b/scripts/plot_summary-opts @@ -1,6 +1,6 @@ # EDIT THIS FILE WITH CAUTION (plot_summary-opts) # -# It has been AutoGen-ed February 27, 2018 at 04:55:55 PM by AutoGen 5.18.5 +# It has been AutoGen-ed August 14, 2018 at 08:09:38 AM by AutoGen 5.18.5 # From the definitions plot_summary-opts.def # and the template file perlopt @@ -46,7 +46,7 @@ sub processOptions { 'help|?', 'more-help')); $usage = <<'USAGE'; -plot_summary - plot statistics generated by summary script - Ver. 4.2.8p11 +plot_summary - plot statistics generated by summary script - Ver. 4.2.8p12 USAGE: plot_summary [ -<flag> [<val>] | --<name>[{=| }<val>] ]... --directory=str Where the summary files are diff --git a/scripts/plot_summary.1plot_summaryman b/scripts/plot_summary.1plot_summaryman index f3a2a8ea1613..702742e2212b 100644 --- a/scripts/plot_summary.1plot_summaryman +++ b/scripts/plot_summary.1plot_summaryman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH plot_summary 1plot_summaryman "27 Feb 2018" "ntp (4.2.8p11)" "User Commands" +.TH plot_summary 1plot_summaryman "14 Aug 2018" "ntp (4.2.8p12)" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-NpayvG/ag-0paGuG) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-_gaOWg/ag-lhaWVg) .\" -.\" It has been AutoGen-ed February 27, 2018 at 04:56:00 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:43 AM by AutoGen 5.18.5 .\" From the definitions plot_summary-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/plot_summary.1plot_summarymdoc b/scripts/plot_summary.1plot_summarymdoc index f2ff40f4c69c..dc55fc309340 100644 --- a/scripts/plot_summary.1plot_summarymdoc +++ b/scripts/plot_summary.1plot_summarymdoc @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt PLOT_SUMMARY 1plot_summarymdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (plot_summary-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 04:56:02 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:45 AM by AutoGen 5.18.5 .\" From the definitions plot_summary-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/plot_summary.html b/scripts/plot_summary.html index 6a2fac5ee85c..386b75269893 100644 --- a/scripts/plot_summary.html +++ b/scripts/plot_summary.html @@ -31,7 +31,7 @@ Up: <a rel="up" accesskey="u" href="#dir">(dir)</a> <h2 class="unnumbered">Plot_summary User Manual</h2> <p>This document describes the use of the NTP Project's <code>plot_summary</code> program. -This document applies to version 4.2.8p11 of <code>plot_summary</code>. +This document applies to version 4.2.8p12 of <code>plot_summary</code>. <div class="shortcontents"> <h2>Short Contents</h2> @@ -89,7 +89,7 @@ the usage text by passing it through a pager program. used to select the program, defaulting to <span class="file">more</span>. Both will exit with a status code of 0. -<pre class="example">plot_summary - plot statistics generated by summary script - Ver. 4.2.8p11 +<pre class="example">plot_summary - plot statistics generated by summary script - Ver. 4.2.8p12 USAGE: plot_summary [ -<flag> [<val>] | --<name>[{=| }<val>] ]... --directory=str Where the summary files are diff --git a/scripts/plot_summary.man.in b/scripts/plot_summary.man.in index f3a2a8ea1613..702742e2212b 100644 --- a/scripts/plot_summary.man.in +++ b/scripts/plot_summary.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH plot_summary 1plot_summaryman "27 Feb 2018" "ntp (4.2.8p11)" "User Commands" +.TH plot_summary 1plot_summaryman "14 Aug 2018" "ntp (4.2.8p12)" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-NpayvG/ag-0paGuG) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-_gaOWg/ag-lhaWVg) .\" -.\" It has been AutoGen-ed February 27, 2018 at 04:56:00 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:43 AM by AutoGen 5.18.5 .\" From the definitions plot_summary-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/plot_summary.mdoc.in b/scripts/plot_summary.mdoc.in index f2ff40f4c69c..dc55fc309340 100644 --- a/scripts/plot_summary.mdoc.in +++ b/scripts/plot_summary.mdoc.in @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt PLOT_SUMMARY 1plot_summarymdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (plot_summary-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 04:56:02 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:45 AM by AutoGen 5.18.5 .\" From the definitions plot_summary-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/summary-opts b/scripts/summary-opts index 08effab71e53..59869ebc7fc0 100644 --- a/scripts/summary-opts +++ b/scripts/summary-opts @@ -1,6 +1,6 @@ # EDIT THIS FILE WITH CAUTION (summary-opts) # -# It has been AutoGen-ed February 27, 2018 at 04:55:57 PM by AutoGen 5.18.5 +# It has been AutoGen-ed August 14, 2018 at 08:09:40 AM by AutoGen 5.18.5 # From the definitions summary-opts.def # and the template file perlopt @@ -44,7 +44,7 @@ sub processOptions { 'help|?', 'more-help')); $usage = <<'USAGE'; -summary - compute various stastics from NTP stat files - Ver. 4.2.8p11 +summary - compute various stastics from NTP stat files - Ver. 4.2.8p12 USAGE: summary [ -<flag> [<val>] | --<name>[{=| }<val>] ]... --directory=str Directory containing stat files diff --git a/scripts/summary.1summaryman b/scripts/summary.1summaryman index d4011fb9750e..4065dd6dd605 100644 --- a/scripts/summary.1summaryman +++ b/scripts/summary.1summaryman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH summary 1summaryman "27 Feb 2018" "ntp (4.2.8p11)" "User Commands" +.TH summary 1summaryman "14 Aug 2018" "ntp (4.2.8p12)" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-AMaaJG/ag-NMaiIG) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-tCaq.g/ag-FCay9g) .\" -.\" It has been AutoGen-ed February 27, 2018 at 04:56:06 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:49 AM by AutoGen 5.18.5 .\" From the definitions summary-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/summary.1summarymdoc b/scripts/summary.1summarymdoc index 6c8eee7f7cc7..9bad4df0916b 100644 --- a/scripts/summary.1summarymdoc +++ b/scripts/summary.1summarymdoc @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt SUMMARY 1summarymdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (summary-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 04:56:08 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:51 AM by AutoGen 5.18.5 .\" From the definitions summary-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/summary.html b/scripts/summary.html index b6c226c04c65..55e0ca90c58f 100644 --- a/scripts/summary.html +++ b/scripts/summary.html @@ -31,7 +31,7 @@ Up: <a rel="up" accesskey="u" href="#dir">(dir)</a> <h2 class="unnumbered">Summary User Manual</h2> <p>This document describes the use of the NTP Project's <code>summary</code> program. -This document applies to version 4.2.8p11 of <code>summary</code>. +This document applies to version 4.2.8p12 of <code>summary</code>. <div class="shortcontents"> <h2>Short Contents</h2> @@ -88,7 +88,7 @@ the usage text by passing it through a pager program. used to select the program, defaulting to <span class="file">more</span>. Both will exit with a status code of 0. -<pre class="example">summary - compute various stastics from NTP stat files - Ver. 4.2.8p11 +<pre class="example">summary - compute various stastics from NTP stat files - Ver. 4.2.8p12 USAGE: summary [ -<flag> [<val>] | --<name>[{=| }<val>] ]... --directory=str Directory containing stat files diff --git a/scripts/summary.man.in b/scripts/summary.man.in index d4011fb9750e..4065dd6dd605 100644 --- a/scripts/summary.man.in +++ b/scripts/summary.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH summary 1summaryman "27 Feb 2018" "ntp (4.2.8p11)" "User Commands" +.TH summary 1summaryman "14 Aug 2018" "ntp (4.2.8p12)" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-AMaaJG/ag-NMaiIG) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-tCaq.g/ag-FCay9g) .\" -.\" It has been AutoGen-ed February 27, 2018 at 04:56:06 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:49 AM by AutoGen 5.18.5 .\" From the definitions summary-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/summary.mdoc.in b/scripts/summary.mdoc.in index 6c8eee7f7cc7..9bad4df0916b 100644 --- a/scripts/summary.mdoc.in +++ b/scripts/summary.mdoc.in @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt SUMMARY 1summarymdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (summary-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 04:56:08 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:51 AM by AutoGen 5.18.5 .\" From the definitions summary-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/update-leap/invoke-update-leap.texi b/scripts/update-leap/invoke-update-leap.texi index 002193a18e4c..6da23f2d1d4c 100644 --- a/scripts/update-leap/invoke-update-leap.texi +++ b/scripts/update-leap/invoke-update-leap.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-update-leap.texi) # -# It has been AutoGen-ed February 27, 2018 at 04:55:50 PM by AutoGen 5.18.5 +# It has been AutoGen-ed August 14, 2018 at 08:09:32 AM by AutoGen 5.18.5 # From the definitions update-leap-opts.def # and the template file agtexi-cmd.tpl @end ignore diff --git a/scripts/update-leap/update-leap-opts b/scripts/update-leap/update-leap-opts index ef461c3e4570..b2f89bf49775 100644 --- a/scripts/update-leap/update-leap-opts +++ b/scripts/update-leap/update-leap-opts @@ -1,6 +1,6 @@ # EDIT THIS FILE WITH CAUTION (update-leap-opts) # -# It has been AutoGen-ed February 27, 2018 at 04:32:15 PM by AutoGen 5.18.5 +# It has been AutoGen-ed August 14, 2018 at 08:09:38 AM by AutoGen 5.18.5 # From the definitions update-leap-opts.def # and the template file perlopt @@ -46,7 +46,7 @@ sub processOptions { 'help|?', 'more-help')); $usage = <<'USAGE'; -update-leap - leap-seconds file manager/updater - Ver. 4.2.8p11 +update-leap - leap-seconds file manager/updater - Ver. 4.2.8p12 USAGE: update-leap [ -<flag> [<val>] | --<name>[{=| }<val>] ]... -s, --source-url=str The URL of the master copy of the leapseconds file diff --git a/scripts/update-leap/update-leap.1update-leapman b/scripts/update-leap/update-leap.1update-leapman index 380774a8bf33..ac138146ed81 100644 --- a/scripts/update-leap/update-leap.1update-leapman +++ b/scripts/update-leap/update-leap.1update-leapman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH update-leap 1update-leapman "27 Feb 2018" "ntp (4.2.8p11)" "User Commands" +.TH update-leap 1update-leapman "14 Aug 2018" "ntp (4.2.8p12)" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-cKaOWT/ag-pKaWVT) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-4Iayif/ag-fJaGhf) .\" -.\" It has been AutoGen-ed February 27, 2018 at 10:50:15 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:29 AM by AutoGen 5.18.5 .\" From the definitions update-leap-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/update-leap/update-leap.1update-leapmdoc b/scripts/update-leap/update-leap.1update-leapmdoc index 1af0cd3b829d..e3845dcc3849 100644 --- a/scripts/update-leap/update-leap.1update-leapmdoc +++ b/scripts/update-leap/update-leap.1update-leapmdoc @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt UPDATE_LEAP 1update-leapmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (update-leap-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 04:55:53 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:36 AM by AutoGen 5.18.5 .\" From the definitions update-leap-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/update-leap/update-leap.html b/scripts/update-leap/update-leap.html index 030353037e91..3a05b038a059 100644 --- a/scripts/update-leap/update-leap.html +++ b/scripts/update-leap/update-leap.html @@ -30,7 +30,7 @@ Up: <a rel="up" accesskey="u" href="#dir">(dir)</a> <p>This document describes the use of the NTP Project's <code>update-leap</code> program. - <p>This document applies to version 4.2.8p11 of <code>update-leap</code>. + <p>This document applies to version 4.2.8p12 of <code>update-leap</code>. <div class="shortcontents"> <h2>Short Contents</h2> @@ -115,6 +115,80 @@ used to select the program, defaulting to <span class="file">more</span>. Both with a status code of 0. <pre class="example"> +Usage: update-leap [options] + +Verifies and if necessary, updates leap-second definition file + +All arguments are optional: Default (or current value) shown: + -C Absolute path to CA Cert (see SSL/TLS Considerations) + -D Path to a CAdir (see SSL/TLS Considerations) + -e Specify how long (in days) before expiration the file is to be + refreshed. Note that larger values imply more frequent refreshes. + 60 + -F Force update even if current file is OK and not close to expiring. + -f Absolute path ntp.conf file (default /etc/ntp.conf) + /etc/ntp.conf + -h show help + -i Specify number of minutes between retries + 10 + -L Absolute path to leapfile on the local system + (overrides value in ntp.conf) + -l Specify the syslog(3) facility for logging + LOG_USER + -q Only report errors (cannot be used with -v) + -r Specify number of attempts to retrieve file + 6 + -s Send output to syslog(3) - implied if STDOUT has no tty or redirected + -t Send output to terminal - implied if STDOUT attached to terminal + -u Specify the URL of the master copy to download + https://www.ietf.org/timezones/data/leap-seconds.list + -v Verbose - show debug messages (cannot be used with -q) + +The following options are not (yet) implemented in the perl version: + -4 Use only IPv4 + -6 Use only IPv6 + -c Command to restart NTP after installing a new file + <none> - ntpd checks file daily + -p 4|6 + Prefer IPv4 or IPv6 (as specified) addresses, but use either + +update-leap will validate the file currently on the local system. + +Ordinarily, the leapfile is found using the 'leapfile' directive in +/etc/ntp.conf. However, an alternate location can be specified on the +command line with the -L flag. + +If the leapfile does not exist, is not valid, has expired, or is +expiring soon, a new copy will be downloaded. If the new copy is +valid, it is installed. + +If the current file is acceptable, no download or restart occurs. + +This can be run as a cron job. As the file is rarely updated, and +leap seconds are announced at least one month in advance (usually +longer), it need not be run more frequently than about once every +three weeks. + +SSL/TLS Considerations +----------------------- +The perl modules can usually locate the CA certificate used to verify +the peer's identity. + +On BSDs, the default is typically the file /etc/ssl/certs.pem. On +Linux, the location is typically a path to a CAdir - a directory of +symlinks named according to a hash of the certificates' subject names. + +The -C or -D options are available to pass in a location if no CA cert +is found in the default location. + +External Dependencies +--------------------- +The following perl modules are required: +HTTP::Tiny - version >= 0.056 +IO::Socket::SSL - version >= 1.56 +NET::SSLeay - version >= 1.49 + +Version: 1.004 </pre> <div class="node"> <p><hr> diff --git a/scripts/update-leap/update-leap.man.in b/scripts/update-leap/update-leap.man.in index 380774a8bf33..ac138146ed81 100644 --- a/scripts/update-leap/update-leap.man.in +++ b/scripts/update-leap/update-leap.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH update-leap 1update-leapman "27 Feb 2018" "ntp (4.2.8p11)" "User Commands" +.TH update-leap 1update-leapman "14 Aug 2018" "ntp (4.2.8p12)" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-cKaOWT/ag-pKaWVT) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-4Iayif/ag-fJaGhf) .\" -.\" It has been AutoGen-ed February 27, 2018 at 10:50:15 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:29 AM by AutoGen 5.18.5 .\" From the definitions update-leap-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/update-leap/update-leap.mdoc.in b/scripts/update-leap/update-leap.mdoc.in index 1af0cd3b829d..e3845dcc3849 100644 --- a/scripts/update-leap/update-leap.mdoc.in +++ b/scripts/update-leap/update-leap.mdoc.in @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt UPDATE_LEAP 1update-leapmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (update-leap-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 04:55:53 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:09:36 AM by AutoGen 5.18.5 .\" From the definitions update-leap-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/sntp/config.h.in b/sntp/config.h.in index 78d95f106e1d..e157348223b5 100644 --- a/sntp/config.h.in +++ b/sntp/config.h.in @@ -260,6 +260,12 @@ /* if you have NT Threads */ #undef HAVE_NT_THREADS +/* Define to 1 if you have the <openssl/cmac.h> header file. */ +#undef HAVE_OPENSSL_CMAC_H + +/* Define to 1 if you have the <openssl/hmac.h> header file. */ +#undef HAVE_OPENSSL_HMAC_H + /* Define this if pathfind(3) works */ #undef HAVE_PATHFIND @@ -477,6 +483,9 @@ /* Define to 1 if you have the <sys/limits.h> header file. */ #undef HAVE_SYS_LIMITS_H +/* Define to 1 if you have the <sys/mac.h> header file. */ +#undef HAVE_SYS_MAC_H + /* Define to 1 if you have the <sys/mman.h> header file. */ #undef HAVE_SYS_MMAN_H @@ -556,6 +565,9 @@ /* Define to 1 if you have the <time.h> header file. */ #undef HAVE_TIME_H +/* Are TrustedBSD MAC policy privileges available? */ +#undef HAVE_TRUSTEDBSD_MAC + /* Define to 1 if the system has the type `uint16_t'. */ #undef HAVE_UINT16_T diff --git a/sntp/configure b/sntp/configure index d9e02fafe473..ec32721cbf80 100755 --- a/sntp/configure +++ b/sntp/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for sntp 4.2.8p11. +# Generated by GNU Autoconf 2.69 for sntp 4.2.8p12. # # Report bugs to <http://bugs.ntp.org./>. # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='sntp' PACKAGE_TARNAME='sntp' -PACKAGE_VERSION='4.2.8p11' -PACKAGE_STRING='sntp 4.2.8p11' +PACKAGE_VERSION='4.2.8p12' +PACKAGE_STRING='sntp 4.2.8p12' PACKAGE_BUGREPORT='http://bugs.ntp.org./' PACKAGE_URL='http://www.ntp.org./' @@ -907,6 +907,7 @@ enable_c99_snprintf enable_clockctl enable_linuxcaps enable_solarisprivs +enable_trustedbsd_mac enable_shared enable_static with_pic @@ -1484,7 +1485,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sntp 4.2.8p11 to adapt to many kinds of systems. +\`configure' configures sntp 4.2.8p12 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1554,7 +1555,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sntp 4.2.8p11:";; + short | recursive ) echo "Configuration of sntp 4.2.8p12:";; esac cat <<\_ACEOF @@ -1575,6 +1576,8 @@ Optional Features: --enable-clockctl s Use /dev/clockctl for non-root clock control --enable-linuxcaps + Use Linux capabilities for non-root clock control --enable-solarisprivs + Use Solaris privileges for non-root clock control + --enable-trustedbsd-mac s Use TrustedBSD MAC policy for non-root clock + control --enable-shared[=PKGS] build shared libraries [default=no] --enable-static[=PKGS] build static libraries [default=yes] --enable-fast-install[=PKGS] @@ -1702,7 +1705,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sntp configure 4.2.8p11 +sntp configure 4.2.8p12 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2411,7 +2414,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sntp $as_me 4.2.8p11, which was +It was created by sntp $as_me 4.2.8p12, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3408,7 +3411,7 @@ fi # Define the identity of the package. PACKAGE='sntp' - VERSION='4.2.8p11' + VERSION='4.2.8p12' cat >>confdefs.h <<_ACEOF @@ -14701,7 +14704,40 @@ esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_have_solarisprivs" >&5 $as_echo "$ntp_have_solarisprivs" >&6; } -case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs" in +for ac_header in sys/mac.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "sys/mac.h" "ac_cv_header_sys_mac_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_mac_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SYS_MAC_H 1 +_ACEOF + +fi + +done + + +# Check whether --enable-trustedbsd_mac was given. +if test "${enable_trustedbsd_mac+set}" = set; then : + enableval=$enable_trustedbsd_mac; ntp_use_trustedbsd_mac=$enableval + +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we should use TrustedBSD MAC privileges" >&5 +$as_echo_n "checking if we should use TrustedBSD MAC privileges... " >&6; } + +case "$ntp_use_trustedbsd_mac$ac_cv_header_sys_mac_h" in + yesyes) + +$as_echo "#define HAVE_TRUSTEDBSD_MAC 1" >>confdefs.h + +esac + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_use_trustedbsd_mac" >&5 +$as_echo "$ntp_use_trustedbsd_mac" >&6; } + +case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs$ntp_use_trustedbsd_mac" in *yes*) $as_echo "#define HAVE_DROPROOT 1" >>confdefs.h @@ -25297,6 +25333,19 @@ $as_echo "$ntp_openssl" >&6; } case "$ntp_openssl" in yes) + for ac_header in openssl/cmac.h openssl/hmac.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + $as_echo "#define OPENSSL /**/" >>confdefs.h @@ -27078,7 +27127,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sntp $as_me 4.2.8p11, which was +This file was extended by sntp $as_me 4.2.8p12, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -27145,7 +27194,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -sntp config.status 4.2.8p11 +sntp config.status 4.2.8p12 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/sntp/crypto.c b/sntp/crypto.c index ce5d136fcbf1..be94ed51d2ef 100644 --- a/sntp/crypto.c +++ b/sntp/crypto.c @@ -12,13 +12,6 @@ #include "isc/string.h" #include "ntp_md5.h" -/* HMS: We may not have OpenSSL, but we have our own AES-128-CMAC */ -#define CMAC "AES128CMAC" -#ifdef OPENSSL -# include "openssl/cmac.h" -# define AES_128_KEY_SIZE 16 -#endif /* OPENSSL */ - #ifndef EVP_MAX_MD_SIZE # define EVP_MAX_MD_SIZE 32 #endif @@ -45,7 +38,7 @@ compute_mac( INIT_SSL(); key_type = keytype_from_text(macname, NULL); -#ifdef OPENSSL +#if defined(OPENSSL) && defined(ENABLE_CMAC) /* Check if CMAC key type specific code required */ if (key_type == NID_cmac) { CMAC_CTX * ctx = NULL; diff --git a/sntp/include/version.def b/sntp/include/version.def index 22657d4257ca..1118af65195d 100644 --- a/sntp/include/version.def +++ b/sntp/include/version.def @@ -1 +1 @@ -version = '4.2.8p11'; +version = '4.2.8p12'; diff --git a/sntp/include/version.texi b/sntp/include/version.texi index ba520bf40409..50019e703128 100644 --- a/sntp/include/version.texi +++ b/sntp/include/version.texi @@ -1,3 +1,3 @@ -@set UPDATED 27 February 2018 -@set EDITION 4.2.8p11 -@set VERSION 4.2.8p11 +@set UPDATED 14 August 2018 +@set EDITION 4.2.8p12 +@set VERSION 4.2.8p12 diff --git a/sntp/invoke-sntp.texi b/sntp/invoke-sntp.texi index a79b62faf80b..2692326fb6bf 100644 --- a/sntp/invoke-sntp.texi +++ b/sntp/invoke-sntp.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-sntp.texi) # -# It has been AutoGen-ed February 27, 2018 at 05:13:11 PM by AutoGen 5.18.5 +# It has been AutoGen-ed August 14, 2018 at 08:27:37 AM by AutoGen 5.18.5 # From the definitions sntp-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -101,62 +101,58 @@ with a status code of 0. @exampleindent 0 @example -sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p245 -USAGE: sntp [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \ +sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p12 +Usage: sntp [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \ [ hostname-or-IP ...] Flg Arg Option-Name Description -4 no ipv4 Force IPv4 DNS name resolution - - prohibits these options: - ipv6 + - prohibits the option 'ipv6' -6 no ipv6 Force IPv6 DNS name resolution - - prohibits these options: - ipv4 - -a Num authentication Enable authentication with the key @@var@{auth-keynumber@} - -B Num bctimeout The number of seconds to wait for broadcasts + - prohibits the option 'ipv4' + -a Num authentication Enable authentication with the key auth-keynumber -b Str broadcast Listen to the address specified for broadcast time sync - may appear multiple times -c Str concurrent Concurrently query all IPs returned for host-name - may appear multiple times -d no debug-level Increase debug verbosity level - may appear multiple times - -D Str set-debug-level Set the debug verbosity level + -D Num set-debug-level Set the debug verbosity level - may appear multiple times -g Num gap The gap (in milliseconds) between time requests -K Fil kod KoD history filename - -k Fil keyfile Look in this file for the key specified with @@option@{-a@} + -k Fil keyfile Look in this file for the key specified with -a -l Fil logfile Log to specified logfile - -M Num steplimit Adjustments less than @@var@{steplimit@} msec will be slewed - - It must be in the range: + -M Num steplimit Adjustments less than steplimit msec will be slewed + - it must be in the range: greater than or equal to 0 - -o Num ntpversion Send @@var@{int@} as our NTP version - - It must be in the range: + -o Num ntpversion Send int as our NTP protocol version + - it must be in the range: 0 to 7 -r no usereservedport Use the NTP Reserved Port (port 123) - -S no step OK to 'step' the time with @@command@{settimeofday(2)@} - -s no slew OK to 'slew' the time with @@command@{adjtime(2)@} - -u Num uctimeout The number of seconds to wait for unicast responses + -S no step OK to 'step' the time with settimeofday(2) + -s no slew OK to 'slew' the time with adjtime(2) + -t Num timeout The number of seconds to wait for responses no wait Wait for pending replies (if not setting the time) - - disabled as --no-wait + - disabled as '--no-wait' - enabled by default - opt version Output version information and exit - -? no help Display extended usage information and exit - -! no more-help Extended usage information passed thru pager - -> opt save-opts Save the option state to a config file - -< Str load-opts Load options from a config file - - disabled as --no-load-opts + opt version output version information and exit + -? no help display extended usage information and exit + -! no more-help extended usage information passed thru pager + -> opt save-opts save the option state to a config file + -< Str load-opts load options from a config file + - disabled as '--no-load-opts' - may appear multiple times Options are specified by doubled hyphens and their name or by a single hyphen and the flag character. - The following option preset mechanisms are supported: - reading file $HOME/.ntprc - reading file ./.ntprc - examining environment variables named SNTP_* -please send bug reports to: http://bugs.ntp.org, bugs@@ntp.org +Please send bug reports to: <http://bugs.ntp.org, bugs@@ntp.org> @end example @exampleindent 4 diff --git a/sntp/m4/ntp_libntp.m4 b/sntp/m4/ntp_libntp.m4 index 3f35a92daeb4..7aacde7633f2 100644 --- a/sntp/m4/ntp_libntp.m4 +++ b/sntp/m4/ntp_libntp.m4 @@ -693,7 +693,28 @@ esac AC_MSG_RESULT([$ntp_have_solarisprivs]) -case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs" in +AC_CHECK_HEADERS([sys/mac.h]) + +AC_ARG_ENABLE( + [trustedbsd_mac], + [AS_HELP_STRING( + [--enable-trustedbsd-mac], + [s Use TrustedBSD MAC policy for non-root clock control] + )], + [ntp_use_trustedbsd_mac=$enableval] +) + +AC_MSG_CHECKING([if we should use TrustedBSD MAC privileges]) + +case "$ntp_use_trustedbsd_mac$ac_cv_header_sys_mac_h" in + yesyes) + AC_DEFINE([HAVE_TRUSTEDBSD_MAC], [1], + [Are TrustedBSD MAC policy privileges available?]) +esac + +AC_MSG_RESULT([$ntp_use_trustedbsd_mac]) + +case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs$ntp_use_trustedbsd_mac" in *yes*) AC_DEFINE([HAVE_DROPROOT], [1], [Can we drop root privileges?]) diff --git a/sntp/m4/ntp_openssl.m4 b/sntp/m4/ntp_openssl.m4 index 112b7a2d29aa..2f9d6c4318ad 100644 --- a/sntp/m4/ntp_openssl.m4 +++ b/sntp/m4/ntp_openssl.m4 @@ -242,6 +242,7 @@ AC_MSG_RESULT([$ntp_openssl]) case "$ntp_openssl" in yes) + AC_CHECK_HEADERS([openssl/cmac.h openssl/hmac.h]) AC_DEFINE([OPENSSL], [], [Use OpenSSL?]) case "$VER_SUFFIX" in *o*) ;; diff --git a/sntp/m4/version.m4 b/sntp/m4/version.m4 index 4ebd02c9a316..79b5b7c5fb6e 100644 --- a/sntp/m4/version.m4 +++ b/sntp/m4/version.m4 @@ -1 +1 @@ -m4_define([VERSION_NUMBER],[4.2.8p11]) +m4_define([VERSION_NUMBER],[4.2.8p12]) diff --git a/sntp/main.c b/sntp/main.c index 098a696945c2..f0a7650ac718 100644 --- a/sntp/main.c +++ b/sntp/main.c @@ -1608,3 +1608,10 @@ gettimeofday_cached( #endif } +/* Dummy function to satisfy libntp/work_fork.c */ +int +set_user_group_ids( + ) +{ + return 1; +} diff --git a/sntp/sntp-opts.c b/sntp/sntp-opts.c index 404068a273f9..3995921427c2 100644 --- a/sntp/sntp-opts.c +++ b/sntp/sntp-opts.c @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (sntp-opts.c) * - * It has been AutoGen-ed February 27, 2018 at 10:25:32 AM by AutoGen 5.18.5 + * It has been AutoGen-ed August 14, 2018 at 08:01:13 AM by AutoGen 5.18.5 * From the definitions sntp-opts.def * and the template file options * @@ -70,7 +70,7 @@ extern FILE * option_usage_fp; * static const strings for sntp options */ static char const sntp_opt_strs[2566] = -/* 0 */ "sntp 4.2.8p11\n" +/* 0 */ "sntp 4.2.8p12\n" "Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n" "This is free software. It is licensed for use, modification and\n" "redistribution under the terms of the NTP License, copies of which\n" @@ -156,7 +156,7 @@ static char const sntp_opt_strs[2566] = /* 2313 */ "LOAD_OPTS\0" /* 2323 */ "no-load-opts\0" /* 2336 */ "SNTP\0" -/* 2341 */ "sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p11\n" +/* 2341 */ "sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p12\n" "Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n" "\t\t[ hostname-or-IP ...]\n\0" /* 2501 */ "$HOME\0" @@ -164,7 +164,7 @@ static char const sntp_opt_strs[2566] = /* 2509 */ ".ntprc\0" /* 2516 */ "http://bugs.ntp.org, bugs@ntp.org\0" /* 2550 */ "\n\0" -/* 2552 */ "sntp 4.2.8p11"; +/* 2552 */ "sntp 4.2.8p12"; /** * ipv4 option description with @@ -1176,7 +1176,7 @@ static void bogus_function(void) { translate option names. */ /* referenced via sntpOptions.pzCopyright */ - puts(_("sntp 4.2.8p11\n\ + puts(_("sntp 4.2.8p12\n\ Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n\ This is free software. It is licensed for use, modification and\n\ redistribution under the terms of the NTP License, copies of which\n\ @@ -1266,7 +1266,7 @@ implied warranty.\n")); puts(_("load options from a config file")); /* referenced via sntpOptions.pzUsageTitle */ - puts(_("sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p11\n\ + puts(_("sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p12\n\ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\ \t\t[ hostname-or-IP ...]\n")); @@ -1274,7 +1274,7 @@ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\ puts(_("\n")); /* referenced via sntpOptions.pzFullVersion */ - puts(_("sntp 4.2.8p11")); + puts(_("sntp 4.2.8p12")); /* referenced via sntpOptions.pzFullUsage */ puts(_("<<<NOT-FOUND>>>")); diff --git a/sntp/sntp-opts.h b/sntp/sntp-opts.h index 25e2fe81b729..aa0019ebbfde 100644 --- a/sntp/sntp-opts.h +++ b/sntp/sntp-opts.h @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (sntp-opts.h) * - * It has been AutoGen-ed February 27, 2018 at 10:25:31 AM by AutoGen 5.18.5 + * It has been AutoGen-ed August 14, 2018 at 08:01:13 AM by AutoGen 5.18.5 * From the definitions sntp-opts.def * and the template file options * @@ -91,9 +91,9 @@ typedef enum { /** count of all options for sntp */ #define OPTION_CT 23 /** sntp version */ -#define SNTP_VERSION "4.2.8p11" +#define SNTP_VERSION "4.2.8p12" /** Full sntp version text */ -#define SNTP_FULL_VERSION "sntp 4.2.8p11" +#define SNTP_FULL_VERSION "sntp 4.2.8p12" /** * Interface defines for all options. Replace "n" with the UPPER_CASED diff --git a/sntp/sntp.1sntpman b/sntp/sntp.1sntpman index 8378d45b4ef1..7bf038c3ef67 100644 --- a/sntp/sntp.1sntpman +++ b/sntp/sntp.1sntpman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH sntp 1sntpman "27 Feb 2018" "4.2.8p11" "User Commands" +.TH sntp 1sntpman "14 Aug 2018" "4.2.8p12" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-eaayfN/ag-qaaqeN) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-7ray4x/ag-hsaq3x) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:13:07 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:27:33 AM by AutoGen 5.18.5 .\" From the definitions sntp-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/sntp/sntp.1sntpmdoc b/sntp/sntp.1sntpmdoc index dbe11039273f..715c456cc9bf 100644 --- a/sntp/sntp.1sntpmdoc +++ b/sntp/sntp.1sntpmdoc @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt SNTP 1sntpmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (sntp-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:13:14 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:27:40 AM by AutoGen 5.18.5 .\" From the definitions sntp-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/sntp/sntp.html b/sntp/sntp.html index 91215047407a..fe1af50dbf03 100644 --- a/sntp/sntp.html +++ b/sntp/sntp.html @@ -36,7 +36,7 @@ display the time offset of the system clock relative to the server clock. Run as root, it can correct the system clock to this offset as well. It can be run as an interactive command or from a cron job. - <p>This document applies to version 4.2.8p11 of <code>sntp</code>. + <p>This document applies to version 4.2.8p12 of <code>sntp</code>. <p>The program implements the SNTP protocol as defined by RFC 5905, the NTPv4 IETF specification. @@ -176,62 +176,58 @@ the usage text by passing it through a pager program. used to select the program, defaulting to <span class="file">more</span>. Both will exit with a status code of 0. -<pre class="example">sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p245 -USAGE: sntp [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \ +<pre class="example">sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p12 +Usage: sntp [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \ [ hostname-or-IP ...] Flg Arg Option-Name Description -4 no ipv4 Force IPv4 DNS name resolution - - prohibits these options: - ipv6 + - prohibits the option 'ipv6' -6 no ipv6 Force IPv6 DNS name resolution - - prohibits these options: - ipv4 - -a Num authentication Enable authentication with the key @var{auth-keynumber} - -B Num bctimeout The number of seconds to wait for broadcasts + - prohibits the option 'ipv4' + -a Num authentication Enable authentication with the key auth-keynumber -b Str broadcast Listen to the address specified for broadcast time sync - may appear multiple times -c Str concurrent Concurrently query all IPs returned for host-name - may appear multiple times -d no debug-level Increase debug verbosity level - may appear multiple times - -D Str set-debug-level Set the debug verbosity level + -D Num set-debug-level Set the debug verbosity level - may appear multiple times -g Num gap The gap (in milliseconds) between time requests -K Fil kod KoD history filename - -k Fil keyfile Look in this file for the key specified with @option{-a} + -k Fil keyfile Look in this file for the key specified with -a -l Fil logfile Log to specified logfile - -M Num steplimit Adjustments less than @var{steplimit} msec will be slewed - - It must be in the range: + -M Num steplimit Adjustments less than steplimit msec will be slewed + - it must be in the range: greater than or equal to 0 - -o Num ntpversion Send @var{int} as our NTP version - - It must be in the range: + -o Num ntpversion Send int as our NTP protocol version + - it must be in the range: 0 to 7 -r no usereservedport Use the NTP Reserved Port (port 123) - -S no step OK to 'step' the time with @command{settimeofday(2)} - -s no slew OK to 'slew' the time with @command{adjtime(2)} - -u Num uctimeout The number of seconds to wait for unicast responses + -S no step OK to 'step' the time with settimeofday(2) + -s no slew OK to 'slew' the time with adjtime(2) + -t Num timeout The number of seconds to wait for responses no wait Wait for pending replies (if not setting the time) - - disabled as --no-wait + - disabled as '--no-wait' - enabled by default - opt version Output version information and exit - -? no help Display extended usage information and exit - -! no more-help Extended usage information passed thru pager - -> opt save-opts Save the option state to a config file - -< Str load-opts Load options from a config file - - disabled as --no-load-opts + opt version output version information and exit + -? no help display extended usage information and exit + -! no more-help extended usage information passed thru pager + -> opt save-opts save the option state to a config file + -< Str load-opts load options from a config file + - disabled as '--no-load-opts' - may appear multiple times Options are specified by doubled hyphens and their name or by a single hyphen and the flag character. - The following option preset mechanisms are supported: - reading file $HOME/.ntprc - reading file ./.ntprc - examining environment variables named SNTP_* -please send bug reports to: http://bugs.ntp.org, bugs@ntp.org +Please send bug reports to: <http://bugs.ntp.org, bugs@ntp.org> </pre> <div class="node"> <p><hr> diff --git a/sntp/sntp.man.in b/sntp/sntp.man.in index 9156d05c18c6..41985da7e190 100644 --- a/sntp/sntp.man.in +++ b/sntp/sntp.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH sntp @SNTP_MS@ "27 Feb 2018" "4.2.8p11" "User Commands" +.TH sntp @SNTP_MS@ "14 Aug 2018" "4.2.8p12" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-eaayfN/ag-qaaqeN) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-7ray4x/ag-hsaq3x) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:13:07 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:27:33 AM by AutoGen 5.18.5 .\" From the definitions sntp-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/sntp/sntp.mdoc.in b/sntp/sntp.mdoc.in index a5f90952d08e..4a7fb05bd035 100644 --- a/sntp/sntp.mdoc.in +++ b/sntp/sntp.mdoc.in @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt SNTP @SNTP_MS@ User Commands .Os .\" EDIT THIS FILE WITH CAUTION (sntp-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:13:14 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:27:40 AM by AutoGen 5.18.5 .\" From the definitions sntp-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/sntp/tests/crypto.c b/sntp/tests/crypto.c index 64c784dc74b0..8ecd74368011 100644 --- a/sntp/tests/crypto.c +++ b/sntp/tests/crypto.c @@ -85,7 +85,7 @@ test_MakeSHA1Mac(void) void test_MakeCMac(void) { -#ifdef OPENSSL +#if defined(OPENSSL) && defined(ENABLE_CMAC) const char* PKT_DATA = "abcdefgh0123"; const int PKT_LEN = strlen(PKT_DATA); @@ -191,7 +191,7 @@ test_VerifyCMAC(void) void VerifyOpenSSLCMAC(struct key *cmac) { -#ifdef OPENSSL +#if defined(OPENSSL) && defined(ENABLE_CMAC) /* XXX: HMS: auth_md5 must be renamed/incorrect. */ // TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, CMAC_LENGTH, cmac)); diff --git a/sntp/tests/packetProcessing.c b/sntp/tests/packetProcessing.c index 910c561721c3..9c9f061c4aee 100644 --- a/sntp/tests/packetProcessing.c +++ b/sntp/tests/packetProcessing.c @@ -464,6 +464,8 @@ test_CorrectAuthenticatedPacketSHA1(void) void test_CorrectAuthenticatedPacketCMAC(void) { +#if defined(OPENSSL) && defined(ENABLE_CMAC) + PrepareAuthenticationTest(30, CMAC_LENGTH, CMAC, "abcdefghijklmnop"); TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); @@ -480,5 +482,11 @@ test_CorrectAuthenticatedPacketCMAC(void) TEST_ASSERT_EQUAL(pkt_len, process_pkt(&testpkt.p, &testsock, pkt_len, MODE_SERVER, &testspkt.p, "UnitTest")); + +#else + + TEST_IGNORE_MESSAGE("OpenSSL CMAC not used, skipping..."); + +#endif /* OPENSSL */ } diff --git a/sntp/version.c b/sntp/version.c index 25d4b146d67b..619d26411862 100644 --- a/sntp/version.c +++ b/sntp/version.c @@ -2,4 +2,4 @@ * version file for sntp */ #include <config.h> -const char * Version = "sntp 4.2.8p11@1.3728-o Tue Feb 27 22:59:12 UTC 2018 (50)"; +const char * Version = "sntp 4.2.8p12@1.3728-o Tue Aug 14 12:27:30 UTC 2018 (54)"; diff --git a/tests/libntp/ssl_init.c b/tests/libntp/ssl_init.c index 9a59a9b42548..69b395e051e9 100644 --- a/tests/libntp/ssl_init.c +++ b/tests/libntp/ssl_init.c @@ -59,7 +59,7 @@ test_SHA1KeyTypeWithDigestLength(void) { void test_CMACKeyTypeWithDigestLength(void) { -#ifdef OPENSSL +#if defined(OPENSSL) && defined(ENABLE_CMAC) size_t digestLength; size_t expected = TEST_CMAC_DIGEST_LENGTH; @@ -67,7 +67,7 @@ test_CMACKeyTypeWithDigestLength(void) { TEST_ASSERT_EQUAL(expected, digestLength); /* OPENSSL */ #else - TEST_IGNORE_MESSAGE("Skipping because OPENSSL isn't defined"); + TEST_IGNORE_MESSAGE("Skipping because OPENSSL/CMAC isn't defined"); #endif } @@ -91,10 +91,10 @@ test_SHA1KeyName(void) { void test_CMACKeyName(void) { -#ifdef OPENSSL +#if defined(OPENSSL) && defined(ENABLE_CMAC) TEST_ASSERT_EQUAL_STRING(CMAC, keytype_name(NID_cmac)); #else - TEST_IGNORE_MESSAGE("Skipping because OPENSSL isn't defined"); + TEST_IGNORE_MESSAGE("Skipping because OPENSSL/CMAC isn't defined"); #endif /* OPENSSL */ } diff --git a/util/invoke-ntp-keygen.texi b/util/invoke-ntp-keygen.texi index 2a8d401d1af0..bfba1fedc077 100644 --- a/util/invoke-ntp-keygen.texi +++ b/util/invoke-ntp-keygen.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntp-keygen.texi) # -# It has been AutoGen-ed February 27, 2018 at 05:15:57 PM by AutoGen 5.18.5 +# It has been AutoGen-ed August 14, 2018 at 08:30:35 AM by AutoGen 5.18.5 # From the definitions ntp-keygen-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -948,7 +948,7 @@ Following the header the keys are entered one per line in the format @end example where @kbd{keyno} -is a positive integer in the range 1-65534; +is a positive integer in the range 1-65535; @kbd{type} is the key type for the message digest algorithm, which in the absence of the OpenSSL library must be @@ -1056,14 +1056,17 @@ with a status code of 0. @exampleindent 0 @example -ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p245 -USAGE: ntp-keygen [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... +ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p12 +Usage: ntp-keygen [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... Flg Arg Option-Name Description + -b Num imbits identity modulus bits + - it must be in the range: + 256 to 2048 -c Str certificate certificate scheme -C Str cipher privatekey cipher -d no debug-level Increase debug verbosity level - may appear multiple times - -D Str set-debug-level Set the debug verbosity level + -D Num set-debug-level Set the debug verbosity level - may appear multiple times -e no id-key Write IFF or GQ identity keys -G no gq-params Generate GQ parameters and keys @@ -1071,37 +1074,36 @@ USAGE: ntp-keygen [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... -I no iffkey generate IFF parameters -i Str ident set Autokey group name -l Num lifetime set certificate lifetime - -M no md5key generate MD5 keys - -m Num modulus modulus - - It must be in the range: + -m Num modulus prime modulus + - it must be in the range: 256 to 2048 + -M no md5key generate symmetric keys -P no pvt-cert generate PC private certificate - -p Str pvt-passwd output private password - -q Str get-pvt-passwd input private password - -S Str sign-key generate sign key (RSA or DSA) + -p Str password local private password + -q Str export-passwd export IFF or GQ group keys with password -s Str subject-name set host and optionally group name + -S Str sign-key generate sign key (RSA or DSA) -T no trusted-cert trusted certificate (TC scheme) -V Num mv-params generate <num> MV parameters -v Num mv-keys update <num> MV keys - opt version Output version information and exit - -? no help Display extended usage information and exit - -! no more-help Extended usage information passed thru pager - -> opt save-opts Save the option state to a config file - -< Str load-opts Load options from a config file - - disabled as --no-load-opts + opt version output version information and exit + -? no help display extended usage information and exit + -! no more-help extended usage information passed thru pager + -> opt save-opts save the option state to a config file + -< Str load-opts load options from a config file + - disabled as '--no-load-opts' - may appear multiple times Options are specified by doubled hyphens and their name or by a single hyphen and the flag character. - The following option preset mechanisms are supported: - reading file $HOME/.ntprc - reading file ./.ntprc - examining environment variables named NTP_KEYGEN_* -please send bug reports to: http://bugs.ntp.org, bugs@@ntp.org +Please send bug reports to: <http://bugs.ntp.org, bugs@@ntp.org> @end example @exampleindent 4 diff --git a/util/ntp-keygen-opts.c b/util/ntp-keygen-opts.c index 6c07f973d564..7009ed5a0938 100644 --- a/util/ntp-keygen-opts.c +++ b/util/ntp-keygen-opts.c @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.c) * - * It has been AutoGen-ed February 27, 2018 at 05:15:44 PM by AutoGen 5.18.5 + * It has been AutoGen-ed August 14, 2018 at 08:30:21 AM by AutoGen 5.18.5 * From the definitions ntp-keygen-opts.def * and the template file options * @@ -72,7 +72,7 @@ extern FILE * option_usage_fp; * static const strings for ntp-keygen options */ static char const ntp_keygen_opt_strs[2442] = -/* 0 */ "ntp-keygen (ntp) 4.2.8p11\n" +/* 0 */ "ntp-keygen (ntp) 4.2.8p12\n" "Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n" "This is free software. It is licensed for use, modification and\n" "redistribution under the terms of the NTP License, copies of which\n" @@ -165,14 +165,14 @@ static char const ntp_keygen_opt_strs[2442] = /* 2223 */ "no-load-opts\0" /* 2236 */ "no\0" /* 2239 */ "NTP_KEYGEN\0" -/* 2250 */ "ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p11\n" +/* 2250 */ "ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p12\n" "Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0" /* 2365 */ "$HOME\0" /* 2371 */ ".\0" /* 2373 */ ".ntprc\0" /* 2380 */ "http://bugs.ntp.org, bugs@ntp.org\0" /* 2414 */ "\n\0" -/* 2416 */ "ntp-keygen (ntp) 4.2.8p11"; +/* 2416 */ "ntp-keygen (ntp) 4.2.8p12"; /** * imbits option description: @@ -1310,7 +1310,7 @@ static void bogus_function(void) { translate option names. */ /* referenced via ntp_keygenOptions.pzCopyright */ - puts(_("ntp-keygen (ntp) 4.2.8p11\n\ + puts(_("ntp-keygen (ntp) 4.2.8p12\n\ Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n\ This is free software. It is licensed for use, modification and\n\ redistribution under the terms of the NTP License, copies of which\n\ @@ -1409,14 +1409,14 @@ implied warranty.\n")); puts(_("load options from a config file")); /* referenced via ntp_keygenOptions.pzUsageTitle */ - puts(_("ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p11\n\ + puts(_("ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p12\n\ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n")); /* referenced via ntp_keygenOptions.pzExplain */ puts(_("\n")); /* referenced via ntp_keygenOptions.pzFullVersion */ - puts(_("ntp-keygen (ntp) 4.2.8p11")); + puts(_("ntp-keygen (ntp) 4.2.8p12")); /* referenced via ntp_keygenOptions.pzFullUsage */ puts(_("<<<NOT-FOUND>>>")); diff --git a/util/ntp-keygen-opts.def b/util/ntp-keygen-opts.def index f8c39c48dcde..f89ee334484f 100644 --- a/util/ntp-keygen-opts.def +++ b/util/ntp-keygen-opts.def @@ -1210,7 +1210,7 @@ Following the header the keys are entered one per line in the format .D1 Ar keyno Ar type Ar key where .Ar keyno -is a positive integer in the range 1-65534; +is a positive integer in the range 1-65535; .Ar type is the key type for the message digest algorithm, which in the absence of the OpenSSL library must be diff --git a/util/ntp-keygen-opts.h b/util/ntp-keygen-opts.h index ab9e8ca366e5..7ff899641ad6 100644 --- a/util/ntp-keygen-opts.h +++ b/util/ntp-keygen-opts.h @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.h) * - * It has been AutoGen-ed February 27, 2018 at 05:15:43 PM by AutoGen 5.18.5 + * It has been AutoGen-ed August 14, 2018 at 08:30:20 AM by AutoGen 5.18.5 * From the definitions ntp-keygen-opts.def * and the template file options * @@ -94,9 +94,9 @@ typedef enum { /** count of all options for ntp-keygen */ #define OPTION_CT 26 /** ntp-keygen version */ -#define NTP_KEYGEN_VERSION "4.2.8p11" +#define NTP_KEYGEN_VERSION "4.2.8p12" /** Full ntp-keygen version text */ -#define NTP_KEYGEN_FULL_VERSION "ntp-keygen (ntp) 4.2.8p11" +#define NTP_KEYGEN_FULL_VERSION "ntp-keygen (ntp) 4.2.8p12" /** * Interface defines for all options. Replace "n" with the UPPER_CASED diff --git a/util/ntp-keygen.1ntp-keygenman b/util/ntp-keygen.1ntp-keygenman index 5b942d89a9d5..d51b0b652a03 100644 --- a/util/ntp-keygen.1ntp-keygenman +++ b/util/ntp-keygen.1ntp-keygenman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntp-keygen 1ntp-keygenman "27 Feb 2018" "ntp (4.2.8p11)" "User Commands" +.TH ntp-keygen 1ntp-keygenman "14 Aug 2018" "ntp (4.2.8p12)" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-bBa46V/ag-nBaW5V) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-VYaG.G/ag-7Yay9G) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:15:53 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:30:31 AM by AutoGen 5.18.5 .\" From the definitions ntp-keygen-opts.def .\" and the template file agman-cmd.tpl .SH NAME @@ -1054,7 +1054,7 @@ Following the header the keys are entered one per line in the format .in -4 where \f\*[I-Font]keyno\f[] -is a positive integer in the range 1-65534; +is a positive integer in the range 1-65535; \f\*[I-Font]type\f[] is the key type for the message digest algorithm, which in the absence of the OpenSSL library must be diff --git a/util/ntp-keygen.1ntp-keygenmdoc b/util/ntp-keygen.1ntp-keygenmdoc index ba210876454f..2703c6b15724 100644 --- a/util/ntp-keygen.1ntp-keygenmdoc +++ b/util/ntp-keygen.1ntp-keygenmdoc @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt NTP_KEYGEN 1ntp-keygenmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:16:00 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:30:38 AM by AutoGen 5.18.5 .\" From the definitions ntp-keygen-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -943,7 +943,7 @@ Following the header the keys are entered one per line in the format .D1 Ar keyno Ar type Ar key where .Ar keyno -is a positive integer in the range 1\-65534; +is a positive integer in the range 1\-65535; .Ar type is the key type for the message digest algorithm, which in the absence of the OpenSSL library must be diff --git a/util/ntp-keygen.html b/util/ntp-keygen.html index 854d055ca308..8c5bd1d0603e 100644 --- a/util/ntp-keygen.html +++ b/util/ntp-keygen.html @@ -70,7 +70,7 @@ All other files are in PEM-encoded printable ASCII format so they can be embedded as MIME attachments in mail to other sites. - <p>This document applies to version 4.2.8p11 of <code>ntp-keygen</code>. + <p>This document applies to version 4.2.8p12 of <code>ntp-keygen</code>. <div class="node"> <p><hr> @@ -1133,7 +1133,7 @@ Following the header the keys are entered one per line in the format </pre> <p>where <kbd>keyno</kbd> -is a positive integer in the range 1-65534; +is a positive integer in the range 1-65535; <kbd>type</kbd> is the key type for the message digest algorithm, which in the absence of the OpenSSL library must be @@ -1245,7 +1245,7 @@ the usage text by passing it through a pager program. used to select the program, defaulting to <span class="file">more</span>. Both will exit with a status code of 0. -<pre class="example">ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p10 +<pre class="example">ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p11 Usage: ntp-keygen [ -<flag> [<val>] | --<name>[{=| }<val>] ]... Flg Arg Option-Name Description -b Num imbits identity modulus bits @@ -1929,7 +1929,7 @@ it can be constructed and edited using an ordinary text editor. <p>Figure 1 shows a typical symmetric keys file used by the reference implementation. Each line of the file contains three fields, first an -integer between 1 and 65534, inclusive, representing the key identifier +integer between 1 and 65535, inclusive, representing the key identifier used in the server and peer configuration commands. Next is the key type for the message digest algorithm, which in the absence of the diff --git a/util/ntp-keygen.man.in b/util/ntp-keygen.man.in index 71dcaa5ade9f..f4eee2f26c54 100644 --- a/util/ntp-keygen.man.in +++ b/util/ntp-keygen.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntp-keygen @NTP_KEYGEN_MS@ "27 Feb 2018" "ntp (4.2.8p11)" "User Commands" +.TH ntp-keygen @NTP_KEYGEN_MS@ "14 Aug 2018" "ntp (4.2.8p12)" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-bBa46V/ag-nBaW5V) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-VYaG.G/ag-7Yay9G) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:15:53 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:30:31 AM by AutoGen 5.18.5 .\" From the definitions ntp-keygen-opts.def .\" and the template file agman-cmd.tpl .SH NAME @@ -1054,7 +1054,7 @@ Following the header the keys are entered one per line in the format .in -4 where \f\*[I-Font]keyno\f[] -is a positive integer in the range 1-65534; +is a positive integer in the range 1-65535; \f\*[I-Font]type\f[] is the key type for the message digest algorithm, which in the absence of the OpenSSL library must be diff --git a/util/ntp-keygen.mdoc.in b/util/ntp-keygen.mdoc.in index 8ed42c024a52..5c0d952d33de 100644 --- a/util/ntp-keygen.mdoc.in +++ b/util/ntp-keygen.mdoc.in @@ -1,9 +1,9 @@ -.Dd February 27 2018 +.Dd August 14 2018 .Dt NTP_KEYGEN @NTP_KEYGEN_MS@ User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.mdoc) .\" -.\" It has been AutoGen-ed February 27, 2018 at 05:16:00 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed August 14, 2018 at 08:30:38 AM by AutoGen 5.18.5 .\" From the definitions ntp-keygen-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -943,7 +943,7 @@ Following the header the keys are entered one per line in the format .D1 Ar keyno Ar type Ar key where .Ar keyno -is a positive integer in the range 1\-65534; +is a positive integer in the range 1\-65535; .Ar type is the key type for the message digest algorithm, which in the absence of the OpenSSL library must be diff --git a/util/ntp-keygen.texi b/util/ntp-keygen.texi index 92cec485a41b..34e6aaa9ed65 100644 --- a/util/ntp-keygen.texi +++ b/util/ntp-keygen.texi @@ -267,7 +267,7 @@ it can be constructed and edited using an ordinary text editor. Figure 1 shows a typical symmetric keys file used by the reference implementation. Each line of the file contains three fields, first an -integer between 1 and 65534, inclusive, representing the key identifier +integer between 1 and 65535, inclusive, representing the key identifier used in the server and peer configuration commands. Next is the key type for the message digest algorithm, which in the absence of the diff --git a/util/sht.c b/util/sht.c index dfd97ffb9f1f..d0e07218ae62 100644 --- a/util/sht.c +++ b/util/sht.c @@ -196,7 +196,7 @@ again: * certain jitter!) */ time_t clk_sec, rcv_sec; - uint clk_frc, rcv_frc; + u_int clk_frc, rcv_frc; #if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_REALTIME) @@ -206,17 +206,17 @@ again: struct timespec tmptime; if (0 == clock_gettime(CLOCK_REALTIME, &tmptime)) { rcv_sec = tmptime.tv_sec; - rcv_frc = (uint)tmptime.tv_nsec; + rcv_frc = (u_int)tmptime.tv_nsec; } else #endif { time(&rcv_sec); - rcv_frc = (uint)random() % 1000000000u; + rcv_frc = (u_int)random() % 1000000000u; } /* add a wobble of ~3.5msec to the clock time */ clk_sec = rcv_sec; - clk_frc = rcv_frc + (uint)(random()%7094713 - 3547356); + clk_frc = rcv_frc + (u_int)(random()%7094713 - 3547356); /* normalise result -- the SHM driver is picky! */ while ((int)clk_frc < 0) { clk_frc += 1000000000; |