aboutsummaryrefslogtreecommitdiff
path: root/contrib/ntp/ntpd/ntp_config.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/ntp/ntpd/ntp_config.c')
-rw-r--r--contrib/ntp/ntpd/ntp_config.c781
1 files changed, 433 insertions, 348 deletions
diff --git a/contrib/ntp/ntpd/ntp_config.c b/contrib/ntp/ntpd/ntp_config.c
index 660d2c531d5b..f1428b15f1c3 100644
--- a/contrib/ntp/ntpd/ntp_config.c
+++ b/contrib/ntp/ntpd/ntp_config.c
@@ -18,10 +18,6 @@
#include "ntp_config.h"
#include "ntp_cmdargs.h"
-#ifdef PUBKEY
-# include "ntp_crypto.h"
-#endif /* PUBKEY */
-
#include <stdio.h>
#include <ctype.h>
#ifdef HAVE_SYS_PARAM_H
@@ -42,6 +38,8 @@
extern HANDLE ResolverThreadHandle;
#endif /* SYS_WINNT */
+#include <netdb.h>
+
extern int priority_done;
/*
@@ -51,43 +49,6 @@ extern int priority_done;
* Lines are considered terminated when a '#' is encountered. Blank
* lines are ignored.
*/
-
-/*
- * We understand the following configuration entries and defaults.
- *
- * peer [ addr ] [ version 3 ] [ key 0 ] [ minpoll 6 ] [ maxpoll 10 ]
- * server [ addr ] [ version 3 ] [ key 0 ] [ minpoll 6 ] [ maxpoll 10 ]
- * broadcast [ addr ] [ version 3 ] [ key 0 ] [ ttl 1 ]
- * broadcastclient
- * multicastclient [ 224.0.1.1 ]
- * manycastclient [ addr ] [ version 3 ] [ key 0 ] [ minpoll 6 ] [ maxpoll 10 ]
- * manycastserver [ 224.0.1.1 ]
- * broadcastdelay 0.0102
- * restrict [ addr ] [ mask 255.255.255.0 ] ignore|noserve|notrust|noquery
- * driftfile file_name
- * keys file_name
- * publickey file_name
- * privatekey file_name
- * statsdir /var/NTP/
- * filegen peerstats [ file peerstats ] [ type day ] [ link ]
- * clientlimit [ n ]
- * clientperiod [ 3600 ]
- * trustedkey [ key ]
- * requestkey [ key]
- * controlkey [ key ]
- * trap [ addr ]
- * fudge [ addr ] [ stratum ] [ refid ] ...
- * pidfile [ ]
- * setvar [ ]
- * logfile logfile
- * logconfig [+|-|=][{sync|sys|peer|clock}{{,all}{info|statistics|events|status}}]...
- * enable auth|bclient|pll|kernel|monitor|stats|calibrate
- * disable auth|bclient|pll|kernel|monitor|stats|calibrate
- * phone ...
- * pps device [assert|clear] [hardpps]
- * priority high|normal
- */
-
/*
* Translation table - keywords to function index
*/
@@ -100,16 +61,14 @@ struct keyword {
* Command keywords
*/
static struct keyword keywords[] = {
- { "authenticate", CONFIG_AUTHENTICATE },
{ "automax", CONFIG_AUTOMAX },
{ "broadcast", CONFIG_BROADCAST },
{ "broadcastclient", CONFIG_BROADCASTCLIENT },
{ "broadcastdelay", CONFIG_BDELAY },
- { "clientlimit", CONFIG_CLIENTLIMIT },
- { "clientperiod", CONFIG_CLIENTPERIOD },
-#ifdef PUBKEY
+ { "calldelay", CONFIG_CDELAY},
+#ifdef OPENSSL
{ "crypto", CONFIG_CRYPTO },
-#endif /* PUBKEY */
+#endif /* OPENSSL */
{ "controlkey", CONFIG_CONTROLKEY },
{ "disable", CONFIG_DISABLE },
{ "driftfile", CONFIG_DRIFTFILE },
@@ -118,9 +77,7 @@ static struct keyword keywords[] = {
{ "fudge", CONFIG_FUDGE },
{ "includefile", CONFIG_INCLUDEFILE },
{ "keys", CONFIG_KEYS },
-#ifdef PUBKEY
{ "keysdir", CONFIG_KEYSDIR },
-#endif /* PUBKEY */
{ "logconfig", CONFIG_LOGCONFIG },
{ "logfile", CONFIG_LOGFILE },
{ "manycastclient", CONFIG_MANYCASTCLIENT },
@@ -129,7 +86,7 @@ static struct keyword keywords[] = {
{ "peer", CONFIG_PEER },
{ "phone", CONFIG_PHONE },
{ "pidfile", CONFIG_PIDFILE },
- { "pps", CONFIG_PPS },
+ { "discard", CONFIG_DISCARD },
{ "requestkey", CONFIG_REQUESTKEY },
{ "restrict", CONFIG_RESTRICT },
{ "revoke", CONFIG_REVOKE },
@@ -137,9 +94,12 @@ static struct keyword keywords[] = {
{ "setvar", CONFIG_SETVAR },
{ "statistics", CONFIG_STATISTICS },
{ "statsdir", CONFIG_STATSDIR },
+ { "tick", CONFIG_ADJ },
{ "tinker", CONFIG_TINKER },
+ { "tos", CONFIG_TOS },
{ "trap", CONFIG_TRAP },
{ "trustedkey", CONFIG_TRUSTEDKEY },
+ { "ttl", CONFIG_TTL },
{ "", CONFIG_UNKNOWN }
};
@@ -156,9 +116,6 @@ static struct keyword mod_keywords[] = {
{ "mode", CONF_MOD_MODE }, /* refclocks */
{ "noselect", CONF_MOD_NOSELECT },
{ "prefer", CONF_MOD_PREFER },
-#ifdef PUBKEY
- { "publickey", CONF_MOD_PUBLICKEY },
-#endif /* PUBKEY */
{ "ttl", CONF_MOD_TTL }, /* NTP peers */
{ "version", CONF_MOD_VERSION },
{ "", CONFIG_UNKNOWN }
@@ -208,7 +165,6 @@ static struct keyword fudge_keywords[] = {
{ "", CONFIG_UNKNOWN }
};
-
/*
* "filegen" modifier keywords
*/
@@ -252,12 +208,12 @@ static struct keyword flags_keywords[] = {
};
/*
- * "pps" modifier keywords
+ * "discard" modifier keywords
*/
-static struct keyword pps_keywords[] = {
- { "assert", CONF_PPS_ASSERT },
- { "clear", CONF_PPS_CLEAR },
- { "hardpps", CONF_PPS_HARDPPS },
+static struct keyword discard_keywords[] = {
+ { "average", CONF_DISCARD_AVERAGE },
+ { "minimum", CONF_DISCARD_MINIMUM },
+ { "monitor", CONF_DISCARD_MONITOR },
{ "", CONFIG_UNKNOWN }
};
@@ -269,25 +225,51 @@ static struct keyword tinker_keywords[] = {
{ "panic", CONF_CLOCK_PANIC },
{ "dispersion", CONF_CLOCK_PHI },
{ "stepout", CONF_CLOCK_MINSTEP },
- { "minpoll", CONF_CLOCK_MINPOLL },
{ "allan", CONF_CLOCK_ALLAN },
{ "huffpuff", CONF_CLOCK_HUFFPUFF },
+ { "freq", CONF_CLOCK_FREQ },
{ "", CONFIG_UNKNOWN }
};
-#ifdef PUBKEY
+/*
+ * "tos" modifier keywords
+ */
+static struct keyword tos_keywords[] = {
+ { "minclock", CONF_TOS_MINCLOCK },
+ { "minsane", CONF_TOS_MINSANE },
+ { "floor", CONF_TOS_FLOOR },
+ { "ceiling", CONF_TOS_CEILING },
+ { "cohort", CONF_TOS_COHORT },
+ { "", CONFIG_UNKNOWN }
+};
+
+#ifdef OPENSSL
/*
* "crypto" modifier keywords
*/
static struct keyword crypto_keywords[] = {
- { "dh", CONF_CRYPTO_DH },
- { "flags", CONF_CRYPTO_FLAGS },
+ { "cert", CONF_CRYPTO_CERT },
+ { "gqpar", CONF_CRYPTO_GQPAR },
+ { "host", CONF_CRYPTO_RSA },
+ { "iffpar", CONF_CRYPTO_IFFPAR },
{ "leap", CONF_CRYPTO_LEAP },
- { "privatekey", CONF_CRYPTO_PRIVATEKEY },
- { "publickey", CONF_CRYPTO_PUBLICKEY },
+ { "mvpar", CONF_CRYPTO_MVPAR },
+ { "pw", CONF_CRYPTO_PW },
+ { "randfile", CONF_CRYPTO_RAND },
+ { "sign", CONF_CRYPTO_SIGN },
+ { "", CONFIG_UNKNOWN }
+};
+#endif /* OPENSSL */
+
+/*
+ * Address type selection, IPv4 or IPv4.
+ * Used on various lines.
+ */
+static struct keyword addr_type[] = {
+ { "-4", CONF_ADDR_IPV4 },
+ { "-6", CONF_ADDR_IPV6 },
{ "", CONFIG_UNKNOWN }
};
-#endif /* PUBKEY */
/*
* "logconfig" building blocks
@@ -345,6 +327,7 @@ static struct masks logcfg_item[] = {
* File descriptor used by the resolver save routines, and temporary file
* name.
*/
+int call_resolver = 1; /* ntp-genkeys sets this to 0, for example */
static FILE *res_fp;
#ifndef SYS_WINNT
static char res_file[20]; /* enough for /tmp/ntpXXXXXX\0 */
@@ -358,9 +341,8 @@ static char res_file[MAX_PATH];
*/
char const *progname;
char sys_phone[MAXPHONE][MAXDIAL]; /* ACTS phone numbers */
+char *keysdir = NTP_KEYSDIR; /* crypto keys directory */
char pps_device[MAXPPS + 1]; /* PPS device name */
-int pps_assert;
-int pps_hardpps;
#if defined(HAVE_SCHED_SETSCHEDULER)
int config_priority_override = 0;
int config_priority;
@@ -403,13 +385,13 @@ static void free_netinfo_config P((struct netinfo_config_state *));
static int gettokens_netinfo P((struct netinfo_config_state *, char **, int *));
#endif
static int gettokens P((FILE *, char *, char **, int *));
-static int matchkey P((char *, struct keyword *));
-static int getnetnum P((const char *, struct sockaddr_in *, int));
+static int matchkey P((char *, struct keyword *, int));
+static int getnetnum P((const char *, struct sockaddr_storage *, int));
static void save_resolve P((char *, int, int, int, int, u_int, int,
keyid_t, u_char *));
static void do_resolve_internal P((void));
static void abort_resolve P((void));
-#if !defined(VMS)
+#if !defined(VMS) && !defined(SYS_WINNT)
static RETSIGTYPE catchchild P((int));
#endif /* VMS */
@@ -490,6 +472,7 @@ getconfig(
register int i;
int c;
int errflg;
+ int istart;
int peerversion;
int minpoll;
int maxpoll;
@@ -501,14 +484,14 @@ getconfig(
u_long fudgeflag;
u_int peerflags;
int hmode;
- struct sockaddr_in peeraddr;
- struct sockaddr_in maskaddr;
+ struct sockaddr_storage peeraddr;
+ struct sockaddr_storage maskaddr;
FILE *fp[MAXINCLUDELEVEL+1];
FILE *includefile;
int includelevel = 0;
char line[MAXLINE];
char *(tokens[MAXTOKENS]);
- int ntokens;
+ int ntokens = 0;
int tok = CONFIG_UNKNOWN;
struct interface *localaddr;
struct refclockstat clock_stat;
@@ -627,7 +610,20 @@ getconfig(
break;
}
- if (!getnetnum(tokens[1], &peeraddr, 0)) {
+ istart = 1;
+ memset((char *)&peeraddr, 0, sizeof(peeraddr));
+ switch (matchkey(tokens[istart], addr_type, 0)) {
+ case CONF_ADDR_IPV4:
+ peeraddr.ss_family = AF_INET;
+ istart++;
+ break;
+ case CONF_ADDR_IPV6:
+ peeraddr.ss_family = AF_INET6;
+ istart++;
+ break;
+ }
+
+ if (!getnetnum(tokens[istart], &peeraddr, 0)) {
errflg = -1;
} else {
errflg = 0;
@@ -639,7 +635,7 @@ getconfig(
ISBADADR(&peeraddr)) {
msyslog(LOG_ERR,
"attempt to configure invalid address %s",
- ntoa(&peeraddr));
+ stoa(&peeraddr));
break;
}
/*
@@ -647,23 +643,45 @@ getconfig(
* address for server/peer!
* and unicast address for manycastclient!
*/
- if (((tok == CONFIG_SERVER) ||
- (tok == CONFIG_PEER)) &&
+ if (peeraddr.ss_family == AF_INET) {
+ if (((tok == CONFIG_SERVER) ||
+ (tok == CONFIG_PEER)) &&
#ifdef REFCLOCK
- !ISREFCLOCKADR(&peeraddr) &&
+ !ISREFCLOCKADR(&peeraddr) &&
#endif
- IN_CLASSD(ntohl(peeraddr.sin_addr.s_addr))) {
- msyslog(LOG_ERR,
- "attempt to configure invalid address %s",
- ntoa(&peeraddr));
- break;
+ IN_CLASSD(ntohl(((struct sockaddr_in*)&peeraddr)->sin_addr.s_addr))) {
+ msyslog(LOG_ERR,
+ "attempt to configure invalid address %s",
+ stoa(&peeraddr));
+ break;
+ }
+ if ((tok == CONFIG_MANYCASTCLIENT) &&
+ !IN_CLASSD(ntohl(((struct sockaddr_in*)&peeraddr)->sin_addr.s_addr))) {
+ msyslog(LOG_ERR,
+ "attempt to configure invalid address %s",
+ stoa(&peeraddr));
+ break;
+ }
}
- if ((tok == CONFIG_MANYCASTCLIENT) &&
- !IN_CLASSD(ntohl(peeraddr.sin_addr.s_addr))) {
- msyslog(LOG_ERR,
- "attempt to configure invalid address %s",
- ntoa(&peeraddr));
- break;
+ else if(peeraddr.ss_family == AF_INET6) {
+ if (((tok == CONFIG_SERVER) ||
+ (tok == CONFIG_PEER)) &&
+#ifdef REFCLOCK
+ !ISREFCLOCKADR(&peeraddr) &&
+#endif
+ IN6_IS_ADDR_MULTICAST(&((struct sockaddr_in6*)&peeraddr)->sin6_addr)) {
+ msyslog(LOG_ERR,
+ "attempt to configure in valid address %s",
+ stoa(&peeraddr));
+ break;
+ }
+ if ((tok == CONFIG_MANYCASTCLIENT) &&
+ !IN6_IS_ADDR_MULTICAST(&((struct sockaddr_in6*)&peeraddr)->sin6_addr)) {
+ msyslog(LOG_ERR,
+ "attempt to configure in valid address %s",
+ stoa(&peeraddr));
+ break;
+ }
}
}
@@ -671,11 +689,12 @@ getconfig(
minpoll = NTP_MINDPOLL;
maxpoll = NTP_MAXDPOLL;
peerkey = 0;
- peerkeystr = "*";
+ peerkeystr = (u_char *)"*";
peerflags = 0;
ttl = 0;
- for (i = 2; i < ntokens; i++)
- switch (matchkey(tokens[i], mod_keywords)) {
+ istart++;
+ for (i = istart; i < ntokens; i++)
+ switch (matchkey(tokens[i], mod_keywords, 1)) {
case CONF_MOD_VERSION:
if (i >= ntokens-1) {
msyslog(LOG_ERR,
@@ -752,43 +771,34 @@ getconfig(
case CONF_MOD_IBURST:
peerflags |= FLAG_IBURST;
break;
-#ifdef AUTOKEY
+#ifdef OPENSSL
case CONF_MOD_SKEY:
peerflags |= FLAG_SKEY |
FLAG_AUTHENABLE;
break;
-
-#ifdef PUBKEY
- case CONF_MOD_PUBLICKEY:
- if (i >= ntokens - 1) {
- msyslog(LOG_ERR,
- "Public key file name required");
- errflg = 1;
- break;
- }
- peerflags |= FLAG_SKEY |
- FLAG_AUTHENABLE;
- peerkeystr = tokens[++i];
- break;
-#endif /* PUBKEY */
-#endif /* AUTOKEY */
+#endif /* OPENSSL */
case CONF_MOD_TTL:
if (i >= ntokens-1) {
- msyslog(LOG_ERR,
- "ttl: argument required");
- errflg = 1;
- break;
+ msyslog(LOG_ERR,
+ "ttl: argument required");
+ errflg = 1;
+ break;
}
ttl = atoi(tokens[++i]);
+ if (ttl >= MAX_TTL) {
+ msyslog(LOG_ERR,
+ "ttl: invalid argument");
+ errflg = 1;
+ }
break;
case CONF_MOD_MODE:
if (i >= ntokens-1) {
- msyslog(LOG_ERR,
- "mode: argument required");
- errflg = 1;
- break;
+ msyslog(LOG_ERR,
+ "mode: argument required");
+ errflg = 1;
+ break;
}
ttl = atoi(tokens[++i]);
break;
@@ -798,17 +808,22 @@ getconfig(
break;
}
if (minpoll > maxpoll) {
- msyslog(LOG_ERR, "config error: minpoll > maxpoll");
+ msyslog(LOG_ERR,
+ "config error: minpoll > maxpoll");
errflg = 1;
}
if (errflg == 0) {
- if (peer_config(&peeraddr, any_interface, hmode,
- peerversion, minpoll, maxpoll, peerflags,
- ttl, peerkey, peerkeystr) == 0) {
+ if (peer_config(&peeraddr,
+ ANY_INTERFACE_CHOOSE(&peeraddr), hmode,
+ peerversion, minpoll, maxpoll, peerflags,
+ ttl, peerkey, peerkeystr) == 0) {
msyslog(LOG_ERR,
"configuration of %s failed",
- ntoa(&peeraddr));
+ stoa(&peeraddr));
}
+ if (tok == CONFIG_MANYCASTCLIENT)
+ proto_config(PROTO_MULTICAST_ADD,
+ 0, 0., &peeraddr);
} else if (errflg == -1) {
save_resolve(tokens[1], hmode, peerversion,
@@ -910,48 +925,63 @@ getconfig(
break;
case CONFIG_BROADCASTCLIENT:
- proto_config(PROTO_BROADCLIENT, 1, 0.);
+ proto_config(PROTO_BROADCLIENT, 1, 0., NULL);
break;
-
+
case CONFIG_MULTICASTCLIENT:
case CONFIG_MANYCASTSERVER:
if (ntokens > 1) {
- for (i = 1; i < ntokens; i++) {
+ istart = 1;
+ memset((char *)&peeraddr, 0, sizeof(peeraddr));
+ switch (matchkey(tokens[istart],
+ addr_type, 0)) {
+ case CONF_ADDR_IPV4:
+ peeraddr.ss_family = AF_INET;
+ istart++;
+ break;
+ case CONF_ADDR_IPV6:
+ peeraddr.ss_family = AF_INET6;
+ istart++;
+ break;
+ }
+ /*
+ * Abuse maskaddr to store the prefered ip
+ * version.
+ */
+ memset((char *)&maskaddr, 0, sizeof(maskaddr));
+ maskaddr.ss_family = peeraddr.ss_family;
+
+ for (i = istart; i < ntokens; i++) {
+ memset((char *)&peeraddr, 0,
+ sizeof(peeraddr));
+ peeraddr.ss_family = maskaddr.ss_family;
if (getnetnum(tokens[i], &peeraddr, 1))
proto_config(PROTO_MULTICAST_ADD,
- peeraddr.sin_addr.s_addr, 0.);
+ 0, 0., &peeraddr);
}
} else
proto_config(PROTO_MULTICAST_ADD,
- htonl(INADDR_NTP), 0.);
+ 0, 0., NULL);
if (tok == CONFIG_MULTICASTCLIENT)
sys_bclient = 1;
else if (tok == CONFIG_MANYCASTSERVER)
sys_manycastserver = 1;
break;
- case CONFIG_AUTHENTICATE:
- errflg = 0;
+ case CONFIG_KEYS:
if (ntokens >= 2) {
- if (STREQ(tokens[1], "yes"))
- proto_config(PROTO_AUTHENTICATE, 1, 0.);
- else if (STREQ(tokens[1], "no"))
- proto_config(PROTO_AUTHENTICATE, 0, 0.);
- else
- errflg++;
- } else {
- errflg++;
+ getauthkeys(tokens[1]);
}
-
- if (errflg)
- msyslog(LOG_ERR,
- "should be `authenticate yes|no'");
break;
- case CONFIG_KEYS:
- if (ntokens >= 2) {
- getauthkeys(tokens[1]);
+ case CONFIG_KEYSDIR:
+ if (ntokens < 2) {
+ msyslog(LOG_ERR,
+ "Keys directory name required");
+ break;
}
+ keysdir = emalloc(strlen(tokens[1]) + 1);
+ strcpy(keysdir, tokens[1]);
break;
case CONFIG_TINKER:
@@ -959,8 +989,7 @@ getconfig(
int temp;
double ftemp;
- temp = matchkey(tokens[i++],
- tinker_keywords);
+ temp = matchkey(tokens[i++], tinker_keywords, 1);
if (i > ntokens - 1) {
msyslog(LOG_ERR,
"tinker: missing argument");
@@ -969,6 +998,7 @@ getconfig(
}
sscanf(tokens[i], "%lf", &ftemp);
switch(temp) {
+
case CONF_CLOCK_MAX:
loop_config(LOOP_MAX, ftemp);
break;
@@ -985,10 +1015,6 @@ getconfig(
loop_config(LOOP_MINSTEP, ftemp);
break;
- case CONF_CLOCK_MINPOLL:
- loop_config(LOOP_MINPOLL, ftemp);
- break;
-
case CONF_CLOCK_ALLAN:
loop_config(LOOP_ALLAN, ftemp);
break;
@@ -996,14 +1022,96 @@ getconfig(
case CONF_CLOCK_HUFFPUFF:
loop_config(LOOP_HUFFPUFF, ftemp);
break;
+
+ case CONF_CLOCK_FREQ:
+ loop_config(LOOP_FREQ, ftemp);
+ break;
}
}
break;
-#ifdef AUTOKEY
+ case CONFIG_TOS:
+ for (i = 1; i < ntokens; i++) {
+ int temp;
+ double ftemp;
+
+ temp = matchkey(tokens[i++], tos_keywords, 1);
+ if (i > ntokens - 1) {
+ msyslog(LOG_ERR,
+ "tinker: missing argument");
+ errflg++;
+ break;
+ }
+ sscanf(tokens[i], "%lf", &ftemp);
+ switch(temp) {
+
+ case CONF_TOS_MINCLOCK:
+ proto_config(PROTO_MINCLOCK, 0, ftemp, NULL);
+ break;
+
+ case CONF_TOS_MINSANE:
+ proto_config(PROTO_MINSANE, 0, ftemp, NULL);
+ break;
+
+ case CONF_TOS_FLOOR:
+ proto_config(PROTO_FLOOR, 0, ftemp, NULL);
+ break;
+
+ case CONF_TOS_CEILING:
+ proto_config(PROTO_CEILING, 0, ftemp, NULL);
+ break;
+
+ case CONF_TOS_COHORT:
+ proto_config(PROTO_COHORT, 0, ftemp, NULL);
+ break;
+ }
+ }
+ break;
+
+ case CONFIG_TTL:
+ for (i = 1; i < ntokens && i < MAX_TTL; i++) {
+ sys_ttl[i - 1] = (u_char) atoi(tokens[i]);
+ sys_ttlmax = i - 1;
+ }
+ break;
+
+ case CONFIG_DISCARD:
+ for (i = 1; i < ntokens; i++) {
+ int temp;
+
+ temp = matchkey(tokens[i++],
+ discard_keywords, 1);
+ if (i > ntokens - 1) {
+ msyslog(LOG_ERR,
+ "discard: missing argument");
+ errflg++;
+ break;
+ }
+ switch(temp) {
+ case CONF_DISCARD_AVERAGE:
+ res_avg_interval = atoi(tokens[i++]);
+ break;
+
+ case CONF_DISCARD_MINIMUM:
+ res_min_interval = atoi(tokens[i++]);
+ break;
+
+ case CONF_DISCARD_MONITOR:
+ mon_age = atoi(tokens[i++]);
+ break;
+
+ default:
+ msyslog(LOG_ERR,
+ "discard: unknown keyword");
+ break;
+ }
+ }
+ break;
+
+#ifdef OPENSSL
case CONFIG_REVOKE:
if (ntokens >= 2)
- sys_revoke = 1 << max(atoi(tokens[1]), 10);
+ sys_revoke = (u_char) max(atoi(tokens[1]), KEY_REVOKE);
break;
case CONFIG_AUTOMAX:
@@ -1011,25 +1119,16 @@ getconfig(
sys_automax = 1 << max(atoi(tokens[1]), 10);
break;
-#ifdef PUBKEY
- case CONFIG_KEYSDIR:
- if (ntokens < 2) {
- msyslog(LOG_ERR,
- "Keys directory name required");
- break;
- }
- crypto_config(CRYPTO_CONF_KEYS, tokens[1]);
- break;
-
case CONFIG_CRYPTO:
if (ntokens == 1) {
- crypto_config(CRYPTO_CONF_FLAGS , "0");
+ crypto_config(CRYPTO_CONF_NONE, NULL);
break;
}
for (i = 1; i < ntokens; i++) {
int temp;
- temp = matchkey(tokens[i++], crypto_keywords);
+ temp = matchkey(tokens[i++],
+ crypto_keywords, 1);
if (i > ntokens - 1) {
msyslog(LOG_ERR,
"crypto: missing argument");
@@ -1037,48 +1136,88 @@ getconfig(
break;
}
switch(temp) {
- case CONF_CRYPTO_FLAGS:
- crypto_config(CRYPTO_CONF_FLAGS, tokens[i]);
+
+ case CONF_CRYPTO_CERT:
+ crypto_config(CRYPTO_CONF_CERT,
+ tokens[i]);
break;
- case CONF_CRYPTO_LEAP:
- crypto_config(CRYPTO_CONF_LEAP, tokens[i]);
+ case CONF_CRYPTO_RSA:
+ crypto_config(CRYPTO_CONF_PRIV,
+ tokens[i]);
break;
- case CONF_CRYPTO_DH:
- crypto_config(CRYPTO_CONF_DH, tokens[i]);
+ case CONF_CRYPTO_IFFPAR:
+ crypto_config(CRYPTO_CONF_IFFPAR,
+ tokens[i]);
break;
- case CONF_CRYPTO_PRIVATEKEY:
- crypto_config(CRYPTO_CONF_PRIV, tokens[i]);
+ case CONF_CRYPTO_GQPAR:
+ crypto_config(CRYPTO_CONF_GQPAR,
+ tokens[i]);
break;
- case CONF_CRYPTO_PUBLICKEY:
- crypto_config(CRYPTO_CONF_PUBL, tokens[i]);
+ case CONF_CRYPTO_MVPAR:
+ crypto_config(CRYPTO_CONF_MVPAR,
+ tokens[i]);
break;
- case CONF_CRYPTO_CERT:
- crypto_config(CRYPTO_CONF_CERT, tokens[i]);
+ case CONF_CRYPTO_LEAP:
+ crypto_config(CRYPTO_CONF_LEAP,
+ tokens[i]);
+ break;
+
+ case CONF_CRYPTO_PW:
+ crypto_config(CRYPTO_CONF_PW,
+ tokens[i]);
+ break;
+
+ case CONF_CRYPTO_RAND:
+ crypto_config(CRYPTO_CONF_RAND,
+ tokens[i]);
+ break;
+
+ case CONF_CRYPTO_SIGN:
+ crypto_config(CRYPTO_CONF_SIGN,
+ tokens[i]);
break;
default:
- msyslog(LOG_ERR, "crypto: unknown keyword");
+ msyslog(LOG_ERR,
+ "crypto: unknown keyword");
break;
}
}
break;
-#endif /* PUBKEY */
-#endif /* AUTOKEY */
+#endif /* OPENSSL */
case CONFIG_RESTRICT:
if (ntokens < 2) {
msyslog(LOG_ERR, "restrict requires an address");
break;
}
- if (STREQ(tokens[1], "default"))
- peeraddr.sin_addr.s_addr = htonl(INADDR_ANY);
- else if (!getnetnum(tokens[1], &peeraddr, 1))
- break;
+ istart = 1;
+ memset((char *)&peeraddr, 0, sizeof(peeraddr));
+ switch (matchkey(tokens[istart], addr_type, 0)) {
+ case CONF_ADDR_IPV4:
+ peeraddr.ss_family = AF_INET;
+ istart++;
+ break;
+ case CONF_ADDR_IPV6:
+ peeraddr.ss_family = AF_INET6;
+ istart++;
+ break;
+ }
+
+ /*
+ * Assume default means an IPv4 address, except
+ * if forced by a -4 or -6.
+ */
+ if (STREQ(tokens[istart], "default")) {
+ if (peeraddr.ss_family == 0)
+ peeraddr.ss_family = AF_INET;
+ } else if (!getnetnum(tokens[istart], &peeraddr, 1))
+ break;
/*
* Use peerversion as flags, peerkey as mflags. Ick.
@@ -1086,9 +1225,10 @@ getconfig(
peerversion = 0;
peerkey = 0;
errflg = 0;
- maskaddr.sin_addr.s_addr = ~(u_int32)0;
- for (i = 2; i < ntokens; i++) {
- switch (matchkey(tokens[i], res_keywords)) {
+ SET_HOSTMASK(&maskaddr, peeraddr.ss_family);
+ istart++;
+ for (i = istart; i < ntokens; i++) {
+ switch (matchkey(tokens[i], res_keywords, 1)) {
case CONF_RES_MASK:
if (i >= ntokens-1) {
msyslog(LOG_ERR,
@@ -1154,8 +1294,8 @@ getconfig(
break;
}
}
- if (SRCADR(&peeraddr) == htonl(INADDR_ANY))
- maskaddr.sin_addr.s_addr = 0;
+ if (SOCKNUL(&peeraddr))
+ ANYSOCK(&maskaddr);
if (!errflg)
hack_restrict(RESTRICT_FLAGS, &peeraddr, &maskaddr,
(int)peerkey, peerversion);
@@ -1170,11 +1310,23 @@ getconfig(
"broadcastdelay value %s undecodable",
tokens[1]);
} else {
- proto_config(PROTO_BROADDELAY, 0, tmp);
+ proto_config(PROTO_BROADDELAY, 0, tmp, NULL);
}
}
break;
+ case CONFIG_CDELAY:
+ if (ntokens >= 2) {
+ u_long ui;
+
+ if (sscanf(tokens[1], "%ld", &ui) != 1)
+ msyslog(LOG_ERR,
+ "illegal value - line ignored");
+ else
+ proto_config(PROTO_CALLDELAY, ui, 0, NULL);
+ }
+ break;
+
case CONFIG_TRUSTEDKEY:
for (i = 1; i < ntokens; i++) {
keyid_t tkey;
@@ -1232,7 +1384,20 @@ getconfig(
"no address for trap command, line ignored");
break;
}
- if (!getnetnum(tokens[1], &peeraddr, 1))
+ istart = 1;
+ memset((char *)&peeraddr, 0, sizeof(peeraddr));
+ switch (matchkey(tokens[istart], addr_type, 0)) {
+ case CONF_ADDR_IPV4:
+ peeraddr.ss_family = AF_INET;
+ istart++;
+ break;
+ case CONF_ADDR_IPV6:
+ peeraddr.ss_family = AF_INET6;
+ istart++;
+ break;
+ }
+
+ if (!getnetnum(tokens[istart], &peeraddr, 1))
break;
/*
@@ -1241,8 +1406,9 @@ getconfig(
errflg = 0;
peerversion = 0;
localaddr = 0;
- for (i = 2; i < ntokens-1; i++)
- switch (matchkey(tokens[i], trap_keywords)) {
+ istart++;
+ for (i = istart; i < ntokens-1; i++)
+ switch (matchkey(tokens[i], trap_keywords, 1)) {
case CONF_TRAP_PORT:
if (i >= ntokens-1) {
msyslog(LOG_ERR,
@@ -1268,6 +1434,9 @@ getconfig(
break;
}
+ memset((char *)&maskaddr, 0,
+ sizeof(maskaddr));
+ maskaddr.ss_family = peeraddr.ss_family;
if (!getnetnum(tokens[++i],
&maskaddr, 1)) {
errflg = 1;
@@ -1278,7 +1447,7 @@ getconfig(
if (localaddr == NULL) {
msyslog(LOG_ERR,
"can't find interface with address %s",
- ntoa(&maskaddr));
+ stoa(&maskaddr));
errflg = 1;
}
break;
@@ -1290,16 +1459,16 @@ getconfig(
if (!errflg) {
if (peerversion != 0)
- peeraddr.sin_port = htons( (u_short) peerversion);
+ ((struct sockaddr_in6*)&peeraddr)->sin6_port = htons( (u_short) peerversion);
else
- peeraddr.sin_port = htons(TRAPPORT);
+ ((struct sockaddr_in6*)&peeraddr)->sin6_port = htons(TRAPPORT);
if (localaddr == NULL)
- localaddr = any_interface;
+ localaddr = ANY_INTERFACE_CHOOSE(&peeraddr);
if (!ctlsettrap(&peeraddr, localaddr, 0,
NTP_VERSION))
msyslog(LOG_ERR,
"can't set trap for %s, no resources",
- ntoa(&peeraddr));
+ stoa(&peeraddr));
}
break;
@@ -1309,13 +1478,14 @@ getconfig(
"no address for fudge command, line ignored");
break;
}
+ memset((char *)&peeraddr, 0, sizeof(peeraddr));
if (!getnetnum(tokens[1], &peeraddr, 1))
break;
if (!ISREFCLOCKADR(&peeraddr)) {
msyslog(LOG_ERR,
"%s is inappropriate address for the fudge command, line ignored",
- ntoa(&peeraddr));
+ stoa(&peeraddr));
break;
}
@@ -1324,13 +1494,13 @@ getconfig(
errflg = 0;
for (i = 2; i < ntokens-1; i++) {
switch (c = matchkey(tokens[i],
- fudge_keywords)) {
+ fudge_keywords, 1)) {
case CONF_FDG_TIME1:
if (sscanf(tokens[++i], "%lf",
&clock_stat.fudgetime1) != 1) {
msyslog(LOG_ERR,
"fudge %s time1 value in error",
- ntoa(&peeraddr));
+ stoa(&peeraddr));
errflg = i;
break;
}
@@ -1342,7 +1512,7 @@ getconfig(
&clock_stat.fudgetime2) != 1) {
msyslog(LOG_ERR,
"fudge %s time2 value in error",
- ntoa(&peeraddr));
+ stoa(&peeraddr));
errflg = i;
break;
}
@@ -1355,7 +1525,7 @@ getconfig(
{
msyslog(LOG_ERR,
"fudge %s stratum value in error",
- ntoa(&peeraddr));
+ stoa(&peeraddr));
errflg = i;
break;
}
@@ -1379,7 +1549,7 @@ getconfig(
|| fudgeflag > 1) {
msyslog(LOG_ERR,
"fudge %s flag value in error",
- ntoa(&peeraddr));
+ stoa(&peeraddr));
errflg = i;
break;
}
@@ -1475,7 +1645,8 @@ getconfig(
errflg = 0;
for (i = 2; i < ntokens; i++) {
- switch (matchkey(tokens[i], filegen_keywords)) {
+ switch (matchkey(tokens[i],
+ filegen_keywords, 1)) {
case CONF_FGEN_FILE:
if (i >= ntokens - 1) {
msyslog(LOG_ERR,
@@ -1494,7 +1665,8 @@ getconfig(
errflg = i;
break;
}
- peerkey = matchkey(tokens[++i], fgen_types);
+ peerkey = matchkey(tokens[++i],
+ fgen_types, 1);
if (peerkey == CONFIG_UNKNOWN) {
msyslog(LOG_ERR,
"filegen %s unknown type \"%s\"",
@@ -1532,55 +1704,12 @@ getconfig(
"no value for setvar command - line ignored");
} else {
set_sys_var(tokens[1], strlen(tokens[1])+1,
- RW |
+ (u_short) (RW |
((((ntokens > 2)
&& !strcmp(tokens[2],
"default")))
? DEF
- : 0));
- }
- break;
-
- case CONFIG_CLIENTLIMIT:
- if (ntokens < 2) {
- msyslog(LOG_ERR,
- "no value for clientlimit command - line ignored");
- } else {
- u_long ui;
-
- if (!atouint(tokens[1], &ui) || !ui) {
- msyslog(LOG_ERR,
- "illegal value for clientlimit command - line ignored");
- } else {
- char bp[80];
-
-#ifdef DEBUG
- if (debug)
- sprintf(bp, "client_limit=%lu", ui);
-#endif
- set_sys_var(bp, strlen(bp)+1, RO);
- client_limit = ui;
- }
- }
- break;
-
- case CONFIG_CLIENTPERIOD:
- if (ntokens < 2) {
- msyslog(LOG_ERR,
- "no value for clientperiod command - line ignored");
- } else {
- u_long ui;
-
- if (!atouint(tokens[1], &ui) || ui < 64) {
- msyslog(LOG_ERR,
- "illegal value for clientperiod command - line ignored");
- } else {
- char bp[80];
-
- sprintf(bp, "client_limit_period=%ld", ui);
- set_sys_var(bp, strlen(bp)+1, RO);
- client_limit_period = ui;
- }
+ : 0)));
}
break;
@@ -1588,7 +1717,7 @@ getconfig(
for (i = 1; i < ntokens; i++) {
int flag;
- flag = matchkey(tokens[i], flags_keywords);
+ flag = matchkey(tokens[i], flags_keywords, 1);
if (flag == CONFIG_UNKNOWN) {
msyslog(LOG_ERR,
"enable unknown flag %s",
@@ -1596,7 +1725,7 @@ getconfig(
errflg = 1;
break;
}
- proto_config(flag, 1, 0.);
+ proto_config(flag, 1, 0., NULL);
}
break;
@@ -1604,7 +1733,7 @@ getconfig(
for (i = 1; i < ntokens; i++) {
int flag;
- flag = matchkey(tokens[i], flags_keywords);
+ flag = matchkey(tokens[i], flags_keywords, 1);
if (flag == CONFIG_UNKNOWN) {
msyslog(LOG_ERR,
"disable unknown flag %s",
@@ -1612,7 +1741,7 @@ getconfig(
errflg = 1;
break;
}
- proto_config(flag, 0, 0.);
+ proto_config(flag, 0, 0., NULL);
}
break;
@@ -1624,38 +1753,14 @@ getconfig(
sys_phone[i - 1][0] = '\0';
break;
- case CONFIG_PPS:
- if (ntokens < 2) {
- msyslog(LOG_ERR,
- "pps missing device name");
- break;
- }
- (void)strncpy(pps_device, tokens[1], MAXPPS);
- for (i = 2; i < ntokens; i++) {
- int flag;
+ case CONFIG_ADJ: {
+ double ftemp;
- flag = matchkey(tokens[i], pps_keywords);
- switch(flag) {
- case CONF_PPS_ASSERT:
- pps_assert = 0;
- break;
- case CONF_PPS_CLEAR:
- pps_assert = 1;
- break;
- case CONF_PPS_HARDPPS:
- pps_hardpps = 1;
- break;
- default:
- msyslog(LOG_ERR,
- "pps unknown flag %s",
- tokens[i]);
- errflg = 1;
- break;
- }
- if(errflg)
- break;
+ sscanf(tokens[1], "%lf", &ftemp);
+ proto_config(PROTO_ADJ, 0, ftemp, NULL);
}
break;
+
}
}
if (fp[0])
@@ -1680,7 +1785,7 @@ getconfig(
for (i = 0; i < 8; i++)
for (j = 1; j < 100; ++j) {
- rankey[i] = RANDOM & 0xff;
+ rankey[i] = (char) (RANDOM & 0xff);
if (rankey[i] != 0) break;
}
rankey[8] = 0;
@@ -1697,10 +1802,12 @@ getconfig(
#endif /* !defined(VMS) && !defined(SYS_VXWORKS) */
if (res_fp != NULL) {
- /*
- * Need name resolution
- */
- do_resolve_internal();
+ if (call_resolver) {
+ /*
+ * Need name resolution
+ */
+ do_resolve_internal();
+ }
}
}
@@ -1801,7 +1908,7 @@ gettokens_netinfo (
for (index = 0; index < namelist.ni_namelist_len; index++) {
char *value = namelist.ni_namelist_val[index];
- if (! (val_list[index] = (char*)malloc(strlen(value+1))))
+ if (! (val_list[index] = (char*)malloc(strlen(value)+1)))
{ msyslog(LOG_ERR, "out of memory while configuring"); break; }
strcpy(val_list[index], value);
@@ -1921,7 +2028,7 @@ gettokens (
* Return the match
*/
*ntokens = ntok + 1;
- ntok = matchkey(tokenlist[0], keywords);
+ ntok = matchkey(tokenlist[0], keywords, 1);
if (ntok == CONFIG_UNKNOWN)
goto again;
return ntok;
@@ -1935,14 +2042,16 @@ gettokens (
static int
matchkey(
register char *word,
- register struct keyword *keys
+ register struct keyword *keys,
+ int complain
)
{
for (;;) {
if (keys->keytype == CONFIG_UNKNOWN) {
- msyslog(LOG_ERR,
- "configure: keyword \"%s\" unknown, line ignored",
- word);
+ if (complain)
+ msyslog(LOG_ERR,
+ "configure: keyword \"%s\" unknown, line ignored",
+ word);
return CONFIG_UNKNOWN;
}
if (STRSAME(word, keys->text))
@@ -1958,77 +2067,53 @@ matchkey(
static int
getnetnum(
const char *num,
- struct sockaddr_in *addr,
+ struct sockaddr_storage *addr,
int complain
)
{
- register const char *cp;
- register char *bp;
- register int i;
- register int temp;
- char buf[80]; /* will core dump on really stupid stuff */
- u_int32 netnum;
-
- /* XXX ELIMINATE replace with decodenetnum */
- cp = num;
- netnum = 0;
- for (i = 0; i < 4; i++) {
- bp = buf;
- while (isdigit((int)*cp))
- *bp++ = *cp++;
- if (bp == buf)
- break;
+ struct addrinfo hints;
+ struct addrinfo *ptr;
- if (i < 3) {
- if (*cp++ != '.')
- break;
- } else if (*cp != '\0')
- break;
+ /* Get host address. Looking for UDP datagram connection */
+ memset(&hints, 0, sizeof (hints));
+ if (addr->ss_family == AF_INET || addr->ss_family == AF_INET6)
+ hints.ai_family = addr->ss_family;
+ else
+ hints.ai_family = AF_UNSPEC;
- *bp = '\0';
- temp = atoi(buf);
- if (temp > 255)
- break;
- netnum <<= 8;
- netnum += temp;
+ hints.ai_socktype = SOCK_DGRAM;
#ifdef DEBUG
if (debug > 3)
- printf("getnetnum %s step %d buf %s temp %d netnum %lu\n",
- num, i, buf, temp, (u_long)netnum);
+ printf("getaddrinfo %s\n", num);
#endif
- }
-
- if (i < 4) {
+ if (getaddrinfo(num, "ntp", &hints, &ptr)!=0) {
if (complain)
msyslog(LOG_ERR,
- "getnetnum: \"%s\" invalid host number, line ignored",
+ "getaddrinfo: \"%s\" invalid host address, line ignored",
num);
#ifdef DEBUG
if (debug > 3)
printf(
- "getnetnum: \"%s\" invalid host number, line ignored\n",
- num);
+ "getaddrinfo: \"%s\" invalid host address%s.\n",
+ num, (complain)
+ ? ", line ignored"
+ : "");
#endif
return 0;
}
- /*
- * make up socket address. Clear it out for neatness.
- */
- memset((void *)addr, 0, sizeof(struct sockaddr_in));
- addr->sin_family = AF_INET;
- addr->sin_port = htons(NTP_PORT);
- addr->sin_addr.s_addr = htonl(netnum);
+ memcpy(addr, ptr->ai_addr, ptr->ai_addrlen);
#ifdef DEBUG
if (debug > 1)
- printf("getnetnum given %s, got %s (%lx)\n",
- num, ntoa(addr), (u_long)netnum);
+ printf("getnetnum given %s, got %s \n",
+ num, stoa(addr));
#endif
+ freeaddrinfo(ptr);
return 1;
}
-#if !defined(VMS)
+#if !defined(VMS) && !defined(SYS_WINNT)
/*
* catchchild - receive the resolver's exit status
*/
@@ -2072,8 +2157,7 @@ save_resolve(
#else
/* no /tmp directory under NT */
{
- DWORD len;
- if(!(len = GetTempPath((DWORD)MAX_PATH, (LPTSTR)res_file))) {
+ if(!(GetTempPath((DWORD)MAX_PATH, (LPTSTR)res_file))) {
msyslog(LOG_ERR, "cannot get pathname for temporary directory: %m");
return;
}
@@ -2211,7 +2295,7 @@ do_resolve_internal(void)
*/
closelog();
- kill_asyncio();
+ kill_asyncio(0);
(void) signal_no_reset(SIGCHLD, SIG_DFL);
@@ -2266,13 +2350,14 @@ do_resolve_internal(void)
*/
DWORD dwThreadId;
fflush(stdout);
- if (!(ResolverThreadHandle = CreateThread(
- NULL, /* no security attributes */
- 0, /* use default stack size */
+ ResolverThreadHandle = CreateThread(
+ NULL, /* no security attributes */
+ 0, /* use default stack size */
(LPTHREAD_START_ROUTINE) ntp_intres, /* thread function */
- NULL, /* argument to thread function */
- 0, /* use default creation flags */
- &dwThreadId))) { /* returns the thread identifier */
+ NULL, /* argument to thread function */
+ 0, /* use default creation flags */
+ &dwThreadId); /* returns the thread identifier */
+ if (ResolverThreadHandle == NULL) {
msyslog(LOG_ERR, "CreateThread() failed, can't start ntp_intres");
abort_resolve();
}