diff options
Diffstat (limited to 'ntpd/ntp_request.c')
-rw-r--r-- | ntpd/ntp_request.c | 51 |
1 files changed, 35 insertions, 16 deletions
diff --git a/ntpd/ntp_request.c b/ntpd/ntp_request.c index 5e0e6f82f159..e541f7c51198 100644 --- a/ntpd/ntp_request.c +++ b/ntpd/ntp_request.c @@ -87,7 +87,7 @@ static void list_restrict (sockaddr_u *, endpt *, struct req_pkt *); static void do_resaddflags (sockaddr_u *, endpt *, struct req_pkt *); static void do_ressubflags (sockaddr_u *, endpt *, struct req_pkt *); static void do_unrestrict (sockaddr_u *, endpt *, struct req_pkt *); -static void do_restrict (sockaddr_u *, endpt *, struct req_pkt *, int); +static void do_restrict (sockaddr_u *, endpt *, struct req_pkt *, restrict_op); static void mon_getlist (sockaddr_u *, endpt *, struct req_pkt *); static void reset_stats (sockaddr_u *, endpt *, struct req_pkt *); static void reset_peer (sockaddr_u *, endpt *, struct req_pkt *); @@ -582,6 +582,7 @@ process_private( * him. If the wrong key was used, or packet doesn't * have mac, return. */ + /* XXX: Use authistrustedip(), or equivalent. */ if (!INFO_IS_AUTH(inpkt->auth_seq) || !info_auth_keyid || ntohl(tailinpkt->keyid) != info_auth_keyid) { DPRINTF(5, ("failed auth %d info_auth_keyid %u pkt keyid %u maclen %lu\n", @@ -837,7 +838,7 @@ peer_info ( #endif datap += item_sz; - pp = findexistingpeer(&addr, NULL, NULL, -1, 0); + pp = findexistingpeer(&addr, NULL, NULL, -1, 0, NULL); if (NULL == pp) continue; if (IS_IPV6(srcadr)) { @@ -981,7 +982,7 @@ peer_stats ( datap += item_sz; - pp = findexistingpeer(&addr, NULL, NULL, -1, 0); + pp = findexistingpeer(&addr, NULL, NULL, -1, 0, NULL); if (NULL == pp) continue; @@ -1150,6 +1151,8 @@ sys_stats( ss->badauth = htonl((u_int32)sys_badauth); ss->limitrejected = htonl((u_int32)sys_limitrejected); ss->received = htonl((u_int32)sys_received); + ss->lamport = htonl((u_int32)sys_lamport); + ss->tsrounding = htonl((u_int32)sys_tsrounding); (void) more_pkt(); flush_pkt(); } @@ -1366,10 +1369,13 @@ do_conf( * * - minpoll/maxpoll, but they are treated properly * for all cases internally. Checking not necessary. + * + * Note that we ignore any previously-specified ippeerlimit. + * If we're told to create the peer, we create the peer. */ /* finally create the peer */ - if (peer_config(&peeraddr, NULL, NULL, + if (peer_config(&peeraddr, NULL, NULL, -1, temp_cp.hmode, temp_cp.version, temp_cp.minpoll, temp_cp.maxpoll, fl, temp_cp.ttl, temp_cp.keyid, NULL) == 0) @@ -1449,7 +1455,7 @@ do_unconf( p = NULL; do { p = findexistingpeer( - &peeraddr, NULL, p, -1, 0); + &peeraddr, NULL, p, -1, 0, NULL); } while (p && !(FLAG_CONFIG & p->flags)); if (!loops && !p) { @@ -1653,7 +1659,7 @@ list_restrict4( pir->v6_flag = 0; pir->mask = htonl(res->u.v4.mask); pir->count = htonl(res->count); - pir->flags = htons(res->flags); + pir->rflags = htons(res->rflags); pir->mflags = htons(res->mflags); pir = (struct info_restrict *)more_pkt(); } @@ -1684,7 +1690,7 @@ list_restrict6( pir->mask6 = res->u.v6.mask; pir->v6_flag = 1; pir->count = htonl(res->count); - pir->flags = htons(res->flags); + pir->rflags = htons(res->rflags); pir->mflags = htons(res->mflags); pir = (struct info_restrict *)more_pkt(); } @@ -1773,7 +1779,7 @@ do_restrict( sockaddr_u *srcadr, endpt *inter, struct req_pkt *inpkt, - int op + restrict_op op ) { char * datap; @@ -1784,6 +1790,18 @@ do_restrict( sockaddr_u matchmask; int bad; + switch(op) { + case RESTRICT_FLAGS: + case RESTRICT_UNFLAG: + case RESTRICT_REMOVE: + case RESTRICT_REMOVEIF: + break; + + default: + req_ack(srcadr, inter, inpkt, INFO_ERR_FMT); + return; + } + /* * Do a check of the flags to make sure that only * the NTPPORT flag is set, if any. If not, complain @@ -1797,7 +1815,7 @@ do_restrict( return; } - bad = FALSE; + bad = 0; while (items-- > 0 && !bad) { memcpy(&cr, datap, item_sz); cr.flags = ntohs(cr.flags); @@ -1837,6 +1855,7 @@ do_restrict( memcpy(&cr, datap, item_sz); cr.flags = ntohs(cr.flags); cr.mflags = ntohs(cr.mflags); + cr.ippeerlimit = ntohs(cr.ippeerlimit); if (client_v6_capable && cr.v6_flag) { AF(&matchaddr) = AF_INET6; AF(&matchmask) = AF_INET6; @@ -1849,7 +1868,7 @@ do_restrict( NSRCADR(&matchmask) = cr.mask; } hack_restrict(op, &matchaddr, &matchmask, cr.mflags, - cr.flags, 0); + cr.ippeerlimit, cr.flags, 0); datap += item_sz; } @@ -1975,7 +1994,7 @@ reset_peer( #ifdef ISC_PLATFORM_HAVESALEN peeraddr.sa.sa_len = SOCKLEN(&peeraddr); #endif - p = findexistingpeer(&peeraddr, NULL, NULL, -1, 0); + p = findexistingpeer(&peeraddr, NULL, NULL, -1, 0, NULL); if (NULL == p) bad++; datap += item_sz; @@ -2008,10 +2027,10 @@ reset_peer( #ifdef ISC_PLATFORM_HAVESALEN peeraddr.sa.sa_len = SOCKLEN(&peeraddr); #endif - p = findexistingpeer(&peeraddr, NULL, NULL, -1, 0); + p = findexistingpeer(&peeraddr, NULL, NULL, -1, 0, NULL); while (p != NULL) { peer_reset(p); - p = findexistingpeer(&peeraddr, NULL, p, -1, 0); + p = findexistingpeer(&peeraddr, NULL, p, -1, 0, NULL); } datap += item_sz; } @@ -2492,7 +2511,7 @@ get_clock_info( while (items-- > 0 && ic) { NSRCADR(&addr) = *clkaddr++; if (!ISREFCLOCKADR(&addr) || NULL == - findexistingpeer(&addr, NULL, NULL, -1, 0)) { + findexistingpeer(&addr, NULL, NULL, -1, 0, NULL)) { req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA); return; } @@ -2556,7 +2575,7 @@ set_clock_fudge( #endif SET_PORT(&addr, NTP_PORT); if (!ISREFCLOCKADR(&addr) || NULL == - findexistingpeer(&addr, NULL, NULL, -1, 0)) { + findexistingpeer(&addr, NULL, NULL, -1, 0, NULL)) { req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA); return; } @@ -2631,7 +2650,7 @@ get_clkbug_info( while (items-- > 0 && ic) { NSRCADR(&addr) = *clkaddr++; if (!ISREFCLOCKADR(&addr) || NULL == - findexistingpeer(&addr, NULL, NULL, -1, 0)) { + findexistingpeer(&addr, NULL, NULL, -1, 0, NULL)) { req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA); return; } |