Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

merge conflicts

Browse Source
This commit is contained in:
christos 2018-04-07 00:19:52 +00:00
parent 56f2724e8b
commit 4eea345d9b
141 changed files with 4821 additions and 2834 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
external/bsd/ntp/dist/include/ntp.h vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntp.h,v 1.8 2016/11/22 03:09:30 christos Exp $ */
/* $NetBSD: ntp.h,v 1.9 2018/04/07 00:19:52 christos Exp $ */
/*
* ntp.h - NTP definitions for the masses
@ -555,11 +555,13 @@ struct pkt {
l_fp rec; /* receive time stamp */
l_fp xmt; /* transmit time stamp */
#define MIN_V4_PKT_LEN (12 * sizeof(u_int32)) /* min header length */
#define LEN_PKT_NOMAC (12 * sizeof(u_int32)) /* min header length */
#define MIN_MAC_LEN (1 * sizeof(u_int32)) /* crypto_NAK */
#define MAX_MD5_LEN (5 * sizeof(u_int32)) /* MD5 */
#define MIN_V4_PKT_LEN (12 * sizeof(u_int32)) /* min header length */
#define LEN_PKT_NOMAC (12 * sizeof(u_int32)) /* min header length */
#define MIN_MAC_LEN (1 * sizeof(u_int32)) /* crypto_NAK */
#define MAX_MD5_LEN (5 * sizeof(u_int32)) /* MD5 */
#define MAX_MAC_LEN (6 * sizeof(u_int32)) /* SHA */
#define KEY_MAC_LEN sizeof(u_int32) /* key ID in MAC */
#define MAX_MDG_LEN (MAX_MAC_LEN-KEY_MAC_LEN) /* max. digest len */
/*
* The length of the packet less MAC must be a multiple of 64
@ -824,11 +826,12 @@ typedef struct res_addr6_tag {
typedef struct restrict_u_tag restrict_u;
struct restrict_u_tag {
restrict_u * link; /* link to next entry */
u_int32 count; /* number of packets matched */
u_short flags; /* accesslist flags */
u_short mflags; /* match flags */
u_long expire; /* valid until time */
restrict_u * link; /* link to next entry */
u_int32 count; /* number of packets matched */
u_short rflags; /* restrict (accesslist) flags */
u_short mflags; /* match flags */
short ippeerlimit; /* IP peer limit */
u_long expire; /* valid until time */
union { /* variant starting here */
res_addr4 v4;
res_addr6 v6;
@ -839,28 +842,40 @@ struct restrict_u_tag {
#define V6_SIZEOF_RESTRICT_U (offsetof(restrict_u, u) \
+ sizeof(res_addr6))
typedef struct r4addr_tag r4addr;
struct r4addr_tag {
u_short rflags; /* match flags */
short ippeerlimit; /* IP peer limit */
};
char *build_iflags(u_int32 flags);
char *build_mflags(u_short mflags);
char *build_rflags(u_short rflags);
/*
* Access flags
* Restrict (Access) flags (rflags)
*/
#define RES_IGNORE 0x0001 /* ignore packet */
#define RES_DONTSERVE 0x0002 /* access denied */
#define RES_DONTTRUST 0x0004 /* authentication required */
#define RES_VERSION 0x0008 /* version mismatch */
#define RES_NOPEER 0x0010 /* new association denied */
#define RES_LIMITED 0x0020 /* packet rate exceeded */
#define RES_NOEPEER 0x0020 /* new ephemeral association denied */
#define RES_LIMITED 0x0040 /* packet rate exceeded */
#define RES_FLAGS (RES_IGNORE | RES_DONTSERVE |\
RES_DONTTRUST | RES_VERSION |\
RES_NOPEER | RES_LIMITED)
RES_NOPEER | RES_NOEPEER | RES_LIMITED)
#define RES_NOQUERY 0x0040 /* mode 6/7 packet denied */
#define RES_NOMODIFY 0x0080 /* mode 6/7 modify denied */
#define RES_NOTRAP 0x0100 /* mode 6/7 set trap denied */
#define RES_LPTRAP 0x0200 /* mode 6/7 low priority trap */
#define RES_NOQUERY 0x0080 /* mode 6/7 packet denied */
#define RES_NOMODIFY 0x0100 /* mode 6/7 modify denied */
#define RES_NOTRAP 0x0200 /* mode 6/7 set trap denied */
#define RES_LPTRAP 0x0400 /* mode 6/7 low priority trap */
#define RES_KOD 0x0400 /* send kiss of death packet */
#define RES_MSSNTP 0x0800 /* enable MS-SNTP authentication */
#define RES_FLAKE 0x1000 /* flakeway - drop 10% */
#define RES_NOMRULIST 0x2000 /* mode 6 mrulist denied */
#define RES_KOD 0x0800 /* send kiss of death packet */
#define RES_MSSNTP 0x1000 /* enable MS-SNTP authentication */
#define RES_FLAKE 0x2000 /* flakeway - drop 10% */
#define RES_NOMRULIST 0x4000 /* mode 6 mrulist denied */
#define RES_UNUSED 0x8000 /* Unused flag bits */
#define RES_ALLFLAGS (RES_FLAGS | RES_NOQUERY | \
RES_NOMODIFY | RES_NOTRAP | \
@ -869,7 +884,7 @@ struct restrict_u_tag {
RES_NOMRULIST)
/*
* Match flags
* Match flags (mflags)
*/
#define RESM_INTERFACE 0x1000 /* this is an interface */
#define RESM_NTPONLY 0x2000 /* match source port 123 */
@ -878,10 +893,13 @@ struct restrict_u_tag {
/*
* Restriction configuration ops
*/
#define RESTRICT_FLAGS 1 /* add flags to restrict entry */
#define RESTRICT_UNFLAG 2 /* remove flags from restrict entry */
#define RESTRICT_REMOVE 3 /* remove a restrict entry */
#define RESTRICT_REMOVEIF 4 /* remove an interface restrict entry */
typedef enum
restrict_ops {
RESTRICT_FLAGS = 1, /* add rflags to restrict entry */
RESTRICT_UNFLAG, /* remove rflags from restrict entry */
RESTRICT_REMOVE, /* remove a restrict entry */
RESTRICT_REMOVEIF, /* remove an interface restrict entry */
} restrict_op;
/*
* Endpoint structure for the select algorithm

25
external/bsd/ntp/dist/include/ntp_calendar.h vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntp_calendar.h,v 1.6 2016/01/08 21:35:35 christos Exp $ */
/* $NetBSD: ntp_calendar.h,v 1.7 2018/04/07 00:19:52 christos Exp $ */
/*
* ntp_calendar.h - definitions for the calendar time-of-day routine
@ -384,6 +384,29 @@ ntpcal_weekday_le(int32_t /* rdn */, int32_t /* dow */);
extern int32_t
ntpcal_weekday_lt(int32_t /* rdn */, int32_t /* dow */);
/*
* handling of base date spec
*/
extern int32_t
basedate_eval_buildstamp(void);
extern int32_t
basedate_eval_string(const char *str);
extern int32_t
basedate_set_day(int32_t dayno);
extern uint32_t
basedate_get_day(void);
extern time_t
basedate_get_eracenter(void);
extern time_t
basedate_get_erabase(void);
/*
* Additional support stuff for Ed Rheingold's calendrical calculations
*/

23
external/bsd/ntp/dist/include/ntp_config.h vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntp_config.h,v 1.10 2016/01/08 21:35:35 christos Exp $ */
/* $NetBSD: ntp_config.h,v 1.11 2018/04/07 00:19:52 christos Exp $ */
#ifndef NTP_CONFIG_H
#define NTP_CONFIG_H
@ -56,7 +56,15 @@ typedef struct int_range_tag {
int last;
} int_range;
/* Structure for storing an attribute-value pair */
/* generic list node */
typedef struct any_node_tag any_node;
struct any_node_tag {
any_node * link;
};
typedef DECL_FIFO_ANCHOR(any_node) any_node_fifo;
/* Structure for storing an attribute-value pair */
typedef struct attr_val_tag attr_val;
struct attr_val_tag {
attr_val * link;
@ -104,8 +112,9 @@ struct restrict_node_tag {
restrict_node * link;
address_node * addr;
address_node * mask;
int_fifo * flags;
int_fifo * flag_tok_fifo;
int line_no;
short ippeerlimit;
};
typedef DECL_FIFO_ANCHOR(restrict_node) restrict_fifo;
@ -269,8 +278,12 @@ typedef struct settrap_parms_tag {
const char * token_name(int token);
/* generic fifo routines for structs linked by 1st member */
void* append_gen_fifo(void *fifo, void *entry);
typedef void (*fifo_deleter)(void*);
void * destroy_gen_fifo(void *fifo, fifo_deleter func);
void * append_gen_fifo(void *fifo, void *entry);
void * concat_gen_fifos(void *first, void *second);
#define DESTROY_G_FIFO(pf, func) \
((pf) = destroy_gen_fifo((pf), (fifo_deleter)(func)))
#define APPEND_G_FIFO(pf, pe) \
((pf) = append_gen_fifo((pf), (pe)))
#define CONCAT_G_FIFOS(first, second) \
@ -290,11 +303,13 @@ attr_val *create_attr_ival(int attr, int value);
attr_val *create_attr_uval(int attr, u_int value);
attr_val *create_attr_rangeval(int attr, int first, int last);
attr_val *create_attr_sval(int attr, const char *s);
void destroy_attr_val(attr_val *node);
filegen_node *create_filegen_node(int filegen_token,
attr_val_fifo *options);
string_node *create_string_node(char *str);
restrict_node *create_restrict_node(address_node *addr,
address_node *mask,
short ippeerlimit,
int_fifo *flags, int line_no);
int_node *create_int_node(int val);
addr_opts_node *create_addr_opts_node(address_node *addr,

3
external/bsd/ntp/dist/include/ntp_fp.h vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntp_fp.h,v 1.9 2017/04/13 20:17:41 christos Exp $ */
/* $NetBSD: ntp_fp.h,v 1.10 2018/04/07 00:19:52 christos Exp $ */
/*
* ntp_fp.h - definitions for NTP fixed/floating-point arithmetic
@ -366,6 +366,7 @@ extern void init_systime (void);
extern void get_systime (l_fp *);
extern int step_systime (double);
extern int adj_systime (double);
extern int clamp_systime (void);
extern struct tm * ntp2unix_tm (u_int32 ntp, int local);

2
external/bsd/ntp/dist/include/ntp_keyacc.h vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntp_keyacc.h,v 1.1.1.2 2018/04/07 00:15:47 christos Exp $ */
/* $NetBSD: ntp_keyacc.h,v 1.2 2018/04/07 00:19:52 christos Exp $ */
/*
* ntp_keyacc.h - key access stuff

11
external/bsd/ntp/dist/include/ntp_request.h vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntp_request.h,v 1.7 2016/01/08 21:35:35 christos Exp $ */
/* $NetBSD: ntp_request.h,v 1.8 2018/04/07 00:19:52 christos Exp $ */
/*
* ntp_request.h - definitions for the ntpd remote query facility
@ -162,7 +162,7 @@ struct req_pkt {
req_data_u u; /* data area */
l_fp tstamp; /* time stamp, for authentication */
keyid_t keyid; /* (optional) encryption key */
char mac[MAX_MAC_LEN-sizeof(keyid_t)]; /* (optional) auth code */
char mac[MAX_MDG_LEN]; /* (optional) auth code */
};
/*
@ -172,7 +172,7 @@ struct req_pkt {
struct req_pkt_tail {
l_fp tstamp; /* time stamp, for authentication */
keyid_t keyid; /* (optional) encryption key */
char mac[MAX_MAC_LEN-sizeof(keyid_t)]; /* (optional) auth code */
char mac[MAX_MDG_LEN]; /* (optional) auth code */
};
/* MODE_PRIVATE request packet header length before optional items. */
@ -534,6 +534,8 @@ struct info_sys_stats {
u_int32 badauth; /* bad authentication */
u_int32 received; /* packets received */
u_int32 limitrejected; /* rate exceeded */
u_int32 lamport; /* Lamport violations */
u_int32 tsrounding; /* Timestamp rounding errors */
};
@ -654,7 +656,7 @@ struct info_restrict {
u_int32 addr; /* match address */
u_int32 mask; /* match mask */
u_int32 count; /* number of packets matched */
u_short flags; /* restrict flags */
u_short rflags; /* restrict flags */
u_short mflags; /* match flags */
u_int v6_flag; /* is this v6 or not */
u_int unused1; /* unused, padding for addr6 */
@ -669,6 +671,7 @@ struct info_restrict {
struct conf_restrict {
u_int32 addr; /* match address */
u_int32 mask; /* match mask */
short ippeerlimit; /* ip peer limit */
u_short flags; /* restrict flags */
u_short mflags; /* match flags */
u_int v6_flag; /* is this v6 or not */

6
external/bsd/ntp/dist/include/ntp_stdlib.h vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntp_stdlib.h,v 1.14 2017/04/13 20:17:41 christos Exp $ */
/* $NetBSD: ntp_stdlib.h,v 1.15 2018/04/07 00:19:52 christos Exp $ */
/*
* ntp_stdlib.h - Prototypes for NTP lib.
@ -101,8 +101,8 @@ extern void auth_prealloc_symkeys(int);
extern int ymd2yd (int, int, int);
/* a_md5encrypt.c */
extern int MD5authdecrypt (int, const u_char *, u_int32 *, size_t, size_t);
extern size_t MD5authencrypt (int, const u_char *, u_int32 *, size_t);
extern int MD5authdecrypt (int, const u_char *, size_t, u_int32 *, size_t, size_t);
extern size_t MD5authencrypt (int, const u_char *, size_t, u_int32 *, size_t);
extern void MD5auth_setkey (keyid_t, int, const u_char *, size_t, KeyAccT *c);
extern u_int32 addr2refid (sockaddr_u *);

44
external/bsd/ntp/dist/include/ntpd.h vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntpd.h,v 1.10 2017/04/13 20:17:41 christos Exp $ */
/* $NetBSD: ntpd.h,v 1.11 2018/04/07 00:19:52 christos Exp $ */
/*
* ntpd.h - Prototypes and external variables for ntpd.
@ -170,19 +170,19 @@ extern void mon_clearinterface(endpt *interface);
/* ntp_peer.c */
extern void init_peer (void);
extern struct peer *findexistingpeer(sockaddr_u *, const char *,
struct peer *, int, u_char);
struct peer *, int, u_char, int *);
extern struct peer *findpeer (struct recvbuf *, int, int *);
extern struct peer *findpeerbyassoc(associd_t);
extern void set_peerdstadr (struct peer *, endpt *);
extern struct peer *newpeer (sockaddr_u *, const char *,
endpt *, u_char, u_char,
u_char, u_char, u_int, u_char, u_int32,
extern struct peer *newpeer (sockaddr_u *, const char *, endpt *,
int, u_char, u_char, u_char, u_char,
u_int, u_char, u_int32,
keyid_t, const char *);
extern void peer_all_reset (void);
extern void peer_clr_stats (void);
extern struct peer *peer_config(sockaddr_u *, const char *,
endpt *, u_char, u_char,
u_char, u_char, u_int, u_int32,
extern struct peer *peer_config(sockaddr_u *, const char *, endpt *,
int, u_char, u_char, u_char, u_char,
u_int, u_int32,
keyid_t, const char *);
extern void peer_reset (struct peer *);
extern void refresh_all_peerinterfaces(void);
@ -259,10 +259,11 @@ extern void reset_auth_stats(void);
/* ntp_restrict.c */
extern void init_restrict (void);
extern u_short restrictions (sockaddr_u *);
extern void hack_restrict (int, sockaddr_u *, sockaddr_u *,
u_short, u_short, u_long);
extern void restrictions (sockaddr_u *, r4addr *);
extern void hack_restrict (restrict_op, sockaddr_u *, sockaddr_u *,
short, u_short, u_short, u_long);
extern void restrict_source (sockaddr_u *, int, u_long);
extern void dump_restricts (void);
/* ntp_timer.c */
extern void init_timer (void);
@ -290,7 +291,7 @@ extern void record_loop_stats (double, double, double, double, int);
extern void record_clock_stats (sockaddr_u *, const char *);
extern int mprintf_clock_stats(sockaddr_u *, const char *, ...)
NTP_PRINTF(2, 3);
extern void record_raw_stats (sockaddr_u *srcadr, sockaddr_u *dstadr, l_fp *t1, l_fp *t2, l_fp *t3, l_fp *t4, int leap, int version, int mode, int stratum, int ppoll, int precision, double root_delay, double root_dispersion, u_int32 refid);
extern void record_raw_stats (sockaddr_u *srcadr, sockaddr_u *dstadr, l_fp *t1, l_fp *t2, l_fp *t3, l_fp *t4, int leap, int version, int mode, int stratum, int ppoll, int precision, double root_delay, double root_dispersion, u_int32 refid, int len, u_char *extra);
extern void check_leap_file (int is_daily_check, u_int32 ntptime, const time_t * systime);
extern void record_crypto_stats (sockaddr_u *, const char *);
#ifdef DEBUG
@ -502,18 +503,19 @@ extern u_int sys_ttlmax; /* max ttl mapping vector index */
/*
* Statistics counters
*/
extern u_long sys_stattime; /* time since reset */
extern u_long sys_received; /* packets received */
extern u_long sys_processed; /* packets for this host */
extern u_long sys_restricted; /* restricted packets */
extern u_long sys_badauth; /* bad authentication */
extern u_long sys_badlength; /* bad length or format */
extern u_long sys_declined; /* declined */
extern u_long sys_kodsent; /* KoD sent */
extern u_long sys_lamport; /* Lamport violation */
extern u_long sys_limitrejected; /* rate exceeded */
extern u_long sys_newversion; /* current version */
extern u_long sys_oldversion; /* old version */
extern u_long sys_processed; /* packets for this host */
extern u_long sys_received; /* packets received */
extern u_long sys_restricted; /* access denied */
extern u_long sys_badlength; /* bad length or format */
extern u_long sys_badauth; /* bad authentication */
extern u_long sys_declined; /* declined */
extern u_long sys_limitrejected; /* rate exceeded */
extern u_long sys_kodsent; /* KoD sent */
extern u_long sys_stattime; /* time since reset */
extern u_long sys_tsrounding; /* timestamp rounding errors */
/* ntp_request.c */
extern keyid_t info_auth_keyid; /* keyid used to authenticate requests */

7
external/bsd/ntp/dist/include/recvbuff.h vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: recvbuff.h,v 1.5 2016/05/01 23:32:00 christos Exp $ */
/* $NetBSD: recvbuff.h,v 1.6 2018/04/07 00:19:52 christos Exp $ */
#ifndef RECVBUFF_H
#define RECVBUFF_H
@ -41,9 +41,10 @@ extern HANDLE get_recv_buff_event(void);
/*
* the maximum length NTP packet contains the NTP header, one Autokey
* request, one Autokey response and the MAC. Assuming certificates don't
* get too big, the maximum packet length is set arbitrarily at 1000.
* get too big, the maximum packet length is set arbitrarily at 1200.
* (was 1000, but that bumps on 2048 RSA keys)
*/
#define RX_BUFF_SIZE 1000 /* hail Mary */
#define RX_BUFF_SIZE 1200 /* hail Mary */
typedef struct recvbuf recvbuf_t;

24
external/bsd/ntp/dist/include/ssl_applink.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ssl_applink.c,v 1.5 2017/04/13 20:17:41 christos Exp $ */
/* $NetBSD: ssl_applink.c,v 1.6 2018/04/07 00:19:52 christos Exp $ */
/*
* include/ssl_applink.c -- common NTP code for openssl/applink.c
@ -29,10 +29,10 @@
#endif
#ifdef WRAP_DBG_MALLOC
void *wrap_dbg_malloc(size_t s, const char *f, int l);
void *wrap_dbg_realloc(void *p, size_t s, const char *f, int l);
void wrap_dbg_free(void *p);
void wrap_dbg_free_ex(void *p, const char *f, int l);
static void *wrap_dbg_malloc(size_t s, const char *f, int l);
static void *wrap_dbg_realloc(void *p, size_t s, const char *f, int l);
static void wrap_dbg_free(void *p);
static void wrap_dbg_free_ex(void *p, const char *f, int l);
#endif
@ -44,17 +44,21 @@ void
ssl_applink(void)
{
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
# ifdef WRAP_DBG_MALLOC
CRYPTO_set_mem_functions(wrap_dbg_malloc, wrap_dbg_realloc, wrap_dbg_free_ex);
# else
OPENSSL_malloc_init();
# endif
#else
# else
# ifdef WRAP_DBG_MALLOC
CRYPTO_set_mem_ex_functions(wrap_dbg_malloc, wrap_dbg_realloc, wrap_dbg_free);
# else
CRYPTO_malloc_init();
# endif
#endif /* OpenSSL version cascade */
}
#else /* !OPENSSL || !SYS_WINNT */
@ -68,7 +72,7 @@ ssl_applink(void)
* for DEBUG malloc/realloc/free (lacking block type).
* Simple wrappers convert.
*/
void *wrap_dbg_malloc(size_t s, const char *f, int l)
static void *wrap_dbg_malloc(size_t s, const char *f, int l)
{
void *ret;
@ -76,7 +80,7 @@ void *wrap_dbg_malloc(size_t s, const char *f, int l)
return ret;
}
void *wrap_dbg_realloc(void *p, size_t s, const char *f, int l)
static void *wrap_dbg_realloc(void *p, size_t s, const char *f, int l)
{
void *ret;
@ -84,12 +88,12 @@ void *wrap_dbg_realloc(void *p, size_t s, const char *f, int l)
return ret;
}
void wrap_dbg_free(void *p)
static void wrap_dbg_free(void *p)
{
_free_dbg(p, _NORMAL_BLOCK);
}
void wrap_dbg_free_ex(void *p, const char *f, int l)
static void wrap_dbg_free_ex(void *p, const char *f, int l)
{
(void)f;
(void)l;

250
external/bsd/ntp/dist/libntp/a_md5encrypt.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: a_md5encrypt.c,v 1.8 2017/04/13 20:17:41 christos Exp $ */
/* $NetBSD: a_md5encrypt.c,v 1.9 2018/04/07 00:19:52 christos Exp $ */
/*
* digest support for NTP, MD5 and with OpenSSL more
@ -13,6 +13,177 @@
#include "ntp.h"
#include "ntp_md5.h" /* provides OpenSSL digest API */
#include "isc/string.h"
#ifdef OPENSSL
# include "openssl/cmac.h"
# define CMAC "AES128CMAC"
# define AES_128_KEY_SIZE 16
#endif
typedef struct {
const void * buf;
size_t len;
} robuffT;
typedef struct {
void * buf;
size_t len;
} rwbuffT;
#ifdef OPENSSL
static size_t
cmac_ctx_size(
CMAC_CTX * ctx)
{
size_t mlen = 0;
if (ctx) {
EVP_CIPHER_CTX * cctx;
if (NULL != (cctx = CMAC_CTX_get0_cipher_ctx (ctx)))
mlen = EVP_CIPHER_CTX_block_size(cctx);
}
return mlen;
}
#endif /*OPENSSL*/
static size_t
make_mac(
const rwbuffT * digest,
int ktype,
const robuffT * key,
const robuffT * msg)
{
/*
* Compute digest of key concatenated with packet. Note: the
* key type and digest type have been verified when the key
* was created.
*/
size_t retlen = 0;
#ifdef OPENSSL
INIT_SSL();
/* Check if CMAC key type specific code required */
if (ktype == NID_cmac) {
CMAC_CTX * ctx = NULL;
void const * keyptr = key->buf;
u_char keybuf[AES_128_KEY_SIZE];
/* adjust key size (zero padded buffer) if necessary */
if (AES_128_KEY_SIZE > key->len) {
memcpy(keybuf, keyptr, key->len);
memset((keybuf + key->len), 0,
(AES_128_KEY_SIZE - key->len));
keyptr = keybuf;
}
if (NULL == (ctx = CMAC_CTX_new())) {
msyslog(LOG_ERR, "MAC encrypt: CMAC %s CTX new failed.", CMAC);
goto cmac_fail;
}
if (!CMAC_Init(ctx, keyptr, AES_128_KEY_SIZE, EVP_aes_128_cbc(), NULL)) {
msyslog(LOG_ERR, "MAC encrypt: CMAC %s Init failed.", CMAC);
goto cmac_fail;
}
if (cmac_ctx_size(ctx) > digest->len) {
msyslog(LOG_ERR, "MAC encrypt: CMAC %s buf too small.", CMAC);
goto cmac_fail;
}
if (!CMAC_Update(ctx, msg->buf, msg->len)) {
msyslog(LOG_ERR, "MAC encrypt: CMAC %s Update failed.", CMAC);
goto cmac_fail;
}
if (!CMAC_Final(ctx, digest->buf, &retlen)) {
msyslog(LOG_ERR, "MAC encrypt: CMAC %s Final failed.", CMAC);
retlen = 0;
}
cmac_fail:
if (ctx)
CMAC_CTX_cleanup(ctx);
}
else { /* generic MAC handling */
EVP_MD_CTX * ctx = EVP_MD_CTX_new();
u_int uilen = 0;
if ( ! ctx) {
msyslog(LOG_ERR, "MAC encrypt: MAC %s Digest CTX new failed.",
OBJ_nid2sn(ktype));
goto mac_fail;
}
#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
/* make sure MD5 is allowd */
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
#endif
/* [Bug 3457] DON'T use plain EVP_DigestInit! It would
* kill the flags! */
if (!EVP_DigestInit_ex(ctx, EVP_get_digestbynid(ktype), NULL)) {
msyslog(LOG_ERR, "MAC encrypt: MAC %s Digest Init failed.",
OBJ_nid2sn(ktype));
goto mac_fail;
}
if ((size_t)EVP_MD_CTX_size(ctx) > digest->len) {
msyslog(LOG_ERR, "MAC encrypt: MAC %s buf too small.",
OBJ_nid2sn(ktype));
goto mac_fail;
}
if (!EVP_DigestUpdate(ctx, key->buf, (u_int)key->len)) {
msyslog(LOG_ERR, "MAC encrypt: MAC %s Digest Update key failed.",
OBJ_nid2sn(ktype));
goto mac_fail;
}
if (!EVP_DigestUpdate(ctx, msg->buf, (u_int)msg->len)) {
msyslog(LOG_ERR, "MAC encrypt: MAC %s Digest Update data failed.",
OBJ_nid2sn(ktype));
goto mac_fail;
}
if (!EVP_DigestFinal(ctx, digest->buf, &uilen)) {
msyslog(LOG_ERR, "MAC encrypt: MAC %s Digest Final failed.",
OBJ_nid2sn(ktype));
uilen = 0;
}
mac_fail:
retlen = (size_t)uilen;
if (ctx)
EVP_MD_CTX_free(ctx);
}
#else /* !OPENSSL follows */
if (ktype == NID_md5)
{
EVP_MD_CTX * ctx = EVP_MD_CTX_new();
uint uilen = 0;
if (digest->len < 16) {
msyslog(LOG_ERR, "%s", "MAC encrypt: MAC md5 buf too small.");
}
else if ( ! ctx) {
msyslog(LOG_ERR, "%s", "MAC encrypt: MAC md5 Digest CTX new failed.");
}
else {
EVP_DigestInit(ctx, EVP_get_digestbynid(ktype));
EVP_DigestUpdate(ctx, key->buf, key->len);
EVP_DigestUpdate(ctx, msg->buf, msg->len);
EVP_DigestFinal(ctx, digest->buf, &uilen);
}
if (ctx)
EVP_MD_CTX_free(ctx);
retlen = (size_t)uilen;
}
else
{
msyslog(LOG_ERR, "MAC encrypt: invalid key type %d" , ktype);
}
#endif /* !OPENSSL */
return retlen;
}
/*
* MD5authencrypt - generate message digest
*
@ -22,36 +193,23 @@ size_t
MD5authencrypt(
int type, /* hash algorithm */
const u_char * key, /* key pointer */
size_t klen, /* key length */
u_int32 * pkt, /* packet pointer */
size_t length /* packet length */
)
{
u_char digest[EVP_MAX_MD_SIZE];
u_int len;
EVP_MD_CTX *ctx;
rwbuffT digb = { digest, sizeof(digest) };
robuffT keyb = { key, klen };
robuffT msgb = { pkt, length };
size_t dlen = 0;
/*
* Compute digest of key concatenated with packet. Note: the
* key type and digest type have been verified when the key
* was creaded.
*/
INIT_SSL();
ctx = EVP_MD_CTX_new();
if (!(ctx && EVP_DigestInit(ctx, EVP_get_digestbynid(type)))) {
msyslog(LOG_ERR,
"MAC encrypt: digest init failed");
EVP_MD_CTX_free(ctx);
return (0);
}
EVP_DigestUpdate(ctx, key, cache_secretsize);
EVP_DigestUpdate(ctx, (u_char *)pkt, length);
EVP_DigestFinal(ctx, digest, &len);
EVP_MD_CTX_free(ctx);
dlen = make_mac(&digb, type, &keyb, &msgb);
/* If the MAC is longer than the MAX then truncate it. */
if (len > MAX_MAC_LEN - 4)
len = MAX_MAC_LEN - 4;
memmove((u_char *)pkt + length + 4, digest, len);
return (len + 4);
if (dlen > MAX_MDG_LEN)
dlen = MAX_MDG_LEN;
memcpy((u_char *)pkt + length + KEY_MAC_LEN, digest, dlen);
return (dlen + KEY_MAC_LEN);
}
@ -64,41 +222,30 @@ int
MD5authdecrypt(
int type, /* hash algorithm */
const u_char * key, /* key pointer */
size_t klen, /* key length */
u_int32 * pkt, /* packet pointer */
size_t length, /* packet length */
size_t size /* MAC size */
)
{
u_char digest[EVP_MAX_MD_SIZE];
u_int len;
EVP_MD_CTX *ctx;
rwbuffT digb = { digest, sizeof(digest) };
robuffT keyb = { key, klen };
robuffT msgb = { pkt, length };
size_t dlen = 0;
/*
* Compute digest of key concatenated with packet. Note: the
* key type and digest type have been verified when the key
* was created.
*/
INIT_SSL();
ctx = EVP_MD_CTX_new();
if (!(ctx && EVP_DigestInit(ctx, EVP_get_digestbynid(type)))) {
msyslog(LOG_ERR,
"MAC decrypt: digest init failed");
EVP_MD_CTX_free(ctx);
return (0);
}
EVP_DigestUpdate(ctx, key, cache_secretsize);
EVP_DigestUpdate(ctx, (u_char *)pkt, length);
EVP_DigestFinal(ctx, digest, &len);
EVP_MD_CTX_free(ctx);
dlen = make_mac(&digb, type, &keyb, &msgb);
/* If the MAC is longer than the MAX then truncate it. */
if (len > MAX_MAC_LEN - 4)
len = MAX_MAC_LEN - 4;
if (size != (size_t)len + 4) {
if (dlen > MAX_MDG_LEN)
dlen = MAX_MDG_LEN;
if (size != (size_t)dlen + KEY_MAC_LEN) {
msyslog(LOG_ERR,
"MAC decrypt: MAC length error");
return (0);
}
return !isc_tsmemcmp(digest, (u_char *)pkt + length + 4, len);
return !isc_tsmemcmp(digest,
(u_char *)pkt + length + KEY_MAC_LEN, dlen);
}
/*
@ -110,7 +257,7 @@ MD5authdecrypt(
u_int32
addr2refid(sockaddr_u *addr)
{
u_char digest[20];
u_char digest[EVP_MAX_MD_SIZE];
u_int32 addr_refid;
EVP_MD_CTX *ctx;
u_int len;
@ -121,11 +268,12 @@ addr2refid(sockaddr_u *addr)
INIT_SSL();
ctx = EVP_MD_CTX_new();
EVP_MD_CTX_init(ctx);
#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
# ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
/* MD5 is not used as a crypto hash here. */
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
#endif
# endif
/* [Bug 3457] DON'T use plain EVP_DigestInit! It would kill the
* flags! */
if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL)) {
msyslog(LOG_ERR,
"MD5 init failed");

6
external/bsd/ntp/dist/libntp/adjtime.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: adjtime.c,v 1.4 2016/01/08 21:35:38 christos Exp $ */
/* $NetBSD: adjtime.c,v 1.5 2018/04/07 00:19:52 christos Exp $ */
#ifdef HAVE_CONFIG_H
# include <config.h>
@ -316,7 +316,7 @@ adjtime (struct timeval *delta, struct timeval *olddelta)
/*
* Get the current clock period (nanoseconds)
*/
if (ClockPeriod (CLOCK_REALTIME, 0, &period, 0) < 0)
if (ClockPeriod (CLOCK_REALTIME, 0, &period, 0) == -1)
return -1;
/*
@ -356,7 +356,7 @@ adjtime (struct timeval *delta, struct timeval *olddelta)
adj.tick_count = 0;
}
if (ClockAdjust (CLOCK_REALTIME, &adj, &oldadj) < 0)
if (ClockAdjust (CLOCK_REALTIME, &adj, &oldadj) == -1)
return -1;
/*

128
external/bsd/ntp/dist/libntp/authkeys.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: authkeys.c,v 1.11 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: authkeys.c,v 1.12 2018/04/07 00:19:52 christos Exp $ */
/*
* authkeys.c - routines to manage the storage of authentication keys
@ -116,13 +116,16 @@ KeyAccT *cache_keyacclist; /* key access list */
KeyAccT*
keyacc_new_push(
KeyAccT * head,
const sockaddr_u * addr
const sockaddr_u * addr,
unsigned int subnetbits
)
{
KeyAccT * node = emalloc(sizeof(KeyAccT));
memcpy(&node->addr, addr, sizeof(sockaddr_u));
node->subnetbits = subnetbits;
node->next = head;
return node;
}
@ -167,7 +170,8 @@ keyacc_contains(
{
if (head) {
do {
if (SOCK_EQ(&head->addr, addr))
if (keyacc_amatch(&head->addr, addr,
head->subnetbits))
return TRUE;
} while (NULL != (head = head->next));
return FALSE;
@ -176,6 +180,98 @@ keyacc_contains(
}
}
#if CHAR_BIT != 8
# error "don't know how to handle bytes with that bit size"
#endif
/* ----------------------------------------------------------------- */
/* check two addresses for a match, taking a prefix length into account
* when doing the compare.
*
* The ISC lib contains a similar function with not entirely specified
* semantics, so it seemed somewhat cleaner to do this from scratch.
*
* Note 1: It *is* assumed that the addresses are stored in network byte
* order, that is, most significant byte first!
*
* Note 2: "no address" compares unequal to all other addresses, even to
* itself. This has the same semantics as NaNs have for floats: *any*
* relational or equality operation involving a NaN returns FALSE, even
* equality with itself. "no address" is either a NULL pointer argument
* or an address of type AF_UNSPEC.
*/
int/*BOOL*/
keyacc_amatch(
const sockaddr_u * a1,
const sockaddr_u * a2,
unsigned int mbits
)
{
const uint8_t * pm1;
const uint8_t * pm2;
uint8_t msk;
unsigned int len;
/* 1st check: If any address is not an address, it's inequal. */
if ( !a1 || (AF_UNSPEC == AF(a1)) ||
!a2 || (AF_UNSPEC == AF(a2)) )
return FALSE;
/* We could check pointers for equality here and shortcut the
* other checks if we find object identity. But that use case is
* too rare to care for it.
*/
/* 2nd check: Address families must be the same. */
if (AF(a1) != AF(a2))
return FALSE;
/* type check: address family determines buffer & size */
switch (AF(a1)) {
case AF_INET:
/* IPv4 is easy: clamp size, get byte pointers */
if (mbits > sizeof(NSRCADR(a1)) * 8)
mbits = sizeof(NSRCADR(a1)) * 8;
pm1 = (const void*)&NSRCADR(a1);
pm2 = (const void*)&NSRCADR(a2);
break;
case AF_INET6:
/* IPv6 is slightly different: Both scopes must match,
* too, before we even consider doing a match!
*/
if ( ! SCOPE_EQ(a1, a2))
return FALSE;
if (mbits > sizeof(NSRCADR6(a1)) * 8)
mbits = sizeof(NSRCADR6(a1)) * 8;
pm1 = (const void*)&NSRCADR6(a1);
pm2 = (const void*)&NSRCADR6(a2);
break;
default:
/* don't know how to compare that!?! */
return FALSE;
}
/* Split bit length into byte length and partial byte mask.
* Note that the byte mask extends from the MSB of a byte down,
* and that zero shift (--> mbits % 8 == 0) results in an
* all-zero mask.
*/
msk = 0xFFu ^ (0xFFu >> (mbits & 7));
len = mbits >> 3;
/* 3rd check: Do memcmp() over full bytes, if any */
if (len && memcmp(pm1, pm2, len))
return FALSE;
/* 4th check: compare last incomplete byte, if any */
if (msk && ((pm1[len] ^ pm2[len]) & msk))
return FALSE;
/* If none of the above failed, we're successfully through. */
return TRUE;
}
/*
* init_auth - initialize internal data
@ -318,6 +414,10 @@ auth_log2(size_t x)
return (u_short)r;
}
int/*BOOL*/
ipaddr_match_masked(const sockaddr_u *,const sockaddr_u *,
unsigned int mbits);
static void
authcache_flush_id(
keyid_t id
@ -619,20 +719,19 @@ authistrusted(
{
symkey * sk;
/* That specific key was already used to authenticate the
* packet. Therefore, the key *must* exist... There's a chance
* that is not trusted, though.
*/
if (keyno == cache_keyid) {
return (KEY_TRUSTED & cache_flags) &&
keyacc_contains(cache_keyacclist, sau, TRUE);
} else {
}
if (NULL != (sk = auth_findkey(keyno))) {
authkeyuncached++;
sk = auth_findkey(keyno);
INSIST(NULL != sk);
return (KEY_TRUSTED & sk->flags) &&
keyacc_contains(sk->keyacclist, sau, TRUE);
}
authkeynotfound++;
return FALSE;
}
/* Note: There are two locations below where 'strncpy()' is used. While
@ -797,7 +896,9 @@ authencrypt(
return 0;
}
return MD5authencrypt(cache_type, cache_secret, pkt, length);
return MD5authencrypt(cache_type,
cache_secret, cache_secretsize,
pkt, length);
}
@ -824,6 +925,7 @@ authdecrypt(
return FALSE;
}
return MD5authdecrypt(cache_type, cache_secret, pkt, length,
size);
return MD5authdecrypt(cache_type,
cache_secret, cache_secretsize,
pkt, length, size);
}

54
external/bsd/ntp/dist/libntp/authreadkeys.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: authreadkeys.c,v 1.9 2016/05/01 23:32:00 christos Exp $ */
/* $NetBSD: authreadkeys.c,v 1.10 2018/04/07 00:19:52 christos Exp $ */
/*
* authreadkeys.c - routines to support the reading of the key file
@ -7,8 +7,8 @@
#include <stdio.h>
#include <ctype.h>
#include "ntpd.h" /* Only for DPRINTF */
#include "ntp_fp.h"
//#include "ntpd.h" /* Only for DPRINTF */
//#include "ntp_fp.h"
#include "ntp.h"
#include "ntp_syslog.h"
#include "ntp_stdlib.h"
@ -150,6 +150,7 @@ authreadkeys(
u_int nerr;
KeyDataT *list = NULL;
KeyDataT *next = NULL;
/*
* Open file. Complain and return if it can't be opened.
*/
@ -222,7 +223,8 @@ authreadkeys(
log_maybe(NULL,
"authreadkeys: invalid type for key %d",
keyno);
} else if (EVP_get_digestbynid(keytype) == NULL) {
} else if (NID_cmac != keytype &&
EVP_get_digestbynid(keytype) == NULL) {
log_maybe(NULL,
"authreadkeys: no algorithm for key %d",
keyno);
@ -297,28 +299,62 @@ authreadkeys(
}
token = nexttok(&line);
DPRINTF(0, ("authreadkeys: full access list <%s>\n", (token) ? token : "NULL"));
if (token != NULL) { /* A comma-separated IP access list */
char *tp = token;
while (tp) {
char *i;
char *snp; /* subnet text pointer */
unsigned int snbits;
sockaddr_u addr;
i = strchr(tp, (int)',');
if (i)
if (i) {
*i = '\0';
DPRINTF(0, ("authreadkeys: access list: <%s>\n", tp));
}
snp = strchr(tp, (int)'/');
if (snp) {
char *sp;
*snp++ = '\0';
snbits = 0;
sp = snp;
while (*sp != '\0') {
if (!isdigit((unsigned char)*sp))
break;
if (snbits > 1000)
break; /* overflow */
snbits = 10 * snbits + (*sp++ - '0'); /* ascii dependent */
}
if (*sp != '\0') {
log_maybe(&nerr,
"authreadkeys: Invalid character in subnet specification for <%s/%s> in key %d",
sp, snp, keyno);
goto nextip;
}
} else {
snbits = UINT_MAX;
}
if (is_ip_address(tp, AF_UNSPEC, &addr)) {
next->keyacclist = keyacc_new_push(
next->keyacclist, &addr);
/* Make sure that snbits is valid for addr */
if ((snbits < UINT_MAX) &&
( (IS_IPV4(&addr) && snbits > 32) ||
(IS_IPV6(&addr) && snbits > 128))) {
log_maybe(NULL,
"authreadkeys: excessive subnet mask <%s/%s> for key %d",
tp, snp, keyno);
}
next->keyacclist = keyacc_new_push(
next->keyacclist, &addr, snbits);
} else {
log_maybe(&nerr,
"authreadkeys: invalid IP address <%s> for key %d",
tp, keyno);
}
nextip:
if (i) {
tp = i + 1;
} else {

2
external/bsd/ntp/dist/libntp/libssl_compat.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: libssl_compat.c,v 1.1.1.3 2018/04/07 00:15:47 christos Exp $ */
/* $NetBSD: libssl_compat.c,v 1.2 2018/04/07 00:19:52 christos Exp $ */
/*
* libssl_compat.c -- OpenSSL v1.1 compatibility functions

111
external/bsd/ntp/dist/libntp/ntp_calendar.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntp_calendar.c,v 1.9 2016/11/22 03:09:30 christos Exp $ */
/* $NetBSD: ntp_calendar.c,v 1.10 2018/04/07 00:19:52 christos Exp $ */
/*
* ntp_calendar.c - calendar and helper functions
@ -1827,4 +1827,113 @@ isocal_date_to_ntp(
return isocal_date_to_ntp64(id).d_s.lo;
}
/*
* ====================================================================
* 'basedate' support functions
* ====================================================================
*/
static int32_t s_baseday = NTP_TO_UNIX_DAYS;
int32_t
basedate_eval_buildstamp(void)
{
struct calendar jd;
int32_t ed;
if (!ntpcal_get_build_date(&jd))
return NTP_TO_UNIX_DAYS;
/* The time zone of the build stamp is unspecified; we remove
* one day to provide a certain slack. And in case somebody
* fiddled with the system clock, we make sure we do not go
* before the UNIX epoch (1970-01-01). It's probably not possible
* to do this to the clock on most systems, but there are other
* ways to tweak the build stamp.
*/
jd.monthday -= 1;
ed = ntpcal_date_to_rd(&jd) - DAY_NTP_STARTS;
return (ed < NTP_TO_UNIX_DAYS) ? NTP_TO_UNIX_DAYS : ed;
}
int32_t
basedate_eval_string(
const char * str
)
{
u_short y,m,d;
u_long ned;
int rc, nc;
size_t sl;
sl = strlen(str);
rc = sscanf(str, "%4hu-%2hu-%2hu%n", &y, &m, &d, &nc);
if (rc == 3 && (size_t)nc == sl) {
if (m >= 1 && m <= 12 && d >= 1 && d <= 31)
return ntpcal_edate_to_eradays(y-1, m-1, d)
- DAY_NTP_STARTS;
goto buildstamp;
}
rc = sscanf(str, "%lu%n", &ned, &nc);
if (rc == 1 && (size_t)nc == sl) {
if (ned <= INT32_MAX)
return (int32_t)ned;
goto buildstamp;
}
buildstamp:
msyslog(LOG_WARNING,
"basedate string \"%s\" invalid, build date substituted!",
str);
return basedate_eval_buildstamp();
}
uint32_t
basedate_get_day(void)
{
return s_baseday;
}
int32_t
basedate_set_day(
int32_t day
)
{
struct calendar jd;
int32_t retv;
if (day < NTP_TO_UNIX_DAYS) {
msyslog(LOG_WARNING,
"baseday_set_day: invalid day (%lu), UNIX epoch substituted",
(unsigned long)day);
day = NTP_TO_UNIX_DAYS;
}
retv = s_baseday;
s_baseday = day;
ntpcal_rd_to_date(&jd, day + DAY_NTP_STARTS);
msyslog(LOG_INFO, "basedate set to %04hu-%02hu-%02hu",
jd.year, (u_short)jd.month, (u_short)jd.monthday);
return retv;
}
time_t
basedate_get_eracenter(void)
{
time_t retv;
retv = (time_t)(s_baseday - NTP_TO_UNIX_DAYS);
retv *= SECSPERDAY;
retv += (UINT32_C(1) << 31);
return retv;
}
time_t
basedate_get_erabase(void)
{
time_t retv;
retv = (time_t)(s_baseday - NTP_TO_UNIX_DAYS);
retv *= SECSPERDAY;
return retv;
}
/* -*-EOF-*- */

116
external/bsd/ntp/dist/libntp/ssl_init.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ssl_init.c,v 1.10 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ssl_init.c,v 1.11 2018/04/07 00:19:52 christos Exp $ */
/*
* ssl_init.c Common OpenSSL initialization code for the various
@ -7,7 +7,7 @@
* Moved from ntpd/ntp_crypto.c crypto_setup()
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
# include <config.h>
#endif
#include <ctype.h>
#include <ntp.h>
@ -15,11 +15,15 @@
#include <lib_strbuf.h>
#ifdef OPENSSL
#include "openssl/crypto.h"
#include "openssl/err.h"
#include "openssl/evp.h"
#include "openssl/opensslv.h"
#include "libssl_compat.h"
# include "openssl/cmac.h"
# include "openssl/crypto.h"
# include "openssl/err.h"
# include "openssl/evp.h"
# include "openssl/opensslv.h"
# include "libssl_compat.h"
# define CMAC_LENGTH 16
# define CMAC "AES128CMAC"
int ssl_init_done;
@ -28,8 +32,9 @@ int ssl_init_done;
static void
atexit_ssl_cleanup(void)
{
if (!ssl_init_done)
if (!ssl_init_done) {
return;
}
ssl_init_done = FALSE;
EVP_cleanup();
@ -65,7 +70,7 @@ void
ssl_check_version(void)
{
u_long v;
v = OpenSSL_version_num();
if ((v ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) {
msyslog(LOG_WARNING,
@ -79,6 +84,8 @@ ssl_check_version(void)
INIT_SSL();
}
#else /* !OPENSSL */
# define MD5_LENGTH 16
#endif /* OPENSSL */
@ -90,61 +97,95 @@ ssl_check_version(void)
*/
int
keytype_from_text(
const char *text,
size_t *pdigest_len
const char * text,
size_t * pdigest_len
)
{
int key_type;
u_int digest_len;
#ifdef OPENSSL
#ifdef OPENSSL /* --*-- OpenSSL code --*-- */
const u_long max_digest_len = MAX_MAC_LEN - sizeof(keyid_t);
u_char digest[EVP_MAX_MD_SIZE];
char * upcased;
char * pch;
EVP_MD const * md;
/*
* OpenSSL digest short names are capitalized, so uppercase the
* digest name before passing to OBJ_sn2nid(). If it is not
* recognized but begins with 'M' use NID_md5 to be consistent
* with past behavior.
* recognized but matches our CMAC string use NID_cmac, or if
* it begins with 'M' or 'm' use NID_md5 to be consistent with
* past behavior.
*/
INIT_SSL();
/* get name in uppercase */
LIB_GETBUF(upcased);
strlcpy(upcased, text, LIB_BUFLENGTH);
for (pch = upcased; '\0' != *pch; pch++)
for (pch = upcased; '\0' != *pch; pch++) {
*pch = (char)toupper((unsigned char)*pch);
}
key_type = OBJ_sn2nid(upcased);
if (!key_type && !strncmp(CMAC, upcased, strlen(CMAC) + 1)) {
key_type = NID_cmac;
if (debug) {
fprintf(stderr, "%s:%d:%s():%s:key\n",
__FILE__, __LINE__, __func__, CMAC);
}
}
#else
key_type = 0;
#endif
if (!key_type && 'm' == tolower((unsigned char)text[0]))
if (!key_type && 'm' == tolower((unsigned char)text[0])) {
key_type = NID_md5;
}
if (!key_type)
if (!key_type) {
return 0;
}
if (NULL != pdigest_len) {
#ifdef OPENSSL
EVP_MD_CTX *ctx;
md = EVP_get_digestbynid(key_type);
digest_len = (md) ? EVP_MD_size(md) : 0;
ctx = EVP_MD_CTX_new();
EVP_DigestInit(ctx, EVP_get_digestbynid(key_type));
EVP_DigestFinal(ctx, digest, &digest_len);
EVP_MD_CTX_free(ctx);
if (digest_len > max_digest_len) {
if (!md || digest_len <= 0) {
if (key_type == NID_cmac) {
digest_len = CMAC_LENGTH;
if (debug) {
fprintf(stderr, "%s:%d:%s():%s:len\n",
__FILE__, __LINE__, __func__, CMAC);
}
} else {
fprintf(stderr,
"key type %s %u octet digests are too big, max %lu\n",
keytype_name(key_type), digest_len,
max_digest_len);
"key type %s is not supported by OpenSSL\n",
keytype_name(key_type));
msyslog(LOG_ERR,
"key type %s %u octet digests are too big, max %lu",
keytype_name(key_type), digest_len,
max_digest_len);
"key type %s is not supported by OpenSSL\n",
keytype_name(key_type));
return 0;
}
}
if (digest_len > max_digest_len) {
fprintf(stderr,
"key type %s %u octet digests are too big, max %lu\n",
keytype_name(key_type), digest_len,
max_digest_len);
msyslog(LOG_ERR,
"key type %s %u octet digests are too big, max %lu",
keytype_name(key_type), digest_len,
max_digest_len);
return 0;
}
#else
digest_len = 16;
digest_len = MD5_LENGTH;
#endif
*pdigest_len = digest_len;
}
@ -169,8 +210,18 @@ keytype_name(
#ifdef OPENSSL
INIT_SSL();
name = OBJ_nid2sn(nid);
if (NULL == name)
if (NID_cmac == nid) {
name = CMAC;
if (debug) {
fprintf(stderr, "%s:%d:%s():%s:nid\n",
__FILE__, __LINE__, __func__, CMAC);
}
} else
if (NULL == name) {
name = unknown_type;
}
#else /* !OPENSSL follows */
if (NID_md5 == nid)
name = "MD5";
@ -205,3 +256,4 @@ getpass_keytype(
return getpass(pass_prompt);
}

286
external/bsd/ntp/dist/libntp/statestr.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: statestr.c,v 1.6 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: statestr.c,v 1.7 2018/04/07 00:19:52 christos Exp $ */
/*
* pretty printing of status information
@ -24,64 +24,65 @@
*/
struct codestring {
int code;
const char * const string;
const char * const string1;
const char * const string0;
};
/*
* Leap status (leap)
*/
static const struct codestring leap_codes[] = {
{ LEAP_NOWARNING, "leap_none" },
{ LEAP_ADDSECOND, "leap_add_sec" },
{ LEAP_DELSECOND, "leap_del_sec" },
{ LEAP_NOTINSYNC, "leap_alarm" },
{ -1, "leap" }
{ LEAP_NOWARNING, "leap_none", 0 },
{ LEAP_ADDSECOND, "leap_add_sec", 0 },
{ LEAP_DELSECOND, "leap_del_sec", 0 },
{ LEAP_NOTINSYNC, "leap_alarm", 0 },
{ -1, "leap", 0 }
};
/*
* Clock source status (sync)
*/
static const struct codestring sync_codes[] = {
{ CTL_SST_TS_UNSPEC, "sync_unspec" },
{ CTL_SST_TS_ATOM, "sync_pps" },
{ CTL_SST_TS_LF, "sync_lf_radio" },
{ CTL_SST_TS_HF, "sync_hf_radio" },
{ CTL_SST_TS_UHF, "sync_uhf_radio" },
{ CTL_SST_TS_LOCAL, "sync_local" },
{ CTL_SST_TS_NTP, "sync_ntp" },
{ CTL_SST_TS_UDPTIME, "sync_other" },
{ CTL_SST_TS_WRSTWTCH, "sync_wristwatch" },
{ CTL_SST_TS_TELEPHONE, "sync_telephone" },
{ -1, "sync" }
{ CTL_SST_TS_UNSPEC, "sync_unspec", 0 },
{ CTL_SST_TS_ATOM, "sync_pps", 0 },
{ CTL_SST_TS_LF, "sync_lf_radio", 0 },
{ CTL_SST_TS_HF, "sync_hf_radio", 0 },
{ CTL_SST_TS_UHF, "sync_uhf_radio", 0 },
{ CTL_SST_TS_LOCAL, "sync_local", 0 },
{ CTL_SST_TS_NTP, "sync_ntp", 0 },
{ CTL_SST_TS_UDPTIME, "sync_other", 0 },
{ CTL_SST_TS_WRSTWTCH, "sync_wristwatch", 0 },
{ CTL_SST_TS_TELEPHONE, "sync_telephone", 0 },
{ -1, "sync", 0 }
};
/*
* Peer selection status (sel)
*/
static const struct codestring select_codes[] = {
{ CTL_PST_SEL_REJECT, "sel_reject" },
{ CTL_PST_SEL_SANE, "sel_falsetick" },
{ CTL_PST_SEL_CORRECT, "sel_excess" },
{ CTL_PST_SEL_SELCAND, "sel_outlier" },
{ CTL_PST_SEL_SYNCCAND, "sel_candidate" },
{ CTL_PST_SEL_EXCESS, "sel_backup" },
{ CTL_PST_SEL_SYSPEER, "sel_sys.peer" },
{ CTL_PST_SEL_PPS, "sel_pps.peer" },
{ -1, "sel" }
{ CTL_PST_SEL_REJECT, "sel_reject", 0 },
{ CTL_PST_SEL_SANE, "sel_falsetick", 0 },
{ CTL_PST_SEL_CORRECT, "sel_excess", 0 },
{ CTL_PST_SEL_SELCAND, "sel_outlier", 0 },
{ CTL_PST_SEL_SYNCCAND, "sel_candidate", 0 },
{ CTL_PST_SEL_EXCESS, "sel_backup", 0 },
{ CTL_PST_SEL_SYSPEER, "sel_sys.peer", 0 },
{ CTL_PST_SEL_PPS, "sel_pps.peer", 0 },
{ -1, "sel", 0 }
};
/*
* Clock status (clk)
*/
static const struct codestring clock_codes[] = {
{ CTL_CLK_OKAY, "clk_unspec" },
{ CTL_CLK_NOREPLY, "clk_no_reply" },
{ CTL_CLK_BADFORMAT, "clk_bad_format" },
{ CTL_CLK_FAULT, "clk_fault" },
{ CTL_CLK_PROPAGATION, "clk_bad_signal" },
{ CTL_CLK_BADDATE, "clk_bad_date" },
{ CTL_CLK_BADTIME, "clk_bad_time" },
{ -1, "clk" }
{ CTL_CLK_OKAY, "clk_unspec", 0 },
{ CTL_CLK_NOREPLY, "clk_no_reply", 0 },
{ CTL_CLK_BADFORMAT, "clk_bad_format", 0 },
{ CTL_CLK_FAULT, "clk_fault", 0 },
{ CTL_CLK_PROPAGATION, "clk_bad_signal", 0 },
{ CTL_CLK_BADDATE, "clk_bad_date", 0 },
{ CTL_CLK_BADTIME, "clk_bad_time", 0 },
{ -1, "clk", 0 }
};
@ -90,20 +91,20 @@ static const struct codestring clock_codes[] = {
* Flash bits -- see ntpq.c tstflags & tstflagnames
*/
static const struct codestring flash_codes[] = {
{ TEST1, "pkt_dup" },
{ TEST2, "pkt_bogus" },
{ TEST3, "pkt_unsync" },
{ TEST4, "pkt_denied" },
{ TEST5, "pkt_auth" },
{ TEST6, "pkt_stratum" },
{ TEST7, "pkt_header" },
{ TEST8, "pkt_autokey" },
{ TEST9, "pkt_crypto" },
{ TEST10, "peer_stratum" },
{ TEST11, "peer_dist" },
{ TEST12, "peer_loop" },
{ TEST13, "peer_unreach" },
{ -1, "flash" }
{ TEST1, "pkt_dup", 0 },
{ TEST2, "pkt_bogus", 0 },
{ TEST3, "pkt_unsync", 0 },
{ TEST4, "pkt_denied", 0 },
{ TEST5, "pkt_auth", 0 },
{ TEST6, "pkt_stratum", 0 },
{ TEST7, "pkt_header", 0 },
{ TEST8, "pkt_autokey", 0 },
{ TEST9, "pkt_crypto", 0 },
{ TEST10, "peer_stratum", 0 },
{ TEST11, "peer_dist", 0 },
{ TEST12, "peer_loop", 0 },
{ TEST13, "peer_unreach", 0 },
{ -1, "flash", 0 }
};
#endif
@ -112,56 +113,56 @@ static const struct codestring flash_codes[] = {
* System events (sys)
*/
static const struct codestring sys_codes[] = {
{ EVNT_UNSPEC, "unspecified" },
{ EVNT_NSET, "freq_not_set" },
{ EVNT_FSET, "freq_set" },
{ EVNT_SPIK, "spike_detect" },
{ EVNT_FREQ, "freq_mode" },
{ EVNT_SYNC, "clock_sync" },
{ EVNT_SYSRESTART, "restart" },
{ EVNT_SYSFAULT, "panic_stop" },
{ EVNT_NOPEER, "no_sys_peer" },
{ EVNT_ARMED, "leap_armed" },
{ EVNT_DISARMED, "leap_disarmed" },
{ EVNT_LEAP, "leap_event" },
{ EVNT_CLOCKRESET, "clock_step" },
{ EVNT_KERN, "kern" },
{ EVNT_TAI, "TAI" },
{ EVNT_LEAPVAL, "stale_leapsecond_values" },
{ -1, "" }
{ EVNT_UNSPEC, "unspecified", 0 },
{ EVNT_NSET, "freq_not_set", 0 },
{ EVNT_FSET, "freq_set", 0 },
{ EVNT_SPIK, "spike_detect", 0 },
{ EVNT_FREQ, "freq_mode", 0 },
{ EVNT_SYNC, "clock_sync", 0 },
{ EVNT_SYSRESTART, "restart", 0 },
{ EVNT_SYSFAULT, "panic_stop", 0 },
{ EVNT_NOPEER, "no_sys_peer", 0 },
{ EVNT_ARMED, "leap_armed", 0 },
{ EVNT_DISARMED, "leap_disarmed", 0 },
{ EVNT_LEAP, "leap_event", 0 },
{ EVNT_CLOCKRESET, "clock_step", 0 },
{ EVNT_KERN, "kern", 0 },
{ EVNT_TAI, "TAI", 0 },
{ EVNT_LEAPVAL, "stale_leapsecond_values", 0 },
{ -1, "", 0 }
};
/*
* Peer events (peer)
*/
static const struct codestring peer_codes[] = {
{ PEVNT_MOBIL & ~PEER_EVENT, "mobilize" },
{ PEVNT_DEMOBIL & ~PEER_EVENT, "demobilize" },
{ PEVNT_UNREACH & ~PEER_EVENT, "unreachable" },
{ PEVNT_REACH & ~PEER_EVENT, "reachable" },
{ PEVNT_RESTART & ~PEER_EVENT, "restart" },
{ PEVNT_REPLY & ~PEER_EVENT, "no_reply" },
{ PEVNT_RATE & ~PEER_EVENT, "rate_exceeded" },
{ PEVNT_DENY & ~PEER_EVENT, "access_denied" },
{ PEVNT_ARMED & ~PEER_EVENT, "leap_armed" },
{ PEVNT_NEWPEER & ~PEER_EVENT, "sys_peer" },
{ PEVNT_CLOCK & ~PEER_EVENT, "clock_event" },
{ PEVNT_AUTH & ~PEER_EVENT, "bad_auth" },
{ PEVNT_POPCORN & ~PEER_EVENT, "popcorn" },
{ PEVNT_XLEAVE & ~PEER_EVENT, "interleave_mode" },
{ PEVNT_XERR & ~PEER_EVENT, "interleave_error" },
{ -1, "" }
{ PEVNT_MOBIL & ~PEER_EVENT, "mobilize", 0 },
{ PEVNT_DEMOBIL & ~PEER_EVENT, "demobilize", 0 },
{ PEVNT_UNREACH & ~PEER_EVENT, "unreachable", 0 },
{ PEVNT_REACH & ~PEER_EVENT, "reachable", 0 },
{ PEVNT_RESTART & ~PEER_EVENT, "restart", 0 },
{ PEVNT_REPLY & ~PEER_EVENT, "no_reply", 0 },
{ PEVNT_RATE & ~PEER_EVENT, "rate_exceeded", 0 },
{ PEVNT_DENY & ~PEER_EVENT, "access_denied", 0 },
{ PEVNT_ARMED & ~PEER_EVENT, "leap_armed", 0 },
{ PEVNT_NEWPEER & ~PEER_EVENT, "sys_peer", 0 },
{ PEVNT_CLOCK & ~PEER_EVENT, "clock_event", 0 },
{ PEVNT_AUTH & ~PEER_EVENT, "bad_auth", 0 },
{ PEVNT_POPCORN & ~PEER_EVENT, "popcorn", 0 },
{ PEVNT_XLEAVE & ~PEER_EVENT, "interleave_mode", 0 },
{ PEVNT_XERR & ~PEER_EVENT, "interleave_error", 0 },
{ -1, "", 0 }
};
/*
* Peer status bits
*/
static const struct codestring peer_st_bits[] = {
{ CTL_PST_CONFIG, "conf" },
{ CTL_PST_AUTHENABLE, "authenb" },
{ CTL_PST_AUTHENTIC, "auth" },
{ CTL_PST_REACH, "reach" },
{ CTL_PST_BCAST, "bcast" },
{ CTL_PST_CONFIG, "conf", 0 },
{ CTL_PST_AUTHENABLE, "authenb", 0 },
{ CTL_PST_AUTHENTIC, "auth", 0 },
{ CTL_PST_REACH, "reach", 0 },
{ CTL_PST_BCAST, "bcast", 0 },
/* not used with getcode(), no terminating entry needed */
};
@ -169,9 +170,9 @@ static const struct codestring peer_st_bits[] = {
* Restriction match bits
*/
static const struct codestring res_match_bits[] = {
{ RESM_NTPONLY, "ntpport" },
{ RESM_INTERFACE, "interface" },
{ RESM_SOURCE, "source" },
{ RESM_NTPONLY, "ntpport", 0 },
{ RESM_INTERFACE, "interface", 0 },
{ RESM_SOURCE, "source", 0 },
/* not used with getcode(), no terminating entry needed */
};
@ -179,18 +180,19 @@ static const struct codestring res_match_bits[] = {
* Restriction access bits
*/
static const struct codestring res_access_bits[] = {
{ RES_IGNORE, "ignore" },
{ RES_DONTSERVE, "noserve" },
{ RES_DONTTRUST, "notrust" },
{ RES_NOQUERY, "noquery" },
{ RES_NOMODIFY, "nomodify" },
{ RES_NOPEER, "nopeer" },
{ RES_NOTRAP, "notrap" },
{ RES_LPTRAP, "lptrap" },
{ RES_LIMITED, "limited" },
{ RES_VERSION, "version" },
{ RES_KOD, "kod" },
{ RES_FLAKE, "flake" },
{ RES_IGNORE, "ignore", 0 },
{ RES_DONTSERVE, "noserve", "serve" },
{ RES_DONTTRUST, "notrust", "trust" },
{ RES_NOQUERY, "noquery", "query" },
{ RES_NOMODIFY, "nomodify", 0 },
{ RES_NOPEER, "nopeer", "peer" },
{ RES_NOEPEER, "noepeer", "epeer" },
{ RES_NOTRAP, "notrap", "trap" },
{ RES_LPTRAP, "lptrap", 0 },
{ RES_LIMITED, "limited", 0 },
{ RES_VERSION, "version", 0 },
{ RES_KOD, "kod", 0 },
{ RES_FLAKE, "flake", 0 },
/* not used with getcode(), no terminating entry needed */
};
@ -199,23 +201,23 @@ static const struct codestring res_access_bits[] = {
* Crypto events (cryp)
*/
static const struct codestring crypto_codes[] = {
{ XEVNT_OK & ~CRPT_EVENT, "success" },
{ XEVNT_LEN & ~CRPT_EVENT, "bad_field_format_or_length" },
{ XEVNT_TSP & ~CRPT_EVENT, "bad_timestamp" },
{ XEVNT_FSP & ~CRPT_EVENT, "bad_filestamp" },
{ XEVNT_PUB & ~CRPT_EVENT, "bad_or_missing_public_key" },
{ XEVNT_MD & ~CRPT_EVENT, "unsupported_digest_type" },
{ XEVNT_KEY & ~CRPT_EVENT, "unsupported_identity_type" },
{ XEVNT_SGL & ~CRPT_EVENT, "bad_signature_length" },
{ XEVNT_SIG & ~CRPT_EVENT, "signature_not_verified" },
{ XEVNT_VFY & ~CRPT_EVENT, "certificate_not_verified" },
{ XEVNT_PER & ~CRPT_EVENT, "host_certificate_expired" },
{ XEVNT_CKY & ~CRPT_EVENT, "bad_or_missing_cookie" },
{ XEVNT_DAT & ~CRPT_EVENT, "bad_or_missing_leapseconds" },
{ XEVNT_CRT & ~CRPT_EVENT, "bad_or_missing_certificate" },
{ XEVNT_ID & ~CRPT_EVENT, "bad_or_missing_group key" },
{ XEVNT_ERR & ~CRPT_EVENT, "protocol_error" },
{ -1, "" }
{ XEVNT_OK & ~CRPT_EVENT, "success", 0 },
{ XEVNT_LEN & ~CRPT_EVENT, "bad_field_format_or_length", 0 },
{ XEVNT_TSP & ~CRPT_EVENT, "bad_timestamp", 0 },
{ XEVNT_FSP & ~CRPT_EVENT, "bad_filestamp", 0 },
{ XEVNT_PUB & ~CRPT_EVENT, "bad_or_missing_public_key", 0 },
{ XEVNT_MD & ~CRPT_EVENT, "unsupported_digest_type", 0 },
{ XEVNT_KEY & ~CRPT_EVENT, "unsupported_identity_type", 0 },
{ XEVNT_SGL & ~CRPT_EVENT, "bad_signature_length", 0 },
{ XEVNT_SIG & ~CRPT_EVENT, "signature_not_verified", 0 },
{ XEVNT_VFY & ~CRPT_EVENT, "certificate_not_verified", 0 },
{ XEVNT_PER & ~CRPT_EVENT, "host_certificate_expired", 0 },
{ XEVNT_CKY & ~CRPT_EVENT, "bad_or_missing_cookie", 0 },
{ XEVNT_DAT & ~CRPT_EVENT, "bad_or_missing_leapseconds", 0 },
{ XEVNT_CRT & ~CRPT_EVENT, "bad_or_missing_certificate", 0 },
{ XEVNT_ID & ~CRPT_EVENT, "bad_or_missing_group key", 0 },
{ XEVNT_ERR & ~CRPT_EVENT, "protocol_error", 0 },
{ -1, "", 0 }
};
#endif /* AUTOKEY */
@ -225,52 +227,52 @@ static const struct codestring crypto_codes[] = {
*/
static const struct codestring k_st_bits[] = {
# ifdef STA_PLL
{ STA_PLL, "pll" },
{ STA_PLL, "pll", 0 },
# endif
# ifdef STA_PPSFREQ
{ STA_PPSFREQ, "ppsfreq" },
{ STA_PPSFREQ, "ppsfreq", 0 },
# endif
# ifdef STA_PPSTIME
{ STA_PPSTIME, "ppstime" },
{ STA_PPSTIME, "ppstime", 0 },
# endif
# ifdef STA_FLL
{ STA_FLL, "fll" },
{ STA_FLL, "fll", 0 },
# endif
# ifdef STA_INS
{ STA_INS, "ins" },
{ STA_INS, "ins", 0 },
# endif
# ifdef STA_DEL
{ STA_DEL, "del" },
{ STA_DEL, "del", 0 },
# endif
# ifdef STA_UNSYNC
{ STA_UNSYNC, "unsync" },
{ STA_UNSYNC, "unsync", 0 },
# endif
# ifdef STA_FREQHOLD
{ STA_FREQHOLD, "freqhold" },
{ STA_FREQHOLD, "freqhold", 0 },
# endif
# ifdef STA_PPSSIGNAL
{ STA_PPSSIGNAL, "ppssignal" },
{ STA_PPSSIGNAL, "ppssignal", 0 },
# endif
# ifdef STA_PPSJITTER
{ STA_PPSJITTER, "ppsjitter" },
{ STA_PPSJITTER, "ppsjitter", 0 },
# endif
# ifdef STA_PPSWANDER
{ STA_PPSWANDER, "ppswander" },
{ STA_PPSWANDER, "ppswander", 0 },
# endif
# ifdef STA_PPSERROR
{ STA_PPSERROR, "ppserror" },
{ STA_PPSERROR, "ppserror", 0 },
# endif
# ifdef STA_CLOCKERR
{ STA_CLOCKERR, "clockerr" },
{ STA_CLOCKERR, "clockerr", 0 },
# endif
# ifdef STA_NANO
{ STA_NANO, "nano" },
{ STA_NANO, "nano", 0 },
# endif
# ifdef STA_MODE
{ STA_MODE, "mode=fll" },
{ STA_MODE, "mode=fll", 0 },
# endif
# ifdef STA_CLK
{ STA_CLK, "src=B" },
{ STA_CLK, "src=B", 0 },
# endif
/* not used with getcode(), no terminating entry needed */
};
@ -294,12 +296,12 @@ getcode(
while (codetab->code != -1) {
if (codetab->code == code)
return codetab->string;
return codetab->string1;
codetab++;
}
LIB_GETBUF(buf);
snprintf(buf, LIB_BUFLENGTH, "%s_%d", codetab->string, code);
snprintf(buf, LIB_BUFLENGTH, "%s_%d", codetab->string1, code);
return buf;
}
@ -356,10 +358,18 @@ decode_bitflags(
sep = "";
for (b = 0; b < tab_ct; b++) {
const char * flagstr;
if (tab[b].code & bits) {
flagstr = tab[b].string1;
} else {
flagstr = tab[b].string0;
}
if (flagstr) {
size_t avail = lim - pch;
rc = snprintf(pch, avail, "%s%s", sep,
tab[b].string);
flagstr);
if ((size_t)rc >= avail)
goto toosmall;
pch += rc;

340
external/bsd/ntp/dist/libntp/systime.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: systime.c,v 1.5 2016/05/01 23:32:00 christos Exp $ */
/* $NetBSD: systime.c,v 1.6 2018/04/07 00:19:52 christos Exp $ */
/*
* systime -- routines to fiddle a UNIX clock.
@ -7,8 +7,10 @@
*
*/
#include <config.h>
#include <math.h>
#include "ntp.h"
#include "ntpd.h"
#include "ntp_syslog.h"
#include "ntp_stdlib.h"
#include "ntp_random.h"
@ -16,6 +18,7 @@
#include "timevalops.h"
#include "timespecops.h"
#include "ntp_calendar.h"
#include "lib_strbuf.h"
#ifdef HAVE_SYS_PARAM_H
# include <sys/param.h>
@ -30,6 +33,9 @@
int allow_panic = FALSE; /* allow panic correction (-g) */
int enable_panic_check = TRUE; /* Can we check allow_panic's state? */
u_long sys_lamport; /* Lamport violation */
u_long sys_tsrounding; /* timestamp rounding errors */
#ifndef USE_COMPILETIME_PIVOT
# define USE_COMPILETIME_PIVOT 1
#endif
@ -112,7 +118,10 @@ set_sys_fuzz(
sys_fuzz = fuzz_val;
INSIST(sys_fuzz >= 0);
INSIST(sys_fuzz <= 1.0);
sys_fuzz_nsec = (long)(sys_fuzz * 1e9 + 0.5);
/* [Bug 3450] ensure nsec fuzz >= sys_fuzz to reduce chance of
* short-falling fuzz advance
*/
sys_fuzz_nsec = (long)ceil(sys_fuzz * 1e9);
}
@ -170,13 +179,10 @@ get_systime(
static struct timespec ts_last; /* last sampled os time */
static struct timespec ts_prev; /* prior os time */
static l_fp lfp_prev; /* prior result */
static double dfuzz_prev; /* prior fuzz */
struct timespec ts; /* seconds and nanoseconds */
struct timespec ts_min; /* earliest permissible */
struct timespec ts_lam; /* lamport fictional increment */
struct timespec ts_prev_log; /* for msyslog only */
double dfuzz;
double ddelta;
l_fp result;
l_fp lfpfuzz;
l_fp lfpdelta;
@ -193,8 +199,10 @@ get_systime(
* introduce small steps backward. It should not be an issue on
* systems where get_ostime() results in a true syscall.)
*/
if (cmp_tspec(add_tspec_ns(ts, 50000000), ts_last) < 0)
if (cmp_tspec(add_tspec_ns(ts, 50000000), ts_last) < 0) {
lamport_violated = 1;
sys_lamport++;
}
ts_last = ts;
/*
@ -218,21 +226,16 @@ get_systime(
if (!lamport_violated)
ts = ts_min;
}
ts_prev_log = ts_prev;
ts_prev = ts;
} else {
/*
* Quiet "ts_prev_log.tv_sec may be used uninitialized"
* warning from x86 gcc 4.5.2.
*/
ZERO(ts_prev_log);
}
/* convert from timespec to l_fp fixed-point */
result = tspec_stamp_to_lfp(ts);
/*
* Add in the fuzz.
* Add in the fuzz. 'ntp_random()' returns [0..2**31-1] so we
* must scale up the result by 2.0 to cover the full fractional
* range.
*/
dfuzz = ntp_random() * 2. / FRAC * sys_fuzz;
DTOLFP(dfuzz, &lfpfuzz);
@ -242,30 +245,34 @@ get_systime(
* Ensure result is strictly greater than prior result (ignoring
* sys_residual's effect for now) once sys_fuzz has been
* determined.
*
* [Bug 3450] Rounding errors and time slew can lead to a
* violation of the expected postcondition. This is bound to
* happen from time to time (depending on state of the random
* generator, the current slew and the closeness of system time
* stamps drawn) and does not warrant a syslog entry. Instead it
* makes much more sense to ensure the postcondition and hop
* along silently.
*/
if (!USING_SIGIO()) {
if (!L_ISZERO(&lfp_prev) && !lamport_violated) {
if (!L_ISGTU(&result, &lfp_prev) &&
sys_fuzz > 0.) {
msyslog(LOG_ERR, "ts_prev %s ts_min %s",
tspectoa(ts_prev_log),
tspectoa(ts_min));
msyslog(LOG_ERR, "ts %s", tspectoa(ts));
msyslog(LOG_ERR, "sys_fuzz %ld nsec, prior fuzz %.9f",
sys_fuzz_nsec, dfuzz_prev);
msyslog(LOG_ERR, "this fuzz %.9f",
dfuzz);
lfpdelta = lfp_prev;
L_SUB(&lfpdelta, &result);
LFPTOD(&lfpdelta, ddelta);
msyslog(LOG_ERR,
"prev get_systime 0x%x.%08x is %.9f later than 0x%x.%08x",
lfp_prev.l_ui, lfp_prev.l_uf,
ddelta, result.l_ui, result.l_uf);
if ( !L_ISZERO(&lfp_prev)
&& !lamport_violated
&& (sys_fuzz > 0.0)
) {
lfpdelta = result;
L_SUB(&lfpdelta, &lfp_prev);
L_SUBUF(&lfpdelta, 1);
if (lfpdelta.l_i < 0)
{
L_NEG(&lfpdelta);
DPRINTF(1, ("get_systime: postcond failed by %s secs, fixed\n",
lfptoa(&lfpdelta, 9)));
result = lfp_prev;
L_ADDUF(&result, 1);
sys_tsrounding++;
}
}
lfp_prev = result;
dfuzz_prev = dfuzz;
if (lamport_violated)
lamport_violated = FALSE;
}
@ -364,105 +371,16 @@ adj_systime(
}
#endif
/*
* step_systime - step the system clock.
* helper to keep utmp/wtmp up to date
*/
int
step_systime(
double step
static void
update_uwtmp(
struct timeval timetv,
struct timeval tvlast
)
{
time_t pivot; /* for ntp era unfolding */
struct timeval timetv, tvlast, tvdiff;
struct timespec timets;
struct calendar jd;
l_fp fp_ofs, fp_sys; /* offset and target system time in FP */
/*
* Get pivot time for NTP era unfolding. Since we don't step
* very often, we can afford to do the whole calculation from
* scratch. And we're not in the time-critical path yet.
*/
#if SIZEOF_TIME_T > 4
/*
* This code makes sure the resulting time stamp for the new
* system time is in the 2^32 seconds starting at 1970-01-01,
* 00:00:00 UTC.
*/
pivot = 0x80000000;
#if USE_COMPILETIME_PIVOT
/*
* Add the compile time minus 10 years to get a possible target
* area of (compile time - 10 years) to (compile time + 126
* years). This should be sufficient for a given binary of
* NTPD.
*/
if (ntpcal_get_build_date(&jd)) {
jd.year -= 10;
pivot += ntpcal_date_to_time(&jd);
} else {
msyslog(LOG_ERR,
"step-systime: assume 1970-01-01 as build date");
}
#else
UNUSED_LOCAL(jd);
#endif /* USE_COMPILETIME_PIVOT */
#else
UNUSED_LOCAL(jd);
/* This makes sure the resulting time stamp is on or after
* 1969-12-31/23:59:59 UTC and gives us additional two years,
* from the change of NTP era in 2036 to the UNIX rollover in
* 2038. (Minus one second, but that won't hurt.) We *really*
* need a longer 'time_t' after that! Or a different baseline,
* but that would cause other serious trouble, too.
*/
pivot = 0x7FFFFFFF;
#endif
/* get the complete jump distance as l_fp */
DTOLFP(sys_residual, &fp_sys);
DTOLFP(step, &fp_ofs);
L_ADD(&fp_ofs, &fp_sys);
/* ---> time-critical path starts ---> */
/* get the current time as l_fp (without fuzz) and as struct timeval */
get_ostime(&timets);
fp_sys = tspec_stamp_to_lfp(timets);
tvlast.tv_sec = timets.tv_sec;
tvlast.tv_usec = (timets.tv_nsec + 500) / 1000;
/* get the target time as l_fp */
L_ADD(&fp_sys, &fp_ofs);
/* unfold the new system time */
timetv = lfp_stamp_to_tval(fp_sys, &pivot);
/* now set new system time */
if (ntp_set_tod(&timetv, NULL) != 0) {
msyslog(LOG_ERR, "step-systime: %m");
if (enable_panic_check && allow_panic) {
msyslog(LOG_ERR, "step_systime: allow_panic is TRUE!");
}
return FALSE;
}
/* <--- time-critical path ended with 'ntp_set_tod()' <--- */
sys_residual = 0;
lamport_violated = (step < 0);
if (step_callback)
(*step_callback)();
#ifdef NEED_HPUX_ADJTIME
/*
* CHECKME: is this correct when called by ntpdate?????
*/
_clear_adjtime();
#endif
struct timeval tvdiff;
/*
* FreeBSD, for example, has:
* struct utmp {
@ -591,6 +509,83 @@ step_systime(
#endif /* UPDATE_WTMPX */
}
}
/*
* step_systime - step the system clock.
*/
int
step_systime(
double step
)
{
time_t pivot; /* for ntp era unfolding */
struct timeval timetv, tvlast;
struct timespec timets;
l_fp fp_ofs, fp_sys; /* offset and target system time in FP */
/*
* Get pivot time for NTP era unfolding. Since we don't step
* very often, we can afford to do the whole calculation from
* scratch. And we're not in the time-critical path yet.
*/
#if SIZEOF_TIME_T > 4
pivot = basedate_get_eracenter();
#else
/* This makes sure the resulting time stamp is on or after
* 1969-12-31/23:59:59 UTC and gives us additional two years,
* from the change of NTP era in 2036 to the UNIX rollover in
* 2038. (Minus one second, but that won't hurt.) We *really*
* need a longer 'time_t' after that! Or a different baseline,
* but that would cause other serious trouble, too.
*/
pivot = 0x7FFFFFFF;
#endif
/* get the complete jump distance as l_fp */
DTOLFP(sys_residual, &fp_sys);
DTOLFP(step, &fp_ofs);
L_ADD(&fp_ofs, &fp_sys);
/* ---> time-critical path starts ---> */
/* get the current time as l_fp (without fuzz) and as struct timeval */
get_ostime(&timets);
fp_sys = tspec_stamp_to_lfp(timets);
tvlast.tv_sec = timets.tv_sec;
tvlast.tv_usec = (timets.tv_nsec + 500) / 1000;
/* get the target time as l_fp */
L_ADD(&fp_sys, &fp_ofs);
/* unfold the new system time */
timetv = lfp_stamp_to_tval(fp_sys, &pivot);
/* now set new system time */
if (ntp_set_tod(&timetv, NULL) != 0) {
msyslog(LOG_ERR, "step-systime: %m");
if (enable_panic_check && allow_panic) {
msyslog(LOG_ERR, "step_systime: allow_panic is TRUE!");
}
return FALSE;
}
/* <--- time-critical path ended with 'ntp_set_tod()' <--- */
sys_residual = 0;
lamport_violated = (step < 0);
if (step_callback)
(*step_callback)();
#ifdef NEED_HPUX_ADJTIME
/*
* CHECKME: is this correct when called by ntpdate?????
*/
_clear_adjtime();
#endif
update_uwtmp(timetv, tvlast);
if (enable_panic_check && allow_panic) {
msyslog(LOG_ERR, "step_systime: allow_panic is TRUE!");
INSIST(!allow_panic);
@ -598,4 +593,93 @@ step_systime(
return TRUE;
}
static const char *
tv_fmt_libbuf(
const struct timeval * ptv
)
{
char * retv;
vint64 secs;
ntpcal_split dds;
struct calendar jd;
secs = time_to_vint64(&ptv->tv_sec);
dds = ntpcal_daysplit(&secs);
ntpcal_daysplit_to_date(&jd, &dds, DAY_UNIX_STARTS);
LIB_GETBUF(retv);
snprintf(retv, LIB_BUFLENGTH,
"%04hu-%02hu-%02hu/%02hu:%02hu:%02hu.%06u",
jd.year, (u_short)jd.month, (u_short)jd.monthday,
(u_short)jd.hour, (u_short)jd.minute, (u_short)jd.second,
(u_int)ptv->tv_usec);
return retv;
}
int /*BOOL*/
clamp_systime(void)
{
#if SIZEOF_TIME_T > 4
struct timeval timetv, tvlast;
struct timespec timets;
uint32_t tdiff;
timetv.tv_sec = basedate_get_erabase();
/* ---> time-critical path starts ---> */
/* get the current time as l_fp (without fuzz) and as struct timeval */
get_ostime(&timets);
tvlast.tv_sec = timets.tv_sec;
tvlast.tv_usec = (timets.tv_nsec + 500) / 1000;
if (tvlast.tv_usec >= 1000000) {
tvlast.tv_usec -= 1000000;
tvlast.tv_sec += 1;
}
timetv.tv_usec = tvlast.tv_usec;
tdiff = (uint32_t)(tvlast.tv_sec & UINT32_MAX) -
(uint32_t)(timetv.tv_sec & UINT32_MAX);
timetv.tv_sec += tdiff;
if (timetv.tv_sec != tvlast.tv_sec) {
/* now set new system time */
if (ntp_set_tod(&timetv, NULL) != 0) {
msyslog(LOG_ERR, "clamp-systime: %m");
return FALSE;
}
} else {
msyslog(LOG_INFO,
"clamp-systime: clock (%s) in allowed range",
tv_fmt_libbuf(&timetv));
return FALSE;
}
/* <--- time-critical path ended with 'ntp_set_tod()' <--- */
sys_residual = 0;
lamport_violated = (timetv.tv_sec < tvlast.tv_sec);
if (step_callback)
(*step_callback)();
# ifdef NEED_HPUX_ADJTIME
/*
* CHECKME: is this correct when called by ntpdate?????
*/
_clear_adjtime();
# endif
update_uwtmp(timetv, tvlast);
msyslog(LOG_WARNING,
"clamp-systime: clock stepped from %s to %s!",
tv_fmt_libbuf(&tvlast), tv_fmt_libbuf(&timetv));
return TRUE;
#else
return 0;
#endif
}
#endif /* !SIM */

4
external/bsd/ntp/dist/libntp/work_thread.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: work_thread.c,v 1.5 2016/05/01 23:32:00 christos Exp $ */
/* $NetBSD: work_thread.c,v 1.6 2018/04/07 00:19:52 christos Exp $ */
/*
* work_thread.c - threads implementation for blocking worker child.
@ -29,7 +29,7 @@
#define CHILD_GONE_RESP CHILD_EXIT_REQ
/* Queue size increments:
* The request queue grows a bit faster than the response queue -- the
* deamon can push requests and pull results faster on avarage than the
* daemon can push requests and pull results faster on avarage than the
* worker can process requests and push results... If this really pays
* off is debatable.
*/

6
external/bsd/ntp/dist/ntpd/keyword-gen.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: keyword-gen.c,v 1.11 2016/11/22 03:09:30 christos Exp $ */
/* $NetBSD: keyword-gen.c,v 1.12 2018/04/07 00:19:52 christos Exp $ */
/*
* keyword-gen.c -- generate keyword scanner finite state machine and
@ -155,11 +155,15 @@ struct key_tok ntp_keywords[] = {
{ "orphan", T_Orphan, FOLLBY_TOKEN },
{ "orphanwait", T_Orphanwait, FOLLBY_TOKEN },
{ "nonvolatile", T_Nonvolatile, FOLLBY_TOKEN },
{ "basedate", T_Basedate, FOLLBY_STRING },
/* access_control_flag */
{ "default", T_Default, FOLLBY_TOKEN },
{ "source", T_Source, FOLLBY_TOKEN },
{ "epeer", T_Epeer, FOLLBY_TOKEN },
{ "noepeer", T_Noepeer, FOLLBY_TOKEN },
{ "flake", T_Flake, FOLLBY_TOKEN },
{ "ignore", T_Ignore, FOLLBY_TOKEN },
{ "ippeerlimit", T_Ippeerlimit, FOLLBY_TOKEN },
{ "limited", T_Limited, FOLLBY_TOKEN },
{ "mssntp", T_Mssntp, FOLLBY_TOKEN },
{ "kod", T_Kod, FOLLBY_TOKEN },

495
external/bsd/ntp/dist/ntpd/ntp_config.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntp_config.c,v 1.17 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntp_config.c,v 1.18 2018/04/07 00:19:52 christos Exp $ */
/* ntp_config.c
*
@ -151,9 +151,9 @@ typedef struct peer_resolved_ctx_tag {
extern int yydebug; /* ntp_parser.c (.y) */
config_tree cfgt; /* Parser output stored here */
struct config_tree_tag *cfg_tree_history; /* History of configs */
char *sys_phone[MAXPHONE] = {NULL}; /* ACTS phone numbers */
char * sys_phone[MAXPHONE] = {NULL}; /* ACTS phone numbers */
char default_keysdir[] = NTP_KEYSDIR;
char *keysdir = default_keysdir; /* crypto keys directory */
char * keysdir = default_keysdir; /* crypto keys directory */
char * saveconfigdir;
#if defined(HAVE_SCHED_SETSCHEDULER)
int config_priority_override = 0;
@ -314,6 +314,7 @@ static void config_monitor(config_tree *);
static void config_rlimit(config_tree *);
static void config_system_opts(config_tree *);
static void config_tinker(config_tree *);
static int config_tos_clock(config_tree *);
static void config_tos(config_tree *);
static void config_vars(config_tree *);
@ -365,6 +366,8 @@ static u_int32 get_match(const char *, struct masks *);
static u_int32 get_logmask(const char *);
static int/*BOOL*/ is_refclk_addr(const address_node * addr);
static void appendstr(char *, size_t, const char *);
#ifndef SIM
static int getnetnum(const char *num, sockaddr_u *addr, int complain,
@ -530,7 +533,7 @@ dump_config_tree(
setvar_node *setv_node;
nic_rule_node *rule_node;
int_node *i_n;
int_node *flags;
int_node *flag_tok_fifo;
int_node *counter_set;
string_node *str_node;
@ -556,7 +559,10 @@ dump_config_tree(
ptree->source.value.s);
}
/* For options I didn't find documentation I'll just output its name and the cor. value */
/*
* For options without documentation we just output the name
* and its data value
*/
atrv = HEAD_PFIFO(ptree->vars);
for ( ; atrv != NULL; atrv = atrv->link) {
switch (atrv->type) {
@ -724,6 +730,21 @@ dump_config_tree(
token_name(atrv->type));
break;
#endif
case T_Integer:
if (atrv->attr == T_Basedate) {
struct calendar jd;
ntpcal_rd_to_date(&jd, atrv->value.i + DAY_NTP_STARTS);
fprintf(df, " %s \"%04hu-%02hu-%02hu\"",
keyword(atrv->attr), jd.year,
(u_short)jd.month,
(u_short)jd.monthday);
} else {
fprintf(df, " %s %d",
keyword(atrv->attr),
atrv->value.i);
}
break;
case T_Double:
fprintf(df, " %s %s",
keyword(atrv->attr),
@ -906,30 +927,52 @@ dump_config_tree(
fprintf(df, "\n");
}
for (rest_node = HEAD_PFIFO(ptree->restrict_opts);
rest_node != NULL;
rest_node = rest_node->link) {
int is_default = 0;
if (NULL == rest_node->addr) {
s = "default";
flags = HEAD_PFIFO(rest_node->flags);
for ( ; flags != NULL; flags = flags->link)
if (T_Source == flags->i) {
/* Don't need to set is_default=1 here */
flag_tok_fifo = HEAD_PFIFO(rest_node->flag_tok_fifo);
for ( ; flag_tok_fifo != NULL; flag_tok_fifo = flag_tok_fifo->link) {
if (T_Source == flag_tok_fifo->i) {
s = "source";
break;
}
}
}
} else {
s = rest_node->addr->address;
const char *ap = rest_node->addr->address;
const char *mp = "";
if (rest_node->mask)
mp = rest_node->mask->address;
if ( rest_node->addr->type == AF_INET
&& !strcmp(ap, "0.0.0.0")
&& !strcmp(mp, "0.0.0.0")) {
is_default = 1;
s = "-4 default";
} else if ( rest_node->mask
&& rest_node->mask->type == AF_INET6
&& !strcmp(ap, "::")
&& !strcmp(mp, "::")) {
is_default = 1;
s = "-6 default";
} else {
s = ap;
}
}
fprintf(df, "restrict %s", s);
if (rest_node->mask != NULL)
if (rest_node->mask != NULL && !is_default)
fprintf(df, " mask %s",
rest_node->mask->address);
flags = HEAD_PFIFO(rest_node->flags);
for ( ; flags != NULL; flags = flags->link)
if (T_Source != flags->i)
fprintf(df, " %s", keyword(flags->i));
fprintf(df, " ippeerlimit %d", rest_node->ippeerlimit);
flag_tok_fifo = HEAD_PFIFO(rest_node->flag_tok_fifo);
for ( ; flag_tok_fifo != NULL; flag_tok_fifo = flag_tok_fifo->link)
if (T_Source != flag_tok_fifo->i)
fprintf(df, " %s", keyword(flag_tok_fifo->i));
fprintf(df, "\n");
}
@ -1059,11 +1102,45 @@ concat_gen_fifos(
return pf1;
}
void*
destroy_gen_fifo(
void *fifo,
fifo_deleter func
)
{
any_node * np = NULL;
any_node_fifo * pf1 = fifo;
if (pf1 != NULL) {
if (!func)
func = free;
for (;;) {
UNLINK_FIFO(np, *pf1, link);
if (np == NULL)
break;
(*func)(np);
}
free(pf1);
}
return NULL;
}
/* FUNCTIONS FOR CREATING NODES ON THE SYNTAX TREE
* -----------------------------------------------
*/
void
destroy_attr_val(
attr_val * av
)
{
if (av) {
if (T_String == av->type)
free(av->value.s);
free(av);
}
}
attr_val *
create_attr_dval(
int attr,
@ -1404,7 +1481,8 @@ restrict_node *
create_restrict_node(
address_node * addr,
address_node * mask,
int_fifo * flags,
short ippeerlimit,
int_fifo * flag_tok_fifo,
int line_no
)
{
@ -1413,7 +1491,8 @@ create_restrict_node(
my_node = emalloc_zero(sizeof(*my_node));
my_node->addr = addr;
my_node->mask = mask;
my_node->flags = flags;
my_node->ippeerlimit = ippeerlimit;
my_node->flag_tok_fifo = flag_tok_fifo;
my_node->line_no = line_no;
return my_node;
@ -1430,7 +1509,7 @@ destroy_restrict_node(
*/
destroy_address_node(my_node->addr);
destroy_address_node(my_node->mask);
destroy_int_fifo(my_node->flags);
destroy_int_fifo(my_node->flag_tok_fifo);
free(my_node);
}
@ -1486,9 +1565,7 @@ destroy_attr_val_fifo(
UNLINK_FIFO(av, *av_fifo, link);
if (av == NULL)
break;
if (T_String == av->type)
free(av->value.s);
free(av);
destroy_attr_val(av);
}
free(av_fifo);
}
@ -2011,6 +2088,35 @@ free_config_auth(
#endif /* FREE_CFG_T */
/* Configure low-level clock-related parameters. Return TRUE if the
* clock might need adjustment like era-checking after the call, FALSE
* otherwise.
*/
static int/*BOOL*/
config_tos_clock(
config_tree *ptree
)
{
int ret;
attr_val * tos;
ret = FALSE;
tos = HEAD_PFIFO(ptree->orphan_cmds);
for (; tos != NULL; tos = tos->link) {
switch(tos->attr) {
default:
break;
case T_Basedate:
basedate_set_day(tos->value.i);
ret = TRUE;
break;
}
}
return ret;
}
static void
config_tos(
config_tree *ptree
@ -2036,12 +2142,16 @@ config_tos(
/* -*- phase one: inspect / sanitize the values */
tos = HEAD_PFIFO(ptree->orphan_cmds);
for (; tos != NULL; tos = tos->link) {
val = tos->value.d;
/* not all attributes are doubles (any more), so loading
* 'val' in all cases is not a good idea: It should be
* done as needed in every case processed here.
*/
switch(tos->attr) {
default:
break;
case T_Bcpollbstep:
val = tos->value.d;
if (val > 4) {
msyslog(LOG_WARNING,
"Using maximum bcpollbstep ceiling %d, %d requested",
@ -2056,6 +2166,7 @@ config_tos(
break;
case T_Ceiling:
val = tos->value.d;
if (val > STRATUM_UNSPEC - 1) {
msyslog(LOG_WARNING,
"Using maximum tos ceiling %d, %d requested",
@ -2070,18 +2181,21 @@ config_tos(
break;
case T_Minclock:
val = tos->value.d;
if ((int)tos->value.d < 1)
tos->value.d = 1;
l_minclock = (int)tos->value.d;
break;
case T_Maxclock:
val = tos->value.d;
if ((int)tos->value.d < 1)
tos->value.d = 1;
l_maxclock = (int)tos->value.d;
break;
case T_Minsane:
val = tos->value.d;
if ((int)tos->value.d < 1)
tos->value.d = 1;
l_minsane = (int)tos->value.d;
@ -2099,7 +2213,6 @@ config_tos(
/* -*- phase two: forward the values to the protocol machinery */
tos = HEAD_PFIFO(ptree->orphan_cmds);
for (; tos != NULL; tos = tos->link) {
val = tos->value.d;
switch(tos->attr) {
default:
@ -2152,8 +2265,11 @@ config_tos(
case T_Beacon:
item = PROTO_BEACON;
break;
case T_Basedate:
continue; /* SKIP proto-config for this! */
}
proto_config(item, 0, val, NULL);
proto_config(item, 0, tos->value.d, NULL);
}
}
@ -2350,7 +2466,7 @@ config_access(
static int warned_signd;
attr_val * my_opt;
restrict_node * my_node;
int_node * curr_flag;
int_node * curr_tok_fifo;
sockaddr_u addr;
sockaddr_u mask;
struct addrinfo hints;
@ -2358,8 +2474,9 @@ config_access(
struct addrinfo * pai;
int rc;
int restrict_default;
u_short flags;
u_short rflags;
u_short mflags;
short ippeerlimit;
int range_err;
const char * signd_warning =
#ifdef HAVE_NTP_SIGND
@ -2478,17 +2595,23 @@ config_access(
/* Configure the restrict options */
my_node = HEAD_PFIFO(ptree->restrict_opts);
for (; my_node != NULL; my_node = my_node->link) {
/* Grab the ippeerlmit */
ippeerlimit = my_node->ippeerlimit;
DPRINTF(1, ("config_access: top-level node %p: ippeerlimit %d\n", my_node, ippeerlimit));
/* Parse the flags */
flags = 0;
rflags = 0;
mflags = 0;
curr_flag = HEAD_PFIFO(my_node->flags);
for (; curr_flag != NULL; curr_flag = curr_flag->link) {
switch (curr_flag->i) {
curr_tok_fifo = HEAD_PFIFO(my_node->flag_tok_fifo);
for (; curr_tok_fifo != NULL; curr_tok_fifo = curr_tok_fifo->link) {
switch (curr_tok_fifo->i) {
default:
fatal_error("config-access: flag-type-token=%d", curr_flag->i);
fatal_error("config_access: flag-type-token=%d", curr_tok_fifo->i);
case T_Ntpport:
mflags |= RESM_NTPONLY;
@ -2499,71 +2622,75 @@ config_access(
break;
case T_Flake:
flags |= RES_FLAKE;
rflags |= RES_FLAKE;
break;
case T_Ignore:
flags |= RES_IGNORE;
rflags |= RES_IGNORE;
break;
case T_Kod:
flags |= RES_KOD;
rflags |= RES_KOD;
break;
case T_Mssntp:
flags |= RES_MSSNTP;
rflags |= RES_MSSNTP;
break;
case T_Limited:
flags |= RES_LIMITED;
rflags |= RES_LIMITED;
break;
case T_Lowpriotrap:
flags |= RES_LPTRAP;
rflags |= RES_LPTRAP;
break;
case T_Nomodify:
flags |= RES_NOMODIFY;
rflags |= RES_NOMODIFY;
break;
case T_Nomrulist:
flags |= RES_NOMRULIST;
rflags |= RES_NOMRULIST;
break;
case T_Noepeer:
rflags |= RES_NOEPEER;
break;
case T_Nopeer:
flags |= RES_NOPEER;
rflags |= RES_NOPEER;
break;
case T_Noquery:
flags |= RES_NOQUERY;
rflags |= RES_NOQUERY;
break;
case T_Noserve:
flags |= RES_DONTSERVE;
rflags |= RES_DONTSERVE;
break;
case T_Notrap:
flags |= RES_NOTRAP;
rflags |= RES_NOTRAP;
break;
case T_Notrust:
flags |= RES_DONTTRUST;
rflags |= RES_DONTTRUST;
break;
case T_Version:
flags |= RES_VERSION;
rflags |= RES_VERSION;
break;
}
}
if ((RES_MSSNTP & flags) && !warned_signd) {
if ((RES_MSSNTP & rflags) && !warned_signd) {
warned_signd = 1;
fprintf(stderr, "%s\n", signd_warning);
msyslog(LOG_WARNING, "%s", signd_warning);
}
/* It would be swell if we could identify the line number */
if ((RES_KOD & flags) && !(RES_LIMITED & flags)) {
if ((RES_KOD & rflags) && !(RES_LIMITED & rflags)) {
const char *kod_where = (my_node->addr)
? my_node->addr->address
: (mflags & RESM_SOURCE)
@ -2591,10 +2718,10 @@ config_access(
restrict_default = 1;
} else {
/* apply "restrict source ..." */
DPRINTF(1, ("restrict source template mflags %x flags %x\n",
mflags, flags));
hack_restrict(RESTRICT_FLAGS, NULL,
NULL, mflags, flags, 0);
DPRINTF(1, ("restrict source template ippeerlimit %d mflags %x rflags %x\n",
ippeerlimit, mflags, rflags));
hack_restrict(RESTRICT_FLAGS, NULL, NULL,
ippeerlimit, mflags, rflags, 0);
continue;
}
} else {
@ -2663,15 +2790,15 @@ config_access(
if (restrict_default) {
AF(&addr) = AF_INET;
AF(&mask) = AF_INET;
hack_restrict(RESTRICT_FLAGS, &addr,
&mask, mflags, flags, 0);
hack_restrict(RESTRICT_FLAGS, &addr, &mask,
ippeerlimit, mflags, rflags, 0);
AF(&addr) = AF_INET6;
AF(&mask) = AF_INET6;
}
do {
hack_restrict(RESTRICT_FLAGS, &addr,
&mask, mflags, flags, 0);
hack_restrict(RESTRICT_FLAGS, &addr, &mask,
ippeerlimit, mflags, rflags, 0);
if (pai != NULL &&
NULL != (pai = pai->ai_next)) {
INSIST(pai->ai_addr != NULL);
@ -2722,6 +2849,9 @@ config_rlimit(
case T_Memlock:
/* What if we HAVE_OPT(SAVECONFIGQUIT) ? */
if (HAVE_OPT( SAVECONFIGQUIT )) {
break;
}
if (rlimit_av->value.i == -1) {
# if defined(HAVE_MLOCKALL)
if (cur_memlock != 0) {
@ -3008,17 +3138,17 @@ apply_enable_disable(
int enable
)
{
attr_val *curr_flag;
attr_val *curr_tok_fifo;
int option;
#ifdef BC_LIST_FRAMEWORK_NOT_YET_USED
bc_entry *pentry;
#endif
for (curr_flag = HEAD_PFIFO(fifo);
curr_flag != NULL;
curr_flag = curr_flag->link) {
for (curr_tok_fifo = HEAD_PFIFO(fifo);
curr_tok_fifo != NULL;
curr_tok_fifo = curr_tok_fifo->link) {
option = curr_flag->value.i;
option = curr_tok_fifo->value.i;
switch (option) {
default:
@ -3853,6 +3983,9 @@ config_peers(
* If we have a numeric address, we can safely
* proceed in the mainline with it. Otherwise, hand
* the hostname off to the blocking child.
*
* Note that if we're told to add the peer here, we
* do that regardless of ippeerlimit.
*/
if (is_ip_address(*cmdline_servers, AF_UNSPEC,
&peeraddr)) {
@ -3864,6 +3997,7 @@ config_peers(
&peeraddr,
NULL,
NULL,
-1,
MODE_CLIENT,
NTP_VERSION,
0,
@ -3914,6 +4048,7 @@ config_peers(
&peeraddr,
curr_peer->addr->address,
NULL,
-1,
hmode,
curr_peer->peerversion,
curr_peer->minpoll,
@ -3937,6 +4072,7 @@ config_peers(
&peeraddr,
NULL,
NULL,
-1,
hmode,
curr_peer->peerversion,
curr_peer->minpoll,
@ -4037,6 +4173,7 @@ peer_name_resolved(
&peeraddr,
NULL,
NULL,
-1,
ctx->hmode,
ctx->version,
ctx->minpoll,
@ -4115,7 +4252,7 @@ config_unpeers(
if (rc > 0) {
DPRINTF(1, ("unpeer: searching for %s\n",
stoa(&peeraddr)));
p = findexistingpeer(&peeraddr, NULL, NULL, -1, 0);
p = findexistingpeer(&peeraddr, NULL, NULL, -1, 0, NULL);
if (p != NULL) {
msyslog(LOG_NOTICE, "unpeered %s",
stoa(&peeraddr));
@ -4195,7 +4332,7 @@ unpeer_name_resolved(
memcpy(&peeraddr, res->ai_addr, res->ai_addrlen);
DPRINTF(1, ("unpeer: searching for peer %s\n",
stoa(&peeraddr)));
peer = findexistingpeer(&peeraddr, NULL, NULL, -1, 0);
peer = findexistingpeer(&peeraddr, NULL, NULL, -1, 0, NULL);
if (peer != NULL) {
af = AF(&peeraddr);
fam_spec = (AF_INET6 == af)
@ -4422,6 +4559,15 @@ config_ntpd(
int/*BOOL*/ input_from_files
)
{
/* [Bug 3435] check and esure clock sanity if configured from
* file and clock sanity parameters (-> basedate) are given. Do
* this ASAP, so we don't disturb the closed loop controller.
*/
if (input_from_files) {
if (config_tos_clock(ptree))
clamp_systime();
}
config_nic_rules(ptree, input_from_files);
config_monitor(ptree);
config_auth(ptree);
@ -4446,6 +4592,12 @@ config_ntpd(
config_fudge(ptree);
config_reset_counters(ptree);
#ifdef DEBUG
if (debug > 1) {
dump_restricts();
}
#endif
#ifdef TEST_BLOCKING_WORKER
{
struct addrinfo hints;
@ -5045,6 +5197,9 @@ ntp_rlimit(
switch (rl_what) {
# ifdef RLIMIT_MEMLOCK
case RLIMIT_MEMLOCK:
if (HAVE_OPT( SAVECONFIGQUIT )) {
break;
}
/*
* The default RLIMIT_MEMLOCK is very low on Linux systems.
* Unless we increase this limit malloc calls are likely to
@ -5106,3 +5261,217 @@ ntp_rlimit(
}
}
#endif /* HAVE_SETRLIMIT */
char *
build_iflags(u_int32 iflags)
{
static char ifs[1024];
ifs[0] = '\0';
if (iflags & INT_UP) {
iflags &= ~INT_UP;
appendstr(ifs, sizeof ifs, "up");
}
if (iflags & INT_PPP) {
iflags &= ~INT_PPP;
appendstr(ifs, sizeof ifs, "ppp");
}
if (iflags & INT_LOOPBACK) {
iflags &= ~INT_LOOPBACK;
appendstr(ifs, sizeof ifs, "loopback");
}
if (iflags & INT_BROADCAST) {
iflags &= ~INT_BROADCAST;
appendstr(ifs, sizeof ifs, "broadcast");
}
if (iflags & INT_MULTICAST) {
iflags &= ~INT_MULTICAST;
appendstr(ifs, sizeof ifs, "multicast");
}
if (iflags & INT_BCASTOPEN) {
iflags &= ~INT_BCASTOPEN;
appendstr(ifs, sizeof ifs, "bcastopen");
}
if (iflags & INT_MCASTOPEN) {
iflags &= ~INT_MCASTOPEN;
appendstr(ifs, sizeof ifs, "mcastopen");
}
if (iflags & INT_WILDCARD) {
iflags &= ~INT_WILDCARD;
appendstr(ifs, sizeof ifs, "wildcard");
}
if (iflags & INT_MCASTIF) {
iflags &= ~INT_MCASTIF;
appendstr(ifs, sizeof ifs, "MCASTif");
}
if (iflags & INT_PRIVACY) {
iflags &= ~INT_PRIVACY;
appendstr(ifs, sizeof ifs, "IPv6privacy");
}
if (iflags & INT_BCASTXMIT) {
iflags &= ~INT_BCASTXMIT;
appendstr(ifs, sizeof ifs, "bcastxmit");
}
if (iflags) {
char string[10];
snprintf(string, sizeof string, "%0x", iflags);
appendstr(ifs, sizeof ifs, string);
}
return ifs;
}
char *
build_mflags(u_short mflags)
{
static char mfs[1024];
mfs[0] = '\0';
if (mflags & RESM_NTPONLY) {
mflags &= ~RESM_NTPONLY;
appendstr(mfs, sizeof mfs, "ntponly");
}
if (mflags & RESM_SOURCE) {
mflags &= ~RESM_SOURCE;
appendstr(mfs, sizeof mfs, "source");
}
if (mflags) {
char string[10];
snprintf(string, sizeof string, "%0x", mflags);
appendstr(mfs, sizeof mfs, string);
}
return mfs;
}
char *
build_rflags(u_short rflags)
{
static char rfs[1024];
rfs[0] = '\0';
if (rflags & RES_FLAKE) {
rflags &= ~RES_FLAKE;
appendstr(rfs, sizeof rfs, "flake");
}
if (rflags & RES_IGNORE) {
rflags &= ~RES_IGNORE;
appendstr(rfs, sizeof rfs, "ignore");
}
if (rflags & RES_KOD) {
rflags &= ~RES_KOD;
appendstr(rfs, sizeof rfs, "kod");
}
if (rflags & RES_MSSNTP) {
rflags &= ~RES_MSSNTP;
appendstr(rfs, sizeof rfs, "mssntp");
}
if (rflags & RES_LIMITED) {
rflags &= ~RES_LIMITED;
appendstr(rfs, sizeof rfs, "limited");
}
if (rflags & RES_LPTRAP) {
rflags &= ~RES_LPTRAP;
appendstr(rfs, sizeof rfs, "lptrap");
}
if (rflags & RES_NOMODIFY) {
rflags &= ~RES_NOMODIFY;
appendstr(rfs, sizeof rfs, "nomodify");
}
if (rflags & RES_NOMRULIST) {
rflags &= ~RES_NOMRULIST;
appendstr(rfs, sizeof rfs, "nomrulist");
}
if (rflags & RES_NOEPEER) {
rflags &= ~RES_NOEPEER;
appendstr(rfs, sizeof rfs, "noepeer");
}
if (rflags & RES_NOPEER) {
rflags &= ~RES_NOPEER;
appendstr(rfs, sizeof rfs, "nopeer");
}
if (rflags & RES_NOQUERY) {
rflags &= ~RES_NOQUERY;
appendstr(rfs, sizeof rfs, "noquery");
}
if (rflags & RES_DONTSERVE) {
rflags &= ~RES_DONTSERVE;
appendstr(rfs, sizeof rfs, "dontserve");
}
if (rflags & RES_NOTRAP) {
rflags &= ~RES_NOTRAP;
appendstr(rfs, sizeof rfs, "notrap");
}
if (rflags & RES_DONTTRUST) {
rflags &= ~RES_DONTTRUST;
appendstr(rfs, sizeof rfs, "notrust");
}
if (rflags & RES_VERSION) {
rflags &= ~RES_VERSION;
appendstr(rfs, sizeof rfs, "version");
}
if (rflags) {
char string[10];
snprintf(string, sizeof string, "%0x", rflags);
appendstr(rfs, sizeof rfs, string);
}
if ('\0' == rfs[0]) {
appendstr(rfs, sizeof rfs, "(none)");
}
return rfs;
}
static void
appendstr(
char *string,
size_t s,
const char *new
)
{
if (*string != '\0') {
(void)strlcat(string, ",", s);
}
(void)strlcat(string, new, s);
return;
}

493
external/bsd/ntp/dist/ntpd/ntp_control.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntp_control.c,v 1.19 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntp_control.c,v 1.20 2018/04/07 00:19:52 christos Exp $ */
/*
* ntp_control.c - respond to mode 6 control messages and send async
@ -178,56 +178,58 @@ static const struct ctl_proc control_codes[] = {
#define CS_SS_LIMITED 41
#define CS_SS_KODSENT 42
#define CS_SS_PROCESSED 43
#define CS_PEERADR 44
#define CS_PEERMODE 45
#define CS_BCASTDELAY 46
#define CS_AUTHDELAY 47
#define CS_AUTHKEYS 48
#define CS_AUTHFREEK 49
#define CS_AUTHKLOOKUPS 50
#define CS_AUTHKNOTFOUND 51
#define CS_AUTHKUNCACHED 52
#define CS_AUTHKEXPIRED 53
#define CS_AUTHENCRYPTS 54
#define CS_AUTHDECRYPTS 55
#define CS_AUTHRESET 56
#define CS_K_OFFSET 57
#define CS_K_FREQ 58
#define CS_K_MAXERR 59
#define CS_K_ESTERR 60
#define CS_K_STFLAGS 61
#define CS_K_TIMECONST 62
#define CS_K_PRECISION 63
#define CS_K_FREQTOL 64
#define CS_K_PPS_FREQ 65
#define CS_K_PPS_STABIL 66
#define CS_K_PPS_JITTER 67
#define CS_K_PPS_CALIBDUR 68
#define CS_K_PPS_CALIBS 69
#define CS_K_PPS_CALIBERRS 70
#define CS_K_PPS_JITEXC 71
#define CS_K_PPS_STBEXC 72
#define CS_SS_LAMPORT 44
#define CS_SS_TSROUNDING 45
#define CS_PEERADR 46
#define CS_PEERMODE 47
#define CS_BCASTDELAY 48
#define CS_AUTHDELAY 49
#define CS_AUTHKEYS 50
#define CS_AUTHFREEK 51
#define CS_AUTHKLOOKUPS 52
#define CS_AUTHKNOTFOUND 53
#define CS_AUTHKUNCACHED 54
#define CS_AUTHKEXPIRED 55
#define CS_AUTHENCRYPTS 56
#define CS_AUTHDECRYPTS 57
#define CS_AUTHRESET 58
#define CS_K_OFFSET 59
#define CS_K_FREQ 60
#define CS_K_MAXERR 61
#define CS_K_ESTERR 62
#define CS_K_STFLAGS 63
#define CS_K_TIMECONST 64
#define CS_K_PRECISION 65
#define CS_K_FREQTOL 66
#define CS_K_PPS_FREQ 67
#define CS_K_PPS_STABIL 68
#define CS_K_PPS_JITTER 69
#define CS_K_PPS_CALIBDUR 70
#define CS_K_PPS_CALIBS 71
#define CS_K_PPS_CALIBERRS 72
#define CS_K_PPS_JITEXC 73
#define CS_K_PPS_STBEXC 74
#define CS_KERN_FIRST CS_K_OFFSET
#define CS_KERN_LAST CS_K_PPS_STBEXC
#define CS_IOSTATS_RESET 73
#define CS_TOTAL_RBUF 74
#define CS_FREE_RBUF 75
#define CS_USED_RBUF 76
#define CS_RBUF_LOWATER 77
#define CS_IO_DROPPED 78
#define CS_IO_IGNORED 79
#define CS_IO_RECEIVED 80
#define CS_IO_SENT 81
#define CS_IO_SENDFAILED 82
#define CS_IO_WAKEUPS 83
#define CS_IO_GOODWAKEUPS 84
#define CS_TIMERSTATS_RESET 85
#define CS_TIMER_OVERRUNS 86
#define CS_TIMER_XMTS 87
#define CS_FUZZ 88
#define CS_WANDER_THRESH 89
#define CS_LEAPSMEARINTV 90
#define CS_LEAPSMEAROFFS 91
#define CS_IOSTATS_RESET 75
#define CS_TOTAL_RBUF 76
#define CS_FREE_RBUF 77
#define CS_USED_RBUF 78
#define CS_RBUF_LOWATER 79
#define CS_IO_DROPPED 80
#define CS_IO_IGNORED 81
#define CS_IO_RECEIVED 82
#define CS_IO_SENT 83
#define CS_IO_SENDFAILED 84
#define CS_IO_WAKEUPS 85
#define CS_IO_GOODWAKEUPS 86
#define CS_TIMERSTATS_RESET 87
#define CS_TIMER_OVERRUNS 88
#define CS_TIMER_XMTS 89
#define CS_FUZZ 90
#define CS_WANDER_THRESH 91
#define CS_LEAPSMEARINTV 92
#define CS_LEAPSMEAROFFS 93
#define CS_MAX_NOAUTOKEY CS_LEAPSMEAROFFS
#ifdef AUTOKEY
#define CS_FLAGS (1 + CS_MAX_NOAUTOKEY)
@ -378,55 +380,57 @@ static const struct ctl_var sys_var[] = {
{ CS_SS_LIMITED, RO, "ss_limited" }, /* 41 */
{ CS_SS_KODSENT, RO, "ss_kodsent" }, /* 42 */
{ CS_SS_PROCESSED, RO, "ss_processed" }, /* 43 */
{ CS_PEERADR, RO, "peeradr" }, /* 44 */
{ CS_PEERMODE, RO, "peermode" }, /* 45 */
{ CS_BCASTDELAY, RO, "bcastdelay" }, /* 46 */
{ CS_AUTHDELAY, RO, "authdelay" }, /* 47 */
{ CS_AUTHKEYS, RO, "authkeys" }, /* 48 */
{ CS_AUTHFREEK, RO, "authfreek" }, /* 49 */
{ CS_AUTHKLOOKUPS, RO, "authklookups" }, /* 50 */
{ CS_AUTHKNOTFOUND, RO, "authknotfound" }, /* 51 */
{ CS_AUTHKUNCACHED, RO, "authkuncached" }, /* 52 */
{ CS_AUTHKEXPIRED, RO, "authkexpired" }, /* 53 */
{ CS_AUTHENCRYPTS, RO, "authencrypts" }, /* 54 */
{ CS_AUTHDECRYPTS, RO, "authdecrypts" }, /* 55 */
{ CS_AUTHRESET, RO, "authreset" }, /* 56 */
{ CS_K_OFFSET, RO, "koffset" }, /* 57 */
{ CS_K_FREQ, RO, "kfreq" }, /* 58 */
{ CS_K_MAXERR, RO, "kmaxerr" }, /* 59 */
{ CS_K_ESTERR, RO, "kesterr" }, /* 60 */
{ CS_K_STFLAGS, RO, "kstflags" }, /* 61 */
{ CS_K_TIMECONST, RO, "ktimeconst" }, /* 62 */
{ CS_K_PRECISION, RO, "kprecis" }, /* 63 */
{ CS_K_FREQTOL, RO, "kfreqtol" }, /* 64 */
{ CS_K_PPS_FREQ, RO, "kppsfreq" }, /* 65 */
{ CS_K_PPS_STABIL, RO, "kppsstab" }, /* 66 */
{ CS_K_PPS_JITTER, RO, "kppsjitter" }, /* 67 */
{ CS_K_PPS_CALIBDUR, RO, "kppscalibdur" }, /* 68 */
{ CS_K_PPS_CALIBS, RO, "kppscalibs" }, /* 69 */
{ CS_K_PPS_CALIBERRS, RO, "kppscaliberrs" }, /* 70 */
{ CS_K_PPS_JITEXC, RO, "kppsjitexc" }, /* 71 */
{ CS_K_PPS_STBEXC, RO, "kppsstbexc" }, /* 72 */
{ CS_IOSTATS_RESET, RO, "iostats_reset" }, /* 73 */
{ CS_TOTAL_RBUF, RO, "total_rbuf" }, /* 74 */
{ CS_FREE_RBUF, RO, "free_rbuf" }, /* 75 */
{ CS_USED_RBUF, RO, "used_rbuf" }, /* 76 */
{ CS_RBUF_LOWATER, RO, "rbuf_lowater" }, /* 77 */
{ CS_IO_DROPPED, RO, "io_dropped" }, /* 78 */
{ CS_IO_IGNORED, RO, "io_ignored" }, /* 79 */
{ CS_IO_RECEIVED, RO, "io_received" }, /* 80 */
{ CS_IO_SENT, RO, "io_sent" }, /* 81 */
{ CS_IO_SENDFAILED, RO, "io_sendfailed" }, /* 82 */
{ CS_IO_WAKEUPS, RO, "io_wakeups" }, /* 83 */
{ CS_IO_GOODWAKEUPS, RO, "io_goodwakeups" }, /* 84 */
{ CS_TIMERSTATS_RESET, RO, "timerstats_reset" },/* 85 */
{ CS_TIMER_OVERRUNS, RO, "timer_overruns" }, /* 86 */
{ CS_TIMER_XMTS, RO, "timer_xmts" }, /* 87 */
{ CS_FUZZ, RO, "fuzz" }, /* 88 */
{ CS_WANDER_THRESH, RO, "clk_wander_threshold" }, /* 89 */
{ CS_SS_LAMPORT, RO, "ss_lamport" }, /* 44 */
{ CS_SS_TSROUNDING, RO, "ss_tsrounding" }, /* 45 */
{ CS_PEERADR, RO, "peeradr" }, /* 46 */
{ CS_PEERMODE, RO, "peermode" }, /* 47 */
{ CS_BCASTDELAY, RO, "bcastdelay" }, /* 48 */
{ CS_AUTHDELAY, RO, "authdelay" }, /* 49 */
{ CS_AUTHKEYS, RO, "authkeys" }, /* 50 */
{ CS_AUTHFREEK, RO, "authfreek" }, /* 51 */
{ CS_AUTHKLOOKUPS, RO, "authklookups" }, /* 52 */
{ CS_AUTHKNOTFOUND, RO, "authknotfound" }, /* 53 */
{ CS_AUTHKUNCACHED, RO, "authkuncached" }, /* 54 */
{ CS_AUTHKEXPIRED, RO, "authkexpired" }, /* 55 */
{ CS_AUTHENCRYPTS, RO, "authencrypts" }, /* 56 */
{ CS_AUTHDECRYPTS, RO, "authdecrypts" }, /* 57 */
{ CS_AUTHRESET, RO, "authreset" }, /* 58 */
{ CS_K_OFFSET, RO, "koffset" }, /* 59 */
{ CS_K_FREQ, RO, "kfreq" }, /* 60 */
{ CS_K_MAXERR, RO, "kmaxerr" }, /* 61 */
{ CS_K_ESTERR, RO, "kesterr" }, /* 62 */
{ CS_K_STFLAGS, RO, "kstflags" }, /* 63 */
{ CS_K_TIMECONST, RO, "ktimeconst" }, /* 64 */
{ CS_K_PRECISION, RO, "kprecis" }, /* 65 */
{ CS_K_FREQTOL, RO, "kfreqtol" }, /* 66 */
{ CS_K_PPS_FREQ, RO, "kppsfreq" }, /* 67 */
{ CS_K_PPS_STABIL, RO, "kppsstab" }, /* 68 */
{ CS_K_PPS_JITTER, RO, "kppsjitter" }, /* 69 */
{ CS_K_PPS_CALIBDUR, RO, "kppscalibdur" }, /* 70 */
{ CS_K_PPS_CALIBS, RO, "kppscalibs" }, /* 71 */
{ CS_K_PPS_CALIBERRS, RO, "kppscaliberrs" }, /* 72 */
{ CS_K_PPS_JITEXC, RO, "kppsjitexc" }, /* 73 */
{ CS_K_PPS_STBEXC, RO, "kppsstbexc" }, /* 74 */
{ CS_IOSTATS_RESET, RO, "iostats_reset" }, /* 75 */
{ CS_TOTAL_RBUF, RO, "total_rbuf" }, /* 76 */
{ CS_FREE_RBUF, RO, "free_rbuf" }, /* 77 */
{ CS_USED_RBUF, RO, "used_rbuf" }, /* 78 */
{ CS_RBUF_LOWATER, RO, "rbuf_lowater" }, /* 79 */
{ CS_IO_DROPPED, RO, "io_dropped" }, /* 80 */
{ CS_IO_IGNORED, RO, "io_ignored" }, /* 81 */
{ CS_IO_RECEIVED, RO, "io_received" }, /* 82 */
{ CS_IO_SENT, RO, "io_sent" }, /* 83 */
{ CS_IO_SENDFAILED, RO, "io_sendfailed" }, /* 84 */
{ CS_IO_WAKEUPS, RO, "io_wakeups" }, /* 85 */
{ CS_IO_GOODWAKEUPS, RO, "io_goodwakeups" }, /* 86 */
{ CS_TIMERSTATS_RESET, RO, "timerstats_reset" },/* 87 */
{ CS_TIMER_OVERRUNS, RO, "timer_overruns" }, /* 88 */
{ CS_TIMER_XMTS, RO, "timer_xmts" }, /* 89 */
{ CS_FUZZ, RO, "fuzz" }, /* 90 */
{ CS_WANDER_THRESH, RO, "clk_wander_threshold" }, /* 91 */
{ CS_LEAPSMEARINTV, RO, "leapsmearinterval" }, /* 90 */
{ CS_LEAPSMEAROFFS, RO, "leapsmearoffset" }, /* 91 */
{ CS_LEAPSMEARINTV, RO, "leapsmearinterval" }, /* 92 */
{ CS_LEAPSMEAROFFS, RO, "leapsmearoffset" }, /* 93 */
#ifdef AUTOKEY
{ CS_FLAGS, RO, "flags" }, /* 1 + CS_MAX_NOAUTOKEY */
@ -438,7 +442,7 @@ static const struct ctl_var sys_var[] = {
{ CS_IDENT, RO, "ident" }, /* 7 + CS_MAX_NOAUTOKEY */
{ CS_DIGEST, RO, "digest" }, /* 8 + CS_MAX_NOAUTOKEY */
#endif /* AUTOKEY */
{ 0, EOV, "" } /* 87/95 */
{ 0, EOV, "" } /* 94/102 */
};
static struct ctl_var *ext_sys_var = NULL;
@ -1266,7 +1270,7 @@ process_control(
rbufp->recv_length, properlen, res_keyid,
maclen));
if (!authistrusted(res_keyid))
if (!authistrustedip(res_keyid, &rbufp->recv_srcadr))
DPRINTF(3, ("invalid keyid %08x\n", res_keyid));
else if (authdecrypt(res_keyid, (u_int32 *)pkt,
rbufp->recv_length - maclen,
@ -1474,6 +1478,89 @@ ctl_flushpkt(
}
/* --------------------------------------------------------------------
* block transfer API -- stream string/data fragments into xmit buffer
* without additional copying
*/
/* buffer descriptor: address & size of fragment
* 'buf' may only be NULL when 'len' is zero!
*/
typedef struct {
const void *buf;
size_t len;
} CtlMemBufT;
/* put ctl data in a gather-style operation */
static void
ctl_putdata_ex(
const CtlMemBufT * argv,
size_t argc,
int/*BOOL*/ bin /* set to 1 when data is binary */
)
{
const char * src_ptr;
size_t src_len, cur_len, add_len, argi;
/* text / binary preprocessing, possibly create new linefeed */
if (bin) {
add_len = 0;
} else {
datanotbinflag = TRUE;
add_len = 3;
if (datasent) {
*datapt++ = ',';
datalinelen++;
/* sum up total length */
for (argi = 0, src_len = 0; argi < argc; ++argi)
src_len += argv[argi].len;
/* possibly start a new line, assume no size_t overflow */
if ((src_len + datalinelen + 1) >= MAXDATALINELEN) {
*datapt++ = '\r';
*datapt++ = '\n';
datalinelen = 0;
} else {
*datapt++ = ' ';
datalinelen++;
}
}
}
/* now stream out all buffers */
for (argi = 0; argi < argc; ++argi) {
src_ptr = argv[argi].buf;
src_len = argv[argi].len;
if ( ! (src_ptr && src_len))
continue;
cur_len = (size_t)(dataend - datapt);
while ((src_len + add_len) > cur_len) {
/* Not enough room in this one, flush it out. */
if (src_len < cur_len)
cur_len = src_len;
memcpy(datapt, src_ptr, cur_len);
datapt += cur_len;
datalinelen += cur_len;
src_ptr += cur_len;
src_len -= cur_len;
ctl_flushpkt(CTL_MORE);
cur_len = (size_t)(dataend - datapt);
}
memcpy(datapt, src_ptr, src_len);
datapt += src_len;
datalinelen += src_len;
datasent = TRUE;
}
}
/*
* ctl_putdata - write data into the packet, fragmenting and starting
* another if this one is full.
@ -1485,53 +1572,13 @@ ctl_putdata(
int bin /* set to 1 when data is binary */
)
{
int overhead;
unsigned int currentlen;
overhead = 0;
if (!bin) {
datanotbinflag = TRUE;
overhead = 3;
if (datasent) {
*datapt++ = ',';
datalinelen++;
if ((dlen + datalinelen + 1) >= MAXDATALINELEN) {
*datapt++ = '\r';
*datapt++ = '\n';
datalinelen = 0;
} else {
*datapt++ = ' ';
datalinelen++;
}
}
}
/*
* Save room for trailing junk
*/
while (dlen + overhead + datapt > dataend) {
/*
* Not enough room in this one, flush it out.
*/
currentlen = MIN(dlen, (unsigned int)(dataend - datapt));
memcpy(datapt, dp, currentlen);
datapt += currentlen;
dp += currentlen;
dlen -= currentlen;
datalinelen += currentlen;
ctl_flushpkt(CTL_MORE);
}
memcpy(datapt, dp, dlen);
datapt += dlen;
datalinelen += dlen;
datasent = TRUE;
CtlMemBufT args[1];
args[0].buf = dp;
args[0].len = dlen;
ctl_putdata_ex(args, 1, bin);
}
/*
* ctl_putstr - write a tagged string into the response packet
* in the form:
@ -1548,16 +1595,21 @@ ctl_putstr(
size_t len
)
{
char buffer[512];
int rc;
INSIST(len < sizeof(buffer));
if (len)
rc = snprintf(buffer, sizeof(buffer), "%s=\"%.*s\"", tag, (int)len, data);
else
rc = snprintf(buffer, sizeof(buffer), "%s", tag);
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, 0);
CtlMemBufT args[4];
args[0].buf = tag;
args[0].len = strlen(tag);
if (data && len) {
args[1].buf = "=\"";
args[1].len = 2;
args[2].buf = data;
args[2].len = len;
args[3].buf = "\"";
args[3].len = 1;
ctl_putdata_ex(args, 4, FALSE);
} else {
ctl_putdata_ex(args, 1, FALSE);
}
}
@ -1577,16 +1629,19 @@ ctl_putunqstr(
size_t len
)
{
char buffer[512];
int rc;
INSIST(len < sizeof(buffer));
if (len)
rc = snprintf(buffer, sizeof(buffer), "%s=%.*s", tag, (int)len, data);
else
rc = snprintf(buffer, sizeof(buffer), "%s", tag);
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, 0);
CtlMemBufT args[3];
args[0].buf = tag;
args[0].len = strlen(tag);
if (data && len) {
args[1].buf = "=";
args[1].len = 1;
args[2].buf = data;
args[2].len = len;
ctl_putdata_ex(args, 3, FALSE);
} else {
ctl_putdata_ex(args, 1, FALSE);
}
}
@ -1601,14 +1656,14 @@ ctl_putdblf(
double d
)
{
char buffer[200];
char buffer[40];
int rc;
rc = snprintf(buffer, sizeof(buffer),
(use_f ? "%s=%.*f" : "%s=%.*g"),
tag, precision, d);
(use_f ? "%.*f" : "%.*g"),
precision, d);
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, 0);
ctl_putunqstr(tag, buffer, rc);
}
/*
@ -1620,12 +1675,12 @@ ctl_putuint(
u_long uval
)
{
char buffer[200];
char buffer[24]; /* needs to fit for 64 bits! */
int rc;
rc = snprintf(buffer, sizeof(buffer), "%s=%lu", tag, uval);
rc = snprintf(buffer, sizeof(buffer), "%lu", uval);
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, 0);
ctl_putunqstr(tag, buffer, rc);
}
/*
@ -1639,17 +1694,16 @@ ctl_putcal(
const struct calendar *pcal
)
{
char buffer[100];
char buffer[16];
int rc;
rc = snprintf(buffer, sizeof(buffer),
"%s=%04d%02d%02d%02d%02d",
tag,
"%04d%02d%02d%02d%02d",
pcal->year, pcal->month, pcal->monthday,
pcal->hour, pcal->minute
);
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, 0);
ctl_putunqstr(tag, buffer, rc);
}
#endif
@ -1662,23 +1716,21 @@ ctl_putfs(
tstamp_t uval
)
{
char buffer[200];
struct tm *tm = NULL;
time_t fstamp;
int rc;
char buffer[16];
int rc;
fstamp = (time_t)uval - JAN_1970;
tm = gmtime(&fstamp);
time_t fstamp = (time_t)uval - JAN_1970;
struct tm *tm = gmtime(&fstamp);
if (NULL == tm)
return;
rc = snprintf(buffer, sizeof(buffer),
"%s=%04d%02d%02d%02d%02d",
tag,
"%04d%02d%02d%02d%02d",
tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
tm->tm_hour, tm->tm_min);
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, 0);
ctl_putunqstr(tag, buffer, rc);
}
@ -1692,12 +1744,12 @@ ctl_puthex(
u_long uval
)
{
char buffer[200];
char buffer[24]; /* must fit 64bit int! */
int rc;
rc = snprintf(buffer, sizeof(buffer), "%s=0x%lx", tag, uval);
rc = snprintf(buffer, sizeof(buffer), "0x%lx", uval);
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, 0);
ctl_putunqstr(tag, buffer, rc);
}
@ -1710,12 +1762,12 @@ ctl_putint(
long ival
)
{
char buffer[200];
char buffer[24]; /*must fit 64bit int */
int rc;
rc = snprintf(buffer, sizeof(buffer), "%s=%ld", tag, ival);
rc = snprintf(buffer, sizeof(buffer), "%ld", ival);
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, 0);
ctl_putunqstr(tag, buffer, rc);
}
@ -1728,14 +1780,14 @@ ctl_putts(
l_fp *ts
)
{
char buffer[200];
char buffer[24];
int rc;
rc = snprintf(buffer, sizeof(buffer),
"%s=0x%08lx.%08lx",
tag, (u_long)ts->l_ui, (u_long)ts->l_uf);
"0x%08lx.%08lx",
(u_long)ts->l_ui, (u_long)ts->l_uf);
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, 0);
ctl_putunqstr(tag, buffer, rc);
}
@ -1750,16 +1802,12 @@ ctl_putadr(
)
{
const char *cq;
char buffer[200];
int rc;
if (NULL == addr)
cq = numtoa(addr32);
else
cq = stoa(addr);
rc = snprintf(buffer, sizeof(buffer), "%s=%s", tag, cq);
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, 0);
ctl_putunqstr(tag, cq, strlen(cq));
}
@ -1772,9 +1820,7 @@ ctl_putrefid(
u_int32 refid
)
{
char buffer[128];
int rc;
size_t i;
size_t nc;
union {
uint32_t w;
@ -1782,13 +1828,10 @@ ctl_putrefid(
} bytes;
bytes.w = refid;
for (i = 0; i < sizeof(bytes.b); ++i)
if (bytes.b[i] && !isprint(bytes.b[i]))
bytes.b[i] = '.';
rc = snprintf(buffer, sizeof(buffer), "%s=%.*s",
tag, (int)sizeof(bytes.b), bytes.b);
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, FALSE);
for (nc = 0; nc < sizeof(bytes.b) && bytes.b[nc]; ++nc)
if (!isprint(bytes.b[nc]))
bytes.b[nc] = '.';
ctl_putunqstr(tag, (const char*)bytes.b, nc);
}
@ -1808,21 +1851,16 @@ ctl_putarray(
cp = buffer;
ep = buffer + sizeof(buffer);
rc = snprintf(cp, (size_t)(ep - cp), "%s=", tag);
INSIST(rc >= 0 && rc < (ep - cp));
cp += rc;
i = start;
i = start;
do {
if (i == 0)
i = NTP_SHIFT;
i--;
rc = snprintf(cp, (size_t)(ep - cp), " %.2f", arr[i] * 1e3);
INSIST(rc >= 0 && rc < (ep - cp));
INSIST(rc >= 0 && (size_t)rc < (size_t)(ep - cp));
cp += rc;
} while (i != start);
ctl_putdata(buffer, (u_int)(cp - buffer), 0);
ctl_putunqstr(tag, buffer, (size_t)(cp - buffer));
}
/*
@ -2186,6 +2224,14 @@ ctl_putsys(
ctl_putuint(sys_var[varid].text, sys_limitrejected);
break;
case CS_SS_LAMPORT:
ctl_putuint(sys_var[varid].text, sys_lamport);
break;
case CS_SS_TSROUNDING:
ctl_putuint(sys_var[varid].text, sys_tsrounding);
break;
case CS_SS_KODSENT:
ctl_putuint(sys_var[varid].text, sys_kodsent);
break;
@ -3098,7 +3144,9 @@ ctl_getitem(
const char *sp1 = reqpt;
const char *sp2 = v->text;
while ((sp1 != tp) && (*sp1 == *sp2)) {
/* [Bug 3412] do not compare past NUL byte in name */
while ( (sp1 != tp)
&& ('\0' != *sp2) && (*sp1 == *sp2)) {
++sp1;
++sp2;
}
@ -3597,7 +3645,13 @@ static u_int32 derive_nonce(
}
ctx = EVP_MD_CTX_new();
# if defined(OPENSSL) && defined(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
/* [Bug 3457] set flags and don't kill them again */
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_DigestInit_ex(ctx, EVP_get_digestbynid(NID_md5), NULL);
# else
EVP_DigestInit(ctx, EVP_get_digestbynid(NID_md5));
# endif
EVP_DigestUpdate(ctx, salt, sizeof(salt));
EVP_DigestUpdate(ctx, &ts_i, sizeof(ts_i));
EVP_DigestUpdate(ctx, &ts_f, sizeof(ts_f));
@ -4376,6 +4430,7 @@ send_restrict_entry(
while (sent[which])
which = (which + 1) % COUNTOF(sent);
/* XXX: Numbers? Really? */
switch (which) {
case 0:
@ -4398,7 +4453,7 @@ send_restrict_entry(
case 3:
snprintf(tag, sizeof(tag), flags_fmt, idx);
match_str = res_match_flags(pres->mflags);
access_str = res_access_flags(pres->flags);
access_str = res_access_flags(pres->rflags);
if ('\0' == match_str[0]) {
pch = access_str;
} else {

14
external/bsd/ntp/dist/ntpd/ntp_crypto.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntp_crypto.c,v 1.14 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntp_crypto.c,v 1.15 2018/04/07 00:19:52 christos Exp $ */
/*
* ntp_crypto.c - NTP version 4 public key routines
@ -270,7 +270,13 @@ session_key(
break;
}
ctx = EVP_MD_CTX_new();
# if defined(OPENSSL) && defined(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
/* [Bug 3457] set flags and don't kill them again */
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_DigestInit_ex(ctx, EVP_get_digestbynid(crypto_nid), NULL);
# else
EVP_DigestInit(ctx, EVP_get_digestbynid(crypto_nid));
# endif
EVP_DigestUpdate(ctx, (u_char *)header, hdlen);
EVP_DigestFinal(ctx, dgst, &len);
EVP_MD_CTX_free(ctx);
@ -2089,7 +2095,13 @@ bighash(
ptr = emalloc(len);
BN_bn2bin(bn, ptr);
ctx = EVP_MD_CTX_new();
# if defined(OPENSSL) && defined(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
/* [Bug 3457] set flags and don't kill them again */
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
# else
EVP_DigestInit(ctx, EVP_md5());
# endif
EVP_DigestUpdate(ctx, ptr, len);
EVP_DigestFinal(ctx, dgst, &len);
EVP_MD_CTX_free(ctx);

72
external/bsd/ntp/dist/ntpd/ntp_io.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntp_io.c,v 1.25 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntp_io.c,v 1.26 2018/04/07 00:19:52 christos Exp $ */
/*
* ntp_io.c - input/output routines for ntpd. The socket-opening code
@ -1045,7 +1045,7 @@ remove_interface(
/* remove restrict interface entry */
SET_HOSTMASK(&resmask, AF(&ep->sin));
hack_restrict(RESTRICT_REMOVEIF, &ep->sin, &resmask,
RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0);
-3, RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0);
}
@ -1602,7 +1602,7 @@ set_wildcard_reuse(
if (fd != INVALID_SOCKET) {
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
(char *)&on, sizeof(on)))
(void *)&on, sizeof(on)))
msyslog(LOG_ERR,
"set_wildcard_reuse: setsockopt(SO_REUSEADDR, %s) failed: %m",
on ? "on" : "off");
@ -2136,7 +2136,7 @@ create_interface(
*/
SET_HOSTMASK(&resmask, AF(&iface->sin));
hack_restrict(RESTRICT_FLAGS, &iface->sin, &resmask,
RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0);
-4, RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0);
/*
* set globals with the first found
@ -2199,7 +2199,7 @@ set_excladdruse(
#endif
failed = setsockopt(fd, SOL_SOCKET, SO_EXCLUSIVEADDRUSE,
(char *)&one, sizeof(one));
(void *)&one, sizeof(one));
if (!failed)
return;
@ -2253,7 +2253,7 @@ set_reuseaddr(
if (ep->fd != INVALID_SOCKET) {
if (setsockopt(ep->fd, SOL_SOCKET, SO_REUSEADDR,
(char *)&flag, sizeof(flag))) {
(void *)&flag, sizeof(flag))) {
msyslog(LOG_ERR, "set_reuseaddr: setsockopt(%s, SO_REUSEADDR, %s) failed: %m",
stoa(&ep->sin), flag ? "on" : "off");
}
@ -2296,7 +2296,7 @@ socket_broadcast_enable(
if (IS_IPV4(baddr)) {
/* if this interface can support broadcast, set SO_BROADCAST */
if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST,
(char *)&on, sizeof(on)))
(void *)&on, sizeof(on)))
msyslog(LOG_ERR,
"setsockopt(SO_BROADCAST) enable failure on address %s: %m",
stoa(baddr));
@ -2327,7 +2327,7 @@ socket_broadcast_disable(
int off = 0; /* This seems to be OK as an int */
if (IS_IPV4(baddr) && setsockopt(iface->fd, SOL_SOCKET,
SO_BROADCAST, (char *)&off, sizeof(off)))
SO_BROADCAST, (void *)&off, sizeof(off)))
msyslog(LOG_ERR,
"setsockopt(SO_BROADCAST) disable failure on address %s: %m",
stoa(baddr));
@ -2408,7 +2408,7 @@ enable_multicast_if(
*/
if (setsockopt(iface->fd, IPPROTO_IP,
IP_MULTICAST_LOOP,
SETSOCKOPT_ARG_CAST &off,
(void *)&off,
sizeof(off))) {
msyslog(LOG_ERR,
@ -2427,7 +2427,7 @@ enable_multicast_if(
*/
if (setsockopt(iface->fd, IPPROTO_IPV6,
IPV6_MULTICAST_LOOP,
(char *) &off6, sizeof(off6))) {
(void *) &off6, sizeof(off6))) {
msyslog(LOG_ERR,
"setsockopt IPV6_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s",
@ -2469,7 +2469,7 @@ socket_multicast_enable(
if (setsockopt(iface->fd,
IPPROTO_IP,
IP_ADD_MEMBERSHIP,
(char *)&mreq,
(void *)&mreq,
sizeof(mreq))) {
DPRINTF(2, (
"setsockopt IP_ADD_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)",
@ -2499,7 +2499,7 @@ socket_multicast_enable(
mreq6.ipv6mr_interface = iface->ifindex;
if (setsockopt(iface->fd, IPPROTO_IPV6,
IPV6_JOIN_GROUP, (char *)&mreq6,
IPV6_JOIN_GROUP, (void *)&mreq6,
sizeof(mreq6))) {
DPRINTF(2, (
"setsockopt IPV6_JOIN_GROUP failed: %m on socket %d, addr %s for interface %u (%s)",
@ -2553,7 +2553,7 @@ socket_multicast_disable(
mreq.imr_multiaddr = SOCK_ADDR4(maddr);
mreq.imr_interface = SOCK_ADDR4(&iface->sin);
if (setsockopt(iface->fd, IPPROTO_IP,
IP_DROP_MEMBERSHIP, (char *)&mreq,
IP_DROP_MEMBERSHIP, (void *)&mreq,
sizeof(mreq))) {
msyslog(LOG_ERR,
@ -2577,7 +2577,7 @@ socket_multicast_disable(
mreq6.ipv6mr_interface = iface->ifindex;
if (setsockopt(iface->fd, IPPROTO_IPV6,
IPV6_LEAVE_GROUP, (char *)&mreq6,
IPV6_LEAVE_GROUP, (void *)&mreq6,
sizeof(mreq6))) {
msyslog(LOG_ERR,
@ -2773,6 +2773,7 @@ io_multicast_add(
if (ep->fd != INVALID_SOCKET) {
ep->ignore_packets = ISC_FALSE;
ep->flags |= INT_MCASTIF;
ep->ifindex = SCOPE(addr);
strlcpy(ep->name, "multicast", sizeof(ep->name));
DPRINT_INTERFACE(2, (ep, "multicast add ", "\n"));
@ -2938,7 +2939,7 @@ open_socket(
if (isc_win32os_versioncheck(5, 1, 0, 0) < 0) /* before 5.1 */
#endif
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
(char *)((turn_off_reuse)
(void *)((turn_off_reuse)
? &off
: &on),
sizeof(on))) {
@ -2966,7 +2967,7 @@ open_socket(
*/
if (IS_IPV4(addr)) {
#if defined(IPPROTO_IP) && defined(IP_TOS)
if (setsockopt(fd, IPPROTO_IP, IP_TOS, (char*)&qos,
if (setsockopt(fd, IPPROTO_IP, IP_TOS, (void *)&qos,
sizeof(qos)))
msyslog(LOG_ERR,
"setsockopt IP_TOS (%02x) fails on address %s: %m",
@ -2981,7 +2982,7 @@ open_socket(
*/
if (IS_IPV6(addr)) {
#if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS)
if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, (char*)&qos,
if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, (void *)&qos,
sizeof(qos)))
msyslog(LOG_ERR,
"setsockopt IPV6_TCLASS (%02x) fails on address %s: %m",
@ -2990,14 +2991,14 @@ open_socket(
#ifdef IPV6_V6ONLY
if (isc_net_probe_ipv6only() == ISC_R_SUCCESS
&& setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY,
(char*)&on, sizeof(on)))
(void *)&on, sizeof(on)))
msyslog(LOG_ERR,
"setsockopt IPV6_V6ONLY on fails on address %s: %m",
stoa(addr));
#endif
#ifdef IPV6_BINDV6ONLY
if (setsockopt(fd, IPPROTO_IPV6, IPV6_BINDV6ONLY,
(char*)&on, sizeof(on)))
(void *)&on, sizeof(on)))
msyslog(LOG_ERR,
"setsockopt IPV6_BINDV6ONLY on fails on address %s: %m",
stoa(addr));
@ -3049,7 +3050,7 @@ open_socket(
#ifdef HAVE_TIMESTAMP
{
if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMP,
(char*)&on, sizeof(on)))
(void *)&on, sizeof(on)))
msyslog(LOG_DEBUG,
"setsockopt SO_TIMESTAMP on fails on address %s: %m",
stoa(addr));
@ -3061,7 +3062,7 @@ open_socket(
#ifdef HAVE_TIMESTAMPNS
{
if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMPNS,
(char*)&on, sizeof(on)))
(void *)&on, sizeof(on)))
msyslog(LOG_DEBUG,
"setsockopt SO_TIMESTAMPNS on fails on address %s: %m",
stoa(addr));
@ -3073,7 +3074,7 @@ open_socket(
#ifdef HAVE_BINTIME
{
if (setsockopt(fd, SOL_SOCKET, SO_BINTIME,
(char*)&on, sizeof(on)))
(void *)&on, sizeof(on)))
msyslog(LOG_DEBUG,
"setsockopt SO_BINTIME on fails on address %s: %m",
stoa(addr));
@ -3134,6 +3135,7 @@ sendpkt(
int cc;
int rc;
u_char cttl;
l_fp fp_zero = { { 0, }, 0, };
ismcast = IS_MCAST(dest);
if (!ismcast)
@ -3217,6 +3219,19 @@ sendpkt(
if (ismcast)
src = src->mclink;
} while (ismcast && src != NULL);
/* HMS: pkt->rootdisp is usually random here */
record_raw_stats(src ? &src->sin : NULL, dest,
&pkt->org, &pkt->rec, &pkt->xmt, &fp_zero,
PKT_MODE(pkt->li_vn_mode),
PKT_VERSION(pkt->li_vn_mode),
PKT_LEAP(pkt->li_vn_mode),
pkt->stratum,
pkt->ppoll, pkt->precision,
pkt->rootdelay, pkt->rootdisp, pkt->refid,
len - MIN_V4_PKT_LEN, (u_char *)&pkt->exten);
return;
}
@ -4003,6 +4018,17 @@ findlocalinterface(
DPRINTF(4, ("Finding interface for addr %s in list of addresses\n",
stoa(addr)));
/* [Bug 3437] The dummy POOL peer comes in with an AF of
* zero. This is bound to fail, but on the way to nowhere it
* triggers a security incident on SELinux.
*
* Checking the condition and failing early is probably a good
* advice, and even saves us some syscalls in that case.
* Thanks to Miroslav Lichvar for finding this.
*/
if (AF_UNSPEC == AF(addr))
return NULL;
s = socket(AF(addr), SOCK_DGRAM, 0);
if (INVALID_SOCKET == s)
return NULL;
@ -4015,7 +4041,7 @@ findlocalinterface(
on = 1;
if (SOCKET_ERROR == setsockopt(s, SOL_SOCKET,
SO_BROADCAST,
(char *)&on,
(void *)&on,
sizeof(on))) {
closesocket(s);
return NULL;

2167
external/bsd/ntp/dist/ntpd/ntp_keyword.h vendored
View File

File diff suppressed because it is too large Load Diff

24
external/bsd/ntp/dist/ntpd/ntp_leapsec.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntp_leapsec.c,v 1.5 2016/01/08 21:35:39 christos Exp $ */
/* $NetBSD: ntp_leapsec.c,v 1.6 2018/04/07 00:19:52 christos Exp $ */
/*
* ntp_leapsec.c - leap second processing for NTPD
@ -745,14 +745,24 @@ add_range(
const leap_info_t * pi)
{
/* If the table is full, make room by throwing out the oldest
* entry. But remember the accumulated leap seconds! Likewise,
* assume a positive leap insertion if this is the first entry
* in the table. This is not necessarily the best of all ideas,
* but it helps a great deal if a system does not have a leap
* table and gets updated from an upstream server.
* entry. But remember the accumulated leap seconds!
*
* Setting the first entry is a bit tricky, too: Simply assuming
* it is an insertion is wrong if the first entry is a dynamic
* leap second removal. So we decide on the sign -- if the first
* entry has a negative offset, we assume that it is a leap
* second removal. In both cases the table base offset is set
* accordingly to reflect the decision.
*
* In practice starting with a removal can only happen if the
* first entry is a dynamic request without having a leap file
* for the history proper.
*/
if (pt->head.size == 0) {
pt->head.base_tai = pi->taiof - 1;
if (pi->taiof >= 0)
pt->head.base_tai = pi->taiof - 1;
else
pt->head.base_tai = pi->taiof + 1;
} else if (pt->head.size >= MAX_HIST) {
pt->head.size = MAX_HIST - 1;
pt->head.base_tai = pt->info[pt->head.size].taiof;

81
external/bsd/ntp/dist/ntpd/ntp_parser.y vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntp_parser.y,v 1.16 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntp_parser.y,v 1.17 2018/04/07 00:19:52 christos Exp $ */
/* ntp_parser.y
*
@ -79,6 +79,7 @@
%token <Integer> T_Autokey
%token <Integer> T_Automax
%token <Integer> T_Average
%token <Integer> T_Basedate
%token <Integer> T_Bclient
%token <Integer> T_Bcpollbstep
%token <Integer> T_Beacon
@ -107,6 +108,7 @@
%token <Integer> T_Ellipsis /* "..." not "ellipsis" */
%token <Integer> T_Enable
%token <Integer> T_End
%token <Integer> T_Epeer
%token <Integer> T_False
%token <Integer> T_File
%token <Integer> T_Filegen
@ -133,6 +135,7 @@
%token <Integer> T_Interface
%token <Integer> T_Intrange /* not a token */
%token <Integer> T_Io
%token <Integer> T_Ippeerlimit
%token <Integer> T_Ipv4
%token <Integer> T_Ipv4_flag
%token <Integer> T_Ipv6
@ -182,6 +185,7 @@
%token <Integer> T_Nomrulist
%token <Integer> T_None
%token <Integer> T_Nonvolatile
%token <Integer> T_Noepeer
%token <Integer> T_Nopeer
%token <Integer> T_Noquery
%token <Integer> T_Noselect
@ -278,6 +282,7 @@
%type <Address_node> address
%type <Integer> address_fam
%type <Address_fifo> address_list
%type <Integer> basedate
%type <Integer> boolean
%type <Integer> client_type
%type <Integer> counter_set_keyword
@ -304,6 +309,7 @@
%type <Integer> interface_command
%type <Integer> interface_nic
%type <Address_node> ip_address
%type <Integer> res_ippeerlimit
%type <Integer> link_nolink
%type <Attr_val> log_config_command
%type <Attr_val_fifo> log_config_list
@ -572,12 +578,13 @@ authentication_command
{ cfgt.auth.revoke = $2; }
| T_Trustedkey integer_list_range
{
cfgt.auth.trusted_key_list = $2;
// if (!cfgt.auth.trusted_key_list)
// cfgt.auth.trusted_key_list = $2;
// else
// LINK_SLIST(cfgt.auth.trusted_key_list, $2, link);
/* [Bug 948] leaves it open if appending or
* replacing the trusted key list is the right
* way. In any case, either alternative should
* be coded correctly!
*/
DESTROY_G_FIFO(cfgt.auth.trusted_key_list, destroy_attr_val); /* remove for append */
CONCAT_G_FIFOS(cfgt.auth.trusted_key_list, $2);
}
| T_NtpSignDsocket T_String
{ cfgt.auth.ntp_signd_socket = $2; }
@ -645,6 +652,8 @@ tos_option
{ $$ = create_attr_dval($1, $2); }
| T_Cohort boolean
{ $$ = create_attr_dval($1, (double)$2); }
| basedate
{ $$ = create_attr_ival(T_Basedate, $1); }
;
tos_option_int_keyword
@ -797,31 +806,31 @@ access_control_command
{
CONCAT_G_FIFOS(cfgt.mru_opts, $2);
}
| T_Restrict address ac_flag_list
| T_Restrict address res_ippeerlimit ac_flag_list
{
restrict_node *rn;
rn = create_restrict_node($2, NULL, $3,
rn = create_restrict_node($2, NULL, $3, $4,
lex_current()->curpos.nline);
APPEND_G_FIFO(cfgt.restrict_opts, rn);
}
| T_Restrict address T_Mask ip_address ac_flag_list
| T_Restrict address T_Mask ip_address res_ippeerlimit ac_flag_list
{
restrict_node *rn;
rn = create_restrict_node($2, $4, $5,
rn = create_restrict_node($2, $4, $5, $6,
lex_current()->curpos.nline);
APPEND_G_FIFO(cfgt.restrict_opts, rn);
}
| T_Restrict T_Default ac_flag_list
| T_Restrict T_Default res_ippeerlimit ac_flag_list
{
restrict_node *rn;
rn = create_restrict_node(NULL, NULL, $3,
rn = create_restrict_node(NULL, NULL, $3, $4,
lex_current()->curpos.nline);
APPEND_G_FIFO(cfgt.restrict_opts, rn);
}
| T_Restrict T_Ipv4_flag T_Default ac_flag_list
| T_Restrict T_Ipv4_flag T_Default res_ippeerlimit ac_flag_list
{
restrict_node *rn;
@ -832,11 +841,11 @@ access_control_command
create_address_node(
estrdup("0.0.0.0"),
AF_INET),
$4,
$4, $5,
lex_current()->curpos.nline);
APPEND_G_FIFO(cfgt.restrict_opts, rn);
}
| T_Restrict T_Ipv6_flag T_Default ac_flag_list
| T_Restrict T_Ipv6_flag T_Default res_ippeerlimit ac_flag_list
{
restrict_node *rn;
@ -847,21 +856,42 @@ access_control_command
create_address_node(
estrdup("::"),
AF_INET6),
$4,
$4, $5,
lex_current()->curpos.nline);
APPEND_G_FIFO(cfgt.restrict_opts, rn);
}
| T_Restrict T_Source ac_flag_list
| T_Restrict T_Source res_ippeerlimit ac_flag_list
{
restrict_node * rn;
APPEND_G_FIFO($3, create_int_node($2));
APPEND_G_FIFO($4, create_int_node($2));
rn = create_restrict_node(
NULL, NULL, $3, lex_current()->curpos.nline);
NULL, NULL, $3, $4, lex_current()->curpos.nline);
APPEND_G_FIFO(cfgt.restrict_opts, rn);
}
;
res_ippeerlimit
: /* empty ippeerlimit defaults to -1 (unlimited) */
{ $$ = -1; }
| T_Ippeerlimit T_Integer
{
if (($2 < -1) || ($2 > 100)) {
struct FILE_INFO * ip_ctx;
ip_ctx = lex_current();
msyslog(LOG_ERR,
"Unreasonable ippeerlimit value (%d) in %s line %d, column %d. Using 0.",
$2,
ip_ctx->fname,
ip_ctx->errpos.nline,
ip_ctx->errpos.ncol);
$2 = 0;
}
$$ = $2;
}
;
ac_flag_list
: /* empty list is allowed */
{ $$ = NULL; }
@ -873,12 +903,14 @@ ac_flag_list
;
access_control_flag
: T_Flake
: T_Epeer
| T_Flake
| T_Ignore
| T_Kod
| T_Mssntp
| T_Limited
| T_Lowpriotrap
| T_Noepeer
| T_Nomodify
| T_Nomrulist
| T_Nopeer
@ -1272,6 +1304,10 @@ drift_parm
APPEND_G_FIFO(cfgt.vars, av);
av = create_attr_dval(T_WanderThreshold, $2);
APPEND_G_FIFO(cfgt.vars, av);
msyslog(LOG_WARNING,
"'driftfile FILENAME WanderValue' is deprecated, "
"please use separate 'driftfile FILENAME' and "
"'nonvolatile WanderValue' lines instead.");
} else {
YYFREE($1);
yyerror("driftfile remote configuration ignored");
@ -1509,6 +1545,9 @@ number
| T_Double
;
basedate
: T_Basedate T_String
{ $$ = basedate_eval_string($2); YYFREE($2); }
/* Simulator Configuration Commands
* --------------------------------

63
external/bsd/ntp/dist/ntpd/ntp_peer.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntp_peer.c,v 1.11 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntp_peer.c,v 1.12 2018/04/07 00:19:53 christos Exp $ */
/*
* ntp_peer.c - management of data maintained for peer associations
@ -119,7 +119,7 @@ static struct peer * findexistingpeer_name(const char *, u_short,
struct peer *, int);
static struct peer * findexistingpeer_addr(sockaddr_u *,
struct peer *, int,
u_char);
u_char, int *);
static void free_peer(struct peer *, int);
static void getmorepeermem(void);
static int score(struct peer *);
@ -205,17 +205,18 @@ findexistingpeer_addr(
sockaddr_u * addr,
struct peer * start_peer,
int mode,
u_char cast_flags
u_char cast_flags,
int * ip_count
)
{
struct peer *peer;
DPRINTF(2, ("findexistingpeer_addr(%s, %s, %d, 0x%x)\n",
DPRINTF(2, ("findexistingpeer_addr(%s, %s, %d, 0x%x, %p)\n",
sptoa(addr),
(start_peer)
? sptoa(&start_peer->srcadr)
: "NULL",
mode, (u_int)cast_flags));
mode, (u_int)cast_flags, ip_count));
/*
* start_peer is included so we can locate instances of the
@ -236,6 +237,11 @@ findexistingpeer_addr(
DPRINTF(3, ("%s %s %d %d 0x%x 0x%x ", sptoa(addr),
sptoa(&peer->srcadr), mode, peer->hmode,
(u_int)cast_flags, (u_int)peer->cast_flags));
if (ip_count) {
if (SOCK_EQ(addr, &peer->srcadr)) {
(*ip_count)++;
}
}
if ((-1 == mode || peer->hmode == mode ||
((MDF_BCLNT & peer->cast_flags) &&
(MDF_BCLNT & cast_flags))) &&
@ -260,7 +266,8 @@ findexistingpeer(
const char * hostname,
struct peer * start_peer,
int mode,
u_char cast_flags
u_char cast_flags,
int * ip_count
)
{
if (hostname != NULL)
@ -268,7 +275,7 @@ findexistingpeer(
start_peer, mode);
else
return findexistingpeer_addr(addr, start_peer, mode,
cast_flags);
cast_flags, ip_count);
}
@ -563,6 +570,7 @@ peer_config(
sockaddr_u * srcadr,
const char * hostname,
endpt * dstadr,
int ippeerlimit,
u_char hmode,
u_char version,
u_char minpoll,
@ -613,7 +621,7 @@ peer_config(
flags |= FLAG_IBURST;
if ((MDF_ACAST | MDF_POOL) & cast_flags)
flags &= ~FLAG_PREEMPT;
return newpeer(srcadr, hostname, dstadr, hmode, version,
return newpeer(srcadr, hostname, dstadr, ippeerlimit, hmode, version,
minpoll, maxpoll, flags, cast_flags, ttl, key, ident);
}
@ -755,6 +763,7 @@ newpeer(
sockaddr_u * srcadr,
const char * hostname,
endpt * dstadr,
int ippeerlimit,
u_char hmode,
u_char version,
u_char minpoll,
@ -768,6 +777,8 @@ newpeer(
{
struct peer * peer;
u_int hash;
int ip_count = 0;
DEBUG_REQUIRE(srcadr);
@ -801,11 +812,11 @@ newpeer(
*/
if (dstadr != NULL) {
peer = findexistingpeer(srcadr, hostname, NULL, hmode,
cast_flags);
cast_flags, &ip_count);
while (peer != NULL) {
if (peer->dstadr == dstadr ||
((MDF_BCLNT & cast_flags) &&
(MDF_BCLNT & peer->cast_flags)))
if ( peer->dstadr == dstadr
|| ( (MDF_BCLNT & cast_flags)
&& (MDF_BCLNT & peer->cast_flags)))
break;
if (dstadr == ANY_INTERFACE_CHOOSE(srcadr) &&
@ -813,12 +824,12 @@ newpeer(
break;
peer = findexistingpeer(srcadr, hostname, peer,
hmode, cast_flags);
hmode, cast_flags, &ip_count);
}
} else {
/* no endpt address given */
peer = findexistingpeer(srcadr, hostname, NULL, hmode,
cast_flags);
cast_flags, &ip_count);
}
/*
@ -835,6 +846,30 @@ newpeer(
return NULL;
}
DPRINTF(1, ("newpeer(%s) found no existing and %d other associations\n",
(hostname)
? hostname
: stoa(srcadr),
ip_count));
/* Check ippeerlimit wrt ip_count */
if (ippeerlimit > -1) {
if (ip_count + 1 > ippeerlimit) {
DPRINTF(2, ("newpeer(%s) denied - ippeerlimit %d\n",
(hostname)
? hostname
: stoa(srcadr),
ippeerlimit));
return NULL;
}
} else {
DPRINTF(1, ("newpeer(%s) - ippeerlimit %d ignored\n",
(hostname)
? hostname
: stoa(srcadr),
ippeerlimit));
}
/*
* Allocate a new peer structure. Some dirt here, since some of
* the initialization requires knowlege of our system state.

425
external/bsd/ntp/dist/ntpd/ntp_proto.c vendored
View File

@ -1,9 +1,10 @@
/* $NetBSD: ntp_proto.c,v 1.15 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntp_proto.c,v 1.16 2018/04/07 00:19:53 christos Exp $ */
/*
* ntp_proto.c - NTP version 4 protocol machinery
*
* ATTENTION: Get approval from Dave Mills on all changes to this file!
* ATTENTION: Get approval from Harlan on all changes to this file!
* (Harlan will be discussing these changes with Dave Mills.)
*
*/
#ifdef HAVE_CONFIG_H
@ -39,29 +40,34 @@
#define AUTH(x, y) ((x) ? (y) == AUTH_OK \
: (y) == AUTH_OK || (y) == AUTH_NONE)
#define AUTH_NONE 0 /* authentication not required */
#define AUTH_OK 1 /* authentication OK */
#define AUTH_ERROR 2 /* authentication error */
#define AUTH_CRYPTO 3 /* crypto_NAK */
typedef enum
auth_state {
AUTH_UNKNOWN = -1, /* Unknown */
AUTH_NONE, /* authentication not required */
AUTH_OK, /* authentication OK */
AUTH_ERROR, /* authentication error */
AUTH_CRYPTO /* crypto_NAK */
} auth_code;
/*
* Set up Kiss Code values
*/
enum kiss_codes {
typedef enum
kiss_codes {
NOKISS, /* No Kiss Code */
RATEKISS, /* Rate limit Kiss Code */
DENYKISS, /* Deny Kiss */
RSTRKISS, /* Restricted Kiss */
XKISS, /* Experimental Kiss */
UNKNOWNKISS /* Unknown Kiss Code */
};
XKISS /* Experimental Kiss */
} kiss_code;
enum nak_error_codes {
typedef enum
nak_error_codes {
NONAK, /* No NAK seen */
INVALIDNAK, /* NAK cannot be used */
VALIDNAK /* NAK is valid */
};
} nak_code;
/*
* traffic shaping parameters
@ -184,7 +190,7 @@ int unpeer_digest_early = 1; /* bad digest (TEST5) */
int dynamic_interleave = DYNAMIC_INTERLEAVE; /* Bug 2978 mitigation */
int kiss_code_check(u_char hisleap, u_char hisstratum, u_char hismode, u_int32 refid);
enum nak_error_codes valid_NAK(struct peer *peer, struct recvbuf *rbufp, u_char hismode);
nak_code valid_NAK (struct peer *peer, struct recvbuf *rbufp, u_char hismode);
static double root_distance (struct peer *);
static void clock_combine (peer_select *, int, int);
static void peer_xmit (struct peer *);
@ -262,19 +268,16 @@ kiss_code_check(
return (RSTRKISS);
} else if(memcmp(&refid,"X", 1) == 0) {
return (XKISS);
} else {
return (UNKNOWNKISS);
}
} else {
return (NOKISS);
}
return (NOKISS);
}
/*
* Check that NAK is valid
*/
enum nak_error_codes
nak_code
valid_NAK(
struct peer *peer,
struct recvbuf *rbufp,
@ -585,14 +588,15 @@ receive(
u_char hisleap; /* packet leap indicator */
u_char hismode; /* packet mode */
u_char hisstratum; /* packet stratum */
r4addr r4a; /* address restrictions */
u_short restrict_mask; /* restrict bits */
const char *hm_str; /* hismode string */
const char *am_str; /* association match string */
int kissCode = NOKISS; /* Kiss Code */
int has_mac; /* length of MAC field */
int authlen; /* offset of MAC field */
int is_authentic = AUTH_NONE; /* cryptosum ok */
int crypto_nak_test; /* result of crypto-NAK check */
auth_code is_authentic = AUTH_UNKNOWN; /* Was AUTH_NONE */
nak_code crypto_nak_test; /* result of crypto-NAK check */
int retcode = AM_NOMATCH; /* match code */
keyid_t skeyid = 0; /* key IDs */
u_int32 opcode = 0; /* extension field opcode */
@ -613,6 +617,13 @@ receive(
static unsigned char zero_key[16];
#endif /* HAVE_NTP_SIGND */
/*
* Note that there are many places we do not call record_raw_stats().
*
* We only want to call it *after* we've sent a response, or perhaps
* when we've decided to drop a packet.
*/
/*
* Monitor the packet and get restrictions. Note that the packet
* length for control and private mode packets must be checked
@ -628,25 +639,33 @@ receive(
sys_badlength++;
return; /* bogus port */
}
restrict_mask = restrictions(&rbufp->recv_srcadr);
restrictions(&rbufp->recv_srcadr, &r4a);
restrict_mask = r4a.rflags;
pkt = &rbufp->recv_pkt;
DPRINTF(2, ("receive: at %ld %s<-%s flags %x restrict %03x org %#010x.%08x xmt %#010x.%08x\n",
current_time, stoa(&rbufp->dstadr->sin),
stoa(&rbufp->recv_srcadr), rbufp->dstadr->flags,
restrict_mask, ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf),
ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf)));
hisversion = PKT_VERSION(pkt->li_vn_mode);
hisleap = PKT_LEAP(pkt->li_vn_mode);
hismode = (int)PKT_MODE(pkt->li_vn_mode);
hisstratum = PKT_TO_STRATUM(pkt->stratum);
DPRINTF(2, ("receive: at %ld %s<-%s ippeerlimit %d mode %d iflags %s restrict %s org %#010x.%08x xmt %#010x.%08x\n",
current_time, stoa(&rbufp->dstadr->sin),
stoa(&rbufp->recv_srcadr), r4a.ippeerlimit, hismode,
build_iflags(rbufp->dstadr->flags),
build_rflags(restrict_mask),
ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf),
ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf)));
/* See basic mode and broadcast checks, below */
INSIST(0 != hisstratum);
if (restrict_mask & RES_IGNORE) {
DPRINTF(2, ("receive: drop: RES_IGNORE\n"));
sys_restricted++;
return; /* ignore everything */
}
if (hismode == MODE_PRIVATE) {
if (!ntp_mode7 || (restrict_mask & RES_NOQUERY)) {
DPRINTF(2, ("receive: drop: RES_NOQUERY\n"));
sys_restricted++;
return; /* no query private */
}
@ -656,6 +675,7 @@ receive(
}
if (hismode == MODE_CONTROL) {
if (restrict_mask & RES_NOQUERY) {
DPRINTF(2, ("receive: drop: RES_NOQUERY\n"));
sys_restricted++;
return; /* no query control */
}
@ -663,6 +683,7 @@ receive(
return;
}
if (restrict_mask & RES_DONTSERVE) {
DPRINTF(2, ("receive: drop: RES_DONTSERVE\n"));
sys_restricted++;
return; /* no time serve */
}
@ -673,11 +694,24 @@ receive(
*/
if (restrict_mask & RES_FLAKE) {
if ((double)ntp_random() / 0x7fffffff < .1) {
DPRINTF(2, ("receive: drop: RES_FLAKE\n"));
sys_restricted++;
return; /* no flakeway */
}
}
/*
** Format Layer Checks
**
** Validate the packet format. The packet size, packet header,
** and any extension field lengths are checked. We identify
** the beginning of the MAC, to identify the upper limit of
** of the hash computation.
**
** In case of a format layer check violation, the packet is
** discarded with no further processing.
*/
/*
* Version check must be after the query packets, since they
* intentionally use an early version.
@ -688,6 +722,7 @@ receive(
&& hisversion >= NTP_OLDVERSION) {
sys_oldversion++; /* previous version */
} else {
DPRINTF(2, ("receive: drop: RES_VERSION\n"));
sys_badlength++;
return; /* old version */
}
@ -702,6 +737,7 @@ receive(
if (hisversion == NTP_OLDVERSION) {
hismode = MODE_CLIENT;
} else {
DPRINTF(2, ("receive: drop: MODE_UNSPEC\n"));
sys_badlength++;
return; /* invalid mode */
}
@ -718,6 +754,16 @@ receive(
* is a runt and discarded forthwith. If greater than 6, an
* extension field is present, so we subtract the length of the
* field and go around again.
*
* Note the above description is lame. We should/could also check
* the two bytes that make up the EF type and subtype, and then
* check the two bytes that tell us the EF length. A legacy MAC
* has a 4 byte keyID, and for conforming symmetric keys its value
* must be <= 64k, meaning the top two bytes will always be zero.
* Since the EF Type of 0 is reserved/unused, there's no way a
* conforming legacy MAC could ever be misinterpreted as an EF.
*
* There is more, but this isn't the place to document it.
*/
authlen = LEN_PKT_NOMAC;
@ -730,9 +776,14 @@ receive(
#endif /*AUTOKEY */
if (has_mac % 4 != 0 || has_mac < (int)MIN_MAC_LEN) {
DPRINTF(2, ("receive: drop: bad post-packet length\n"));
sys_badlength++;
return; /* bad length */
}
/*
* This next test is clearly wrong - it needlessly
* prohibits short EFs (which don't yet exist)
*/
if (has_mac <= (int)MAX_MAC_LEN) {
skeyid = ntohl(((u_int32 *)pkt)[authlen / 4]);
break;
@ -743,6 +794,7 @@ receive(
if ( len % 4 != 0
|| len < 4
|| (int)len + authlen > rbufp->recv_length) {
DPRINTF(2, ("receive: drop: bad EF length\n"));
sys_badlength++;
return; /* bad length */
}
@ -759,6 +811,7 @@ receive(
if ( hostlen >= sizeof(hostname)
|| hostlen > len -
offsetof(struct exten, pkt)) {
DPRINTF(2, ("receive: drop: bad autokey hostname length\n"));
sys_badlength++;
return; /* bad length */
}
@ -766,6 +819,7 @@ receive(
hostname[hostlen] = '\0';
groupname = strchr(hostname, '@');
if (groupname == NULL) {
DPRINTF(2, ("receive: drop: empty autokey groupname\n"));
sys_declined++;
return;
}
@ -781,14 +835,27 @@ receive(
* If has_mac is < 0 we had a malformed packet.
*/
if (has_mac < 0) {
DPRINTF(2, ("receive: drop: post-packet under-read\n"));
sys_badlength++;
return; /* bad length */
}
/*
* If authentication required, a MAC must be present.
** Packet Data Verification Layer
**
** This layer verifies the packet data content. If
** authentication is required, a MAC must be present.
** If a MAC is present, it must validate.
** Crypto-NAK? Look - a shiny thing!
**
** If authentication fails, we're done.
*/
/*
* If authentication is explicitly required, a MAC must be present.
*/
if (restrict_mask & RES_DONTTRUST && has_mac == 0) {
DPRINTF(2, ("receive: drop: RES_DONTTRUST\n"));
sys_restricted++;
return; /* access denied */
}
@ -805,9 +872,12 @@ receive(
if ( !(restrict_mask & RES_KOD)
|| MODE_BROADCAST == hismode
|| MODE_SERVER == hismode) {
if (MODE_SERVER == hismode)
if (MODE_SERVER == hismode) {
DPRINTF(1, ("Possibly self-induced rate limiting of MODE_SERVER from %s\n",
stoa(&rbufp->recv_srcadr)));
} else {
DPRINTF(2, ("receive: drop: RES_KOD\n"));
}
return; /* rate exceeded */
}
if (hismode == MODE_CLIENT)
@ -839,6 +909,7 @@ receive(
* multicaster, the broadcast address is null, so we use the
* unicast address anyway. Don't ask.
*/
peer = findpeer(rbufp, hismode, &retcode);
dstadr_sin = &rbufp->dstadr->sin;
NTOHL_FP(&pkt->org, &p_org);
@ -923,6 +994,14 @@ receive(
#endif /* HAVE_NTP_SIGND */
} else {
/*
* has_mac is not 0
* Not a VALID_NAK
* Not an MS-SNTP SIGND packet
*
* So there is a MAC here.
*/
restrict_mask &= ~RES_MSSNTP;
#ifdef AUTOKEY
/*
@ -958,6 +1037,7 @@ receive(
* % can't happen
*/
if (has_mac < (int)MAX_MD5_LEN) {
DPRINTF(2, ("receive: drop: MD5 digest too short\n"));
sys_badauth++;
return;
}
@ -974,6 +1054,7 @@ receive(
if ( crypto_flags
&& rbufp->dstadr ==
ANY_INTERFACE_CHOOSE(&rbufp->recv_srcadr)) {
DPRINTF(2, ("receive: drop: BCAST from wildcard\n"));
sys_restricted++;
return; /* no wildcard */
}
@ -1035,6 +1116,80 @@ receive(
ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf)));
}
/*
* Bug 3454:
*
* Now come at this from a different perspective:
* - If we expect a MAC and it's not there, we drop it.
* - If we expect one keyID and get another, we drop it.
* - If we have a MAC ahd it hasn't been validated yet, try.
* - if the provided MAC doesn't validate, we drop it.
*
* There might be more to this.
*/
if (0 != peer && 0 != peer->keyid) {
/* Should we msyslog() any of these? */
/*
* This should catch:
* - no keyID where one is expected,
* - different keyID than what we expect.
*/
if (peer->keyid != skeyid) {
DPRINTF(2, ("receive: drop: Wanted keyID %d, got %d from %s\n",
peer->keyid, skeyid,
stoa(&rbufp->recv_srcadr)));
sys_restricted++;
return; /* drop: access denied */
}
/*
* if has_mac != 0 ...
* - If it has not yet been validated, do so.
* (under what circumstances might that happen?)
* - if missing or bad MAC, log and drop.
*/
if (0 != has_mac) {
if (is_authentic == AUTH_UNKNOWN) {
/* How can this happen? */
DPRINTF(2, ("receive: 3454 check: AUTH_UNKNOWN from %s\n",
stoa(&rbufp->recv_srcadr)));
if (!authdecrypt(skeyid, (u_int32 *)pkt, authlen,
has_mac)) {
/* MAC invalid or not found */
is_authentic = AUTH_ERROR;
} else {
is_authentic = AUTH_OK;
}
}
if (is_authentic != AUTH_OK) {
DPRINTF(2, ("receive: drop: missing or bad MAC from %s\n",
stoa(&rbufp->recv_srcadr)));
sys_restricted++;
return; /* drop: access denied */
}
}
}
/**/
/*
** On-Wire Protocol Layer
**
** Verify protocol operations consistent with the on-wire protocol.
** The protocol discards bogus and duplicate packets as well as
** minimizes disruptions doe to protocol restarts and dropped
** packets. The operations are controlled by two timestamps:
** the transmit timestamp saved in the client state variables,
** and the origin timestamp in the server packet header. The
** comparison of these two timestamps is called the loopback test.
** The transmit timestamp functions as a nonce to verify that the
** response corresponds to the original request. The transmit
** timestamp also serves to discard replays of the most recent
** packet. Upon failure of either test, the packet is discarded
** with no further action.
*/
/*
* The association matching rules are implemented by a set of
* routines and an association table. A packet matching an
@ -1052,6 +1207,8 @@ receive(
* an ordinary client, simply toss a server mode packet back
* over the fence. If a manycast client, we have to work a
* little harder.
*
* There are cases here where we do not call record_raw_stats().
*/
case AM_FXMIT:
@ -1060,6 +1217,21 @@ receive(
* send a crypto-NAK.
*/
if (!(rbufp->dstadr->flags & INT_MCASTOPEN)) {
/* HMS: would be nice to log FAST_XMIT|BADAUTH|RESTRICTED */
record_raw_stats(&rbufp->recv_srcadr,
&rbufp->dstadr->sin,
&p_org, &p_rec, &p_xmt, &rbufp->recv_time,
PKT_LEAP(pkt->li_vn_mode),
PKT_VERSION(pkt->li_vn_mode),
PKT_MODE(pkt->li_vn_mode),
PKT_TO_STRATUM(pkt->stratum),
pkt->ppoll,
pkt->precision,
FPTOD(NTOHS_FP(pkt->rootdelay)),
FPTOD(NTOHS_FP(pkt->rootdisp)),
pkt->refid,
rbufp->recv_length - MIN_V4_PKT_LEN, (u_char *)&pkt->exten);
if (AUTH(restrict_mask & RES_DONTTRUST,
is_authentic)) {
fast_xmit(rbufp, MODE_SERVER, skeyid,
@ -1069,8 +1241,10 @@ receive(
restrict_mask);
sys_badauth++;
} else {
DPRINTF(2, ("receive: AM_FXMIT drop: !mcast restricted\n"));
sys_restricted++;
}
return; /* hooray */
}
@ -1079,6 +1253,7 @@ receive(
* configured as a manycast server.
*/
if (!sys_manycastserver) {
DPRINTF(2, ("receive: AM_FXMIT drop: Not manycastserver\n"));
sys_restricted++;
return; /* not enabled */
}
@ -1088,6 +1263,7 @@ receive(
* Do not respond if not the same group.
*/
if (group_test(groupname, NULL)) {
DPRINTF(2, ("receive: AM_FXMIT drop: empty groupname\n"));
sys_declined++;
return;
}
@ -1102,6 +1278,7 @@ receive(
|| sys_stratum >= hisstratum
|| (!sys_cohort && sys_stratum == hisstratum + 1)
|| rbufp->dstadr->addr_refid == pkt->refid) {
DPRINTF(2, ("receive: AM_FXMIT drop: LEAP_NOTINSYNC || stratum || loop\n"));
sys_declined++;
return; /* no help */
}
@ -1110,9 +1287,24 @@ receive(
* Respond only if authentication succeeds. Don't do a
* crypto-NAK, as that would not be useful.
*/
if (AUTH(restrict_mask & RES_DONTTRUST, is_authentic))
if (AUTH(restrict_mask & RES_DONTTRUST, is_authentic)) {
record_raw_stats(&rbufp->recv_srcadr,
&rbufp->dstadr->sin,
&p_org, &p_rec, &p_xmt, &rbufp->recv_time,
PKT_LEAP(pkt->li_vn_mode),
PKT_VERSION(pkt->li_vn_mode),
PKT_MODE(pkt->li_vn_mode),
PKT_TO_STRATUM(pkt->stratum),
pkt->ppoll,
pkt->precision,
FPTOD(NTOHS_FP(pkt->rootdelay)),
FPTOD(NTOHS_FP(pkt->rootdisp)),
pkt->refid,
rbufp->recv_length - MIN_V4_PKT_LEN, (u_char *)&pkt->exten);
fast_xmit(rbufp, MODE_SERVER, skeyid,
restrict_mask);
}
return; /* hooray */
/*
@ -1133,6 +1325,8 @@ receive(
* There is an implosion hazard at the manycast client, since
* the manycast servers send the server packet immediately. If
* the guy is already here, don't fire up a duplicate.
*
* There are cases here where we do not call record_raw_stats().
*/
case AM_MANYCAST:
@ -1141,18 +1335,23 @@ receive(
* Do not respond if not the same group.
*/
if (group_test(groupname, NULL)) {
DPRINTF(2, ("receive: AM_MANYCAST drop: empty groupname\n"));
sys_declined++;
return;
}
#endif /* AUTOKEY */
if ((peer2 = findmanycastpeer(rbufp)) == NULL) {
DPRINTF(2, ("receive: AM_MANYCAST drop: No manycast peer\n"));
sys_restricted++;
return; /* not enabled */
}
if (!AUTH( (!(peer2->cast_flags & MDF_POOL)
&& sys_authenticate)
|| (restrict_mask & (RES_NOPEER |
RES_DONTTRUST)), is_authentic)) {
RES_DONTTRUST)), is_authentic)
/* MC: RES_NOEPEER? */
) {
DPRINTF(2, ("receive: AM_MANYCAST drop: bad auth || (NOPEER|DONTTRUST)\n"));
sys_restricted++;
return; /* access denied */
}
@ -1164,15 +1363,17 @@ receive(
if ( hisleap == LEAP_NOTINSYNC
|| hisstratum < sys_floor
|| hisstratum >= sys_ceiling) {
DPRINTF(2, ("receive: AM_MANYCAST drop: unsync/stratum\n"));
sys_declined++;
return; /* no help */
}
peer = newpeer(&rbufp->recv_srcadr, NULL, rbufp->dstadr,
MODE_CLIENT, hisversion, peer2->minpoll,
peer2->maxpoll, FLAG_PREEMPT |
(FLAG_IBURST & peer2->flags), MDF_UCAST |
MDF_UCLNT, 0, skeyid, sys_ident);
r4a.ippeerlimit, MODE_CLIENT, hisversion,
peer2->minpoll, peer2->maxpoll,
FLAG_PREEMPT | (FLAG_IBURST & peer2->flags),
MDF_UCAST | MDF_UCLNT, 0, skeyid, sys_ident);
if (NULL == peer) {
DPRINTF(2, ("receive: AM_MANYCAST drop: duplicate\n"));
sys_declined++;
return; /* ignore duplicate */
}
@ -1199,6 +1400,8 @@ receive(
* the packet is authentic and we are enabled as broadcast
* client, mobilize a broadcast client association. We don't
* kiss any frogs here.
*
* There are cases here where we do not call record_raw_stats().
*/
case AM_NEWBCL:
@ -1207,16 +1410,21 @@ receive(
* Do not respond if not the same group.
*/
if (group_test(groupname, sys_ident)) {
DPRINTF(2, ("receive: AM_NEWBCL drop: groupname mismatch\n"));
sys_declined++;
return;
}
#endif /* AUTOKEY */
if (sys_bclient == 0) {
DPRINTF(2, ("receive: AM_NEWBCL drop: not a bclient\n"));
sys_restricted++;
return; /* not enabled */
}
if (!AUTH(sys_authenticate | (restrict_mask &
(RES_NOPEER | RES_DONTTRUST)), is_authentic)) {
(RES_NOPEER | RES_DONTTRUST)), is_authentic)
/* NEWBCL: RES_NOEPEER? */
) {
DPRINTF(2, ("receive: AM_NEWBCL drop: AUTH failed\n"));
sys_restricted++;
return; /* access denied */
}
@ -1228,6 +1436,7 @@ receive(
if ( hisleap == LEAP_NOTINSYNC
|| hisstratum < sys_floor
|| hisstratum >= sys_ceiling) {
DPRINTF(2, ("receive: AM_NEWBCL drop: Unsync or bad stratum\n"));
sys_declined++;
return; /* no help */
}
@ -1239,6 +1448,7 @@ receive(
*/
if ( crypto_flags && skeyid > NTP_MAXKEY
&& (opcode & 0xffff0000) != (CRYPTO_ASSOC | CRYPTO_RESP)) {
DPRINTF(2, ("receive: AM_NEWBCL drop: Autokey but not CRYPTO_ASSOC\n"));
sys_declined++;
return; /* protocol error */
}
@ -1269,6 +1479,7 @@ receive(
*/
if (crypto_flags && skeyid > NTP_MAXKEY) {
sys_restricted++;
DPRINTF(2, ("receive: AM_NEWBCL drop: Autokey but not 2-way\n"));
return; /* no autokey */
}
#endif /* AUTOKEY */
@ -1277,11 +1488,12 @@ receive(
* Do not execute the volley. Start out in
* broadcast client mode.
*/
peer = newpeer(&rbufp->recv_srcadr, NULL,
match_ep, MODE_BCLIENT, hisversion,
pkt->ppoll, pkt->ppoll, FLAG_PREEMPT,
MDF_BCLNT, 0, skeyid, sys_ident);
peer = newpeer(&rbufp->recv_srcadr, NULL, match_ep,
r4a.ippeerlimit, MODE_BCLIENT, hisversion,
pkt->ppoll, pkt->ppoll,
FLAG_PREEMPT, MDF_BCLNT, 0, skeyid, sys_ident);
if (NULL == peer) {
DPRINTF(2, ("receive: AM_NEWBCL drop: duplicate\n"));
sys_restricted++;
return; /* ignore duplicate */
@ -1301,10 +1513,12 @@ receive(
* is fixed at this value.
*/
peer = newpeer(&rbufp->recv_srcadr, NULL, match_ep,
MODE_CLIENT, hisversion, pkt->ppoll, pkt->ppoll,
r4a.ippeerlimit, MODE_CLIENT, hisversion,
pkt->ppoll, pkt->ppoll,
FLAG_BC_VOL | FLAG_IBURST | FLAG_PREEMPT, MDF_BCLNT,
0, skeyid, sys_ident);
if (NULL == peer) {
DPRINTF(2, ("receive: AM_NEWBCL drop: empty newpeer() failed\n"));
sys_restricted++;
return; /* ignore duplicate */
}
@ -1318,8 +1532,11 @@ receive(
/*
* This is the first packet received from a symmetric active
* peer. If the packet is authentic and the first he sent,
* mobilize a passive association. If not, kiss the frog.
* peer. If the packet is authentic, the first he sent, and
* RES_NOEPEER is not enabled, mobilize a passive association
* If not, kiss the frog.
*
* There are cases here where we do not call record_raw_stats().
*/
case AM_NEWPASS:
@ -1328,38 +1545,42 @@ receive(
* Do not respond if not the same group.
*/
if (group_test(groupname, sys_ident)) {
DPRINTF(2, ("receive: AM_NEWPASS drop: Autokey group mismatch\n"));
sys_declined++;
return;
}
#endif /* AUTOKEY */
if (!AUTH(sys_authenticate | (restrict_mask &
(RES_NOPEER | RES_DONTTRUST)), is_authentic)) {
/*
* If authenticated but cannot mobilize an
* association, send a symmetric passive
* response without mobilizing an association.
* This is for drat broken Windows clients. See
* Microsoft KB 875424 for preferred workaround.
*/
if (AUTH(restrict_mask & RES_DONTTRUST,
is_authentic)) {
fast_xmit(rbufp, MODE_PASSIVE, skeyid,
restrict_mask);
return; /* hooray */
}
if (is_authentic == AUTH_ERROR) {
fast_xmit(rbufp, MODE_ACTIVE, 0,
restrict_mask);
sys_restricted++;
return;
(RES_NOPEER | RES_DONTTRUST)), is_authentic)
) {
if (0 == (restrict_mask & RES_NOEPEER)) {
/*
* If authenticated but cannot mobilize an
* association, send a symmetric passive
* response without mobilizing an association.
* This is for drat broken Windows clients. See
* Microsoft KB 875424 for preferred workaround.
*/
if (AUTH(restrict_mask & RES_DONTTRUST,
is_authentic)) {
fast_xmit(rbufp, MODE_PASSIVE, skeyid,
restrict_mask);
return; /* hooray */
}
if (is_authentic == AUTH_ERROR) {
fast_xmit(rbufp, MODE_ACTIVE, 0,
restrict_mask);
sys_restricted++;
return;
}
}
/* [Bug 2941]
* If we got here, the packet isn't part of an
* existing association, it isn't correctly
* authenticated, and it didn't meet either of
* the previous two special cases so we should
* just drop it on the floor. For example,
* existing association, either isn't correctly
* authenticated or it is but we are refusing
* ephemeral peer requests, and it didn't meet
* either of the previous two special cases so we
* should just drop it on the floor. For example,
* crypto-NAKs (is_authentic == AUTH_CRYPTO)
* will make it this far. This is just
* debug-printed and not logged to avoid log
@ -1386,18 +1607,21 @@ receive(
*/
if ( hisleap != LEAP_NOTINSYNC
&& (hisstratum < sys_floor || hisstratum >= sys_ceiling)) {
DPRINTF(2, ("receive: AM_NEWPASS drop: Autokey group mismatch\n"));
sys_declined++;
return; /* no help */
}
/*
* The message is correctly authenticated and allowed.
* Mobilize a symmetric passive association.
* Mobilize a symmetric passive association, if we won't
* exceed the ippeerlimit.
*/
if ((peer = newpeer(&rbufp->recv_srcadr, NULL,
rbufp->dstadr, MODE_PASSIVE, hisversion, pkt->ppoll,
NTP_MAXDPOLL, 0, MDF_UCAST, 0, skeyid,
sys_ident)) == NULL) {
if ((peer = newpeer(&rbufp->recv_srcadr, NULL, rbufp->dstadr,
r4a.ippeerlimit, MODE_PASSIVE, hisversion,
pkt->ppoll, NTP_MAXDPOLL, 0, MDF_UCAST, 0,
skeyid, sys_ident)) == NULL) {
DPRINTF(2, ("receive: AM_NEWPASS drop: newpeer() failed\n"));
sys_declined++;
return; /* ignore duplicate */
}
@ -1406,6 +1630,8 @@ receive(
/*
* Process regular packet. Nothing special.
*
* There are cases here where we do not call record_raw_stats().
*/
case AM_PROCPKT:
@ -1414,6 +1640,7 @@ receive(
* Do not respond if not the same group.
*/
if (group_test(groupname, peer->ident)) {
DPRINTF(2, ("receive: AM_PROCPKT drop: Autokey group mismatch\n"));
sys_declined++;
return;
}
@ -1439,7 +1666,7 @@ receive(
/* This is noteworthy, not error-worthy */
if (pkt->ppoll != peer->ppoll) {
msyslog(LOG_INFO, "receive: broadcast poll from %s changed from %ud to %ud",
msyslog(LOG_INFO, "receive: broadcast poll from %s changed from %u to %u",
stoa(&rbufp->recv_srcadr),
peer->ppoll, pkt->ppoll);
}
@ -1447,7 +1674,7 @@ receive(
/* This is error-worthy */
if (pkt->ppoll < peer->minpoll ||
pkt->ppoll > peer->maxpoll ) {
msyslog(LOG_INFO, "receive: broadcast poll of %ud from %s is out-of-range (%d to %d)!",
msyslog(LOG_INFO, "receive: broadcast poll of %u from %s is out-of-range (%d to %d)!",
pkt->ppoll, stoa(&rbufp->recv_srcadr),
peer->minpoll, peer->maxpoll);
++bail;
@ -1522,6 +1749,7 @@ receive(
}
if (bail) {
DPRINTF(2, ("receive: AM_PROCPKT drop: bail\n"));
peer->timelastrec = current_time;
sys_declined++;
return;
@ -1537,6 +1765,7 @@ receive(
* attempt to deny service, just ignore it.
*/
case AM_ERR:
DPRINTF(2, ("receive: AM_ERR drop.\n"));
sys_declined++;
return;
@ -1544,6 +1773,7 @@ receive(
* For everything else there is the bit bucket.
*/
default:
DPRINTF(2, ("receive: default drop.\n"));
sys_declined++;
return;
}
@ -1557,6 +1787,7 @@ receive(
if ( is_authentic != AUTH_CRYPTO
&& ( ((peer->flags & FLAG_SKEY) && skeyid <= NTP_MAXKEY)
|| (!(peer->flags & FLAG_SKEY) && skeyid > NTP_MAXKEY))) {
DPRINTF(2, ("receive: drop: Autokey but wrong/bad auth\n"));
sys_badauth++;
return;
}
@ -1577,9 +1808,12 @@ receive(
* A KoD packet we pay attention to cannot have a 0 transmit
* timestamp.
*/
kissCode = kiss_code_check(hisleap, hisstratum, hismode, pkt->refid);
if (L_ISZERO(&p_xmt)) {
peer->flash |= TEST3; /* unsynch */
if (STRATUM_UNSPEC == hisstratum) { /* KoD packet */
if (kissCode != NOKISS) { /* KoD packet */
peer->bogusorg++; /* for TEST2 or TEST3 */
msyslog(LOG_INFO,
"receive: Unexpected zero transmit timestamp in KoD from %s",
@ -1593,6 +1827,7 @@ receive(
* the most recent packet, authenticated or not.
*/
} else if (L_ISEQU(&peer->xmt, &p_xmt)) {
DPRINTF(2, ("receive: drop: Duplicate xmit\n"));
peer->flash |= TEST1; /* duplicate */
peer->oldpkt++;
return;
@ -1603,13 +1838,13 @@ receive(
* see if this is an interleave broadcast packet until after
* we've validated the MAC that SHOULD be provided.
*
* hisstratum should never be 0.
* hisstratum cannot be 0 - see assertion above.
* If hisstratum is 15, then we'll advertise as UNSPEC but
* at least we'll be able to sync with the broadcast server.
*/
} else if (hismode == MODE_BROADCAST) {
if ( 0 == hisstratum
|| STRATUM_UNSPEC <= hisstratum) {
/* 0 is unexpected too, and impossible */
if (STRATUM_UNSPEC <= hisstratum) {
/* Is this a ++sys_declined or ??? */
msyslog(LOG_INFO,
"receive: Unexpected stratum (%d) in broadcast from %s",
@ -1630,7 +1865,7 @@ receive(
* (nonzero) org, rec, and xmt timestamps set to the xmt timestamp
* that we have previously sent out. Watch interleave mode.
*/
} else if (STRATUM_UNSPEC == hisstratum) {
} else if (kissCode != NOKISS) {
DEBUG_INSIST(!L_ISZERO(&p_xmt));
if ( L_ISZERO(&p_org) /* We checked p_xmt above */
|| L_ISZERO(&p_rec)) {
@ -1677,7 +1912,8 @@ receive(
* should 'aorg' be all-zero because this really was the original
* transmit timestamp, we'll ignore this reply. There is a window
* of one nanosecond once every 136 years' time where this is
* possible. We currently ignore this situation.
* possible. We currently ignore this situation, as a completely
* zero timestamp is (quietly?) disallowed.
*
* Otherwise, check for bogus packet in basic mode.
* If it is bogus, switch to interleaved mode and resynchronize,
@ -1686,11 +1922,11 @@ receive(
*
* This could also mean somebody is forging packets claiming to
* be from us, attempting to cause our server to KoD us.
*
* We have earlier asserted that hisstratum cannot be 0.
* If hisstratum is STRATUM_UNSPEC, it means he's not sync'd.
*/
} else if (peer->flip == 0) {
INSIST(0 != hisstratum);
INSIST(STRATUM_UNSPEC != hisstratum);
if (0) {
} else if (L_ISZERO(&p_org)) {
const char *action;
@ -1769,10 +2005,13 @@ receive(
*/
} else if ( !L_ISZERO(&peer->dst)
&& !L_ISEQU(&p_org, &peer->dst)) {
DPRINTF(2, ("receive: drop: Bogus packet in interleaved symmetric mode\n"));
peer->bogusorg++;
peer->flags |= FLAG_XBOGUS;
peer->flash |= TEST2; /* bogus */
#ifdef BUG3453
return; /* Bogus packet, we are done */
#endif
}
/**/
@ -1790,6 +2029,7 @@ receive(
if (unpeer_crypto_nak_early) {
unpeer(peer);
}
DPRINTF(2, ("receive: drop: PREEMPT crypto_NAK\n"));
return;
}
#ifdef AUTOKEY
@ -1797,6 +2037,7 @@ receive(
peer_clear(peer, "AUTH");
}
#endif /* AUTOKEY */
DPRINTF(2, ("receive: drop: crypto_NAK\n"));
return;
/*
@ -1834,6 +2075,7 @@ receive(
peer_clear(peer, "AUTH");
}
#endif /* AUTOKEY */
DPRINTF(2, ("receive: drop: Bad or missing AUTH\n"));
return;
}
@ -1903,11 +2145,9 @@ receive(
/*
* Check for any kiss codes. Note this is only used when a server
* responds to a packet request
* responds to a packet request.
*/
kissCode = kiss_code_check(hisleap, hisstratum, hismode, pkt->refid);
/*
* Check to see if this is a RATE Kiss Code
* Currently this kiss code will accept whatever poll
@ -2206,11 +2446,12 @@ process_packet(
/*
* Capture the header values in the client/peer association..
*/
record_raw_stats(&peer->srcadr, peer->dstadr ?
&peer->dstadr->sin : NULL,
record_raw_stats(&peer->srcadr,
peer->dstadr ? &peer->dstadr->sin : NULL,
&p_org, &p_rec, &p_xmt, &peer->dst,
pleap, pversion, pmode, pstratum, pkt->ppoll, pkt->precision,
p_del, p_disp, pkt->refid);
p_del, p_disp, pkt->refid,
len - MIN_V4_PKT_LEN, (u_char *)&pkt->exten);
peer->leap = pleap;
peer->stratum = min(pstratum, STRATUM_UNSPEC);
peer->pmode = pmode;
@ -4303,6 +4544,7 @@ pool_xmit(
int rc;
struct interface * lcladr;
sockaddr_u * rmtadr;
r4addr r4a;
int restrict_mask;
struct peer * p;
l_fp xmt_tx;
@ -4339,11 +4581,12 @@ pool_xmit(
/* copy_addrinfo_list ai_addr points to a sockaddr_u */
rmtadr = (sockaddr_u *)(void *)pool->ai->ai_addr;
pool->ai = pool->ai->ai_next;
p = findexistingpeer(rmtadr, NULL, NULL, MODE_CLIENT, 0);
p = findexistingpeer(rmtadr, NULL, NULL, MODE_CLIENT, 0, NULL);
} while (p != NULL && pool->ai != NULL);
if (p != NULL)
return; /* out of addresses, re-query DNS next poll */
restrict_mask = restrictions(rmtadr);
restrictions(rmtadr, &r4a);
restrict_mask = r4a.rflags;
if (RES_FLAGS & restrict_mask)
restrict_source(rmtadr, 0,
current_time + POOL_SOLICIT_WINDOW + 1);
@ -4934,4 +5177,6 @@ proto_clr_stats(void)
sys_badauth = 0;
sys_limitrejected = 0;
sys_kodsent = 0;
sys_lamport = 0;
sys_tsrounding = 0;
}

24
external/bsd/ntp/dist/ntpd/ntp_refclock.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntp_refclock.c,v 1.10 2016/11/22 03:09:30 christos Exp $ */
/* $NetBSD: ntp_refclock.c,v 1.11 2018/04/07 00:19:53 christos Exp $ */
/*
* ntp_refclock - processing support for reference clocks
@ -1046,7 +1046,7 @@ refclock_control(
clktype = (u_char)REFCLOCKTYPE(srcadr);
unit = REFCLOCKUNIT(srcadr);
peer = findexistingpeer(srcadr, NULL, NULL, -1, 0);
peer = findexistingpeer(srcadr, NULL, NULL, -1, 0, NULL);
if (NULL == peer)
return;
@ -1157,7 +1157,7 @@ refclock_buginfo(
clktype = (u_char) REFCLOCKTYPE(srcadr);
unit = REFCLOCKUNIT(srcadr);
peer = findexistingpeer(srcadr, NULL, NULL, -1, 0);
peer = findexistingpeer(srcadr, NULL, NULL, -1, 0, NULL);
if (NULL == peer || NULL == peer->procptr)
return;
@ -1249,16 +1249,24 @@ refclock_params(
/*
* If flag3 is lit, select the kernel PPS if we can.
*
* Note: EOPNOTSUPP is the only 'legal' error code we deal with;
* it is part of the 'if we can' strategy. Any other error
* indicates something more sinister and makes this function fail.
*/
if (mode & CLK_FLAG3) {
if (time_pps_kcbind(ap->handle, PPS_KC_HARDPPS,
ap->pps_params.mode & ~PPS_TSFMT_TSPEC,
PPS_TSFMT_TSPEC) < 0) {
msyslog(LOG_ERR,
"refclock_params: time_pps_kcbind: %m");
return (0);
PPS_TSFMT_TSPEC) < 0)
{
if (errno != EOPNOTSUPP) {
msyslog(LOG_ERR,
"refclock_params: time_pps_kcbind: %m");
return (0);
}
} else {
hardpps_enable = 1;
}
hardpps_enable = 1;
}
return (1);
}

53
external/bsd/ntp/dist/ntpd/ntp_request.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntp_request.c,v 1.14 2016/05/01 23:32:01 christos Exp $ */
/* $NetBSD: ntp_request.c,v 1.15 2018/04/07 00:19:53 christos Exp $ */
/*
* ntp_request.c - respond to information requests
@ -89,7 +89,7 @@ static void list_restrict (sockaddr_u *, endpt *, struct req_pkt *);
static void do_resaddflags (sockaddr_u *, endpt *, struct req_pkt *);
static void do_ressubflags (sockaddr_u *, endpt *, struct req_pkt *);
static void do_unrestrict (sockaddr_u *, endpt *, struct req_pkt *);
static void do_restrict (sockaddr_u *, endpt *, struct req_pkt *, int);
static void do_restrict (sockaddr_u *, endpt *, struct req_pkt *, restrict_op);
static void mon_getlist (sockaddr_u *, endpt *, struct req_pkt *);
static void reset_stats (sockaddr_u *, endpt *, struct req_pkt *);
static void reset_peer (sockaddr_u *, endpt *, struct req_pkt *);
@ -584,6 +584,7 @@ process_private(
* him. If the wrong key was used, or packet doesn't
* have mac, return.
*/
/* XXX: Use authistrustedip(), or equivalent. */
if (!INFO_IS_AUTH(inpkt->auth_seq) || !info_auth_keyid
|| ntohl(tailinpkt->keyid) != info_auth_keyid) {
DPRINTF(5, ("failed auth %d info_auth_keyid %u pkt keyid %u maclen %lu\n",
@ -839,7 +840,7 @@ peer_info (
#endif
datap += item_sz;
pp = findexistingpeer(&addr, NULL, NULL, -1, 0);
pp = findexistingpeer(&addr, NULL, NULL, -1, 0, NULL);
if (NULL == pp)
continue;
if (IS_IPV6(srcadr)) {
@ -983,7 +984,7 @@ peer_stats (
datap += item_sz;
pp = findexistingpeer(&addr, NULL, NULL, -1, 0);
pp = findexistingpeer(&addr, NULL, NULL, -1, 0, NULL);
if (NULL == pp)
continue;
@ -1152,6 +1153,8 @@ sys_stats(
ss->badauth = htonl((u_int32)sys_badauth);
ss->limitrejected = htonl((u_int32)sys_limitrejected);
ss->received = htonl((u_int32)sys_received);
ss->lamport = htonl((u_int32)sys_lamport);
ss->tsrounding = htonl((u_int32)sys_tsrounding);
(void) more_pkt();
flush_pkt();
}
@ -1368,10 +1371,13 @@ do_conf(
*
* - minpoll/maxpoll, but they are treated properly
* for all cases internally. Checking not necessary.
*
* Note that we ignore any previously-specified ippeerlimit.
* If we're told to create the peer, we create the peer.
*/
/* finally create the peer */
if (peer_config(&peeraddr, NULL, NULL,
if (peer_config(&peeraddr, NULL, NULL, -1,
temp_cp.hmode, temp_cp.version, temp_cp.minpoll,
temp_cp.maxpoll, fl, temp_cp.ttl, temp_cp.keyid,
NULL) == 0)
@ -1451,7 +1457,7 @@ do_unconf(
p = NULL;
do {
p = findexistingpeer(
&peeraddr, NULL, p, -1, 0);
&peeraddr, NULL, p, -1, 0, NULL);
} while (p && !(FLAG_CONFIG & p->flags));
if (!loops && !p) {
@ -1655,7 +1661,7 @@ list_restrict4(
pir->v6_flag = 0;
pir->mask = htonl(res->u.v4.mask);
pir->count = htonl(res->count);
pir->flags = htons(res->flags);
pir->rflags = htons(res->rflags);
pir->mflags = htons(res->mflags);
pir = (struct info_restrict *)more_pkt();
}
@ -1686,7 +1692,7 @@ list_restrict6(
pir->mask6 = res->u.v6.mask;
pir->v6_flag = 1;
pir->count = htonl(res->count);
pir->flags = htons(res->flags);
pir->rflags = htons(res->rflags);
pir->mflags = htons(res->mflags);
pir = (struct info_restrict *)more_pkt();
}
@ -1775,7 +1781,7 @@ do_restrict(
sockaddr_u *srcadr,
endpt *inter,
struct req_pkt *inpkt,
int op
restrict_op op
)
{
char * datap;
@ -1786,6 +1792,18 @@ do_restrict(
sockaddr_u matchmask;
int bad;
switch(op) {
case RESTRICT_FLAGS:
case RESTRICT_UNFLAG:
case RESTRICT_REMOVE:
case RESTRICT_REMOVEIF:
break;
default:
req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
return;
}
/*
* Do a check of the flags to make sure that only
* the NTPPORT flag is set, if any. If not, complain
@ -1799,7 +1817,7 @@ do_restrict(
return;
}
bad = FALSE;
bad = 0;
while (items-- > 0 && !bad) {
memcpy(&cr, datap, item_sz);
cr.flags = ntohs(cr.flags);
@ -1839,6 +1857,7 @@ do_restrict(
memcpy(&cr, datap, item_sz);
cr.flags = ntohs(cr.flags);
cr.mflags = ntohs(cr.mflags);
cr.ippeerlimit = ntohs(cr.ippeerlimit);
if (client_v6_capable && cr.v6_flag) {
AF(&matchaddr) = AF_INET6;
AF(&matchmask) = AF_INET6;
@ -1851,7 +1870,7 @@ do_restrict(
NSRCADR(&matchmask) = cr.mask;
}
hack_restrict(op, &matchaddr, &matchmask, cr.mflags,
cr.flags, 0);
cr.ippeerlimit, cr.flags, 0);
datap += item_sz;
}
@ -1977,7 +1996,7 @@ reset_peer(
#ifdef ISC_PLATFORM_HAVESALEN
peeraddr.sa.sa_len = SOCKLEN(&peeraddr);
#endif
p = findexistingpeer(&peeraddr, NULL, NULL, -1, 0);
p = findexistingpeer(&peeraddr, NULL, NULL, -1, 0, NULL);
if (NULL == p)
bad++;
datap += item_sz;
@ -2010,10 +2029,10 @@ reset_peer(
#ifdef ISC_PLATFORM_HAVESALEN
peeraddr.sa.sa_len = SOCKLEN(&peeraddr);
#endif
p = findexistingpeer(&peeraddr, NULL, NULL, -1, 0);
p = findexistingpeer(&peeraddr, NULL, NULL, -1, 0, NULL);
while (p != NULL) {
peer_reset(p);
p = findexistingpeer(&peeraddr, NULL, p, -1, 0);
p = findexistingpeer(&peeraddr, NULL, p, -1, 0, NULL);
}
datap += item_sz;
}
@ -2494,7 +2513,7 @@ get_clock_info(
while (items-- > 0 && ic) {
NSRCADR(&addr) = *clkaddr++;
if (!ISREFCLOCKADR(&addr) || NULL ==
findexistingpeer(&addr, NULL, NULL, -1, 0)) {
findexistingpeer(&addr, NULL, NULL, -1, 0, NULL)) {
req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
return;
}
@ -2558,7 +2577,7 @@ set_clock_fudge(
#endif
SET_PORT(&addr, NTP_PORT);
if (!ISREFCLOCKADR(&addr) || NULL ==
findexistingpeer(&addr, NULL, NULL, -1, 0)) {
findexistingpeer(&addr, NULL, NULL, -1, 0, NULL)) {
req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
return;
}
@ -2633,7 +2652,7 @@ get_clkbug_info(
while (items-- > 0 && ic) {
NSRCADR(&addr) = *clkaddr++;
if (!ISREFCLOCKADR(&addr) || NULL ==
findexistingpeer(&addr, NULL, NULL, -1, 0)) {
findexistingpeer(&addr, NULL, NULL, -1, 0, NULL)) {
req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
return;
}

197
external/bsd/ntp/dist/ntpd/ntp_restrict.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntp_restrict.c,v 1.9 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntp_restrict.c,v 1.10 2018/04/07 00:19:53 christos Exp $ */
/*
* ntp_restrict.c - determine host restrictions
@ -88,6 +88,8 @@ static u_long res_limited_refcnt;
/*
* Our default entries.
*
* We can make this cleaner with c99 support: see init_restrict().
*/
static restrict_u restrict_def4;
static restrict_u restrict_def6;
@ -96,8 +98,9 @@ static restrict_u restrict_def6;
* "restrict source ..." enabled knob and restriction bits.
*/
static int restrict_source_enabled;
static u_short restrict_source_flags;
static u_short restrict_source_rflags;
static u_short restrict_source_mflags;
static short restrict_source_ippeerlimit;
/*
* private functions
@ -113,8 +116,79 @@ static restrict_u * match_restrict6_addr(const struct in6_addr *,
static restrict_u * match_restrict_entry(const restrict_u *, int);
static int res_sorts_before4(restrict_u *, restrict_u *);
static int res_sorts_before6(restrict_u *, restrict_u *);
static const char * roptoa(restrict_op op);
void dump_restricts(void);
/*
* dump_restrict - spit out a restrict_u
*/
static void
dump_restrict(
restrict_u * res,
int is_ipv6
)
{
char as[INET6_ADDRSTRLEN];
char ms[INET6_ADDRSTRLEN];
if (is_ipv6) {
inet_ntop(AF_INET6, &res->u.v6.addr, as, sizeof as);
inet_ntop(AF_INET6, &res->u.v6.mask, ms, sizeof ms);
} else {
struct in_addr sia = { htonl(res->u.v4.addr) };
struct in_addr sim = { htonl(res->u.v4.mask) };
inet_ntop(AF_INET, &sia, as, sizeof as);
inet_ntop(AF_INET, &sim, ms, sizeof ms);
}
mprintf("restrict node at %p: %s/%s count %d, rflags %05x, mflags %05x, ippeerlimit %d, expire %lu, next %p\n",
res, as, ms, res->count, res->rflags, res->mflags,
res->ippeerlimit, res->expire, res->link);
return;
}
/*
* dump_restricts - spit out the 'restrict' lines
*/
void
dump_restricts(void)
{
restrict_u * res;
restrict_u * next;
mprintf("dump_restrict: restrict_def4: %p\n", &restrict_def4);
/* Spit out 'restrict {,-4,-6} default ...' lines, if needed */
for (res = &restrict_def4; res != NULL; res = next) {
dump_restrict(res, 0);
next = res->link;
}
mprintf("dump_restrict: restrict_def6: %p\n", &restrict_def6);
for (res = &restrict_def6; res != NULL; res = next) {
dump_restrict(res, 1);
next = res->link;
}
/* Spit out the IPv4 list */
mprintf("dump_restrict: restrictlist4: %p\n", &restrictlist4);
for (res = restrictlist4; res != NULL; res = next) {
dump_restrict(res, 0);
next = res->link;
}
/* Spit out the IPv6 list */
mprintf("dump_restrict: restrictlist6: %p\n", &restrictlist6);
for (res = restrictlist6; res != NULL; res = next) {
dump_restrict(res, 1);
next = res->link;
}
return;
}
/*
* init_restrict - initialize the restriction data structures
*/
@ -149,6 +223,10 @@ init_restrict(void)
* behavior as but reversed implementation compared to the docs.
*
*/
restrict_def4.ippeerlimit = -1; /* Cleaner if we have C99 */
restrict_def6.ippeerlimit = -1; /* Cleaner if we have C99 */
LINK_SLIST(restrictlist4, &restrict_def4, link);
LINK_SLIST(restrictlist6, &restrict_def6, link);
restrictcount = 2;
@ -217,7 +295,7 @@ free_res(
restrict_u * unlinked;
restrictcount--;
if (RES_LIMITED & res->flags)
if (RES_LIMITED & res->rflags)
dec_res_limited();
if (v6)
@ -267,14 +345,21 @@ match_restrict4_addr(
restrict_u * next;
for (res = restrictlist4; res != NULL; res = next) {
struct in_addr sia = { htonl(res->u.v4.addr) };
next = res->link;
if (res->expire &&
res->expire <= current_time)
free_res(res, v6);
if (res->u.v4.addr == (addr & res->u.v4.mask)
&& (!(RESM_NTPONLY & res->mflags)
|| NTP_PORT == port))
DPRINTF(2, ("match_restrict4_addr: Checking %s, port %d ... ",
inet_ntoa(sia), port));
if ( res->expire
&& res->expire <= current_time)
free_res(res, v6); /* zeroes the contents */
if ( res->u.v4.addr == (addr & res->u.v4.mask)
&& ( !(RESM_NTPONLY & res->mflags)
|| NTP_PORT == port)) {
DPRINTF(2, ("MATCH: ippeerlimit %d\n", res->ippeerlimit));
break;
}
DPRINTF(2, ("doesn't match: ippeerlimit %d\n", res->ippeerlimit));
}
return res;
}
@ -412,19 +497,25 @@ res_sorts_before6(
/*
* restrictions - return restrictions for this host
* restrictions - return restrictions for this host in *r4a
*/
u_short
void
restrictions(
sockaddr_u *srcadr
sockaddr_u *srcadr,
r4addr *r4a
)
{
restrict_u *match;
struct in6_addr *pin6;
u_short flags;
REQUIRE(NULL != r4a);
res_calls++;
flags = 0;
r4a->rflags = RES_IGNORE;
r4a->ippeerlimit = 0;
DPRINTF(1, ("restrictions: looking up %s\n", stoa(srcadr)));
/* IPv4 source address */
if (IS_IPV4(srcadr)) {
/*
@ -432,8 +523,11 @@ restrictions(
* (this should be done early in the receive process,
* not later!)
*/
if (IN_CLASSD(SRCADR(srcadr)))
return (int)RES_IGNORE;
if (IN_CLASSD(SRCADR(srcadr))) {
DPRINTF(1, ("restrictions: srcadr %s is multicast\n", stoa(srcadr)));
r4a->ippeerlimit = 2; /* XXX: we should use a better value */
return;
}
match = match_restrict4_addr(SRCADR(srcadr),
SRCPORT(srcadr));
@ -450,7 +544,8 @@ restrictions(
res_not_found++;
else
res_found++;
flags = match->flags;
r4a->rflags = match->rflags;
r4a->ippeerlimit = match->ippeerlimit;
}
/* IPv6 source address */
@ -463,7 +558,7 @@ restrictions(
* not later!)
*/
if (IN6_IS_ADDR_MULTICAST(pin6))
return (int)RES_IGNORE;
return;
match = match_restrict6_addr(pin6, SRCPORT(srcadr));
INSIST(match != NULL);
@ -472,9 +567,29 @@ restrictions(
res_not_found++;
else
res_found++;
flags = match->flags;
r4a->rflags = match->rflags;
r4a->ippeerlimit = match->ippeerlimit;
}
return;
}
/*
* roptoa - convert a restrict_op to a string
*/
const char *
roptoa(restrict_op op) {
static char sb[30];
switch(op) {
case RESTRICT_FLAGS: return "RESTRICT_FLAGS";
case RESTRICT_UNFLAG: return "RESTRICT_UNFLAGS";
case RESTRICT_REMOVE: return "RESTRICT_REMOVE";
case RESTRICT_REMOVEIF: return "RESTRICT_REMOVEIF";
default:
snprintf(sb, sizeof sb, "**RESTRICT_#%d**", op);
return sb;
}
return (flags);
}
@ -483,11 +598,12 @@ restrictions(
*/
void
hack_restrict(
int op,
restrict_op op,
sockaddr_u * resaddr,
sockaddr_u * resmask,
short ippeerlimit,
u_short mflags,
u_short flags,
u_short rflags,
u_long expire
)
{
@ -496,14 +612,15 @@ hack_restrict(
restrict_u * res;
restrict_u ** plisthead;
DPRINTF(1, ("restrict: op %d addr %s mask %s mflags %08x flags %08x\n",
op, stoa(resaddr), stoa(resmask), mflags, flags));
DPRINTF(1, ("hack_restrict: op %s addr %s mask %s ippeerlimit %d mflags %08x rflags %08x\n",
roptoa(op), stoa(resaddr), stoa(resmask), ippeerlimit, mflags, rflags));
if (NULL == resaddr) {
REQUIRE(NULL == resmask);
REQUIRE(RESTRICT_FLAGS == op);
restrict_source_flags = flags;
restrict_source_rflags = rflags;
restrict_source_mflags = mflags;
restrict_source_ippeerlimit = ippeerlimit;
restrict_source_enabled = 1;
return;
}
@ -540,8 +657,9 @@ hack_restrict(
} else /* not IPv4 nor IPv6 */
REQUIRE(0);
match.flags = flags;
match.rflags = rflags;
match.mflags = mflags;
match.ippeerlimit = ippeerlimit;
match.expire = expire;
res = match_restrict_entry(&match, v6);
@ -549,7 +667,7 @@ hack_restrict(
case RESTRICT_FLAGS:
/*
* Here we add bits to the flags. If this is a
* Here we add bits to the rflags. If this is a
* new restriction add it.
*/
if (NULL == res) {
@ -571,26 +689,29 @@ hack_restrict(
: res_sorts_before4(res, L_S_S_CUR()),
link, restrict_u);
restrictcount++;
if (RES_LIMITED & flags)
if (RES_LIMITED & rflags)
inc_res_limited();
} else {
if ((RES_LIMITED & flags) &&
!(RES_LIMITED & res->flags))
if ( (RES_LIMITED & rflags)
&& !(RES_LIMITED & res->rflags))
inc_res_limited();
res->flags |= flags;
res->rflags |= rflags;
}
res->ippeerlimit = match.ippeerlimit;
break;
case RESTRICT_UNFLAG:
/*
* Remove some bits from the flags. If we didn't
* Remove some bits from the rflags. If we didn't
* find this one, just return.
*/
if (res != NULL) {
if ((RES_LIMITED & res->flags)
&& (RES_LIMITED & flags))
if ( (RES_LIMITED & res->rflags)
&& (RES_LIMITED & rflags))
dec_res_limited();
res->flags &= ~flags;
res->rflags &= ~rflags;
}
break;
@ -641,7 +762,7 @@ restrict_source(
SET_HOSTMASK(&onesmask, AF(addr));
if (farewell) {
hack_restrict(RESTRICT_REMOVE, addr, &onesmask,
0, 0, 0);
-2, 0, 0, 0);
DPRINTF(1, ("restrict_source: %s removed", stoa(addr)));
return;
}
@ -674,8 +795,8 @@ restrict_source(
return;
hack_restrict(RESTRICT_FLAGS, addr, &onesmask,
restrict_source_mflags, restrict_source_flags,
expire);
restrict_source_ippeerlimit, restrict_source_mflags,
restrict_source_rflags, expire);
DPRINTF(1, ("restrict_source: %s host restriction added\n",
stoa(addr)));
}

3
external/bsd/ntp/dist/ntpd/ntp_scanner.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntp_scanner.c,v 1.12 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntp_scanner.c,v 1.13 2018/04/07 00:19:53 christos Exp $ */
/* ntp_scanner.c
@ -169,6 +169,7 @@ lex_getch(
stream->backch = EOF;
if (stream->fpi)
conf_file_sum += ch;
stream->curpos.ncol++;
} else if (stream->fpi) {
/* fetch next 7-bit ASCII char (or EOF) from file */
while ((ch = fgetc(stream->fpi)) != EOF && ch > SCHAR_MAX)

22
external/bsd/ntp/dist/ntpd/ntp_util.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntp_util.c,v 1.8 2016/01/08 21:35:39 christos Exp $ */
/* $NetBSD: ntp_util.c,v 1.9 2018/04/07 00:19:53 christos Exp $ */
/*
* ntp_util.c - stuff I didn't have any other place for
@ -668,6 +668,8 @@ mprintf_clock_stats(
* peer ip address
* IP address
* t1 t2 t3 t4 timestamps
* leap, version, mode, stratum, ppoll, precision, root delay, root dispersion, REFID
* length and hex dump of any EFs and any legacy MAC.
*/
void
record_raw_stats(
@ -685,7 +687,9 @@ record_raw_stats(
int precision,
double root_delay, /* seconds */
double root_dispersion,/* seconds */
u_int32 refid
u_int32 refid,
int len,
u_char *extra
)
{
l_fp now;
@ -699,13 +703,23 @@ record_raw_stats(
day = now.l_ui / 86400 + MJD_1900;
now.l_ui %= 86400;
if (rawstats.fp != NULL) {
fprintf(rawstats.fp, "%lu %s %s %s %s %s %s %s %d %d %d %d %d %d %.6f %.6f %s\n",
fprintf(rawstats.fp, "%lu %s %s %s %s %s %s %s %d %d %d %d %d %d %.6f %.6f %s",
day, ulfptoa(&now, 3),
stoa(srcadr), dstadr ? stoa(dstadr) : "-",
srcadr ? stoa(srcadr) : "-",
dstadr ? stoa(dstadr) : "-",
ulfptoa(t1, 9), ulfptoa(t2, 9),
ulfptoa(t3, 9), ulfptoa(t4, 9),
leap, version, mode, stratum, ppoll, precision,
root_delay, root_dispersion, refid_str(refid, stratum));
if (len > 0) {
int i;
fprintf(rawstats.fp, " %d: ", len);
for (i = 0; i < len; ++i) {
fprintf(rawstats.fp, "%02x", extra[i]);
}
}
fprintf(rawstats.fp, "\n");
fflush(rawstats.fp);
}
}

16
external/bsd/ntp/dist/ntpd/ntpd-opts.c vendored
View File

@ -1,9 +1,9 @@
/* $NetBSD: ntpd-opts.c,v 1.10 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntpd-opts.c,v 1.11 2018/04/07 00:19:53 christos Exp $ */
/*
* EDIT THIS FILE WITH CAUTION (ntpd-opts.c)
*
* It has been AutoGen-ed March 21, 2017 at 10:42:12 AM by AutoGen 5.18.5
* It has been AutoGen-ed February 27, 2018 at 05:13:19 PM by AutoGen 5.18.5
* From the definitions ntpd-opts.def
* and the template file options
*
@ -77,7 +77,7 @@ extern FILE * option_usage_fp;
* static const strings for ntpd options
*/
static char const ntpd_opt_strs[3132] =
/* 0 */ "ntpd 4.2.8p10\n"
/* 0 */ "ntpd 4.2.8p11\n"
"Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
@ -207,12 +207,12 @@ static char const ntpd_opt_strs[3132] =
/* 2901 */ "output version information and exit\0"
/* 2937 */ "version\0"
/* 2945 */ "NTPD\0"
/* 2950 */ "ntpd - NTP daemon program - Ver. 4.2.8p10\n"
/* 2950 */ "ntpd - NTP daemon program - Ver. 4.2.8p11\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n"
"\t\t[ <server1> ... <serverN> ]\n\0"
/* 3082 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 3116 */ "\n\0"
/* 3118 */ "ntpd 4.2.8p10";
/* 3118 */ "ntpd 4.2.8p11";
/**
* ipv4 option description with
@ -1531,7 +1531,7 @@ static void bogus_function(void) {
translate option names.
*/
/* referenced via ntpdOptions.pzCopyright */
puts(_("ntpd 4.2.8p10\n\
puts(_("ntpd 4.2.8p11\n\
Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\
@ -1672,7 +1672,7 @@ implied warranty.\n"));
puts(_("output version information and exit"));
/* referenced via ntpdOptions.pzUsageTitle */
puts(_("ntpd - NTP daemon program - Ver. 4.2.8p10\n\
puts(_("ntpd - NTP daemon program - Ver. 4.2.8p11\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
\t\t[ <server1> ... <serverN> ]\n"));
@ -1680,7 +1680,7 @@ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
puts(_("\n"));
/* referenced via ntpdOptions.pzFullVersion */
puts(_("ntpd 4.2.8p10"));
puts(_("ntpd 4.2.8p11"));
/* referenced via ntpdOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>"));

8
external/bsd/ntp/dist/ntpd/ntpd-opts.h vendored
View File

@ -1,9 +1,9 @@
/* $NetBSD: ntpd-opts.h,v 1.13 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntpd-opts.h,v 1.14 2018/04/07 00:19:53 christos Exp $ */
/*
* EDIT THIS FILE WITH CAUTION (ntpd-opts.h)
*
* It has been AutoGen-ed March 21, 2017 at 10:42:11 AM by AutoGen 5.18.5
* It has been AutoGen-ed February 27, 2018 at 05:13:17 PM by AutoGen 5.18.5
* From the definitions ntpd-opts.def
* and the template file options
*
@ -108,9 +108,9 @@ typedef enum {
/** count of all options for ntpd */
#define OPTION_CT 38
/** ntpd version */
#define NTPD_VERSION "4.2.8p10"
#define NTPD_VERSION "4.2.8p11"
/** Full ntpd version text */
#define NTPD_FULL_VERSION "ntpd 4.2.8p10"
#define NTPD_FULL_VERSION "ntpd 4.2.8p11"
/**
* Interface defines for all options. Replace "n" with the UPPER_CASED

17
external/bsd/ntp/dist/ntpd/ntpd.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntpd.c,v 1.14 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntpd.c,v 1.15 2018/04/07 00:19:53 christos Exp $ */
/*
* ntpd.c - main program for the fixed point NTP daemon
@ -315,11 +315,16 @@ my_pthread_warmup(void)
#if defined(HAVE_PTHREAD_ATTR_GETSTACKSIZE) && \
defined(HAVE_PTHREAD_ATTR_SETSTACKSIZE) && \
defined(PTHREAD_STACK_MIN)
rc = pthread_attr_setstacksize(&thr_attr, PTHREAD_STACK_MIN);
if (0 != rc)
msyslog(LOG_ERR,
"my_pthread_warmup: pthread_attr_setstacksize() -> %s",
strerror(rc));
{
size_t ssmin = 32*1024; /* 32kB should be minimum */
if (ssmin < PTHREAD_STACK_MIN)
ssmin = PTHREAD_STACK_MIN;
rc = pthread_attr_setstacksize(&thr_attr, ssmin);
if (0 != rc)
msyslog(LOG_ERR,
"my_pthread_warmup: pthread_attr_setstacksize() -> %s",
strerror(rc));
}
#endif
rc = pthread_create(
&thread, &thr_attr, my_pthread_warmup_worker, NULL);

3
external/bsd/ntp/dist/ntpd/ntpsim.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntpsim.c,v 1.4 2016/01/08 21:35:39 christos Exp $ */
/* $NetBSD: ntpsim.c,v 1.5 2018/04/07 00:19:53 christos Exp $ */
/* ntpdsim.c
*
@ -81,6 +81,7 @@ void create_server_associations(void)
NULL,
loopback_interface,
MODE_CLIENT,
-1,
NTP_VERSION,
NTP_MINDPOLL,
NTP_MAXDPOLL,

6
external/bsd/ntp/dist/ntpd/refclock_gpsdjson.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: refclock_gpsdjson.c,v 1.11 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: refclock_gpsdjson.c,v 1.12 2018/04/07 00:19:53 christos Exp $ */
/*
* refclock_gpsdjson.c - clock driver as GPSD JSON client
@ -1893,7 +1893,7 @@ gpsd_init_socket(
*/
ov = 1;
rc = setsockopt(up->fdt, IPPROTO_TCP, TCP_NODELAY,
(char*)&ov, sizeof(ov));
(void *)&ov, sizeof(ov));
if (-1 == rc) {
if (syslogok(pp, up))
msyslog(LOG_INFO,
@ -2001,7 +2001,7 @@ gpsd_test_socket(
/* check for socket error */
ec = 0;
lc = sizeof(ec);
rc = getsockopt(up->fdt, SOL_SOCKET, SO_ERROR, &ec, &lc);
rc = getsockopt(up->fdt, SOL_SOCKET, SO_ERROR, (void *)&ec, &lc);
if (-1 == rc || 0 != ec) {
const char *errtxt;
if (0 == ec)

30
external/bsd/ntp/dist/ntpd/refclock_jjy.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: refclock_jjy.c,v 1.12 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: refclock_jjy.c,v 1.13 2018/04/07 00:19:53 christos Exp $ */
/*
* refclock_jjy - clock driver for JJY receivers
@ -112,6 +112,11 @@
/* [Fix] C-DEX JST2000 */
/* Thanks to Mr. Kuramatsu for the report and the patch. */
/* */
/* 2017/04/30 */
/* [Change] Avoid a wrong report of the coverity static analysis */
/* tool. ( The code is harmless and has no bug. ) */
/* teljjy_conn_send() */
/* */
/**********************************************************************/
#ifdef HAVE_CONFIG_H
@ -395,6 +400,7 @@ struct refclock refclock_jjy = {
#define JJY_CLOCKSTATS_MARK_ATTENTION 5
#define JJY_CLOCKSTATS_MARK_WARNING 6
#define JJY_CLOCKSTATS_MARK_ERROR 7
#define JJY_CLOCKSTATS_MARK_BUG 8
/* Local constants definition for the clockstats messages */
@ -3301,6 +3307,7 @@ teljjy_conn_send ( struct peer *peer, struct refclockproc *pp, struct jjyunit *u
const char * pCmd ;
int i, iLen, iNextClockState ;
char sLog [ 120 ] ;
DEBUG_TELJJY_PRINTF( "teljjy_conn_send" ) ;
@ -3329,8 +3336,8 @@ teljjy_conn_send ( struct peer *peer, struct refclockproc *pp, struct jjyunit *u
/* Loopback character comes */
#ifdef DEBUG
if ( debug ) {
printf( "refclock_jjy.c : teljjy_conn_send : iLoopbackCount=%d\n",
up->iLoopbackCount ) ;
printf( "refclock_jjy.c : teljjy_conn_send : iClockCommandSeq=%d iLoopbackCount=%d\n",
up->iClockCommandSeq, up->iLoopbackCount ) ;
}
#endif
@ -3353,8 +3360,18 @@ teljjy_conn_send ( struct peer *peer, struct refclockproc *pp, struct jjyunit *u
if ( teljjy_command_sequence[up->iClockCommandSeq].iExpectedReplyType == TELJJY_REPLY_LOOPBACK ) {
/* Loopback character and timestamp */
gettimeofday( &(up->sendTime[up->iLoopbackCount]), NULL ) ;
up->bLoopbackMode = TRUE ;
if ( up->iLoopbackCount < MAX_LOOPBACK ) {
gettimeofday( &(up->sendTime[up->iLoopbackCount]), NULL ) ;
up->bLoopbackMode = TRUE ;
} else {
/* This else-block is never come. */
/* This code avoid wrong report of the coverity static analysis scan tool. */
snprintf( sLog, sizeof(sLog)-1, "refclock_jjy.c ; teljjy_conn_send ; iClockCommandSeq=%d iLoopbackCount=%d MAX_LOOPBACK=%d",
up->iClockCommandSeq, up->iLoopbackCount, MAX_LOOPBACK ) ;
jjy_write_clockstats( peer, JJY_CLOCKSTATS_MARK_BUG, sLog ) ;
msyslog ( LOG_ERR, "%s", sLog ) ;
up->bLoopbackMode = FALSE ;
}
} else {
/* Regular command */
up->bLoopbackMode = FALSE ;
@ -4385,6 +4402,9 @@ jjy_write_clockstats ( struct peer *peer, int iMark, const char *pData )
case JJY_CLOCKSTATS_MARK_ERROR :
pMark = "-X- " ;
break ;
case JJY_CLOCKSTATS_MARK_BUG :
pMark = "!!! " ;
break ;
default :
pMark = "" ;
break ;

132
external/bsd/ntp/dist/ntpd/refclock_palisade.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: refclock_palisade.c,v 1.6 2016/01/08 21:35:39 christos Exp $ */
/* $NetBSD: refclock_palisade.c,v 1.7 2018/04/07 00:19:53 christos Exp $ */
/*
* This software was developed by the Software and Component Technologies
@ -82,10 +82,6 @@ extern int async_write(int, const void *, unsigned int);
#endif
#include "refclock_palisade.h"
/* Table to get from month to day of the year */
const int days_of_year [12] = {
0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
};
#ifdef DEBUG
const char * Tracking_Status[15][15] = {
@ -109,7 +105,7 @@ struct refclock refclock_palisade = {
NOFLAGS /* not used */
};
int day_of_year (char *dt);
static int decode_date(struct refclockproc *pp, const char *cp);
/* Extract the clock type from the mode setting */
#define CLK_TYPE(x) ((int)(((x)->ttl) & 0x7F))
@ -228,7 +224,7 @@ init_thunderbolt (
sendetx (&tx, fd);
/* activate packets 0x8F-AB and 0x8F-AC */
sendsupercmd (&tx, 0x8F, 0xA5);
sendsupercmd (&tx, 0x8E, 0xA5);
sendint (&tx, 0x5);
sendetx (&tx, fd);
@ -402,33 +398,78 @@ palisade_shutdown (
}
/*
* unpack_date - get day and year from date
* unpack helpers
*/
int
day_of_year (
char * dt
)
static inline uint8_t
get_u8(
const char *cp)
{
int day, mon, year;
mon = dt[1];
/* Check month is inside array bounds */
if ((mon < 1) || (mon > 12))
return -1;
day = dt[0] + days_of_year[mon - 1];
year = getint((u_char *) (dt + 2));
if ( !(year % 4) && ((year % 100) ||
(!(year % 100) && !(year%400)))
&&(mon > 2))
day ++; /* leap year and March or later */
return day;
return ((const u_char*)cp)[0];
}
static inline uint16_t
get_u16(
const char *cp)
{
return ((uint16_t)get_u8(cp) << 8) | get_u8(cp + 1);
}
/*
* unpack & fix date (the receiver provides a valid time for 1024 weeks
* after 1997-12-14 and therefore folds back in 2017, 2037,...)
*
* Returns -1 on error, day-of-month + (month * 32) othertwise.
*/
int
decode_date(
struct refclockproc *pp,
const char *cp)
{
static int32_t s_baseday = 0;
struct calendar jd;
int32_t rd;
if (0 == s_baseday) {
if (!ntpcal_get_build_date(&jd)) {
jd.year = 2015;
jd.month = 1;
jd.monthday = 1;
}
s_baseday = ntpcal_date_to_rd(&jd);
}
/* get date fields and convert to RDN */
jd.monthday = get_u8 ( cp );
jd.month = get_u8 (cp + 1);
jd.year = get_u16(cp + 2);
rd = ntpcal_date_to_rd(&jd);
/* for the paranoid: do reverse calculation and cross-check */
ntpcal_rd_to_date(&jd, rd);
if ((jd.monthday != get_u8 ( cp )) ||
(jd.month != get_u8 (cp + 1)) ||
(jd.year != get_u16(cp + 2)) )
return - 1;
/* calculate cycle shift to base day and calculate re-folded
* date
*
* One could do a proper modulo calculation here, but a counting
* loop is probably faster for the next few rollovers...
*/
while (rd < s_baseday)
rd += 7*1024;
ntpcal_rd_to_date(&jd, rd);
/* fill refclock structure & indicate success */
pp->day = jd.yearday;
pp->year = jd.year;
return ((int)jd.month << 5) | jd.monthday;
}
/*
* TSIP_decode - decode the TSIP data packets
@ -443,7 +484,8 @@ TSIP_decode (
double secs;
double secfrac;
unsigned short event = 0;
int mmday;
struct palisade_unit *up;
struct refclockproc *pp;
@ -537,16 +579,16 @@ TSIP_decode (
pp->minute = secint / 60;
secint %= 60;
pp->second = secint % 60;
if ((pp->day = day_of_year(&mb(11))) < 0) break;
pp->year = getint((u_char *) &mb(13));
mmday = decode_date(pp, &mb(11));
if (mmday < 0)
break;
#ifdef DEBUG
if (debug > 1)
printf("TSIP_decode: unit %d: %02X #%d %02d:%02d:%02d.%09ld %02d/%02d/%04d UTC %02d\n",
up->unit, mb(0) & 0xff, event, pp->hour, pp->minute,
pp->second, pp->nsec, mb(12), mb(11), pp->year, GPS_UTC_Offset);
pp->second, pp->nsec, (mmday >> 5), (mmday & 31), pp->year, GPS_UTC_Offset);
#endif
/* Only use this packet when no
* 8F-AD's are being received
@ -586,7 +628,11 @@ TSIP_decode (
break;
}
up->month = mb(15);
mmday = decode_date(pp, &mb(14));
if (mmday < 0)
break;
up->month = (mmday >> 5); /* Save for LEAP check */
if ( (up->leap_status & PALISADE_LEAP_PENDING) &&
/* Avoid early announce: https://bugs.ntp.org/2773 */
(6 == up->month || 12 == up->month) ) {
@ -614,19 +660,15 @@ TSIP_decode (
pp->nsec = (long) (getdbl((u_char *) &mb(3))
* 1000000000);
if ((pp->day = day_of_year(&mb(14))) < 0)
break;
pp->year = getint((u_char *) &mb(16));
pp->hour = mb(11);
pp->minute = mb(12);
pp->second = mb(13);
up->month = mb(14); /* Save for LEAP check */
#ifdef DEBUG
if (debug > 1)
printf("TSIP_decode: unit %d: %02X #%d %02d:%02d:%02d.%09ld %02d/%02d/%04d UTC %02x %s\n",
up->unit, mb(0) & 0xff, event, pp->hour, pp->minute,
pp->second, pp->nsec, mb(15), mb(14), pp->year,
pp->second, pp->nsec, (mmday >> 5), (mmday & 31), pp->year,
mb(19), *Tracking_Status[st]);
#endif
return 1;
@ -752,17 +794,17 @@ TSIP_decode (
printf (" Time is from GPS\n\n");
#endif
if ((pp->day = day_of_year(&mb(13))) < 0)
mmday = decode_date(pp, &mb(13));
if (mmday < 0)
break;
tow = getlong((u_char *) &mb(1));
#ifdef DEBUG
if (debug > 1) {
printf("pp->day: %d\n", pp->day);
printf("TOW: %ld\n", tow);
printf("DAY: %d\n", mb(13));
printf("DAY: %d\n", (mmday & 31));
}
#endif
pp->year = getint((u_char *) &mb(15));
pp->hour = mb(12);
pp->minute = mb(11);
pp->second = mb(10);
@ -770,7 +812,9 @@ TSIP_decode (
#ifdef DEBUG
if (debug > 1)
printf("TSIP_decode: unit %d: %02X #%d %02d:%02d:%02d.%09ld %02d/%02d/%04d ",up->unit, mb(0) & 0xff, event, pp->hour, pp->minute, pp->second, pp->nsec, mb(14), mb(13), pp->year);
printf("TSIP_decode: unit %d: %02X #%d %02d:%02d:%02d.%09ld %02d/%02d/%04d ",
up->unit, mb(0) & 0xff, event, pp->hour, pp->minute, pp->second,
pp->nsec, (mmday >> 5), (mmday & 31), pp->year);
#endif
return 1;
break;

15
external/bsd/ntp/dist/ntpd/refclock_parse.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: refclock_parse.c,v 1.20 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: refclock_parse.c,v 1.21 2018/04/07 00:19:53 christos Exp $ */
/*
* /src/NTP/REPOSITORY/ntp4-dev/ntpd/refclock_parse.c,v 4.81 2009/05/01 10:15:29 kardel RELEASE_20090105_A
@ -3616,7 +3616,9 @@ parse_control(
}
else
{
int count = tmpctl.parseformat.parse_count - 1;
int count = tmpctl.parseformat.parse_count;
if (count)
--count;
start = tt = add_var(&out->kv_list, 80, RO|DEF);
tt = ap(start, 80, tt, "refclock_format=\"");
@ -3782,9 +3784,14 @@ parse_process(
}
else
{
unsigned int count = tmpctl.parsegettc.parse_count;
if (count)
--count;
ERR(ERR_BADDATA)
msyslog(LOG_WARNING, "PARSE receiver #%d: FAILED TIMECODE: \"%s\" (check receiver configuration / wiring)",
CLK_UNIT(parse->peer), mkascii(buffer, sizeof buffer, tmpctl.parsegettc.parse_buffer, (unsigned)(tmpctl.parsegettc.parse_count - 1)));
msyslog(LOG_WARNING, "PARSE receiver #%d: FAILED TIMECODE: \"%s\" (check receiver configuration / wiring)",
CLK_UNIT(parse->peer),
mkascii(buffer, sizeof(buffer),
tmpctl.parsegettc.parse_buffer, count));
}
/* copy status to show only changes in case of failures */
parse->timedata.parse_status = parsetime->parse_status;

16
external/bsd/ntp/dist/ntpdc/ntpdc-opts.c vendored
View File

@ -1,9 +1,9 @@
/* $NetBSD: ntpdc-opts.c,v 1.10 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntpdc-opts.c,v 1.11 2018/04/07 00:19:53 christos Exp $ */
/*
* EDIT THIS FILE WITH CAUTION (ntpdc-opts.c)
*
* It has been AutoGen-ed March 21, 2017 at 10:44:44 AM by AutoGen 5.18.5
* It has been AutoGen-ed February 27, 2018 at 05:14:56 PM by AutoGen 5.18.5
* From the definitions ntpdc-opts.def
* and the template file options
*
@ -71,7 +71,7 @@ extern FILE * option_usage_fp;
* static const strings for ntpdc options
*/
static char const ntpdc_opt_strs[1914] =
/* 0 */ "ntpdc 4.2.8p10\n"
/* 0 */ "ntpdc 4.2.8p11\n"
"Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
@ -130,14 +130,14 @@ static char const ntpdc_opt_strs[1914] =
/* 1695 */ "no-load-opts\0"
/* 1708 */ "no\0"
/* 1711 */ "NTPDC\0"
/* 1717 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p10\n"
/* 1717 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p11\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0"
/* 1848 */ "$HOME\0"
/* 1854 */ ".\0"
/* 1856 */ ".ntprc\0"
/* 1863 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 1897 */ "\n\0"
/* 1899 */ "ntpdc 4.2.8p10";
/* 1899 */ "ntpdc 4.2.8p11";
/**
* ipv4 option description with
@ -798,7 +798,7 @@ static void bogus_function(void) {
translate option names.
*/
/* referenced via ntpdcOptions.pzCopyright */
puts(_("ntpdc 4.2.8p10\n\
puts(_("ntpdc 4.2.8p11\n\
Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\
@ -864,14 +864,14 @@ implied warranty.\n"));
puts(_("load options from a config file"));
/* referenced via ntpdcOptions.pzUsageTitle */
puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p10\n\
puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p11\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n"));
/* referenced via ntpdcOptions.pzExplain */
puts(_("\n"));
/* referenced via ntpdcOptions.pzFullVersion */
puts(_("ntpdc 4.2.8p10"));
puts(_("ntpdc 4.2.8p11"));
/* referenced via ntpdcOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>"));

8
external/bsd/ntp/dist/ntpdc/ntpdc-opts.h vendored
View File

@ -1,9 +1,9 @@
/* $NetBSD: ntpdc-opts.h,v 1.10 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntpdc-opts.h,v 1.11 2018/04/07 00:19:53 christos Exp $ */
/*
* EDIT THIS FILE WITH CAUTION (ntpdc-opts.h)
*
* It has been AutoGen-ed March 21, 2017 at 10:44:43 AM by AutoGen 5.18.5
* It has been AutoGen-ed February 27, 2018 at 05:14:56 PM by AutoGen 5.18.5
* From the definitions ntpdc-opts.def
* and the template file options
*
@ -85,9 +85,9 @@ typedef enum {
/** count of all options for ntpdc */
#define OPTION_CT 15
/** ntpdc version */
#define NTPDC_VERSION "4.2.8p10"
#define NTPDC_VERSION "4.2.8p11"
/** Full ntpdc version text */
#define NTPDC_FULL_VERSION "ntpdc 4.2.8p10"
#define NTPDC_FULL_VERSION "ntpdc 4.2.8p11"
/**
* Interface defines for all options. Replace "n" with the UPPER_CASED

6
external/bsd/ntp/dist/ntpdc/ntpdc.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntpdc.c,v 1.15 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntpdc.c,v 1.16 2018/04/07 00:19:53 christos Exp $ */
/*
* ntpdc - control and monitor your ntpd daemon
@ -501,7 +501,7 @@ openhost(
int optionValue = SO_SYNCHRONOUS_NONALERT;
int err;
err = setsockopt(INVALID_SOCKET, SOL_SOCKET, SO_OPENTYPE, (char *)&optionValue, sizeof(optionValue));
err = setsockopt(INVALID_SOCKET, SOL_SOCKET, SO_OPENTYPE, (void *)&optionValue, sizeof(optionValue));
if (err != NO_ERROR) {
(void) fprintf(stderr, "cannot open nonoverlapped sockets\n");
exit(1);
@ -521,7 +521,7 @@ openhost(
int rbufsize = INITDATASIZE + 2048; /* 2K for slop */
if (setsockopt(sockfd, SOL_SOCKET, SO_RCVBUF,
&rbufsize, sizeof(int)) == -1)
(void *)&rbufsize, sizeof(int)) == -1)
error("setsockopt");
}
# endif

8
external/bsd/ntp/dist/ntpdc/ntpdc_ops.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntpdc_ops.c,v 1.9 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntpdc_ops.c,v 1.10 2018/04/07 00:19:53 christos Exp $ */
/*
* ntpdc_ops.c - subroutines which are called to perform operations by
@ -1685,7 +1685,7 @@ reslist(
const char *mask;
struct resflags *rf;
u_int32 count;
u_short flags;
u_short rflags;
u_short mflags;
char flagstr[300];
static const char *comma = ", ";
@ -1732,7 +1732,7 @@ again:
((pcmd->argval->ival == 4) && (rl->v6_flag == 0)))
skip = 0;
count = ntohl(rl->count);
flags = ntohs(rl->flags);
rflags = ntohs(rl->rflags);
mflags = ntohs(rl->mflags);
flagstr[0] = '\0';
@ -1755,7 +1755,7 @@ again:
: &resflagsV3[0];
while (rf->bit != 0) {
if (flags & rf->bit) {
if (rflags & rf->bit) {
if (!res)
strlcat(flagstr, comma,
sizeof(flagstr));

228
external/bsd/ntp/dist/ntpq/ntpq-opts.c vendored
View File

@ -1,9 +1,9 @@
/* $NetBSD: ntpq-opts.c,v 1.10 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntpq-opts.c,v 1.11 2018/04/07 00:19:53 christos Exp $ */
/*
* EDIT THIS FILE WITH CAUTION (ntpq-opts.c)
*
* It has been AutoGen-ed March 21, 2017 at 10:45:05 AM by AutoGen 5.18.5
* It has been AutoGen-ed February 27, 2018 at 05:15:12 PM by AutoGen 5.18.5
* From the definitions ntpq-opts.def
* and the template file options
*
@ -70,8 +70,8 @@ extern FILE * option_usage_fp;
/**
* static const strings for ntpq options
*/
static char const ntpq_opt_strs[1985] =
/* 0 */ "ntpq 4.2.8p10\n"
static char const ntpq_opt_strs[1977] =
/* 0 */ "ntpq 4.2.8p11\n"
"Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
@ -88,60 +88,60 @@ static char const ntpq_opt_strs[1985] =
"Time Foundation makes no representations about the suitability this\n"
"software for any purpose. It is provided \"as is\" without express or\n"
"implied warranty.\n\0"
/* 1009 */ "Force IPv4 DNS name resolution\0"
/* 1040 */ "IPV4\0"
/* 1045 */ "ipv4\0"
/* 1050 */ "Force IPv6 DNS name resolution\0"
/* 1081 */ "IPV6\0"
/* 1086 */ "ipv6\0"
/* 1091 */ "run a command and exit\0"
/* 1114 */ "COMMAND\0"
/* 1122 */ "command\0"
/* 1130 */ "Increase debug verbosity level\0"
/* 1161 */ "DEBUG_LEVEL\0"
/* 1173 */ "debug-level\0"
/* 1185 */ "Set the debug verbosity level\0"
/* 1215 */ "SET_DEBUG_LEVEL\0"
/* 1231 */ "set-debug-level\0"
/* 1247 */ "Force ntpq to operate in interactive mode\0"
/* 1289 */ "INTERACTIVE\0"
/* 1301 */ "interactive\0"
/* 1313 */ "numeric host addresses\0"
/* 1336 */ "NUMERIC\0"
/* 1344 */ "numeric\0"
/* 1352 */ "Always output status line with readvar\0"
/* 1391 */ "OLD_RV\0"
/* 1398 */ "old-rv\0"
/* 1405 */ "Print a list of the peers\0"
/* 1431 */ "PEERS\0"
/* 1437 */ "peers\0"
/* 1443 */ "Set default display type for S2+ refids\0"
/* 1483 */ "REFID\0"
/* 1489 */ "refid\0"
/* 1495 */ "Display the full 'remote' value\0"
/* 1527 */ "WIDE\0"
/* 1532 */ "wide\0"
/* 1537 */ "display extended usage information and exit\0"
/* 1581 */ "help\0"
/* 1586 */ "extended usage information passed thru pager\0"
/* 1631 */ "more-help\0"
/* 1641 */ "output version information and exit\0"
/* 1677 */ "version\0"
/* 1685 */ "save the option state to a config file\0"
/* 1724 */ "save-opts\0"
/* 1734 */ "load options from a config file\0"
/* 1766 */ "LOAD_OPTS\0"
/* 1776 */ "no-load-opts\0"
/* 1789 */ "no\0"
/* 1792 */ "NTPQ\0"
/* 1797 */ "ntpq - standard NTP query program - Ver. 4.2.8p10\n"
/* 1009 */ "Force IPv4 name resolution\0"
/* 1036 */ "IPV4\0"
/* 1041 */ "ipv4\0"
/* 1046 */ "Force IPv6 name resolution\0"
/* 1073 */ "IPV6\0"
/* 1078 */ "ipv6\0"
/* 1083 */ "run a command and exit\0"
/* 1106 */ "COMMAND\0"
/* 1114 */ "command\0"
/* 1122 */ "Increase debug verbosity level\0"
/* 1153 */ "DEBUG_LEVEL\0"
/* 1165 */ "debug-level\0"
/* 1177 */ "Set the debug verbosity level\0"
/* 1207 */ "SET_DEBUG_LEVEL\0"
/* 1223 */ "set-debug-level\0"
/* 1239 */ "Force ntpq to operate in interactive mode\0"
/* 1281 */ "INTERACTIVE\0"
/* 1293 */ "interactive\0"
/* 1305 */ "numeric host addresses\0"
/* 1328 */ "NUMERIC\0"
/* 1336 */ "numeric\0"
/* 1344 */ "Always output status line with readvar\0"
/* 1383 */ "OLD_RV\0"
/* 1390 */ "old-rv\0"
/* 1397 */ "Print a list of the peers\0"
/* 1423 */ "PEERS\0"
/* 1429 */ "peers\0"
/* 1435 */ "Set default display type for S2+ refids\0"
/* 1475 */ "REFID\0"
/* 1481 */ "refid\0"
/* 1487 */ "Display the full 'remote' value\0"
/* 1519 */ "WIDE\0"
/* 1524 */ "wide\0"
/* 1529 */ "display extended usage information and exit\0"
/* 1573 */ "help\0"
/* 1578 */ "extended usage information passed thru pager\0"
/* 1623 */ "more-help\0"
/* 1633 */ "output version information and exit\0"
/* 1669 */ "version\0"
/* 1677 */ "save the option state to a config file\0"
/* 1716 */ "save-opts\0"
/* 1726 */ "load options from a config file\0"
/* 1758 */ "LOAD_OPTS\0"
/* 1768 */ "no-load-opts\0"
/* 1781 */ "no\0"
/* 1784 */ "NTPQ\0"
/* 1789 */ "ntpq - standard NTP query program - Ver. 4.2.8p11\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0"
/* 1917 */ "$HOME\0"
/* 1923 */ ".\0"
/* 1925 */ ".ntprc\0"
/* 1932 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 1966 */ "ntpq 4.2.8p10\0"
/* 1980 */ "hash";
/* 1909 */ "$HOME\0"
/* 1915 */ ".\0"
/* 1917 */ ".ntprc\0"
/* 1924 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 1958 */ "ntpq 4.2.8p11\0"
/* 1972 */ "hash";
/**
* ipv4 option description with
@ -150,9 +150,9 @@ static char const ntpq_opt_strs[1985] =
/** Descriptive text for the ipv4 option */
#define IPV4_DESC (ntpq_opt_strs+1009)
/** Upper-cased name for the ipv4 option */
#define IPV4_NAME (ntpq_opt_strs+1040)
#define IPV4_NAME (ntpq_opt_strs+1036)
/** Name string for the ipv4 option */
#define IPV4_name (ntpq_opt_strs+1045)
#define IPV4_name (ntpq_opt_strs+1041)
/** Other options that appear in conjunction with the ipv4 option */
static int const aIpv4CantList[] = {
INDEX_OPT_IPV6, NO_EQUIVALENT };
@ -164,11 +164,11 @@ static int const aIpv4CantList[] = {
* "Must also have options" and "Incompatible options":
*/
/** Descriptive text for the ipv6 option */
#define IPV6_DESC (ntpq_opt_strs+1050)
#define IPV6_DESC (ntpq_opt_strs+1046)
/** Upper-cased name for the ipv6 option */
#define IPV6_NAME (ntpq_opt_strs+1081)
#define IPV6_NAME (ntpq_opt_strs+1073)
/** Name string for the ipv6 option */
#define IPV6_name (ntpq_opt_strs+1086)
#define IPV6_name (ntpq_opt_strs+1078)
/** Other options that appear in conjunction with the ipv6 option */
static int const aIpv6CantList[] = {
INDEX_OPT_IPV4, NO_EQUIVALENT };
@ -179,11 +179,11 @@ static int const aIpv6CantList[] = {
* command option description:
*/
/** Descriptive text for the command option */
#define COMMAND_DESC (ntpq_opt_strs+1091)
#define COMMAND_DESC (ntpq_opt_strs+1083)
/** Upper-cased name for the command option */
#define COMMAND_NAME (ntpq_opt_strs+1114)
#define COMMAND_NAME (ntpq_opt_strs+1106)
/** Name string for the command option */
#define COMMAND_name (ntpq_opt_strs+1122)
#define COMMAND_name (ntpq_opt_strs+1114)
/** Compiled in flag settings for the command option */
#define COMMAND_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
@ -192,11 +192,11 @@ static int const aIpv6CantList[] = {
* debug-level option description:
*/
/** Descriptive text for the debug-level option */
#define DEBUG_LEVEL_DESC (ntpq_opt_strs+1130)
#define DEBUG_LEVEL_DESC (ntpq_opt_strs+1122)
/** Upper-cased name for the debug-level option */
#define DEBUG_LEVEL_NAME (ntpq_opt_strs+1161)
#define DEBUG_LEVEL_NAME (ntpq_opt_strs+1153)
/** Name string for the debug-level option */
#define DEBUG_LEVEL_name (ntpq_opt_strs+1173)
#define DEBUG_LEVEL_name (ntpq_opt_strs+1165)
/** Compiled in flag settings for the debug-level option */
#define DEBUG_LEVEL_FLAGS (OPTST_DISABLED)
@ -204,11 +204,11 @@ static int const aIpv6CantList[] = {
* set-debug-level option description:
*/
/** Descriptive text for the set-debug-level option */
#define SET_DEBUG_LEVEL_DESC (ntpq_opt_strs+1185)
#define SET_DEBUG_LEVEL_DESC (ntpq_opt_strs+1177)
/** Upper-cased name for the set-debug-level option */
#define SET_DEBUG_LEVEL_NAME (ntpq_opt_strs+1215)
#define SET_DEBUG_LEVEL_NAME (ntpq_opt_strs+1207)
/** Name string for the set-debug-level option */
#define SET_DEBUG_LEVEL_name (ntpq_opt_strs+1231)
#define SET_DEBUG_LEVEL_name (ntpq_opt_strs+1223)
/** Compiled in flag settings for the set-debug-level option */
#define SET_DEBUG_LEVEL_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
@ -218,11 +218,11 @@ static int const aIpv6CantList[] = {
* "Must also have options" and "Incompatible options":
*/
/** Descriptive text for the interactive option */
#define INTERACTIVE_DESC (ntpq_opt_strs+1247)
#define INTERACTIVE_DESC (ntpq_opt_strs+1239)
/** Upper-cased name for the interactive option */
#define INTERACTIVE_NAME (ntpq_opt_strs+1289)
#define INTERACTIVE_NAME (ntpq_opt_strs+1281)
/** Name string for the interactive option */
#define INTERACTIVE_name (ntpq_opt_strs+1301)
#define INTERACTIVE_name (ntpq_opt_strs+1293)
/** Other options that appear in conjunction with the interactive option */
static int const aInteractiveCantList[] = {
INDEX_OPT_COMMAND,
@ -234,11 +234,11 @@ static int const aInteractiveCantList[] = {
* numeric option description:
*/
/** Descriptive text for the numeric option */
#define NUMERIC_DESC (ntpq_opt_strs+1313)
#define NUMERIC_DESC (ntpq_opt_strs+1305)
/** Upper-cased name for the numeric option */
#define NUMERIC_NAME (ntpq_opt_strs+1336)
#define NUMERIC_NAME (ntpq_opt_strs+1328)
/** Name string for the numeric option */
#define NUMERIC_name (ntpq_opt_strs+1344)
#define NUMERIC_name (ntpq_opt_strs+1336)
/** Compiled in flag settings for the numeric option */
#define NUMERIC_FLAGS (OPTST_DISABLED)
@ -246,11 +246,11 @@ static int const aInteractiveCantList[] = {
* old-rv option description:
*/
/** Descriptive text for the old-rv option */
#define OLD_RV_DESC (ntpq_opt_strs+1352)
#define OLD_RV_DESC (ntpq_opt_strs+1344)
/** Upper-cased name for the old-rv option */
#define OLD_RV_NAME (ntpq_opt_strs+1391)
#define OLD_RV_NAME (ntpq_opt_strs+1383)
/** Name string for the old-rv option */
#define OLD_RV_name (ntpq_opt_strs+1398)
#define OLD_RV_name (ntpq_opt_strs+1390)
/** Compiled in flag settings for the old-rv option */
#define OLD_RV_FLAGS (OPTST_DISABLED)
@ -259,11 +259,11 @@ static int const aInteractiveCantList[] = {
* "Must also have options" and "Incompatible options":
*/
/** Descriptive text for the peers option */
#define PEERS_DESC (ntpq_opt_strs+1405)
#define PEERS_DESC (ntpq_opt_strs+1397)
/** Upper-cased name for the peers option */
#define PEERS_NAME (ntpq_opt_strs+1431)
#define PEERS_NAME (ntpq_opt_strs+1423)
/** Name string for the peers option */
#define PEERS_name (ntpq_opt_strs+1437)
#define PEERS_name (ntpq_opt_strs+1429)
/** Other options that appear in conjunction with the peers option */
static int const aPeersCantList[] = {
INDEX_OPT_INTERACTIVE, NO_EQUIVALENT };
@ -274,11 +274,11 @@ static int const aPeersCantList[] = {
* refid option description:
*/
/** Descriptive text for the refid option */
#define REFID_DESC (ntpq_opt_strs+1443)
#define REFID_DESC (ntpq_opt_strs+1435)
/** Upper-cased name for the refid option */
#define REFID_NAME (ntpq_opt_strs+1483)
#define REFID_NAME (ntpq_opt_strs+1475)
/** Name string for the refid option */
#define REFID_name (ntpq_opt_strs+1489)
#define REFID_name (ntpq_opt_strs+1481)
/** The compiled in default value for the refid option argument */
#define REFID_DFT_ARG ((char const*)REFID_IPV4)
/** Compiled in flag settings for the refid option */
@ -289,22 +289,22 @@ static int const aPeersCantList[] = {
* wide option description:
*/
/** Descriptive text for the wide option */
#define WIDE_DESC (ntpq_opt_strs+1495)
#define WIDE_DESC (ntpq_opt_strs+1487)
/** Upper-cased name for the wide option */
#define WIDE_NAME (ntpq_opt_strs+1527)
#define WIDE_NAME (ntpq_opt_strs+1519)
/** Name string for the wide option */
#define WIDE_name (ntpq_opt_strs+1532)
#define WIDE_name (ntpq_opt_strs+1524)
/** Compiled in flag settings for the wide option */
#define WIDE_FLAGS (OPTST_DISABLED)
/*
* Help/More_Help/Version option descriptions:
*/
#define HELP_DESC (ntpq_opt_strs+1537)
#define HELP_name (ntpq_opt_strs+1581)
#define HELP_DESC (ntpq_opt_strs+1529)
#define HELP_name (ntpq_opt_strs+1573)
#ifdef HAVE_WORKING_FORK
#define MORE_HELP_DESC (ntpq_opt_strs+1586)
#define MORE_HELP_name (ntpq_opt_strs+1631)
#define MORE_HELP_DESC (ntpq_opt_strs+1578)
#define MORE_HELP_name (ntpq_opt_strs+1623)
#define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT)
#else
#define MORE_HELP_DESC HELP_DESC
@ -317,14 +317,14 @@ static int const aPeersCantList[] = {
# define VER_FLAGS (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \
OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT)
#endif
#define VER_DESC (ntpq_opt_strs+1641)
#define VER_name (ntpq_opt_strs+1677)
#define SAVE_OPTS_DESC (ntpq_opt_strs+1685)
#define SAVE_OPTS_name (ntpq_opt_strs+1724)
#define LOAD_OPTS_DESC (ntpq_opt_strs+1734)
#define LOAD_OPTS_NAME (ntpq_opt_strs+1766)
#define NO_LOAD_OPTS_name (ntpq_opt_strs+1776)
#define LOAD_OPTS_pfx (ntpq_opt_strs+1789)
#define VER_DESC (ntpq_opt_strs+1633)
#define VER_name (ntpq_opt_strs+1669)
#define SAVE_OPTS_DESC (ntpq_opt_strs+1677)
#define SAVE_OPTS_name (ntpq_opt_strs+1716)
#define LOAD_OPTS_DESC (ntpq_opt_strs+1726)
#define LOAD_OPTS_NAME (ntpq_opt_strs+1758)
#define NO_LOAD_OPTS_name (ntpq_opt_strs+1768)
#define LOAD_OPTS_pfx (ntpq_opt_strs+1781)
#define LOAD_OPTS_name (NO_LOAD_OPTS_name + 3)
/**
* Declare option callback procedures
@ -545,24 +545,24 @@ static tOptDesc optDesc[OPTION_CT] = {
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
/** Reference to the upper cased version of ntpq. */
#define zPROGNAME (ntpq_opt_strs+1792)
#define zPROGNAME (ntpq_opt_strs+1784)
/** Reference to the title line for ntpq usage. */
#define zUsageTitle (ntpq_opt_strs+1797)
#define zUsageTitle (ntpq_opt_strs+1789)
/** ntpq configuration file name. */
#define zRcName (ntpq_opt_strs+1925)
#define zRcName (ntpq_opt_strs+1917)
/** Directories to search for ntpq config files. */
static char const * const apzHomeList[3] = {
ntpq_opt_strs+1917,
ntpq_opt_strs+1923,
ntpq_opt_strs+1909,
ntpq_opt_strs+1915,
NULL };
/** The ntpq program bug email address. */
#define zBugsAddr (ntpq_opt_strs+1932)
#define zBugsAddr (ntpq_opt_strs+1924)
/** Clarification/explanation of what ntpq does. */
#define zExplain (NULL)
/** Extra detail explaining what ntpq does. */
#define zDetail (NULL)
/** The full version string for ntpq. */
#define zFullVersion (ntpq_opt_strs+1966)
#define zFullVersion (ntpq_opt_strs+1958)
/* extracted from optcode.tlib near line 364 */
#if defined(ENABLE_NLS)
@ -635,7 +635,7 @@ doOptRefid(tOptions* pOptions, tOptDesc* pOptDesc)
/* extracted from optmain.tlib near line 945 */
static char const * const names[2] = {
ntpq_opt_strs+1980, ntpq_opt_strs+1045 };
ntpq_opt_strs+1972, ntpq_opt_strs+1041 };
if (pOptions <= OPTPROC_EMIT_LIMIT) {
(void) optionEnumerationVal(pOptions, pOptDesc, names, 2);
@ -843,7 +843,7 @@ static void bogus_function(void) {
translate option names.
*/
/* referenced via ntpqOptions.pzCopyright */
puts(_("ntpq 4.2.8p10\n\
puts(_("ntpq 4.2.8p11\n\
Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\
@ -864,10 +864,10 @@ software for any purpose. It is provided \"as is\" without express or\n\
implied warranty.\n"));
/* referenced via ntpqOptions.pOptDesc->pzText */
puts(_("Force IPv4 DNS name resolution"));
puts(_("Force IPv4 name resolution"));
/* referenced via ntpqOptions.pOptDesc->pzText */
puts(_("Force IPv6 DNS name resolution"));
puts(_("Force IPv6 name resolution"));
/* referenced via ntpqOptions.pOptDesc->pzText */
puts(_("run a command and exit"));
@ -912,11 +912,11 @@ implied warranty.\n"));
puts(_("load options from a config file"));
/* referenced via ntpqOptions.pzUsageTitle */
puts(_("ntpq - standard NTP query program - Ver. 4.2.8p10\n\
puts(_("ntpq - standard NTP query program - Ver. 4.2.8p11\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n"));
/* referenced via ntpqOptions.pzFullVersion */
puts(_("ntpq 4.2.8p10"));
puts(_("ntpq 4.2.8p11"));
/* referenced via ntpqOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>"));

8
external/bsd/ntp/dist/ntpq/ntpq-opts.h vendored
View File

@ -1,9 +1,9 @@
/* $NetBSD: ntpq-opts.h,v 1.10 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntpq-opts.h,v 1.11 2018/04/07 00:19:53 christos Exp $ */
/*
* EDIT THIS FILE WITH CAUTION (ntpq-opts.h)
*
* It has been AutoGen-ed March 21, 2017 at 10:45:04 AM by AutoGen 5.18.5
* It has been AutoGen-ed February 27, 2018 at 05:15:12 PM by AutoGen 5.18.5
* From the definitions ntpq-opts.def
* and the template file options
*
@ -86,9 +86,9 @@ typedef enum {
/** count of all options for ntpq */
#define OPTION_CT 16
/** ntpq version */
#define NTPQ_VERSION "4.2.8p10"
#define NTPQ_VERSION "4.2.8p11"
/** Full ntpq version text */
#define NTPQ_FULL_VERSION "ntpq 4.2.8p10"
#define NTPQ_FULL_VERSION "ntpq 4.2.8p11"
/**
* Interface defines for all options. Replace "n" with the UPPER_CASED

66
external/bsd/ntp/dist/ntpq/ntpq-subs.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntpq-subs.c,v 1.15 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntpq-subs.c,v 1.16 2018/04/07 00:19:53 christos Exp $ */
/*
* ntpq-subs.c - subroutines which are called to perform ntpq commands.
@ -309,12 +309,12 @@ typedef struct ifstats_row_tag {
sockaddr_u bcast;
int enabled;
u_int flags;
int mcast_count;
u_int mcast_count;
char name[32];
int peer_count;
int received;
int sent;
int send_errors;
u_int peer_count;
u_int received;
u_int sent;
u_int send_errors;
u_int ttl;
u_int uptime;
} ifstats_row;
@ -1454,6 +1454,8 @@ when(
else
return 0;
if (ts->l_ui < lasttime->l_ui)
return -1;
return (ts->l_ui - lasttime->l_ui);
}
@ -1492,7 +1494,14 @@ prettyinterval(
}
diff = (diff + 11) / 24;
snprintf(buf, cb, "%ldd", diff);
if (diff <= 999) {
snprintf(buf, cb, "%ldd", diff);
return buf;
}
/* years are only approximated... */
diff = (long)floor(diff / 365.25 + 0.5);
snprintf(buf, cb, "%ldy", diff);
return buf;
}
@ -1835,8 +1844,12 @@ doprintpeers(
if (!have_srchost)
strlcpy(clock_name, nntohost(&srcadr),
sizeof(clock_name));
/* wide and long source - space over on next line */
/* allow for host + sp if > 1 and regular tally + source + sp */
if (wideremote && 15 < strlen(clock_name))
fprintf(fp, "%c%s\n ", c, clock_name);
fprintf(fp, "%c%s\n%*s", c, clock_name,
((numhosts > 1) ? (int)maxhostlen + 1 : 0)
+ 1 + 15 + 1, "");
else
fprintf(fp, "%c%-15.15s ", c, clock_name);
if (!have_da_rid) {
@ -2227,14 +2240,13 @@ config (
col = -1;
if (1 == sscanf(resp, "column %d syntax error", &col)
&& col >= 0 && (size_t)col <= strlen(cfgcmd) + 1) {
if (interactive) {
printf("______"); /* "ntpq> " */
printf("________"); /* ":config " */
} else
if (interactive)
fputs(" *", stdout); /* "ntpq> :config " */
else
printf("%s\n", cfgcmd);
for (i = 1; i < col; i++)
putchar('_');
printf("^\n");
for (i = 0; i < col; i++)
fputc('_', stdout);
fputs("^\n", stdout);
}
printf("%s\n", resp);
free(resp);
@ -3279,7 +3291,7 @@ validate_ifnum(
return;
if (prow->ifnum + 1 <= ifnum) {
if (*pfields < IFSTATS_FIELDS)
fprintf(fp, "Warning: incomplete row with %d (of %d) fields",
fprintf(fp, "Warning: incomplete row with %d (of %d) fields\n",
*pfields, IFSTATS_FIELDS);
*pfields = 0;
prow->ifnum = ifnum;
@ -3316,7 +3328,7 @@ another_ifstats_field(
"==============================================================================\n");
*/
fprintf(fp,
"%3u %-24.24s %c %4x %3d %2d %6d %6d %6d %5d %8d\n"
"%3u %-24.24s %c %4x %3u %2u %6u %6u %6u %5u %8d\n"
" %s\n",
prow->ifnum, prow->name,
(prow->enabled)
@ -3416,7 +3428,7 @@ ifstats(
case 'm':
if (1 == sscanf(tag, mc_fmt, &ui) &&
1 == sscanf(val, "%d", &row.mcast_count))
1 == sscanf(val, "%u", &row.mcast_count))
comprende = TRUE;
break;
@ -3437,31 +3449,31 @@ ifstats(
case 'p':
if (1 == sscanf(tag, pc_fmt, &ui) &&
1 == sscanf(val, "%d", &row.peer_count))
1 == sscanf(val, "%u", &row.peer_count))
comprende = TRUE;
break;
case 'r':
if (1 == sscanf(tag, rx_fmt, &ui) &&
1 == sscanf(val, "%d", &row.received))
1 == sscanf(val, "%u", &row.received))
comprende = TRUE;
break;
case 't':
if (1 == sscanf(tag, tl_fmt, &ui) &&
1 == sscanf(val, "%d", &row.ttl))
1 == sscanf(val, "%u", &row.ttl))
comprende = TRUE;
else if (1 == sscanf(tag, tx_fmt, &ui) &&
1 == sscanf(val, "%d", &row.sent))
1 == sscanf(val, "%u", &row.sent))
comprende = TRUE;
else if (1 == sscanf(tag, txerr_fmt, &ui) &&
1 == sscanf(val, "%d", &row.send_errors))
1 == sscanf(val, "%u", &row.send_errors))
comprende = TRUE;
break;
case 'u':
if (1 == sscanf(tag, up_fmt, &ui) &&
1 == sscanf(val, "%d", &row.uptime))
1 == sscanf(val, "%u", &row.uptime))
comprende = TRUE;
break;
}
@ -3474,7 +3486,7 @@ ifstats(
}
}
if (fields != IFSTATS_FIELDS)
fprintf(fp, "Warning: incomplete row with %d (of %d) fields",
fprintf(fp, "Warning: incomplete row with %d (of %d) fields\n",
fields, IFSTATS_FIELDS);
fflush(fp);
@ -3849,6 +3861,10 @@ sysstats(
VDC_INIT("ss_limited", "rate limited: ", NTP_STR),
VDC_INIT("ss_kodsent", "KoD responses: ", NTP_STR),
VDC_INIT("ss_processed", "processed for time: ", NTP_STR),
#if 0
VDC_INIT("ss_lamport", "Lamport violations: ", NTP_STR),
VDC_INIT("ss_tsrounding", "bad timestamp rounding:", NTP_STR),
#endif
VDC_INIT(NULL, NULL, 0)
};

343
external/bsd/ntp/dist/ntpq/ntpq.c vendored
View File

@ -1,13 +1,14 @@
/* $NetBSD: ntpq.c,v 1.18 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntpq.c,v 1.19 2018/04/07 00:19:53 christos Exp $ */
/*
* ntpq - query an NTP server using mode 6 commands
*/
#include <config.h>
#include <stdio.h>
#include <ctype.h>
#include <signal.h>
#include <setjmp.h>
#include <stddef.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/time.h>
#ifdef HAVE_UNISTD_H
@ -36,7 +37,15 @@
#include "openssl/evp.h"
#include "openssl/objects.h"
#include "openssl/err.h"
#ifdef SYS_WINNT
# include "openssl/opensslv.h"
# if !defined(HAVE_EVP_MD_DO_ALL_SORTED) && OPENSSL_VERSION_NUMBER > 0x10000000L
# define HAVE_EVP_MD_DO_ALL_SORTED 1
# endif
#endif
#include "libssl_compat.h"
#define CMAC "AES128CMAC"
#endif
#include <ssl_applink.c>
@ -191,7 +200,7 @@ static int getarg (const char *, int, arg_v *);
static int findcmd (const char *, struct xcmd *,
struct xcmd *, struct xcmd **);
static int rtdatetolfp (char *, l_fp *);
static int decodearr (char *, int *, l_fp *);
static int decodearr (char *, int *, l_fp *, int);
static void help (struct parse *, FILE *);
static int helpsort (const void *, const void *);
static void printusage (struct xcmd *, FILE *);
@ -229,12 +238,23 @@ static void on_ctrlc (void);
static int my_easprintf (char**, const char *, ...) NTP_PRINTF(2, 3);
void ntpq_custom_opt_handler (tOptions *, tOptDesc *);
/* read a character from memory and expand to integer */
static inline int
pgetc(
const char *cp
)
{
return (int)*(const unsigned char*)cp;
}
#ifdef OPENSSL
# ifdef HAVE_EVP_MD_DO_ALL_SORTED
static void list_md_fn(const EVP_MD *m, const char *from,
const char *to, void *arg );
# endif
#endif
static char *insert_cmac(char *list);
static char *list_digest_names(void);
/*
@ -452,6 +472,7 @@ main(
}
#endif
#ifndef BUILD_AS_LIB
int
ntpqmain(
@ -486,14 +507,16 @@ ntpqmain(
char *msg;
list = list_digest_names();
for (icmd = 0; icmd < sizeof(builtins)/sizeof(builtins[0]); icmd++) {
if (strcmp("keytype", builtins[icmd].keyword) == 0)
for (icmd = 0; icmd < sizeof(builtins)/sizeof(*builtins); icmd++) {
if (strcmp("keytype", builtins[icmd].keyword) == 0) {
break;
}
}
/* CID: 1295478 */
/* This should only "trip" if "keytype" is removed from builtins */
INSIST(icmd < sizeof(builtins)/sizeof(builtins[0]));
INSIST(icmd < sizeof(builtins)/sizeof(*builtins));
#ifdef OPENSSL
builtins[icmd].desc[0] = "digest-name";
@ -586,9 +609,15 @@ ntpqmain(
getcmds();
} else {
for (ihost = 0; ihost < numhosts; ihost++) {
if (openhost(chosts[ihost].name, chosts[ihost].fam))
for (icmd = 0; icmd < numcmds; icmd++)
if (openhost(chosts[ihost].name, chosts[ihost].fam)) {
if (ihost)
fputc('\n', current_output);
for (icmd = 0; icmd < numcmds; icmd++) {
if (icmd)
fputc('\n', current_output);
docmd(ccmds[icmd]);
}
}
}
}
#ifdef SYS_WINNT
@ -721,7 +750,7 @@ openhost(
int err;
err = setsockopt(INVALID_SOCKET, SOL_SOCKET, SO_OPENTYPE,
(char *)&optionValue, sizeof(optionValue));
(void *)&optionValue, sizeof(optionValue));
if (err) {
mfprintf(stderr,
"setsockopt(SO_SYNCHRONOUS_NONALERT)"
@ -745,7 +774,7 @@ openhost(
# ifdef SO_RCVBUF
{ int rbufsize = DATASIZE + 2048; /* 2K for slop */
if (setsockopt(sockfd, SOL_SOCKET, SO_RCVBUF,
&rbufsize, sizeof(int)) == -1)
(void *)&rbufsize, sizeof(int)) == -1)
error("setsockopt");
}
# endif
@ -2016,7 +2045,7 @@ rtdatetolfp(
* d[d]-Mth-y[y[y[y]]] hh:mm:ss
*/
cp = str;
if (!isdigit((int)*cp)) {
if (!isdigit(pgetc(cp))) {
if (*cp == '-') {
/*
* Catch special case
@ -2028,7 +2057,7 @@ rtdatetolfp(
}
cal.monthday = (u_char) (*cp++ - '0'); /* ascii dependent */
if (isdigit((int)*cp)) {
if (isdigit(pgetc(cp))) {
cal.monthday = (u_char)((cal.monthday << 3) + (cal.monthday << 1));
cal.monthday = (u_char)(cal.monthday + *cp++ - '0');
}
@ -2050,18 +2079,18 @@ rtdatetolfp(
if (*cp++ != '-')
return 0;
if (!isdigit((int)*cp))
if (!isdigit(pgetc(cp)))
return 0;
cal.year = (u_short)(*cp++ - '0');
if (isdigit((int)*cp)) {
if (isdigit(pgetc(cp))) {
cal.year = (u_short)((cal.year << 3) + (cal.year << 1));
cal.year = (u_short)(*cp++ - '0');
}
if (isdigit((int)*cp)) {
if (isdigit(pgetc(cp))) {
cal.year = (u_short)((cal.year << 3) + (cal.year << 1));
cal.year = (u_short)(cal.year + *cp++ - '0');
}
if (isdigit((int)*cp)) {
if (isdigit(pgetc(cp))) {
cal.year = (u_short)((cal.year << 3) + (cal.year << 1));
cal.year = (u_short)(cal.year + *cp++ - '0');
}
@ -2074,26 +2103,26 @@ rtdatetolfp(
return 1;
}
if (*cp++ != ' ' || !isdigit((int)*cp))
if (*cp++ != ' ' || !isdigit(pgetc(cp)))
return 0;
cal.hour = (u_char)(*cp++ - '0');
if (isdigit((int)*cp)) {
if (isdigit(pgetc(cp))) {
cal.hour = (u_char)((cal.hour << 3) + (cal.hour << 1));
cal.hour = (u_char)(cal.hour + *cp++ - '0');
}
if (*cp++ != ':' || !isdigit((int)*cp))
if (*cp++ != ':' || !isdigit(pgetc(cp)))
return 0;
cal.minute = (u_char)(*cp++ - '0');
if (isdigit((int)*cp)) {
if (isdigit(pgetc(cp))) {
cal.minute = (u_char)((cal.minute << 3) + (cal.minute << 1));
cal.minute = (u_char)(cal.minute + *cp++ - '0');
}
if (*cp++ != ':' || !isdigit((int)*cp))
if (*cp++ != ':' || !isdigit(pgetc(cp)))
return 0;
cal.second = (u_char)(*cp++ - '0');
if (isdigit((int)*cp)) {
if (isdigit(pgetc(cp))) {
cal.second = (u_char)((cal.second << 3) + (cal.second << 1));
cal.second = (u_char)(cal.second + *cp++ - '0');
}
@ -2217,34 +2246,36 @@ decodeuint(
*/
static int
decodearr(
char *str,
int *narr,
l_fp *lfparr
char *cp,
int *narr,
l_fp *lfpa,
int amax
)
{
register char *cp, *bp;
register l_fp *lfp;
char *bp;
char buf[60];
lfp = lfparr;
cp = str;
*narr = 0;
while (*narr < 8) {
while (isspace((int)*cp))
cp++;
if (*cp == '\0')
break;
while (*narr < amax && *cp) {
if (isspace(pgetc(cp))) {
do
++cp;
while (*cp && isspace(pgetc(cp)));
} else {
bp = buf;
do {
if (bp != (buf + sizeof(buf) - 1))
*bp++ = *cp;
++cp;
} while (*cp && !isspace(pgetc(cp)));
*bp = '\0';
bp = buf;
while (!isspace((int)*cp) && *cp != '\0')
*bp++ = *cp++;
*bp++ = '\0';
if (!decodetime(buf, lfp))
return 0;
(*narr)++;
lfp++;
if (!decodetime(buf, lfpa))
return 0;
++(*narr);
++lfpa;
}
}
return 1;
}
@ -3051,7 +3082,7 @@ nextvar(
/*
* Space past commas and white space
*/
while (cp < cpend && (*cp == ',' || isspace((int)*cp)))
while (cp < cpend && (*cp == ',' || isspace(pgetc(cp))))
cp++;
if (cp >= cpend)
return 0;
@ -3063,7 +3094,7 @@ nextvar(
srclen = strcspn(cp, ",=\r\n");
srclen = min(srclen, (size_t)(cpend - cp));
len = srclen;
while (len > 0 && isspace((unsigned char)cp[len - 1]))
while (len > 0 && isspace(pgetc(&cp[len - 1])))
len--;
if (len >= sizeof(name))
return 0;
@ -3089,7 +3120,7 @@ nextvar(
* So far, so good. Copy out the value
*/
cp++; /* past '=' */
while (cp < cpend && (isspace((unsigned char)*cp) && *cp != '\r' && *cp != '\n'))
while (cp < cpend && (isspace(pgetc(cp)) && *cp != '\r' && *cp != '\n'))
cp++;
np = cp;
if ('"' == *np) {
@ -3110,7 +3141,7 @@ nextvar(
/*
* Trim off any trailing whitespace
*/
while (len > 0 && isspace((unsigned char)value[len - 1]))
while (len > 0 && isspace(pgetc(&value[len - 1])))
len--;
value[len] = '\0';
@ -3193,7 +3224,7 @@ rawprint(
*/
if (cp == (cpend - 1) || *(cp + 1) != '\n')
makeascii(1, cp, fp);
} else if (isspace((unsigned char)*cp) || isprint((unsigned char)*cp))
} else if (isspace(pgetc(cp)) || isprint(pgetc(cp)))
putc(*cp, fp);
else
makeascii(1, cp, fp);
@ -3401,7 +3432,7 @@ cookedprint(
break;
case TS:
if (!decodets(value, &lfp))
if (!value || !decodets(value, &lfp))
output_raw = '?';
else
output(fp, name, prettydate(&lfp));
@ -3409,7 +3440,7 @@ cookedprint(
case HA: /* fallthru */
case NA:
if (!decodenetnum(value, &hval)) {
if (!value || !decodenetnum(value, &hval)) {
output_raw = '?';
} else if (fmt == HA){
output(fp, name, nntohost(&hval));
@ -3419,7 +3450,9 @@ cookedprint(
break;
case RF:
if (decodenetnum(value, &hval)) {
if (!value) {
output_raw = '?';
} else if (decodenetnum(value, &hval)) {
if (ISREFCLOCKADR(&hval))
output(fp, name,
refnumtoa(&hval));
@ -3433,7 +3466,7 @@ cookedprint(
break;
case LP:
if (!decodeuint(value, &uval) || uval > 3) {
if (!value || !decodeuint(value, &uval) || uval > 3) {
output_raw = '?';
} else {
b[0] = (0x2 & uval)
@ -3448,7 +3481,7 @@ cookedprint(
break;
case OC:
if (!decodeuint(value, &uval)) {
if (!value || !decodeuint(value, &uval)) {
output_raw = '?';
} else {
snprintf(b, sizeof(b), "%03lo", uval);
@ -3457,14 +3490,14 @@ cookedprint(
break;
case AR:
if (!decodearr(value, &narr, lfparr))
if (!value || !decodearr(value, &narr, lfparr, 8))
output_raw = '?';
else
outputarr(fp, name, narr, lfparr);
break;
case FX:
if (!decodeuint(value, &uval))
if (!value || !decodeuint(value, &uval))
output_raw = '?';
else
output(fp, name, tstflags(uval));
@ -3586,81 +3619,205 @@ ntpq_custom_opt_handler(
* Obtain list of digest names
*/
#if defined(OPENSSL) && !defined(HAVE_EVP_MD_DO_ALL_SORTED)
# if defined(_MSC_VER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
# define HAVE_EVP_MD_DO_ALL_SORTED
# endif
#endif
#ifdef OPENSSL
# ifdef HAVE_EVP_MD_DO_ALL_SORTED
# define K_PER_LINE 8
# define K_NL_PFX_STR "\n "
# define K_DELIM_STR ", "
struct hstate {
char *list;
const char **seen;
int idx;
};
#define K_PER_LINE 8
#define K_NL_PFX_STR "\n "
#define K_DELIM_STR ", "
static void list_md_fn(const EVP_MD *m, const char *from, const char *to, void *arg )
{
size_t len, n;
const char *name, *cp, **seen;
struct hstate *hstate = arg;
EVP_MD_CTX *ctx;
u_int digest_len;
u_char digest[EVP_MAX_MD_SIZE];
if (!m)
static void
list_md_fn(const EVP_MD *m, const char *from, const char *to, void *arg)
{
size_t len, n;
const char *name, **seen;
struct hstate *hstate = arg;
const char *cp;
/* m is MD obj, from is name or alias, to is base name for alias */
if (!m || !from || to) {
return; /* Ignore aliases */
}
/* Discard MACs that NTP won't accept. */
/* Keep this consistent with keytype_from_text() in ssl_init.c. */
if ((size_t)EVP_MD_size(m) > (MAX_MAC_LEN - sizeof(keyid_t))) {
return;
}
name = EVP_MD_name(m);
/* Lowercase names aren't accepted by keytype_from_text in ssl_init.c */
for( cp = name; *cp; cp++ ) {
if( islower((unsigned char)*cp) )
for (cp = name; *cp; cp++) {
if (islower((unsigned char)*cp)) {
return;
}
}
len = (cp - name) + 1;
/* There are duplicates. Discard if name has been seen. */
for (seen = hstate->seen; *seen; seen++)
if (!strcmp(*seen, name))
for (seen = hstate->seen; *seen; seen++) {
if (!strcmp(*seen, name)) {
return;
}
}
n = (seen - hstate->seen) + 2;
hstate->seen = erealloc(hstate->seen, n * sizeof(*seen));
hstate->seen[n-2] = name;
hstate->seen[n-1] = NULL;
/* Discard MACs that NTP won't accept.
* Keep this consistent with keytype_from_text() in ssl_init.c.
*/
ctx = EVP_MD_CTX_new();
EVP_DigestInit(ctx, EVP_get_digestbyname(name));
EVP_DigestFinal(ctx, digest, &digest_len);
EVP_MD_CTX_free(ctx);
if (digest_len > (MAX_MAC_LEN - sizeof(keyid_t)))
return;
if (hstate->list != NULL)
if (hstate->list != NULL) {
len += strlen(hstate->list);
len += (hstate->idx >= K_PER_LINE)? strlen(K_NL_PFX_STR): strlen(K_DELIM_STR);
}
len += (hstate->idx >= K_PER_LINE)
? strlen(K_NL_PFX_STR)
: strlen(K_DELIM_STR);
if (hstate->list == NULL) {
hstate->list = (char *)emalloc(len);
hstate->list = (char *)emalloc(len);
hstate->list[0] = '\0';
} else
} else {
hstate->list = (char *)erealloc(hstate->list, len);
}
sprintf(hstate->list + strlen(hstate->list), "%s%s",
((hstate->idx >= K_PER_LINE)? K_NL_PFX_STR : K_DELIM_STR),
((hstate->idx >= K_PER_LINE) ? K_NL_PFX_STR : K_DELIM_STR),
name);
if (hstate->idx >= K_PER_LINE)
if (hstate->idx >= K_PER_LINE) {
hstate->idx = 1;
else
} else {
hstate->idx++;
}
}
/* Insert CMAC into SSL digests list */
static char *
insert_cmac(char *list)
{
int insert;
size_t len;
/* If list empty, we need to insert CMAC on new line */
insert = (!list || !*list);
if (insert) {
len = strlen(K_NL_PFX_STR) + strlen(CMAC);
list = (char *)erealloc(list, len + 1);
sprintf(list, "%s%s", K_NL_PFX_STR, CMAC);
} else { /* List not empty */
/* Check if CMAC already in list - future proofing */
const char *cmac_sn;
char *cmac_p;
cmac_sn = OBJ_nid2sn(NID_cmac);
cmac_p = list;
insert = cmac_sn != NULL && *cmac_sn != '\0';
/* CMAC in list if found, followed by nul char or ',' */
while (insert && NULL != (cmac_p = strstr(cmac_p, cmac_sn))) {
cmac_p += strlen(cmac_sn);
/* Still need to insert if not nul and not ',' */
insert = *cmac_p && ',' != *cmac_p;
}
/* Find proper insertion point */
if (insert) {
char *last_nl;
char *point;
char *delim;
int found;
/* Default to start if list empty */
found = 0;
delim = list;
len = strlen(list);
/* While new lines */
while (delim < list + len && *delim &&
!strncmp(K_NL_PFX_STR, delim, strlen(K_NL_PFX_STR))) {
point = delim + strlen(K_NL_PFX_STR);
/* While digest names on line */
while (point < list + len && *point) {
/* Another digest after on same or next line? */
delim = strstr( point, K_DELIM_STR);
last_nl = strstr( point, K_NL_PFX_STR);
/* No - end of list */
if (!delim && !last_nl) {
delim = list + len;
} else
/* New line and no delim or before delim? */
if (last_nl && (!delim || last_nl < delim)) {
delim = last_nl;
}
/* Found insertion point where CMAC before entry? */
if (strncmp(CMAC, point, delim - point) < 0) {
found = 1;
break;
}
if (delim < list + len && *delim &&
!strncmp(K_DELIM_STR, delim, strlen(K_DELIM_STR))) {
point += strlen(K_DELIM_STR);
} else {
break;
}
} /* While digest names on line */
} /* While new lines */
/* If found in list */
if (found) {
/* insert cmac and delim */
/* Space for list could move - save offset */
ptrdiff_t p_offset = point - list;
len += strlen(CMAC) + strlen(K_DELIM_STR);
list = (char *)erealloc(list, len + 1);
point = list + p_offset;
/* move to handle src/dest overlap */
memmove(point + strlen(CMAC) + strlen(K_DELIM_STR),
point, strlen(point) + 1);
strncpy(point, CMAC, strlen(CMAC));
strncpy(point + strlen(CMAC), K_DELIM_STR, strlen(K_DELIM_STR));
} else { /* End of list */
/* append delim and cmac */
len += strlen(K_DELIM_STR) + strlen(CMAC);
list = (char *)erealloc(list, len + 1);
strcpy(list + strlen(list), K_DELIM_STR);
strcpy(list + strlen(list), CMAC);
}
} /* insert */
} /* List not empty */
return list;
}
# endif
#endif
static char *list_digest_names(void)
static char *
list_digest_names(void)
{
char *list = NULL;
@ -3668,12 +3825,16 @@ static char *list_digest_names(void)
# ifdef HAVE_EVP_MD_DO_ALL_SORTED
struct hstate hstate = { NULL, NULL, K_PER_LINE+1 };
hstate.seen = (const char **) emalloc_zero(1*sizeof( const char * )); // replaces -> calloc(1, sizeof( const char * ));
/* replace calloc(1, sizeof(const char *)) */
hstate.seen = (const char **)emalloc_zero(sizeof(const char *));
INIT_SSL();
EVP_MD_do_all_sorted(list_md_fn, &hstate);
list = hstate.list;
free(hstate.seen);
list = insert_cmac(list); /* Insert CMAC into SSL digests list */
# else
list = (char *)emalloc(sizeof("md5, others (upgrade to OpenSSL-1.0 for full list)"));
strcpy(list, "md5, others (upgrade to OpenSSL-1.0 for full list)");

4
external/bsd/ntp/dist/ntpsnmpd/netsnmp_daemonize.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: netsnmp_daemonize.c,v 1.5 2016/01/08 21:35:40 christos Exp $ */
/* $NetBSD: netsnmp_daemonize.c,v 1.6 2018/04/07 00:19:53 christos Exp $ */
/*
* system.c
@ -196,7 +196,7 @@ netsnmp_daemonize(int quit_immediately, int stderr_log)
int i = 0;
int saved_errno;
DEBUGMSGT(("daemonize","deamonizing...\n"));
DEBUGMSGT(("daemonize","daemonizing...\n"));
#ifdef HAVE_WORKING_FORK
/*
* Fork to return control to the invoking process and to

16
external/bsd/ntp/dist/ntpsnmpd/ntpsnmpd-opts.c vendored
View File

@ -1,9 +1,9 @@
/* $NetBSD: ntpsnmpd-opts.c,v 1.10 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntpsnmpd-opts.c,v 1.11 2018/04/07 00:19:53 christos Exp $ */
/*
* EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.c)
*
* It has been AutoGen-ed March 21, 2017 at 10:45:37 AM by AutoGen 5.18.5
* It has been AutoGen-ed February 27, 2018 at 05:15:31 PM by AutoGen 5.18.5
* From the definitions ntpsnmpd-opts.def
* and the template file options
*
@ -63,7 +63,7 @@ extern FILE * option_usage_fp;
* static const strings for ntpsnmpd options
*/
static char const ntpsnmpd_opt_strs[1613] =
/* 0 */ "ntpsnmpd 4.2.8p10\n"
/* 0 */ "ntpsnmpd 4.2.8p11\n"
"Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
@ -103,14 +103,14 @@ static char const ntpsnmpd_opt_strs[1613] =
/* 1415 */ "no-load-opts\0"
/* 1428 */ "no\0"
/* 1431 */ "NTPSNMPD\0"
/* 1440 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p10\n"
/* 1440 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p11\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0"
/* 1544 */ "$HOME\0"
/* 1550 */ ".\0"
/* 1552 */ ".ntprc\0"
/* 1559 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 1593 */ "\n\0"
/* 1595 */ "ntpsnmpd 4.2.8p10";
/* 1595 */ "ntpsnmpd 4.2.8p11";
/**
* nofork option description:
@ -556,7 +556,7 @@ static void bogus_function(void) {
translate option names.
*/
/* referenced via ntpsnmpdOptions.pzCopyright */
puts(_("ntpsnmpd 4.2.8p10\n\
puts(_("ntpsnmpd 4.2.8p11\n\
Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\
@ -601,14 +601,14 @@ implied warranty.\n"));
puts(_("load options from a config file"));
/* referenced via ntpsnmpdOptions.pzUsageTitle */
puts(_("ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p10\n\
puts(_("ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p11\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n"));
/* referenced via ntpsnmpdOptions.pzExplain */
puts(_("\n"));
/* referenced via ntpsnmpdOptions.pzFullVersion */
puts(_("ntpsnmpd 4.2.8p10"));
puts(_("ntpsnmpd 4.2.8p11"));
/* referenced via ntpsnmpdOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>"));

8
external/bsd/ntp/dist/ntpsnmpd/ntpsnmpd-opts.h vendored
View File

@ -1,9 +1,9 @@
/* $NetBSD: ntpsnmpd-opts.h,v 1.10 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: ntpsnmpd-opts.h,v 1.11 2018/04/07 00:19:53 christos Exp $ */
/*
* EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.h)
*
* It has been AutoGen-ed March 21, 2017 at 10:45:36 AM by AutoGen 5.18.5
* It has been AutoGen-ed February 27, 2018 at 05:15:31 PM by AutoGen 5.18.5
* From the definitions ntpsnmpd-opts.def
* and the template file options
*
@ -78,9 +78,9 @@ typedef enum {
/** count of all options for ntpsnmpd */
#define OPTION_CT 8
/** ntpsnmpd version */
#define NTPSNMPD_VERSION "4.2.8p10"
#define NTPSNMPD_VERSION "4.2.8p11"
/** Full ntpsnmpd version text */
#define NTPSNMPD_FULL_VERSION "ntpsnmpd 4.2.8p10"
#define NTPSNMPD_FULL_VERSION "ntpsnmpd 4.2.8p11"
/**
* Interface defines for all options. Replace "n" with the UPPER_CASED

246
external/bsd/ntp/dist/sntp/crypto.c vendored
View File

@ -1,4 +1,12 @@
/* $NetBSD: crypto.c,v 1.13 2017/04/13 20:17:42 christos Exp $ */
/* $NetBSD: crypto.c,v 1.14 2018/04/07 00:19:53 christos Exp $ */
/*
* HMS: we need to test:
* - OpenSSL versions, if we are building with them
* - our versions
*
* We may need to test with(out) OPENSSL separately.
*/
#include <config.h>
#include "crypto.h"
@ -6,74 +14,185 @@
#include "isc/string.h"
#include "ntp_md5.h"
/* HMS: We may not have OpenSSL, but we have our own AES-128-CMAC */
#define CMAC "AES128CMAC"
#ifdef OPENSSL
# include "openssl/cmac.h"
# define AES_128_KEY_SIZE 16
#endif /* OPENSSL */
#ifndef EVP_MAX_MD_SIZE
# define EVP_MAX_MD_SIZE 32
#endif
struct key *key_ptr;
size_t key_cnt = 0;
int
make_mac(
const void *pkt_data,
int pkt_size,
int mac_size,
const struct key *cmp_key,
void * digest
typedef struct key Key_T;
static u_int
compute_mac(
u_char digest[EVP_MAX_MD_SIZE],
char const * macname,
void const * pkt_data,
u_int pkt_size,
void const * key_data,
u_int key_size
)
{
u_int len = mac_size;
u_int len = 0;
size_t slen = 0;
int key_type;
EVP_MD_CTX * ctx;
if (cmp_key->key_len > 64)
INIT_SSL();
key_type = keytype_from_text(macname, NULL);
#ifdef OPENSSL
/* Check if CMAC key type specific code required */
if (key_type == NID_cmac) {
CMAC_CTX * ctx = NULL;
u_char keybuf[AES_128_KEY_SIZE];
/* adjust key size (zero padded buffer) if necessary */
if (AES_128_KEY_SIZE > key_size) {
memcpy(keybuf, key_data, key_size);
memset((keybuf + key_size), 0,
(AES_128_KEY_SIZE - key_size));
key_data = keybuf;
}
if (!(ctx = CMAC_CTX_new())) {
msyslog(LOG_ERR, "make_mac: CMAC %s CTX new failed.", CMAC);
}
else if (!CMAC_Init(ctx, key_data, AES_128_KEY_SIZE,
EVP_aes_128_cbc(), NULL)) {
msyslog(LOG_ERR, "make_mac: CMAC %s Init failed.", CMAC);
}
else if (!CMAC_Update(ctx, pkt_data, (size_t)pkt_size)) {
msyslog(LOG_ERR, "make_mac: CMAC %s Update failed.", CMAC);
}
else if (!CMAC_Final(ctx, digest, &slen)) {
msyslog(LOG_ERR, "make_mac: CMAC %s Final failed.", CMAC);
slen = 0;
}
len = (u_int)slen;
CMAC_CTX_cleanup(ctx);
/* Test our AES-128-CMAC implementation */
} else /* MD5 MAC handling */
#endif
{
EVP_MD_CTX * ctx;
if (!(ctx = EVP_MD_CTX_new())) {
msyslog(LOG_ERR, "make_mac: MAC %s Digest CTX new failed.",
macname);
goto mac_fail;
}
#ifdef OPENSSL /* OpenSSL 1 supports return codes 0 fail, 1 okay */
# ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
# endif
/* [Bug 3457] DON'T use plain EVP_DigestInit! It would
* kill the flags! */
if (!EVP_DigestInit_ex(ctx, EVP_get_digestbynid(key_type), NULL)) {
msyslog(LOG_ERR, "make_mac: MAC %s Digest Init failed.",
macname);
goto mac_fail;
}
if (!EVP_DigestUpdate(ctx, key_data, key_size)) {
msyslog(LOG_ERR, "make_mac: MAC %s Digest Update key failed.",
macname);
goto mac_fail;
}
if (!EVP_DigestUpdate(ctx, pkt_data, pkt_size)) {
msyslog(LOG_ERR, "make_mac: MAC %s Digest Update data failed.",
macname);
goto mac_fail;
}
if (!EVP_DigestFinal(ctx, digest, &len)) {
msyslog(LOG_ERR, "make_mac: MAC %s Digest Final failed.",
macname);
len = 0;
}
#else /* !OPENSSL */
EVP_DigestInit(ctx, EVP_get_digestbynid(key_type));
EVP_DigestUpdate(ctx, key_data, key_size);
EVP_DigestUpdate(ctx, pkt_data, pkt_size);
EVP_DigestFinal(ctx, digest, &len);
#endif
mac_fail:
EVP_MD_CTX_free(ctx);
}
return len;
}
int
make_mac(
const void * pkt_data,
int pkt_size,
int mac_size,
Key_T const * cmp_key,
void * digest
)
{
u_int len;
u_char dbuf[EVP_MAX_MD_SIZE];
if (cmp_key->key_len > 64 || mac_size <= 0)
return 0;
if (pkt_size % 4 != 0)
return 0;
INIT_SSL();
key_type = keytype_from_text(cmp_key->type, NULL);
ctx = EVP_MD_CTX_new();
EVP_DigestInit(ctx, EVP_get_digestbynid(key_type));
EVP_DigestUpdate(ctx, (const u_char *)cmp_key->key_seq, (u_int)cmp_key->key_len);
EVP_DigestUpdate(ctx, pkt_data, (u_int)pkt_size);
EVP_DigestFinal(ctx, digest, &len);
EVP_MD_CTX_free(ctx);
len = compute_mac(dbuf, cmp_key->typen,
pkt_data, (u_int)pkt_size,
cmp_key->key_seq, (u_int)cmp_key->key_len);
if (len) {
if (len > (u_int)mac_size)
len = (u_int)mac_size;
memcpy(digest, dbuf, len);
}
return (int)len;
}
/* Generates a md5 digest of the key specified in keyid concatenated with the
/* Generates a md5 digest of the key specified in keyid concatenated with the
* ntp packet (exluding the MAC) and compares this digest to the digest in
* the packet's MAC. If they're equal this function returns 1 (packet is
* the packet's MAC. If they're equal this function returns 1 (packet is
* authentic) or else 0 (not authentic).
*/
int
auth_md5(
const void *pkt_data,
int pkt_size,
int mac_size,
const struct key *cmp_key
void const * pkt_data,
int pkt_size,
int mac_size,
Key_T const * cmp_key
)
{
int hash_len;
int authentic;
char digest[20];
const u_char *pkt_ptr;
if (mac_size > (int)sizeof(digest))
return 0;
pkt_ptr = pkt_data;
hash_len = make_mac(pkt_ptr, pkt_size, sizeof(digest), cmp_key,
digest);
if (!hash_len) {
authentic = FALSE;
} else {
/* isc_tsmemcmp will be better when its easy to link
* with. sntp is a 1-shot program, so snooping for
* timing attacks is Harder.
*/
authentic = !memcmp(digest, (const char*)pkt_data + pkt_size + 4,
hash_len);
}
return authentic;
u_int len = 0;
u_char const * pkt_ptr = pkt_data;
u_char dbuf[EVP_MAX_MD_SIZE];
if (mac_size <= 0 || (size_t)mac_size > sizeof(dbuf))
return FALSE;
len = compute_mac(dbuf, cmp_key->typen,
pkt_ptr, (u_int)pkt_size,
cmp_key->key_seq, (u_int)cmp_key->key_len);
pkt_ptr += pkt_size + 4;
if (len > (u_int)mac_size)
len = (u_int)mac_size;
/* isc_tsmemcmp will be better when its easy to link with. sntp
* is a 1-shot program, so snooping for timing attacks is
* Harder.
*/
return ((u_int)mac_size == len) && !memcmp(dbuf, pkt_ptr, len);
}
static int
@ -96,7 +215,7 @@ hex_val(
}
/* Load keys from the specified keyfile into the key structures.
* Returns -1 if the reading failed, otherwise it returns the
* Returns -1 if the reading failed, otherwise it returns the
* number of keys it read
*/
int
@ -105,12 +224,15 @@ auth_init(
struct key **keys
)
{
FILE *keyf = fopen(keyfile, "r");
FILE *keyf = fopen(keyfile, "r");
struct key *prev = NULL;
int scan_cnt, line_cnt = 0;
int scan_cnt, line_cnt = 1;
char kbuf[200];
char keystring[129];
/* HMS: Is it OK to do this later, after we know we have a key file? */
INIT_SSL();
if (keyf == NULL) {
if (debug)
printf("sntp auth_init: Couldn't open key file %s for reading!\n", keyfile);
@ -136,18 +258,19 @@ auth_init(
if (octothorpe)
*octothorpe = '\0';
act = emalloc(sizeof(*act));
scan_cnt = sscanf(kbuf, "%d %9s %128s", &act->key_id, act->type, keystring);
/* keep width 15 = sizeof struct key.typen - 1 synced */
scan_cnt = sscanf(kbuf, "%d %15s %128s",
&act->key_id, act->typen, keystring);
if (scan_cnt == 3) {
int len = strlen(keystring);
goodline = 1; /* assume best for now */
if (len <= 20) {
act->key_len = len;
memcpy(act->key_seq, keystring, len + 1);
goodline = 1;
} else if ((len & 1) != 0) {
goodline = 0; /* it's bad */
} else {
int j;
goodline = 1;
act->key_len = len >> 1;
for (j = 0; j < len; j+=2) {
int val;
@ -160,6 +283,13 @@ auth_init(
act->key_seq[j>>1] = (char)val;
}
}
act->typei = keytype_from_text(act->typen, NULL);
if (0 == act->typei) {
printf("%s: line %d: key %d, %s not supported - ignoring\n",
keyfile, line_cnt,
act->key_id, act->typen);
goodline = 0; /* it's bad */
}
}
if (goodline) {
act->next = NULL;
@ -170,19 +300,21 @@ auth_init(
prev = act;
key_cnt++;
} else {
msyslog(LOG_DEBUG, "auth_init: scanf %d items, skipping line %d.",
scan_cnt, line_cnt);
if (debug) {
printf("auth_init: scanf %d items, skipping line %d.",
scan_cnt, line_cnt);
}
free(act);
}
line_cnt++;
}
fclose(keyf);
key_ptr = *keys;
return key_cnt;
}
/* Looks for the key with keyid key_id and sets the d_key pointer to the
/* Looks for the key with keyid key_id and sets the d_key pointer to the
* address of the key. If no matching key is found the pointer is not touched.
*/
void

5
external/bsd/ntp/dist/sntp/crypto.h vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: crypto.h,v 1.5 2016/05/01 23:32:01 christos Exp $ */
/* $NetBSD: crypto.h,v 1.6 2018/04/07 00:19:53 christos Exp $ */
#ifndef CRYPTO_H
#define CRYPTO_H
@ -22,7 +22,8 @@ struct key {
struct key * next;
int key_id;
int key_len;
char type[10];
int typei;
char typen[20];
char key_seq[64];
};

34
external/bsd/ntp/dist/sntp/main.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: main.c,v 1.15 2016/05/01 23:32:01 christos Exp $ */
/* $NetBSD: main.c,v 1.16 2018/04/07 00:19:53 christos Exp $ */
#include <config.h>
@ -209,9 +209,8 @@ sntp_main (
*/
kod_init_kod_db(OPT_ARG(KOD), FALSE);
// HMS: Should we use arg-defalt for this too?
if (HAVE_OPT(KEYFILE))
auth_init(OPT_ARG(KEYFILE), &keys);
/* HMS: Check and see what happens if KEYFILE doesn't exist */
auth_init(OPT_ARG(KEYFILE), &keys);
/*
** Considering employing a variable that prevents functions of doing
@ -381,7 +380,6 @@ handle_lookup(
{
struct addrinfo hints; /* Local copy is OK */
struct dns_ctx *ctx;
long l;
char * name_copy;
size_t name_sz;
size_t octets;
@ -407,15 +405,19 @@ handle_lookup(
ctx->name = name_copy; // point to it...
ctx->flags = flags;
ctx->timeout = response_tv;
ctx->key = NULL;
/* The following should arguably be passed in... */
if (ENABLED_OPT(AUTHENTICATION) &&
atoint(OPT_ARG(AUTHENTICATION), &l)) {
ctx->key_id = l;
if (ENABLED_OPT(AUTHENTICATION)) {
ctx->key_id = OPT_VALUE_AUTHENTICATION;
get_key(ctx->key_id, &ctx->key);
if (NULL == ctx->key) {
fprintf(stderr, "%s: Authentication with keyID %d requested, but no matching keyID found in <%s>!\n",
progname, ctx->key_id, OPT_ARG(KEYFILE));
exit(1);
}
} else {
ctx->key_id = -1;
ctx->key = NULL;
}
++n_pending_dns;
@ -1134,13 +1136,21 @@ generate_pkt (
x_pkt->ppoll = 8;
/* FIXME! Modus broadcast + adr. check -> bdr. pkt */
set_li_vn_mode(x_pkt, LEAP_NOTINSYNC, ntpver, 3);
if (debug > 0) {
printf("generate_pkt: key_id %d, key pointer %p\n", key_id, pkt_key);
}
if (pkt_key != NULL) {
x_pkt->exten[0] = htonl(key_id);
mac_size = 20; /* max room for MAC */
mac_size = make_mac(x_pkt, pkt_len, mac_size,
mac_size = make_mac(x_pkt, pkt_len, MAX_MDG_LEN,
pkt_key, (char *)&x_pkt->exten[1]);
if (mac_size > 0)
pkt_len += mac_size + 4;
pkt_len += mac_size + KEY_MAC_LEN;
#ifdef DEBUG
if (debug > 0) {
printf("generate_pkt: mac_size is %d\n", mac_size);
}
#endif
}
return pkt_len;
}

10
external/bsd/ntp/dist/sntp/networking.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: networking.c,v 1.14 2016/05/01 23:32:01 christos Exp $ */
/* $NetBSD: networking.c,v 1.15 2018/04/07 00:19:53 christos Exp $ */
#include <config.h>
#include "networking.h"
@ -137,6 +137,8 @@ process_pkt (
func_name, pkt_len);
return PACKET_UNUSEABLE;
}
/* HMS: the following needs a bit of work */
/* Note: pkt_len must be a multiple of 4 at this point! */
packet_end = (void*)((char*)rpkt + pkt_len);
exten_end = skip_efields(rpkt->exten, packet_end);
@ -146,18 +148,20 @@ process_pkt (
func_name);
return PACKET_UNUSEABLE;
}
/* get size of MAC in cells; can be zero */
exten_len = (u_int)(packet_end - exten_end);
/* deduce action required from remaining length */
switch (exten_len) {
case 0: /* no MAC at all */
case 0: /* no Legacy MAC */
break;
case 1: /* crypto NAK */
/* Only if the keyID is 0 and there were no EFs */
key_id = ntohl(*exten_end);
printf("Crypto NAK = 0x%08x\n", key_id);
printf("Crypto NAK = 0x%08x from %s\n", key_id, stoa(sender));
break;
case 3: /* key ID + 3DES MAC -- unsupported! */

197
external/bsd/ntp/dist/sntp/sntp-opts.c vendored
View File

@ -1,9 +1,9 @@
/* $NetBSD: sntp-opts.c,v 1.11 2017/04/13 20:17:43 christos Exp $ */
/* $NetBSD: sntp-opts.c,v 1.12 2018/04/07 00:19:53 christos Exp $ */
/*
* EDIT THIS FILE WITH CAUTION (sntp-opts.c)
*
* It has been AutoGen-ed March 21, 2017 at 10:36:29 AM by AutoGen 5.18.5
* It has been AutoGen-ed February 27, 2018 at 10:25:32 AM by AutoGen 5.18.5
* From the definitions sntp-opts.def
* and the template file options
*
@ -71,8 +71,8 @@ extern FILE * option_usage_fp;
/**
* static const strings for sntp options
*/
static char const sntp_opt_strs[2552] =
/* 0 */ "sntp 4.2.8p10\n"
static char const sntp_opt_strs[2566] =
/* 0 */ "sntp 4.2.8p11\n"
"Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
@ -120,52 +120,53 @@ static char const sntp_opt_strs[2552] =
/* 1537 */ "Look in this file for the key specified with -a\0"
/* 1585 */ "KEYFILE\0"
/* 1593 */ "keyfile\0"
/* 1601 */ "Log to specified logfile\0"
/* 1626 */ "LOGFILE\0"
/* 1634 */ "logfile\0"
/* 1642 */ "Adjustments less than steplimit msec will be slewed\0"
/* 1694 */ "STEPLIMIT\0"
/* 1704 */ "steplimit\0"
/* 1714 */ "Send int as our NTP protocol version\0"
/* 1751 */ "NTPVERSION\0"
/* 1762 */ "ntpversion\0"
/* 1773 */ "Use the NTP Reserved Port (port 123)\0"
/* 1810 */ "USERESERVEDPORT\0"
/* 1826 */ "usereservedport\0"
/* 1842 */ "OK to 'step' the time with settimeofday(2)\0"
/* 1885 */ "STEP\0"
/* 1890 */ "step\0"
/* 1895 */ "OK to 'slew' the time with adjtime(2)\0"
/* 1933 */ "SLEW\0"
/* 1938 */ "slew\0"
/* 1943 */ "The number of seconds to wait for responses\0"
/* 1987 */ "TIMEOUT\0"
/* 1995 */ "timeout\0"
/* 2003 */ "Wait for pending replies (if not setting the time)\0"
/* 2054 */ "WAIT\0"
/* 2059 */ "no-wait\0"
/* 2067 */ "no\0"
/* 2070 */ "display extended usage information and exit\0"
/* 2114 */ "help\0"
/* 2119 */ "extended usage information passed thru pager\0"
/* 2164 */ "more-help\0"
/* 2174 */ "output version information and exit\0"
/* 2210 */ "version\0"
/* 2218 */ "save the option state to a config file\0"
/* 2257 */ "save-opts\0"
/* 2267 */ "load options from a config file\0"
/* 2299 */ "LOAD_OPTS\0"
/* 2309 */ "no-load-opts\0"
/* 2322 */ "SNTP\0"
/* 2327 */ "sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p10\n"
/* 1601 */ "/etc/ntp.keys\0"
/* 1615 */ "Log to specified logfile\0"
/* 1640 */ "LOGFILE\0"
/* 1648 */ "logfile\0"
/* 1656 */ "Adjustments less than steplimit msec will be slewed\0"
/* 1708 */ "STEPLIMIT\0"
/* 1718 */ "steplimit\0"
/* 1728 */ "Send int as our NTP protocol version\0"
/* 1765 */ "NTPVERSION\0"
/* 1776 */ "ntpversion\0"
/* 1787 */ "Use the NTP Reserved Port (port 123)\0"
/* 1824 */ "USERESERVEDPORT\0"
/* 1840 */ "usereservedport\0"
/* 1856 */ "OK to 'step' the time with settimeofday(2)\0"
/* 1899 */ "STEP\0"
/* 1904 */ "step\0"
/* 1909 */ "OK to 'slew' the time with adjtime(2)\0"
/* 1947 */ "SLEW\0"
/* 1952 */ "slew\0"
/* 1957 */ "The number of seconds to wait for responses\0"
/* 2001 */ "TIMEOUT\0"
/* 2009 */ "timeout\0"
/* 2017 */ "Wait for pending replies (if not setting the time)\0"
/* 2068 */ "WAIT\0"
/* 2073 */ "no-wait\0"
/* 2081 */ "no\0"
/* 2084 */ "display extended usage information and exit\0"
/* 2128 */ "help\0"
/* 2133 */ "extended usage information passed thru pager\0"
/* 2178 */ "more-help\0"
/* 2188 */ "output version information and exit\0"
/* 2224 */ "version\0"
/* 2232 */ "save the option state to a config file\0"
/* 2271 */ "save-opts\0"
/* 2281 */ "load options from a config file\0"
/* 2313 */ "LOAD_OPTS\0"
/* 2323 */ "no-load-opts\0"
/* 2336 */ "SNTP\0"
/* 2341 */ "sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p11\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n"
"\t\t[ hostname-or-IP ...]\n\0"
/* 2487 */ "$HOME\0"
/* 2493 */ ".\0"
/* 2495 */ ".ntprc\0"
/* 2502 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 2536 */ "\n\0"
/* 2538 */ "sntp 4.2.8p10";
/* 2501 */ "$HOME\0"
/* 2507 */ ".\0"
/* 2509 */ ".ntprc\0"
/* 2516 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 2550 */ "\n\0"
/* 2552 */ "sntp 4.2.8p11";
/**
* ipv4 option description with
@ -302,6 +303,8 @@ static int const aIpv6CantList[] = {
#define KEYFILE_NAME (sntp_opt_strs+1585)
/** Name string for the keyfile option */
#define KEYFILE_name (sntp_opt_strs+1593)
/** The compiled in default value for the keyfile option argument */
#define KEYFILE_DFT_ARG (sntp_opt_strs+1601)
/** Compiled in flag settings for the keyfile option */
#define KEYFILE_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_FILE))
@ -310,11 +313,11 @@ static int const aIpv6CantList[] = {
* logfile option description:
*/
/** Descriptive text for the logfile option */
#define LOGFILE_DESC (sntp_opt_strs+1601)
#define LOGFILE_DESC (sntp_opt_strs+1615)
/** Upper-cased name for the logfile option */
#define LOGFILE_NAME (sntp_opt_strs+1626)
#define LOGFILE_NAME (sntp_opt_strs+1640)
/** Name string for the logfile option */
#define LOGFILE_name (sntp_opt_strs+1634)
#define LOGFILE_name (sntp_opt_strs+1648)
/** Compiled in flag settings for the logfile option */
#define LOGFILE_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_FILE))
@ -323,11 +326,11 @@ static int const aIpv6CantList[] = {
* steplimit option description:
*/
/** Descriptive text for the steplimit option */
#define STEPLIMIT_DESC (sntp_opt_strs+1642)
#define STEPLIMIT_DESC (sntp_opt_strs+1656)
/** Upper-cased name for the steplimit option */
#define STEPLIMIT_NAME (sntp_opt_strs+1694)
#define STEPLIMIT_NAME (sntp_opt_strs+1708)
/** Name string for the steplimit option */
#define STEPLIMIT_name (sntp_opt_strs+1704)
#define STEPLIMIT_name (sntp_opt_strs+1718)
/** Compiled in flag settings for the steplimit option */
#define STEPLIMIT_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
@ -336,11 +339,11 @@ static int const aIpv6CantList[] = {
* ntpversion option description:
*/
/** Descriptive text for the ntpversion option */
#define NTPVERSION_DESC (sntp_opt_strs+1714)
#define NTPVERSION_DESC (sntp_opt_strs+1728)
/** Upper-cased name for the ntpversion option */
#define NTPVERSION_NAME (sntp_opt_strs+1751)
#define NTPVERSION_NAME (sntp_opt_strs+1765)
/** Name string for the ntpversion option */
#define NTPVERSION_name (sntp_opt_strs+1762)
#define NTPVERSION_name (sntp_opt_strs+1776)
/** The compiled in default value for the ntpversion option argument */
#define NTPVERSION_DFT_ARG ((char const*)4)
/** Compiled in flag settings for the ntpversion option */
@ -351,11 +354,11 @@ static int const aIpv6CantList[] = {
* usereservedport option description:
*/
/** Descriptive text for the usereservedport option */
#define USERESERVEDPORT_DESC (sntp_opt_strs+1773)
#define USERESERVEDPORT_DESC (sntp_opt_strs+1787)
/** Upper-cased name for the usereservedport option */
#define USERESERVEDPORT_NAME (sntp_opt_strs+1810)
#define USERESERVEDPORT_NAME (sntp_opt_strs+1824)
/** Name string for the usereservedport option */
#define USERESERVEDPORT_name (sntp_opt_strs+1826)
#define USERESERVEDPORT_name (sntp_opt_strs+1840)
/** Compiled in flag settings for the usereservedport option */
#define USERESERVEDPORT_FLAGS (OPTST_DISABLED)
@ -363,11 +366,11 @@ static int const aIpv6CantList[] = {
* step option description:
*/
/** Descriptive text for the step option */
#define STEP_DESC (sntp_opt_strs+1842)
#define STEP_DESC (sntp_opt_strs+1856)
/** Upper-cased name for the step option */
#define STEP_NAME (sntp_opt_strs+1885)
#define STEP_NAME (sntp_opt_strs+1899)
/** Name string for the step option */
#define STEP_name (sntp_opt_strs+1890)
#define STEP_name (sntp_opt_strs+1904)
/** Compiled in flag settings for the step option */
#define STEP_FLAGS (OPTST_DISABLED)
@ -375,11 +378,11 @@ static int const aIpv6CantList[] = {
* slew option description:
*/
/** Descriptive text for the slew option */
#define SLEW_DESC (sntp_opt_strs+1895)
#define SLEW_DESC (sntp_opt_strs+1909)
/** Upper-cased name for the slew option */
#define SLEW_NAME (sntp_opt_strs+1933)
#define SLEW_NAME (sntp_opt_strs+1947)
/** Name string for the slew option */
#define SLEW_name (sntp_opt_strs+1938)
#define SLEW_name (sntp_opt_strs+1952)
/** Compiled in flag settings for the slew option */
#define SLEW_FLAGS (OPTST_DISABLED)
@ -387,11 +390,11 @@ static int const aIpv6CantList[] = {
* timeout option description:
*/
/** Descriptive text for the timeout option */
#define TIMEOUT_DESC (sntp_opt_strs+1943)
#define TIMEOUT_DESC (sntp_opt_strs+1957)
/** Upper-cased name for the timeout option */
#define TIMEOUT_NAME (sntp_opt_strs+1987)
#define TIMEOUT_NAME (sntp_opt_strs+2001)
/** Name string for the timeout option */
#define TIMEOUT_name (sntp_opt_strs+1995)
#define TIMEOUT_name (sntp_opt_strs+2009)
/** The compiled in default value for the timeout option argument */
#define TIMEOUT_DFT_ARG ((char const*)5)
/** Compiled in flag settings for the timeout option */
@ -402,13 +405,13 @@ static int const aIpv6CantList[] = {
* wait option description:
*/
/** Descriptive text for the wait option */
#define WAIT_DESC (sntp_opt_strs+2003)
#define WAIT_DESC (sntp_opt_strs+2017)
/** Upper-cased name for the wait option */
#define WAIT_NAME (sntp_opt_strs+2054)
#define WAIT_NAME (sntp_opt_strs+2068)
/** disablement name for the wait option */
#define NOT_WAIT_name (sntp_opt_strs+2059)
#define NOT_WAIT_name (sntp_opt_strs+2073)
/** disablement prefix for the wait option */
#define NOT_WAIT_PFX (sntp_opt_strs+2067)
#define NOT_WAIT_PFX (sntp_opt_strs+2081)
/** Name string for the wait option */
#define WAIT_name (NOT_WAIT_name + 3)
/** Compiled in flag settings for the wait option */
@ -417,11 +420,11 @@ static int const aIpv6CantList[] = {
/*
* Help/More_Help/Version option descriptions:
*/
#define HELP_DESC (sntp_opt_strs+2070)
#define HELP_name (sntp_opt_strs+2114)
#define HELP_DESC (sntp_opt_strs+2084)
#define HELP_name (sntp_opt_strs+2128)
#ifdef HAVE_WORKING_FORK
#define MORE_HELP_DESC (sntp_opt_strs+2119)
#define MORE_HELP_name (sntp_opt_strs+2164)
#define MORE_HELP_DESC (sntp_opt_strs+2133)
#define MORE_HELP_name (sntp_opt_strs+2178)
#define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT)
#else
#define MORE_HELP_DESC HELP_DESC
@ -434,14 +437,14 @@ static int const aIpv6CantList[] = {
# define VER_FLAGS (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \
OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT)
#endif
#define VER_DESC (sntp_opt_strs+2174)
#define VER_name (sntp_opt_strs+2210)
#define SAVE_OPTS_DESC (sntp_opt_strs+2218)
#define SAVE_OPTS_name (sntp_opt_strs+2257)
#define LOAD_OPTS_DESC (sntp_opt_strs+2267)
#define LOAD_OPTS_NAME (sntp_opt_strs+2299)
#define NO_LOAD_OPTS_name (sntp_opt_strs+2309)
#define LOAD_OPTS_pfx (sntp_opt_strs+2067)
#define VER_DESC (sntp_opt_strs+2188)
#define VER_name (sntp_opt_strs+2224)
#define SAVE_OPTS_DESC (sntp_opt_strs+2232)
#define SAVE_OPTS_name (sntp_opt_strs+2271)
#define LOAD_OPTS_DESC (sntp_opt_strs+2281)
#define LOAD_OPTS_NAME (sntp_opt_strs+2313)
#define NO_LOAD_OPTS_name (sntp_opt_strs+2323)
#define LOAD_OPTS_pfx (sntp_opt_strs+2081)
#define LOAD_OPTS_name (NO_LOAD_OPTS_name + 3)
/**
* Declare option callback procedures
@ -576,7 +579,7 @@ static tOptDesc optDesc[OPTION_CT] = {
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ KEYFILE_FLAGS, 0,
/* last opt argumnt */ { NULL }, /* --keyfile */
/* last opt argumnt */ { KEYFILE_DFT_ARG },
/* arg list/cookie */ NULL,
/* must/cannot opts */ NULL, NULL,
/* option proc */ doOptKeyfile,
@ -747,24 +750,24 @@ static tOptDesc optDesc[OPTION_CT] = {
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
/** Reference to the upper cased version of sntp. */
#define zPROGNAME (sntp_opt_strs+2322)
#define zPROGNAME (sntp_opt_strs+2336)
/** Reference to the title line for sntp usage. */
#define zUsageTitle (sntp_opt_strs+2327)
#define zUsageTitle (sntp_opt_strs+2341)
/** sntp configuration file name. */
#define zRcName (sntp_opt_strs+2495)
#define zRcName (sntp_opt_strs+2509)
/** Directories to search for sntp config files. */
static char const * const apzHomeList[3] = {
sntp_opt_strs+2487,
sntp_opt_strs+2493,
sntp_opt_strs+2501,
sntp_opt_strs+2507,
NULL };
/** The sntp program bug email address. */
#define zBugsAddr (sntp_opt_strs+2502)
#define zBugsAddr (sntp_opt_strs+2516)
/** Clarification/explanation of what sntp does. */
#define zExplain (sntp_opt_strs+2536)
#define zExplain (sntp_opt_strs+2550)
/** Extra detail explaining what sntp does. */
#define zDetail (NULL)
/** The full version string for sntp. */
#define zFullVersion (sntp_opt_strs+2538)
#define zFullVersion (sntp_opt_strs+2552)
/* extracted from optcode.tlib near line 364 */
#if defined(ENABLE_NLS)
@ -1175,7 +1178,7 @@ static void bogus_function(void) {
translate option names.
*/
/* referenced via sntpOptions.pzCopyright */
puts(_("sntp 4.2.8p10\n\
puts(_("sntp 4.2.8p11\n\
Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\
@ -1265,7 +1268,7 @@ implied warranty.\n"));
puts(_("load options from a config file"));
/* referenced via sntpOptions.pzUsageTitle */
puts(_("sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p10\n\
puts(_("sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p11\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
\t\t[ hostname-or-IP ...]\n"));
@ -1273,7 +1276,7 @@ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
puts(_("\n"));
/* referenced via sntpOptions.pzFullVersion */
puts(_("sntp 4.2.8p10"));
puts(_("sntp 4.2.8p11"));
/* referenced via sntpOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>"));

8
external/bsd/ntp/dist/sntp/sntp-opts.h vendored
View File

@ -1,9 +1,9 @@
/* $NetBSD: sntp-opts.h,v 1.10 2017/04/13 20:17:43 christos Exp $ */
/* $NetBSD: sntp-opts.h,v 1.11 2018/04/07 00:19:53 christos Exp $ */
/*
* EDIT THIS FILE WITH CAUTION (sntp-opts.h)
*
* It has been AutoGen-ed March 21, 2017 at 10:36:28 AM by AutoGen 5.18.5
* It has been AutoGen-ed February 27, 2018 at 10:25:31 AM by AutoGen 5.18.5
* From the definitions sntp-opts.def
* and the template file options
*
@ -93,9 +93,9 @@ typedef enum {
/** count of all options for sntp */
#define OPTION_CT 23
/** sntp version */
#define SNTP_VERSION "4.2.8p10"
#define SNTP_VERSION "4.2.8p11"
/** Full sntp version text */
#define SNTP_FULL_VERSION "sntp 4.2.8p10"
#define SNTP_FULL_VERSION "sntp 4.2.8p11"
/**
* Interface defines for all options. Replace "n" with the UPPER_CASED

2
external/bsd/ntp/dist/sntp/tests/crypto.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: crypto.c,v 1.1.1.7 2018/04/07 00:15:53 christos Exp $ */
/* $NetBSD: crypto.c,v 1.2 2018/04/07 00:19:53 christos Exp $ */
#include "config.h"
#include "unity.h"

2
external/bsd/ntp/dist/sntp/tests/keyFile.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: keyFile.c,v 1.1.1.7 2018/04/07 00:15:53 christos Exp $ */
/* $NetBSD: keyFile.c,v 1.2 2018/04/07 00:19:53 christos Exp $ */
#include "config.h"
#include "fileHandlingTest.h"

2
external/bsd/ntp/dist/sntp/tests/packetHandling.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: packetHandling.c,v 1.1.1.7 2018/04/07 00:15:53 christos Exp $ */
/* $NetBSD: packetHandling.c,v 1.2 2018/04/07 00:19:53 christos Exp $ */
#include "config.h"
#include "ntp_debug.h"

2
external/bsd/ntp/dist/sntp/tests/packetProcessing.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: packetProcessing.c,v 1.1.1.8 2018/04/07 00:15:53 christos Exp $ */
/* $NetBSD: packetProcessing.c,v 1.2 2018/04/07 00:19:53 christos Exp $ */
#include "config.h"

2
external/bsd/ntp/dist/sntp/tests/run-crypto.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-crypto.c,v 1.1.1.6 2018/04/07 00:15:53 christos Exp $ */
/* $NetBSD: run-crypto.c,v 1.2 2018/04/07 00:19:53 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/sntp/tests/run-keyFile.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-keyFile.c,v 1.1.1.6 2018/04/07 00:15:53 christos Exp $ */
/* $NetBSD: run-keyFile.c,v 1.2 2018/04/07 00:19:53 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/sntp/tests/run-kodDatabase.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-kodDatabase.c,v 1.1.1.6 2018/04/07 00:15:53 christos Exp $ */
/* $NetBSD: run-kodDatabase.c,v 1.2 2018/04/07 00:19:53 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/sntp/tests/run-kodFile.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-kodFile.c,v 1.1.1.6 2018/04/07 00:15:53 christos Exp $ */
/* $NetBSD: run-kodFile.c,v 1.2 2018/04/07 00:19:53 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/sntp/tests/run-networking.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-networking.c,v 1.1.1.6 2018/04/07 00:15:53 christos Exp $ */
/* $NetBSD: run-networking.c,v 1.2 2018/04/07 00:19:53 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/sntp/tests/run-packetHandling.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-packetHandling.c,v 1.1.1.6 2018/04/07 00:15:53 christos Exp $ */
/* $NetBSD: run-packetHandling.c,v 1.2 2018/04/07 00:19:53 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/sntp/tests/run-packetProcessing.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-packetProcessing.c,v 1.1.1.8 2018/04/07 00:15:53 christos Exp $ */
/* $NetBSD: run-packetProcessing.c,v 1.2 2018/04/07 00:19:53 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/sntp/tests/run-t-log.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-t-log.c,v 1.1.1.4 2018/04/07 00:15:53 christos Exp $ */
/* $NetBSD: run-t-log.c,v 1.2 2018/04/07 00:19:53 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/sntp/tests/run-utilities.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-utilities.c,v 1.1.1.6 2018/04/07 00:15:53 christos Exp $ */
/* $NetBSD: run-utilities.c,v 1.2 2018/04/07 00:19:53 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

4
external/bsd/ntp/dist/sntp/utilities.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: utilities.c,v 1.4 2016/01/08 21:35:40 christos Exp $ */
/* $NetBSD: utilities.c,v 1.5 2018/04/07 00:19:53 christos Exp $ */
#include <config.h>
#include "utilities.h"
@ -25,7 +25,7 @@ pkt_output (
if (a > 0 && a % 8 == 0)
fprintf(output, "\n");
fprintf(output, "%d: %x \t", a, pkt[a]);
fprintf(output, "%3d: %02x ", a, pkt[a]);
}
fprintf(output, "\n");

2
external/bsd/ntp/dist/sntp/version.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: version.c,v 1.1.1.10 2018/04/07 00:15:52 christos Exp $ */
/* $NetBSD: version.c,v 1.2 2018/04/07 00:19:53 christos Exp $ */
/*
* version file for sntp

2
external/bsd/ntp/dist/tests/bug-2803/run-bug-2803.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-bug-2803.c,v 1.1.1.6 2018/04/07 00:15:56 christos Exp $ */
/* $NetBSD: run-bug-2803.c,v 1.2 2018/04/07 00:19:53 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/a_md5encrypt.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: a_md5encrypt.c,v 1.1.1.7 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: a_md5encrypt.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
#include "config.h"
#include "unity.h"

2
external/bsd/ntp/dist/tests/libntp/authkeys.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: authkeys.c,v 1.1.1.7 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: authkeys.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* This file contains test for both libntp/authkeys.c and libntp/authusekey.c */

2
external/bsd/ntp/dist/tests/libntp/run-a_md5encrypt.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-a_md5encrypt.c,v 1.1.1.6 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-a_md5encrypt.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/run-atoint.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-atoint.c,v 1.1.1.6 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-atoint.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/run-atouint.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-atouint.c,v 1.1.1.6 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-atouint.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/run-authkeys.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-authkeys.c,v 1.1.1.7 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-authkeys.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/run-buftvtots.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-buftvtots.c,v 1.1.1.6 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-buftvtots.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/run-calendar.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-calendar.c,v 1.1.1.7 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-calendar.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/run-caljulian.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-caljulian.c,v 1.1.1.6 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-caljulian.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/run-caltontp.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-caltontp.c,v 1.1.1.6 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-caltontp.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/run-calyearstart.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-calyearstart.c,v 1.1.1.6 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-calyearstart.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/run-clocktime.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-clocktime.c,v 1.1.1.6 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-clocktime.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/run-decodenetnum.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-decodenetnum.c,v 1.1.1.7 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-decodenetnum.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/run-hextoint.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-hextoint.c,v 1.1.1.6 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-hextoint.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/run-hextolfp.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-hextolfp.c,v 1.1.1.6 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-hextolfp.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/run-humandate.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-humandate.c,v 1.1.1.6 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-humandate.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/run-lfpfunc.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-lfpfunc.c,v 1.1.1.7 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-lfpfunc.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/run-lfptostr.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-lfptostr.c,v 1.1.1.6 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-lfptostr.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/run-modetoa.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-modetoa.c,v 1.1.1.6 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-modetoa.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/run-msyslog.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-msyslog.c,v 1.1.1.6 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-msyslog.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/run-netof.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-netof.c,v 1.1.1.6 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-netof.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/run-numtoa.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-numtoa.c,v 1.1.1.6 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-numtoa.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/run-numtohost.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-numtohost.c,v 1.1.1.6 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-numtohost.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

2
external/bsd/ntp/dist/tests/libntp/run-octtoint.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: run-octtoint.c,v 1.1.1.6 2018/04/07 00:15:57 christos Exp $ */
/* $NetBSD: run-octtoint.c,v 1.2 2018/04/07 00:19:54 christos Exp $ */
/* AUTOGENERATED FILE. DO NOT EDIT. */

Some files were not shown because too many files have changed in this diff Show More