opensourcemirror
/
opnsense-src
mirror of https://github.com/opnsense/src.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Update ntpd to 4.2.8p13 to fix authenticated denial of service. 

Approved by:	so
Security:	FreeBSD-SA-19:04.ntp
Security:	CVE-2019-8936
This commit is contained in:
gordon 2019-05-14 23:06:26 +00:00 committed by Franco Fichtner
parent f310f61784
commit 2a6360fafe
251 changed files with 20618 additions and 9485 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
contrib/ntp/COPYRIGHT
View File

@ -1,16 +1,15 @@
This file is automatically generated from html/copyright.html
Copyright Notice
jpg "Clone me," says Dolly sheepishly.
Last update: 2-Jan-2017 11:58 UTC
_________________________________________________________________
The following copyright notice applies to all files collectively
called the Network Time Protocol Version 4 Distribution. Unless
specifically declared otherwise in an individual file, this entire
notice applies as if the text was explicitly included in the file.
__________________________________________________________________
The following copyright notice applies to all files collectively called
the Network Time Protocol Version 4 Distribution. Unless specifically
declared otherwise in an individual file, this entire notice applies as
if the text was explicitly included in the file.
***********************************************************************
* *
* Copyright (c) University of Delaware 1992-2015 *
@ -62,13 +61,13 @@ This file is automatically generated from html/copyright.html
***********************************************************************
The following individuals contributed in part to the Network Time
Protocol Distribution Version 4 and are acknowledged as authors of
this work.
Protocol Distribution Version 4 and are acknowledged as authors of this
work.
1. [1]Takao Abe <takao_abe@xurb.jp> Clock driver for JJY receivers
2. [2]Mark Andrews <mark_andrews@isc.org> Leitch atomic clock
controller
3. [3]Bernd Altmeier <altmeier@atlsoft.de> hopf Elektronik serial
line and PCI-bus devices
3. [3]Bernd Altmeier <altmeier@atlsoft.de> hopf Elektronik serial line
and PCI-bus devices
4. [4]Viraj Bais <vbais@mailman1.intel.com> and [5]Clayton Kirkwood
<kirkwood@striderfm.intel.com> port to WindowsNT 3.5
5. [6]Michael Barone <michael,barone@lmco.com> GPSVME fixes
@ -84,13 +83,12 @@ This file is automatically generated from html/copyright.html
<Jean-Francois.Boudreault@viagenie.qc.ca> IPv6 support
12. [13]Reg Clemens <reg@dwf.com> Oncore driver (Current maintainer)
13. [14]Steve Clift <clift@ml.csiro.au> OMEGA clock driver
14. [15]Casey Crellin <casey@csc.co.za> vxWorks (Tornado) port and
help with target configuration
14. [15]Casey Crellin <casey@csc.co.za> vxWorks (Tornado) port and help
with target configuration
15. [16]Sven Dietrich <sven_dietrich@trimble.com> Palisade reference
clock driver, NT adj. residuals, integrated Greg's Winnt port.
16. [17]John A. Dundas III <dundas@salt.jpl.nasa.gov> Apple A/UX port
17. [18]Torsten Duwe <duwe@immd4.informatik.uni-erlangen.de> Linux
port
17. [18]Torsten Duwe <duwe@immd4.informatik.uni-erlangen.de> Linux port
18. [19]Dennis Ferguson <dennis@mrbill.canet.ca> foundation code for
NTP Version 2 as specified in RFC-1119
19. [20]John Hay <jhay@icomtek.csir.co.za> IPv6 support and testing
@ -122,9 +120,8 @@ This file is automatically generated from html/copyright.html
code for Version 3 as specified in RFC-1305
36. [39]Danny Mayer <mayer@ntp.org>Network I/O, Windows Port, Code
Maintenance
37. [40]David L. Mills <mills@udel.edu> Version 4 foundation,
precision kernel; clock drivers: 1, 3, 4, 6, 7, 11, 13, 18, 19,
22, 36
37. [40]David L. Mills <mills@udel.edu> Version 4 foundation, precision
kernel; clock drivers: 1, 3, 4, 6, 7, 11, 13, 18, 19, 22, 36
38. [41]Wolfgang Moeller <moeller@gwdgv1.dnet.gwdg.de> VMS port
39. [42]Jeffrey Mogul <mogul@pa.dec.com> ntptrace utility
40. [43]Tom Moore <tmoore@fievel.daytonoh.ncr.com> i386 svr4 port
@ -136,22 +133,18 @@ This file is automatically generated from html/copyright.html
44. [48]Rainer Pruy <Rainer.Pruy@informatik.uni-erlangen.de>
monitoring/trap scripts, statistics file handling
45. [49]Dirce Richards <dirce@zk3.dec.com> Digital UNIX V4.0 port
46. [50]Wilfredo Sánchez <wsanchez@apple.com> added support for
NetInfo
46. [50]Wilfredo Sánchez <wsanchez@apple.com> added support for NetInfo
47. [51]Nick Sayer <mrapple@quack.kfu.com> SunOS streams modules
48. [52]Jack Sasportas <jack@innovativeinternet.com> Saved a Lot of
space on the stuff in the html/pic/ subdirectory
49. [53]Ray Schnitzler <schnitz@unipress.com> Unixware1 port
50. [54]Michael Shields <shields@tembel.org> USNO clock driver
51. [55]Jeff Steinman <jss@pebbles.jpl.nasa.gov> Datum PTS clock
driver
51. [55]Jeff Steinman <jss@pebbles.jpl.nasa.gov> Datum PTS clock driver
52. [56]Harlan Stenn <harlan@pfcs.com> GNU automake/autoconfigure
makeover, various other bits (see the ChangeLog)
53. [57]Kenneth Stone <ken@sdd.hp.com> HP-UX port
54. [58]Ajit Thyagarajan <ajit@ee.udel.edu>IP multicast/anycast
support
55. [59]Tomoaki TSURUOKA <tsuruoka@nc.fukuoka-u.ac.jp>TRAK clock
driver
54. [58]Ajit Thyagarajan <ajit@ee.udel.edu>IP multicast/anycast support
55. [59]Tomoaki TSURUOKA <tsuruoka@nc.fukuoka-u.ac.jp>TRAK clock driver
56. [60]Brian Utterback <brian.utterback@oracle.com> General codebase,
Solaris issues
57. [61]Loganaden Velvindron <loganaden@gmail.com> Sandboxing
@ -160,7 +153,7 @@ This file is automatically generated from html/copyright.html
TrueTime clock driver
59. [63]Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> corrected and
validated HTML documents according to the HTML DTD
_________________________________________________________________
__________________________________________________________________
References

117
contrib/ntp/ChangeLog
View File

@ -1,4 +1,113 @@
---
(4.2.8p13) 2019/03/07 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 3565] Crafted null dereference attack in authenticated
mode 6 packet <perlinger@ntp.org>
- reported by Magnus Stubman
* [Bug 3560] Fix build when HAVE_DROPROOT is not defined <perlinger@ntp.org>
- applied patch by Ian Lepore
* [Bug 3558] Crash and integer size bug <perlinger@ntp.org>
- isolate and fix linux/windows specific code issue
* [Bug 3556] ntp_loopfilter.c snprintf compilation warnings <perlinger@ntp.org>
- provide better function for incremental string formatting
* [Bug 3555] Tidy up print alignment of debug output from ntpdate <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3554] config revoke stores incorrect value <perlinger@ntp.org>
- original finding by Gerry Garvey, additional cleanup needed
* [Bug 3549] Spurious initgroups() error message <perlinger@ntp.org>
- patch by Christous Zoulas
* [Bug 3548] Signature not verified on windows system <perlinger@ntp.org>
- finding by Chen Jiabin, plus another one by me
* [Bug 3541] patch to fix STA_NANO struct timex units <perlinger@ntp.org>
- applied patch by Maciej Szmigiero
* [Bug 3540] Cannot set minsane to 0 anymore <perlinger@ntp.org>
- applied patch by Andre Charbonneau
* [Bug 3539] work_fork build fails when droproot is not supported <perlinger@ntp.org>
- applied patch by Baruch Siach
* [Bug 3538] Build fails for no-MMU targets <perlinger@ntp.org>
- applied patch by Baruch Siach
* [Bug 3535] libparse won't handle GPS week rollover <perlinger@ntp.org>
- refactored handling of GPS era based on 'tos basedate' for
parse (TSIP) and JUPITER clocks
* [Bug 3529] Build failures on Mac OS X 10.13 (High Sierra) <perlinger@ntp.org>
- patch by Daniel J. Luke; this does not fix a potential linker
regression issue on MacOS.
* [Bug 3527 - Backward Incompatible] mode7 clockinfo fudgeval2 packet
anomaly <perlinger@ntp.org>, reported by GGarvey.
- --enable-bug3527-fix support by HStenn
* [Bug 3526] Incorrect poll interval in packet <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3471] Check for openssl/[ch]mac.h. <perlinger@ntp.org>
- added missing check, reported by Reinhard Max <perlinger@ntp.org>
* [Bug 1674] runtime crashes and sync problems affecting both x86 and x86_64
- this is a variant of [bug 3558] and should be fixed with it
* Implement --disable-signalled-io
---
(4.2.8p12) 2018/08/14 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 3505] CVE-2018-12327 - Arbitrary Code Execution Vulnerability
- fixed stack buffer overflow in the openhost() command-line call
of NTPQ/NTPDC <perlinger@ntp.org>
* [Sec 3012] noepeer tweaks. <stenn@ntp.org>
* [Bug 3521] Fix a logic bug in the INVALIDNAK checks. <stenn@ntp.org>
* [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
other TrustedBSD platforms
- applied patch by Ian Lepore <perlinger@ntp.org>
* [Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org>
- changed interaction with SCM to signal pending startup
* [Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3484] ntpq response from ntpd is incorrect when REFID is null <perlinger@ntp.org>
- rework of ntpq 'nextvar()' key/value parsing
* [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods)
* [Bug 3480] Refclock sample filter not cleared on clock STEP <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3479] ctl_putrefid() allows unsafe characters through to ntpq <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods)
* [Bug 3476]ctl_putstr() sends empty unquoted string [...] <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though
* [Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3474] Missing pmode in mode7 peer info response <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3471] Check for openssl/[ch]mac.h. HStenn.
- add #define ENABLE_CMAC support in configure. HStenn.
* [Bug 3470] ntpd4.2.8p11 fails to compile without OpenSSL <perlinger@ntp.org>
* [Bug 3469] Incomplete string compare [...] in is_refclk_addr <perlinger@ntp.org>
- patch by Stephen Friedl
* [Bug 3467] Potential memory fault in ntpq [...] <perlinger@ntp.org>
- fixed IO redirection and CTRL-C handling in ntq and ntpdc
* [Bug 3465] Default TTL values cannot be used <perlinger@ntp.org>
* [Bug 3461] refclock_shm.c: clear error status on clock recovery <perlinger@ntp.org>
- initial patch by Hal Murray; also fixed refclock_report() trouble
* [Bug 3460] Fix typo in ntpq.texi, reported by Kenyon Ralph. <stenn@ntp.org>
* [Bug 3456] Use uintptr_t rather than size_t to store an integer in a pointer
- According to Brooks Davis, there was only one location <perlinger@ntp.org>
* [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3445] Symmetric peer won't sync on startup <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3442] Fixes for ntpdate as suggested by Gerry Garvey,
with modifications
New macro REFID_ISTEXT() which is also used in ntpd/ntp_control.c.
* [Bug 3434] ntpd clears STA_UNSYNC on start <perlinger@ntp.org>
- applied patch by Miroslav Lichvar
* [Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov.
* [Bug 3121] Drop root privileges for the forked DNS worker <perlinger@ntp.org>
- integrated patch by Reinhard Max
* [Bug 2821] minor build issues <perlinger@ntp.org>
- applied patches by Christos Zoulas, including real bug fixes
* html/authopt.html: cleanup, from <stenn@ntp.org>
* ntpd/ntpd.c: DROPROOT cleanup. <stenn@ntp.org>
* Symmetric key range is 1-65535. Update docs. <stenn@ntp.org>
* html/authentic.html: cleanup, from <stenn@ntp.org>
---
(4.2.8p11) 2018/02/27 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 3454] Unauthenticated packet can reset authenticated interleave
associations. HStenn.
@ -14,16 +123,16 @@
- applied patch by Sean Haugh
* [Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org>
* [Bug 3450] Dubious error messages from plausibility checks in get_systime()
- removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
- removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
* [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org>
- refactoring the MAC code, too
* [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org
* [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger@ntp.org>
- applied patch by ggarvey
- applied patch by ggarvey
* [Bug 3438] Negative values and values > 999 days in... <perlinger@ntp.org>
- applied patch by ggarvey (with minor mods)
- applied patch by ggarvey (with minor mods)
* [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain
- applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
- applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
* [Bug 3435] anchor NTP era alignment <perlinger@ntp.org>
* [Bug 3433] sntp crashes when run with -a. <stenn@ntp.org>
* [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2"

7760
contrib/ntp/CommitLog
View File

File diff suppressed because it is too large Load Diff

12
contrib/ntp/Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -830,7 +830,7 @@ distdir: $(DISTFILES)
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
|| chmod -R a+r "$(distdir)"
dist-gzip: distdir
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz
$(am__post_remove_distdir)
dist-bzip2: distdir
@ -856,7 +856,7 @@ dist-shar: distdir
@echo WARNING: "Support for shar distribution archives is" \
"deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz
$(am__post_remove_distdir)
dist-zip: distdir
@ -874,7 +874,7 @@ dist dist-all:
distcheck: dist
case '$(DIST_ARCHIVES)' in \
*.tar.gz*) \
GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\
*.tar.bz2*) \
bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
*.tar.lz*) \
@ -884,7 +884,7 @@ distcheck: dist
*.tar.Z*) \
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
*.shar.gz*) \
GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
*.zip*) \
unzip $(distdir).zip ;;\
esac

127
contrib/ntp/NEWS
View File

@ -1,8 +1,131 @@
---
NTP 4.2.8p13 (Harlan Stenn <stenn@ntp.org>, 2019 Mar 07)
Focus: Security, Bug fixes, enhancements.
Severity: MEDIUM
This release fixes a bug that allows an attacker with access to an
explicitly trusted source to send a crafted malicious mode 6 (ntpq)
packet that can trigger a NULL pointer dereference, crashing ntpd.
It also provides 17 other bugfixes and 1 other improvement:
* [Sec 3565] Crafted null dereference attack in authenticated
mode 6 packet <perlinger@ntp.org>
- reported by Magnus Stubman
* [Bug 3560] Fix build when HAVE_DROPROOT is not defined <perlinger@ntp.org>
- applied patch by Ian Lepore
* [Bug 3558] Crash and integer size bug <perlinger@ntp.org>
- isolate and fix linux/windows specific code issue
* [Bug 3556] ntp_loopfilter.c snprintf compilation warnings <perlinger@ntp.org>
- provide better function for incremental string formatting
* [Bug 3555] Tidy up print alignment of debug output from ntpdate <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3554] config revoke stores incorrect value <perlinger@ntp.org>
- original finding by Gerry Garvey, additional cleanup needed
* [Bug 3549] Spurious initgroups() error message <perlinger@ntp.org>
- patch by Christous Zoulas
* [Bug 3548] Signature not verified on windows system <perlinger@ntp.org>
- finding by Chen Jiabin, plus another one by me
* [Bug 3541] patch to fix STA_NANO struct timex units <perlinger@ntp.org>
- applied patch by Maciej Szmigiero
* [Bug 3540] Cannot set minsane to 0 anymore <perlinger@ntp.org>
- applied patch by Andre Charbonneau
* [Bug 3539] work_fork build fails when droproot is not supported <perlinger@ntp.org>
- applied patch by Baruch Siach
* [Bug 3538] Build fails for no-MMU targets <perlinger@ntp.org>
- applied patch by Baruch Siach
* [Bug 3535] libparse won't handle GPS week rollover <perlinger@ntp.org>
- refactored handling of GPS era based on 'tos basedate' for
parse (TSIP) and JUPITER clocks
* [Bug 3529] Build failures on Mac OS X 10.13 (High Sierra) <perlinger@ntp.org>
- patch by Daniel J. Luke; this does not fix a potential linker
regression issue on MacOS.
* [Bug 3527 - Backward Incompatible] mode7 clockinfo fudgeval2 packet
anomaly <perlinger@ntp.org>, reported by GGarvey.
- --enable-bug3527-fix support by HStenn
* [Bug 3526] Incorrect poll interval in packet <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3471] Check for openssl/[ch]mac.h. <perlinger@ntp.org>
- added missing check, reported by Reinhard Max <perlinger@ntp.org>
* [Bug 1674] runtime crashes and sync problems affecting both x86 and x86_64
- this is a variant of [bug 3558] and should be fixed with it
* Implement 'configure --disable-signalled-io'
--
NTP 4.2.8p12 (Harlan Stenn <stenn@ntp.org>, 2018/14/09)
Focus: Security, Bug fixes, enhancements.
Severity: MEDIUM
This release fixes a "hole" in the noepeer capability introduced to ntpd
in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by
ntpq and ntpdc. It also provides 26 other bugfixes, and 4 other improvements:
* [Sec 3505] Buffer overflow in the openhost() call of ntpq and ntpdc.
* [Sec 3012] Fix a hole in the new "noepeer" processing.
* Bug Fixes:
[Bug 3521] Fix a logic bug in the INVALIDNAK checks. <stenn@ntp.org>
[Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
other TrustedBSD platforms
- applied patch by Ian Lepore <perlinger@ntp.org>
[Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org>
- changed interaction with SCM to signal pending startup
[Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org>
- applied patch by Gerry Garvey
[Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org>
- applied patch by Gerry Garvey
[Bug 3484] ntpq response from ntpd is incorrect when REFID is null <perlinger@ntp.org>
- rework of ntpq 'nextvar()' key/value parsing
[Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods)
[Bug 3480] Refclock sample filter not cleared on clock STEP <perlinger@ntp.org>
- applied patch by Gerry Garvey
[Bug 3479] ctl_putrefid() allows unsafe characters through to ntpq <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods)
[Bug 3476]ctl_putstr() sends empty unquoted string [...] <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though
[Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org>
- applied patch by Gerry Garvey
[Bug 3474] Missing pmode in mode7 peer info response <perlinger@ntp.org>
- applied patch by Gerry Garvey
[Bug 3471] Check for openssl/[ch]mac.h. HStenn.
- add #define ENABLE_CMAC support in configure. HStenn.
[Bug 3470] ntpd4.2.8p11 fails to compile without OpenSSL <perlinger@ntp.org>
[Bug 3469] Incomplete string compare [...] in is_refclk_addr <perlinger@ntp.org>
- patch by Stephen Friedl
[Bug 3467] Potential memory fault in ntpq [...] <perlinger@ntp.org>
- fixed IO redirection and CTRL-C handling in ntq and ntpdc
[Bug 3465] Default TTL values cannot be used <perlinger@ntp.org>
[Bug 3461] refclock_shm.c: clear error status on clock recovery <perlinger@ntp.org>
- initial patch by Hal Murray; also fixed refclock_report() trouble
[Bug 3460] Fix typo in ntpq.texi, reported by Kenyon Ralph. <stenn@ntp.org>
[Bug 3456] Use uintptr_t rather than size_t to store an integer in a pointer
- According to Brooks Davis, there was only one location <perlinger@ntp.org>
[Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
- applied patch by Gerry Garvey
[Bug 3445] Symmetric peer won't sync on startup <perlinger@ntp.org>
- applied patch by Gerry Garvey
[Bug 3442] Fixes for ntpdate as suggested by Gerry Garvey,
with modifications
New macro REFID_ISTEXT() which is also used in ntpd/ntp_control.c.
[Bug 3434] ntpd clears STA_UNSYNC on start <perlinger@ntp.org>
- applied patch by Miroslav Lichvar
[Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov.
[Bug 3121] Drop root privileges for the forked DNS worker <perlinger@ntp.org>
- integrated patch by Reinhard Max
[Bug 2821] minor build issues <perlinger@ntp.org>
- applied patches by Christos Zoulas, including real bug fixes
html/authopt.html: cleanup, from <stenn@ntp.org>
ntpd/ntpd.c: DROPROOT cleanup. <stenn@ntp.org>
Symmetric key range is 1-65535. Update docs. <stenn@ntp.org>
--
NTP 4.2.8p11 (Harlan Stenn <stenn@ntp.org>, 2018/02/27)
NOTE: this NEWS file will be undergoing more revisions.
Focus: Security, Bug fixes, enhancements.
Severity: MEDIUM

265
contrib/ntp/aclocal.m4 vendored
View File

@ -1,6 +1,6 @@
# generated automatically by aclocal 1.15 -*- Autoconf -*-
# generated automatically by aclocal 1.15.1 -*- Autoconf -*-
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Copyright (C) 1996-2017 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -20,126 +20,121 @@ You have another version of autoconf. It may work, but is not guaranteed to.
If you have problems, you may need to regenerate the build system entirely.
To do so, use the procedure documented by the package, typically 'autoreconf'.])])
# serial 9 -*- Autoconf -*-
# Enable extensions on systems that normally disable them.
# longlong.m4 serial 17
dnl Copyright (C) 1999-2007, 2009-2016 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
# Copyright (C) 2003, 2006-2010 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
dnl From Paul Eggert.
# This definition of AC_USE_SYSTEM_EXTENSIONS is stolen from CVS
# Autoconf. Perhaps we can remove this once we can assume Autoconf
# 2.62 or later everywhere, but since CVS Autoconf mutates rapidly
# enough in this area it's likely we'll need to redefine
# AC_USE_SYSTEM_EXTENSIONS for quite some time.
# Define HAVE_LONG_LONG_INT if 'long long int' works.
# This fixes a bug in Autoconf 2.61, and can be faster
# than what's in Autoconf 2.62 through 2.68.
# If autoconf reports a warning
# warning: AC_COMPILE_IFELSE was called before AC_USE_SYSTEM_EXTENSIONS
# or warning: AC_RUN_IFELSE was called before AC_USE_SYSTEM_EXTENSIONS
# the fix is
# 1) to ensure that AC_USE_SYSTEM_EXTENSIONS is never directly invoked
# but always AC_REQUIREd,
# 2) to ensure that for each occurrence of
# AC_REQUIRE([AC_USE_SYSTEM_EXTENSIONS])
# or
# AC_REQUIRE([gl_USE_SYSTEM_EXTENSIONS])
# the corresponding gnulib module description has 'extensions' among
# its dependencies. This will ensure that the gl_USE_SYSTEM_EXTENSIONS
# invocation occurs in gl_EARLY, not in gl_INIT.
# Note: If the type 'long long int' exists but is only 32 bits large
# (as on some very old compilers), HAVE_LONG_LONG_INT will not be
# defined. In this case you can treat 'long long int' like 'long int'.
# AC_USE_SYSTEM_EXTENSIONS
# ------------------------
# Enable extensions on systems that normally disable them,
# typically due to standards-conformance issues.
# Remember that #undef in AH_VERBATIM gets replaced with #define by
# AC_DEFINE. The goal here is to define all known feature-enabling
# macros, then, if reports of conflicts are made, disable macros that
# cause problems on some platforms (such as __EXTENSIONS__).
AC_DEFUN_ONCE([AC_USE_SYSTEM_EXTENSIONS],
[AC_BEFORE([$0], [AC_COMPILE_IFELSE])dnl
AC_BEFORE([$0], [AC_RUN_IFELSE])dnl
AC_REQUIRE([AC_CANONICAL_HOST])
AC_CHECK_HEADER([minix/config.h], [MINIX=yes], [MINIX=])
if test "$MINIX" = yes; then
AC_DEFINE([_POSIX_SOURCE], [1],
[Define to 1 if you need to in order for `stat' and other
things to work.])
AC_DEFINE([_POSIX_1_SOURCE], [2],
[Define to 2 if the system does not provide POSIX.1 features
except with this defined.])
AC_DEFINE([_MINIX], [1],
[Define to 1 if on MINIX.])
fi
dnl HP-UX 11.11 defines mbstate_t only if _XOPEN_SOURCE is defined to 500,
dnl regardless of whether the flags -Ae or _D_HPUX_SOURCE=1 are already
dnl provided.
case "$host_os" in
hpux*)
AC_DEFINE([_XOPEN_SOURCE], [500],
[Define to 500 only on HP-UX.])
;;
esac
AH_VERBATIM([__EXTENSIONS__],
[/* Enable extensions on AIX 3, Interix. */
#ifndef _ALL_SOURCE
# undef _ALL_SOURCE
#endif
/* Enable GNU extensions on systems that have them. */
#ifndef _GNU_SOURCE
# undef _GNU_SOURCE
#endif
/* Enable threading extensions on Solaris. */
#ifndef _POSIX_PTHREAD_SEMANTICS
# undef _POSIX_PTHREAD_SEMANTICS
#endif
/* Enable extensions on HP NonStop. */
#ifndef _TANDEM_SOURCE
# undef _TANDEM_SOURCE
#endif
/* Enable general extensions on Solaris. */
#ifndef __EXTENSIONS__
# undef __EXTENSIONS__
#endif
])
AC_CACHE_CHECK([whether it is safe to define __EXTENSIONS__],
[ac_cv_safe_to_define___extensions__],
[AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM([[
# define __EXTENSIONS__ 1
]AC_INCLUDES_DEFAULT])],
[ac_cv_safe_to_define___extensions__=yes],
[ac_cv_safe_to_define___extensions__=no])])
test $ac_cv_safe_to_define___extensions__ = yes &&
AC_DEFINE([__EXTENSIONS__])
AC_DEFINE([_ALL_SOURCE])
AC_DEFINE([_GNU_SOURCE])
AC_DEFINE([_POSIX_PTHREAD_SEMANTICS])
AC_DEFINE([_TANDEM_SOURCE])
])# AC_USE_SYSTEM_EXTENSIONS
# gl_USE_SYSTEM_EXTENSIONS
# ------------------------
# Enable extensions on systems that normally disable them,
# typically due to standards-conformance issues.
AC_DEFUN_ONCE([gl_USE_SYSTEM_EXTENSIONS],
AC_DEFUN([AC_TYPE_LONG_LONG_INT],
[
dnl Require this macro before AC_USE_SYSTEM_EXTENSIONS.
dnl gnulib does not need it. But if it gets required by third-party macros
dnl after AC_USE_SYSTEM_EXTENSIONS is required, autoconf 2.62..2.63 emit a
dnl warning: "AC_COMPILE_IFELSE was called before AC_USE_SYSTEM_EXTENSIONS".
dnl Note: We can do this only for one of the macros AC_AIX, AC_GNU_SOURCE,
dnl AC_MINIX. If people still use AC_AIX or AC_MINIX, they are out of luck.
AC_REQUIRE([AC_GNU_SOURCE])
AC_REQUIRE([AC_USE_SYSTEM_EXTENSIONS])
AC_REQUIRE([AC_TYPE_UNSIGNED_LONG_LONG_INT])
AC_CACHE_CHECK([for long long int], [ac_cv_type_long_long_int],
[ac_cv_type_long_long_int=yes
if test "x${ac_cv_prog_cc_c99-no}" = xno; then
ac_cv_type_long_long_int=$ac_cv_type_unsigned_long_long_int
if test $ac_cv_type_long_long_int = yes; then
dnl Catch a bug in Tandem NonStop Kernel (OSS) cc -O circa 2004.
dnl If cross compiling, assume the bug is not important, since
dnl nobody cross compiles for this platform as far as we know.
AC_RUN_IFELSE(
[AC_LANG_PROGRAM(
[[@%:@include <limits.h>
@%:@ifndef LLONG_MAX
@%:@ define HALF \
(1LL << (sizeof (long long int) * CHAR_BIT - 2))
@%:@ define LLONG_MAX (HALF - 1 + HALF)
@%:@endif]],
[[long long int n = 1;
int i;
for (i = 0; ; i++)
{
long long int m = n << i;
if (m >> i != n)
return 1;
if (LLONG_MAX / 2 < m)
break;
}
return 0;]])],
[],
[ac_cv_type_long_long_int=no],
[:])
fi
fi])
if test $ac_cv_type_long_long_int = yes; then
AC_DEFINE([HAVE_LONG_LONG_INT], [1],
[Define to 1 if the system has the type 'long long int'.])
fi
])
# Copyright (C) 2002-2014 Free Software Foundation, Inc.
# Define HAVE_UNSIGNED_LONG_LONG_INT if 'unsigned long long int' works.
# This fixes a bug in Autoconf 2.61, and can be faster
# than what's in Autoconf 2.62 through 2.68.
# Note: If the type 'unsigned long long int' exists but is only 32 bits
# large (as on some very old compilers), AC_TYPE_UNSIGNED_LONG_LONG_INT
# will not be defined. In this case you can treat 'unsigned long long int'
# like 'unsigned long int'.
AC_DEFUN([AC_TYPE_UNSIGNED_LONG_LONG_INT],
[
AC_CACHE_CHECK([for unsigned long long int],
[ac_cv_type_unsigned_long_long_int],
[ac_cv_type_unsigned_long_long_int=yes
if test "x${ac_cv_prog_cc_c99-no}" = xno; then
AC_LINK_IFELSE(
[_AC_TYPE_LONG_LONG_SNIPPET],
[],
[ac_cv_type_unsigned_long_long_int=no])
fi])
if test $ac_cv_type_unsigned_long_long_int = yes; then
AC_DEFINE([HAVE_UNSIGNED_LONG_LONG_INT], [1],
[Define to 1 if the system has the type 'unsigned long long int'.])
fi
])
# Expands to a C program that can be used to test for simultaneous support
# of 'long long' and 'unsigned long long'. We don't want to say that
# 'long long' is available if 'unsigned long long' is not, or vice versa,
# because too many programs rely on the symmetry between signed and unsigned
# integer types (excluding 'bool').
AC_DEFUN([_AC_TYPE_LONG_LONG_SNIPPET],
[
AC_LANG_PROGRAM(
[[/* For now, do not test the preprocessor; as of 2007 there are too many
implementations with broken preprocessors. Perhaps this can
be revisited in 2012. In the meantime, code should not expect
#if to work with literals wider than 32 bits. */
/* Test literals. */
long long int ll = 9223372036854775807ll;
long long int nll = -9223372036854775807LL;
unsigned long long int ull = 18446744073709551615ULL;
/* Test constant expressions. */
typedef int a[((-9223372036854775807LL < 0 && 0 < 9223372036854775807ll)
? 1 : -1)];
typedef int b[(18446744073709551615ULL <= (unsigned long long int) -1
? 1 : -1)];
int i = 63;]],
[[/* Test availability of runtime routines for shift and division. */
long long int llmax = 9223372036854775807ll;
unsigned long long int ullmax = 18446744073709551615ull;
return ((ll << 63) | (ll >> 63) | (ll < i) | (ll > i)
| (llmax / ll) | (llmax % ll)
| (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i)
| (ullmax / ull) | (ullmax % ull));]])
])
# Copyright (C) 2002-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -154,7 +149,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION],
[am__api_version='1.15'
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
dnl require some minimum version. Point them to the right macro.
m4_if([$1], [1.15], [],
m4_if([$1], [1.15.1], [],
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
])
@ -170,12 +165,12 @@ m4_define([_AM_AUTOCONF_VERSION], [])
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
[AM_AUTOMAKE_VERSION([1.15])dnl
[AM_AUTOMAKE_VERSION([1.15.1])dnl
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
# Copyright (C) 2011-2014 Free Software Foundation, Inc.
# Copyright (C) 2011-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -237,7 +232,7 @@ AC_SUBST([AR])dnl
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -289,7 +284,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd`
# AM_CONDITIONAL -*- Autoconf -*-
# Copyright (C) 1997-2014 Free Software Foundation, Inc.
# Copyright (C) 1997-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -320,7 +315,7 @@ AC_CONFIG_COMMANDS_PRE(
Usually this means the macro was only invoked conditionally.]])
fi])])
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# Copyright (C) 1999-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -511,7 +506,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl
# Generate code to set up dependency tracking. -*- Autoconf -*-
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# Copyright (C) 1999-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -587,7 +582,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
# Do all the work for Automake. -*- Autoconf -*-
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Copyright (C) 1996-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -784,7 +779,7 @@ for _am_header in $config_headers :; do
done
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -805,7 +800,7 @@ if test x"${install_sh+set}" != xset; then
fi
AC_SUBST([install_sh])])
# Copyright (C) 2003-2014 Free Software Foundation, Inc.
# Copyright (C) 2003-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -826,7 +821,7 @@ AC_SUBST([am__leading_dot])])
# Check to see how 'make' treats includes. -*- Autoconf -*-
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -876,7 +871,7 @@ rm -f confinc confmf
# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
# Copyright (C) 1997-2014 Free Software Foundation, Inc.
# Copyright (C) 1997-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -915,7 +910,7 @@ fi
# Helper functions for option handling. -*- Autoconf -*-
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -944,7 +939,7 @@ AC_DEFUN([_AM_SET_OPTIONS],
AC_DEFUN([_AM_IF_OPTION],
[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# Copyright (C) 1999-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -991,7 +986,7 @@ AC_LANG_POP([C])])
# For backward compatibility.
AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1010,7 +1005,7 @@ AC_DEFUN([AM_RUN_LOG],
# Check to make sure that the build environment is sane. -*- Autoconf -*-
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Copyright (C) 1996-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1091,7 +1086,7 @@ AC_CONFIG_COMMANDS_PRE(
rm -f conftest.file
])
# Copyright (C) 2009-2014 Free Software Foundation, Inc.
# Copyright (C) 2009-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1151,7 +1146,7 @@ AC_SUBST([AM_BACKSLASH])dnl
_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
])
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1179,7 +1174,7 @@ fi
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
AC_SUBST([INSTALL_STRIP_PROGRAM])])
# Copyright (C) 2006-2014 Free Software Foundation, Inc.
# Copyright (C) 2006-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1198,7 +1193,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
# Check how to create a tarball. -*- Autoconf -*-
# Copyright (C) 2004-2014 Free Software Foundation, Inc.
# Copyright (C) 2004-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

4
contrib/ntp/adjtimed/Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

2
contrib/ntp/build
View File

@ -52,7 +52,7 @@ esac
case "$NTP_BDIR" in
'')
case "$IAM" in
*.ntp.org)
*.ntp.org | *.ntfo.org)
NTP_BDIR=host
;;
*.udel.edu)

4
contrib/ntp/clockstuff/Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

77
contrib/ntp/config.h.in
View File

@ -296,6 +296,9 @@
/* use old autokey session key behavior? */
#undef DISABLE_BUG1243_FIX
/* use old autokey session key behavior? */
#undef DISABLE_BUG3527_FIX
/* synch TODR hourly? */
#undef DOSYNCTODR
@ -311,6 +314,9 @@
/* Provide the explicit 127.0.0.0/8 martian filter? */
#undef ENABLE_BUG3020_FIX
/* Enable CMAC support? */
#undef ENABLE_CMAC
/* nls support in libopts */
#undef ENABLE_NLS
@ -372,6 +378,14 @@
/* Define to 1 if you have the `daemon' function. */
#undef HAVE_DAEMON
/* Define to 1 if you have the declaration of `siglongjmp', and to 0 if you
don't. */
#undef HAVE_DECL_SIGLONGJMP
/* Define to 1 if you have the declaration of `sigsetjmp', and to 0 if you
don't. */
#undef HAVE_DECL_SIGSETJMP
/* Define to 1 if you have the declaration of `strerror_r', and to 0 if you
don't. */
#undef HAVE_DECL_STRERROR_R
@ -539,7 +553,7 @@
/* Define to 1 if the system has the type `long long'. */
#undef HAVE_LONG_LONG
/* Define to 1 if the system has the type `long long int'. */
/* Define to 1 if the system has the type 'long long int'. */
#undef HAVE_LONG_LONG_INT
/* if you have SunOS LWP package */
@ -653,6 +667,12 @@
/* if you have NT Threads */
#undef HAVE_NT_THREADS
/* Define to 1 if you have the <openssl/cmac.h> header file. */
#undef HAVE_OPENSSL_CMAC_H
/* Define to 1 if you have the <openssl/hmac.h> header file. */
#undef HAVE_OPENSSL_HMAC_H
/* Define to 1 if the system has the type `pid_t'. */
#undef HAVE_PID_T
@ -957,6 +977,9 @@
/* Define to 1 if you have the <sys/lock.h> header file. */
#undef HAVE_SYS_LOCK_H
/* Define to 1 if you have the <sys/mac.h> header file. */
#undef HAVE_SYS_MAC_H
/* Define to 1 if you have the <sys/mman.h> header file. */
#undef HAVE_SYS_MMAN_H
@ -1117,6 +1140,9 @@
/* Do we have the TIO serial stuff? */
#undef HAVE_TIO_SERIAL_STUFF
/* Are TrustedBSD MAC policy privileges available? */
#undef HAVE_TRUSTEDBSD_MAC
/* Define to 1 if the system has the type `uint16_t'. */
#undef HAVE_UINT16_T
@ -1147,7 +1173,7 @@
/* deviant sigwait? */
#undef HAVE_UNIXWARE_SIGWAIT
/* Define to 1 if the system has the type `unsigned long long int'. */
/* Define to 1 if the system has the type 'unsigned long long int'. */
#undef HAVE_UNSIGNED_LONG_LONG_INT
/* Define to 1 if you have the `updwtmp' function. */
@ -1588,6 +1614,28 @@ typedef unsigned int uintptr_t;
/* OK to use snprintb()? */
#undef USE_SNPRINTB
/* Enable extensions on AIX 3, Interix. */
#ifndef _ALL_SOURCE
# undef _ALL_SOURCE
#endif
/* Enable GNU extensions on systems that have them. */
#ifndef _GNU_SOURCE
# undef _GNU_SOURCE
#endif
/* Enable threading extensions on Solaris. */
#ifndef _POSIX_PTHREAD_SEMANTICS
# undef _POSIX_PTHREAD_SEMANTICS
#endif
/* Enable extensions on HP NonStop. */
#ifndef _TANDEM_SOURCE
# undef _TANDEM_SOURCE
#endif
/* Enable general extensions on Solaris. */
#ifndef __EXTENSIONS__
# undef __EXTENSIONS__
#endif
/* Can we use SIGPOLL for tty IO? */
#undef USE_TTY_SIGPOLL
@ -1640,9 +1688,6 @@ typedef unsigned int uintptr_t;
/* enable thread safety */
#undef _THREAD_SAFE
/* Define to 500 only on HP-UX. */
#undef _XOPEN_SOURCE
/* Are we _special_? */
#undef __APPLE_USE_RFC_3542
@ -1651,28 +1696,6 @@ typedef unsigned int uintptr_t;
# undef __CHAR_UNSIGNED__
#endif
/* Enable extensions on AIX 3, Interix. */
#ifndef _ALL_SOURCE
# undef _ALL_SOURCE
#endif
/* Enable GNU extensions on systems that have them. */
#ifndef _GNU_SOURCE
# undef _GNU_SOURCE
#endif
/* Enable threading extensions on Solaris. */
#ifndef _POSIX_PTHREAD_SEMANTICS
# undef _POSIX_PTHREAD_SEMANTICS
#endif
/* Enable extensions on HP NonStop. */
#ifndef _TANDEM_SOURCE
# undef _TANDEM_SOURCE
#endif
/* Enable general extensions on Solaris. */
#ifndef __EXTENSIONS__
# undef __EXTENSIONS__
#endif
/* deviant */
#undef adjtimex

299
contrib/ntp/configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for ntp 4.2.8p11.
# Generated by GNU Autoconf 2.69 for ntp 4.2.8p13.
#
# Report bugs to <http://bugs.ntp.org./>.
#
@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='ntp'
PACKAGE_TARNAME='ntp'
PACKAGE_VERSION='4.2.8p11'
PACKAGE_STRING='ntp 4.2.8p11'
PACKAGE_VERSION='4.2.8p13'
PACKAGE_STRING='ntp 4.2.8p13'
PACKAGE_BUGREPORT='http://bugs.ntp.org./'
PACKAGE_URL='http://www.ntp.org./'
@ -968,6 +968,8 @@ enable_c99_snprintf
enable_clockctl
enable_linuxcaps
enable_solarisprivs
enable_trustedbsd_mac
enable_signalled_io
with_arlib
with_net_snmp_config
enable_libseccomp
@ -1050,6 +1052,7 @@ enable_hourly_todr_sync
enable_kernel_fll_bug
enable_bug1243_fix
enable_bug3020_fix
enable_bug3527_fix
enable_irig_sawtooth
enable_nist
enable_ntp_signd
@ -1614,7 +1617,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures ntp 4.2.8p11 to adapt to many kinds of systems.
\`configure' configures ntp 4.2.8p13 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1684,7 +1687,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of ntp 4.2.8p11:";;
short | recursive ) echo "Configuration of ntp 4.2.8p13:";;
esac
cat <<\_ACEOF
@ -1731,6 +1734,9 @@ Optional Features and Packages:
--enable-clockctl s Use /dev/clockctl for non-root clock control
--enable-linuxcaps + Use Linux capabilities for non-root clock control
--enable-solarisprivs + Use Solaris privileges for non-root clock control
--enable-trustedbsd-mac s Use TrustedBSD MAC policy for non-root clock
control
--enable-signalled-io s Use signalled IO if we can
--with-arlib - deprecated, arlib not distributed
--with-net-snmp-config + =net-snmp-config
--enable-libseccomp EXPERIMENTAL: enable support for libseccomp
@ -1823,6 +1829,7 @@ Optional Features and Packages:
--enable-kernel-fll-bug s if we should avoid a kernel FLL bug
--enable-bug1243-fix + use unmodified autokey session keys
--enable-bug3020-fix + Provide the explicit 127.0.0.0/8 martian filter
--enable-bug3527-fix + provide correct mode7 fudgetime2 behavior
--enable-irig-sawtooth s if we should enable the IRIG sawtooth filter
--enable-nist - if we should enable the NIST lockclock scheme
--enable-ntp-signd - Provide support for Samba's signing daemon,
@ -1923,7 +1930,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
ntp configure 4.2.8p11
ntp configure 4.2.8p13
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2632,7 +2639,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by ntp $as_me 4.2.8p11, which was
It was created by ntp $as_me 4.2.8p13, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -3633,7 +3640,7 @@ fi
# Define the identity of the package.
PACKAGE='ntp'
VERSION='4.2.8p11'
VERSION='4.2.8p13'
cat >>confdefs.h <<_ACEOF
@ -5113,8 +5120,6 @@ done
ac_fn_c_check_header_mongrel "$LINENO" "minix/config.h" "ac_cv_header_minix_config_h" "$ac_includes_default"
if test "x$ac_cv_header_minix_config_h" = xyes; then :
MINIX=yes
@ -5135,14 +5140,6 @@ $as_echo "#define _MINIX 1" >>confdefs.h
fi
case "$host_os" in
hpux*)
$as_echo "#define _XOPEN_SOURCE 500" >>confdefs.h
;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether it is safe to define __EXTENSIONS__" >&5
$as_echo_n "checking whether it is safe to define __EXTENSIONS__... " >&6; }
@ -16090,18 +16087,18 @@ else
/* end confdefs.h. */
/* For now, do not test the preprocessor; as of 2007 there are too many
implementations with broken preprocessors. Perhaps this can
be revisited in 2012. In the meantime, code should not expect
#if to work with literals wider than 32 bits. */
implementations with broken preprocessors. Perhaps this can
be revisited in 2012. In the meantime, code should not expect
#if to work with literals wider than 32 bits. */
/* Test literals. */
long long int ll = 9223372036854775807ll;
long long int nll = -9223372036854775807LL;
unsigned long long int ull = 18446744073709551615ULL;
/* Test constant expressions. */
typedef int a[((-9223372036854775807LL < 0 && 0 < 9223372036854775807ll)
? 1 : -1)];
? 1 : -1)];
typedef int b[(18446744073709551615ULL <= (unsigned long long int) -1
? 1 : -1)];
? 1 : -1)];
int i = 63;
int
main ()
@ -16110,9 +16107,9 @@ main ()
long long int llmax = 9223372036854775807ll;
unsigned long long int ullmax = 18446744073709551615ull;
return ((ll << 63) | (ll >> 63) | (ll < i) | (ll > i)
| (llmax / ll) | (llmax % ll)
| (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i)
| (ullmax / ull) | (ullmax % ull));
| (llmax / ll) | (llmax % ll)
| (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i)
| (ullmax / ull) | (ullmax % ull));
;
return 0;
}
@ -16300,33 +16297,33 @@ if ${ac_cv_type_long_long_int+:} false; then :
else
ac_cv_type_long_long_int=yes
if test "x${ac_cv_prog_cc_c99-no}" = xno; then
ac_cv_type_long_long_int=$ac_cv_type_unsigned_long_long_int
if test $ac_cv_type_long_long_int = yes; then
if test "$cross_compiling" = yes; then :
ac_cv_type_long_long_int=$ac_cv_type_unsigned_long_long_int
if test $ac_cv_type_long_long_int = yes; then
if test "$cross_compiling" = yes; then :
:
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <limits.h>
#ifndef LLONG_MAX
# define HALF \
(1LL << (sizeof (long long int) * CHAR_BIT - 2))
# define LLONG_MAX (HALF - 1 + HALF)
#endif
#ifndef LLONG_MAX
# define HALF \
(1LL << (sizeof (long long int) * CHAR_BIT - 2))
# define LLONG_MAX (HALF - 1 + HALF)
#endif
int
main ()
{
long long int n = 1;
int i;
for (i = 0; ; i++)
{
long long int m = n << i;
if (m >> i != n)
return 1;
if (LLONG_MAX / 2 < m)
break;
}
return 0;
int i;
for (i = 0; ; i++)
{
long long int m = n << i;
if (m >> i != n)
return 1;
if (LLONG_MAX / 2 < m)
break;
}
return 0;
;
return 0;
}
@ -16340,7 +16337,7 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
fi
fi
fi
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_long_long_int" >&5
@ -16363,18 +16360,18 @@ else
/* end confdefs.h. */
/* For now, do not test the preprocessor; as of 2007 there are too many
implementations with broken preprocessors. Perhaps this can
be revisited in 2012. In the meantime, code should not expect
#if to work with literals wider than 32 bits. */
implementations with broken preprocessors. Perhaps this can
be revisited in 2012. In the meantime, code should not expect
#if to work with literals wider than 32 bits. */
/* Test literals. */
long long int ll = 9223372036854775807ll;
long long int nll = -9223372036854775807LL;
unsigned long long int ull = 18446744073709551615ULL;
/* Test constant expressions. */
typedef int a[((-9223372036854775807LL < 0 && 0 < 9223372036854775807ll)
? 1 : -1)];
? 1 : -1)];
typedef int b[(18446744073709551615ULL <= (unsigned long long int) -1
? 1 : -1)];
? 1 : -1)];
int i = 63;
int
main ()
@ -16383,9 +16380,9 @@ main ()
long long int llmax = 9223372036854775807ll;
unsigned long long int ullmax = 18446744073709551615ull;
return ((ll << 63) | (ll >> 63) | (ll < i) | (ll > i)
| (llmax / ll) | (llmax % ll)
| (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i)
| (ullmax / ull) | (ullmax % ull));
| (llmax / ll) | (llmax % ll)
| (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i)
| (ullmax / ull) | (ullmax % ull));
;
return 0;
}
@ -24021,12 +24018,51 @@ case "$ntp_have_solarisprivs" in
$as_echo "#define HAVE_SOLARIS_PRIVS 1" >>confdefs.h
;;
'') ntp_have_solarisprivs="no"
;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_have_solarisprivs" >&5
$as_echo "$ntp_have_solarisprivs" >&6; }
case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs" in
for ac_header in sys/mac.h
do :
ac_fn_c_check_header_mongrel "$LINENO" "sys/mac.h" "ac_cv_header_sys_mac_h" "$ac_includes_default"
if test "x$ac_cv_header_sys_mac_h" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_SYS_MAC_H 1
_ACEOF
fi
done
# Check whether --enable-trustedbsd_mac was given.
if test "${enable_trustedbsd_mac+set}" = set; then :
enableval=$enable_trustedbsd_mac; ntp_use_trustedbsd_mac=$enableval
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we should use TrustedBSD MAC privileges" >&5
$as_echo_n "checking if we should use TrustedBSD MAC privileges... " >&6; }
case "$ntp_use_trustedbsd_mac$ac_cv_header_sys_mac_h" in
yesyes)
$as_echo "#define HAVE_TRUSTEDBSD_MAC 1" >>confdefs.h
;;
*) ntp_use_trustedbsd_mac="no";
;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_use_trustedbsd_mac" >&5
$as_echo "$ntp_use_trustedbsd_mac" >&6; }
case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs$ntp_use_trustedbsd_mac" in
*yes*)
$as_echo "#define HAVE_DROPROOT 1" >>confdefs.h
@ -24540,6 +24576,16 @@ fi
done
# HMS: does this need to be a cached variable?
# Check whether --enable-signalled-io was given.
if test "${enable_signalled_io+set}" = set; then :
enableval=$enable_signalled_io; use_signalled_io=$enableval
else
use_signalled_io=yes
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SIGIO" >&5
$as_echo_n "checking for SIGIO... " >&6; }
if ${ntp_cv_hdr_def_sigio+:} false; then :
@ -24614,13 +24660,24 @@ case "$ntp_cv_hdr_def_sigio" in
ans=no
;;
esac
case "$ans" in
no)
ans="Possible for $host but disabled because of reported problems"
;;
esac
;;
esac
case "$ans" in
yes)
case "$use_signalled_io" in
yes)
$as_echo "#define HAVE_SIGNALED_IO 1" >>confdefs.h
;;
*) ans="Allowed for $host but --disable-signalled-io was given"
;;
esac
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ans" >&5
$as_echo "$ans" >&6; }
@ -28627,6 +28684,62 @@ case "$ntp_ok" in
$as_echo "#define CLOCK_BANC 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing bcStartPci" >&5
$as_echo_n "checking for library containing bcStartPci... " >&6; }
if ${ac_cv_search_bcStartPci+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char bcStartPci ();
int
main ()
{
return bcStartPci ();
;
return 0;
}
_ACEOF
for ac_lib in '' bcsdk; do
if test -z "$ac_lib"; then
ac_res="none required"
else
ac_res=-l$ac_lib
LIBS="-l$ac_lib $ac_func_search_save_LIBS"
fi
if ac_fn_c_try_link "$LINENO"; then :
ac_cv_search_bcStartPci=$ac_res
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
if ${ac_cv_search_bcStartPci+:} false; then :
break
fi
done
if ${ac_cv_search_bcStartPci+:} false; then :
else
ac_cv_search_bcStartPci=no
fi
rm conftest.$ac_ext
LIBS=$ac_func_search_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_bcStartPci" >&5
$as_echo "$ac_cv_search_bcStartPci" >&6; }
ac_res=$ac_cv_search_bcStartPci
if test "$ac_res" != no; then :
test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
fi
;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_ok" >&5
@ -30311,6 +30424,19 @@ $as_echo "$ntp_openssl" >&6; }
case "$ntp_openssl" in
yes)
for ac_header in openssl/cmac.h openssl/hmac.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
cat >>confdefs.h <<_ACEOF
#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF
fi
done
$as_echo "#define OPENSSL /**/" >>confdefs.h
@ -30534,6 +30660,21 @@ LIBS="$NTPO_SAVED_LIBS"
{ ntp_openssl_from_pkg_config=; unset ntp_openssl_from_pkg_config;}
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we want to enable CMAC support" >&5
$as_echo_n "checking if we want to enable CMAC support... " >&6; }
case "$ac_cv_header_openssl_cmac_h" in
yes)
$as_echo "#define ENABLE_CMAC 1" >>confdefs.h
ans="yes"
;;
*) ans="no"
;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ans" >&5
$as_echo "$ans" >&6; }
@ -31935,6 +32076,26 @@ $as_echo "#define ENABLE_BUG3020_FIX 1" >>confdefs.h
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we want correct mode7 fudgetime2 behavior" >&5
$as_echo_n "checking if we want correct mode7 fudgetime2 behavior... " >&6; }
# Check whether --enable-bug3527-fix was given.
if test "${enable_bug3527_fix+set}" = set; then :
enableval=$enable_bug3527_fix; ans=$enableval
else
ans=yes
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ans" >&5
$as_echo "$ans" >&6; }
case "$ans" in
no)
$as_echo "#define DISABLE_BUG3527_FIX 1" >>confdefs.h
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we should use the IRIG sawtooth filter" >&5
$as_echo_n "checking if we should use the IRIG sawtooth filter... " >&6; }
@ -33221,6 +33382,32 @@ fi
###
ac_fn_c_check_decl "$LINENO" "sigsetjmp" "ac_cv_have_decl_sigsetjmp" "#include <setjmp.h>
"
if test "x$ac_cv_have_decl_sigsetjmp" = xyes; then :
ac_have_decl=1
else
ac_have_decl=0
fi
cat >>confdefs.h <<_ACEOF
#define HAVE_DECL_SIGSETJMP $ac_have_decl
_ACEOF
ac_fn_c_check_decl "$LINENO" "siglongjmp" "ac_cv_have_decl_siglongjmp" "#include <setjmp.h>
"
if test "x$ac_cv_have_decl_siglongjmp" = xyes; then :
ac_have_decl=1
else
ac_have_decl=0
fi
cat >>confdefs.h <<_ACEOF
#define HAVE_DECL_SIGLONGJMP $ac_have_decl
_ACEOF
###
@ -33964,7 +34151,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by ntp $as_me 4.2.8p11, which was
This file was extended by ntp $as_me 4.2.8p13, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -34031,7 +34218,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
ntp config.status 4.2.8p11
ntp config.status 4.2.8p13
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

34
contrib/ntp/configure.ac
View File

@ -1749,6 +1749,7 @@ case "$ntp_ok" in
yes)
ntp_refclock=yes
AC_DEFINE([CLOCK_BANC], [1], [Datum/Bancomm bc635/VME interface?])
AC_SEARCH_LIBS([bcStartPci], [bcsdk], , , [])
;;
esac
AC_MSG_RESULT([$ntp_ok])
@ -3014,6 +3015,17 @@ AC_MSG_RESULT([$ans])
NTP_OPENSSL
AC_MSG_CHECKING([if we want to enable CMAC support])
case "$ac_cv_header_openssl_cmac_h" in
yes)
AC_DEFINE([ENABLE_CMAC], [1], [Enable CMAC support?])
ans="yes"
;;
*) ans="no"
;;
esac
AC_MSG_RESULT([$ans])
NTP_CRYPTO_RAND
# if we are using OpenSSL (--with-crypto), by default Autokey is enabled
@ -4183,6 +4195,24 @@ case "$ans" in
esac
AC_MSG_CHECKING([if we want correct mode7 fudgetime2 behavior])
AC_ARG_ENABLE(
[bug3527-fix],
[AS_HELP_STRING(
[--enable-bug3527-fix],
[+ provide correct mode7 fudgetime2 behavior]
)],
[ans=$enableval],
[ans=yes]
)
AC_MSG_RESULT([$ans])
case "$ans" in
no)
AC_DEFINE([DISABLE_BUG3527_FIX], [1],
[use old autokey session key behavior?])
esac
AC_MSG_CHECKING([if we should use the IRIG sawtooth filter])
case "$host" in
@ -4380,6 +4410,10 @@ NTP_PROBLEM_TESTS
###
AC_CHECK_DECLS([sigsetjmp,siglongjmp], [], [], [[#include <setjmp.h>]])
###
AC_DEFINE_DIR([NTP_KEYSDIR], [sysconfdir],
[Default location of crypto key info])

306
contrib/ntp/html/authentic.html
View File

@ -1,91 +1,223 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
<meta name="generator" content="HTML Tidy, see www.w3.org">
<title>Authentication Support</title>
<link href="scripts/style.css" type="text/css" rel="stylesheet">
<style type="text/css">
<!--
<style1 {
color: #FF0000;
font-weight: bold;
}
.style1 {color: #FF0000}
-->
</style>
</head>
<body>
<h3>Authentication Support</h3>
<img src="pic/alice44.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
<p>Our resident cryptographer; now you see him, now you don't.</p>
<p>Last update:
<!-- #BeginDate format:En2m -->5-Feb-2016 09:13<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
<script type="text/javascript" language="javascript" src="scripts/hand.txt"></script>
<script type="text/javascript" language="javascript" src="scripts/authopt.txt"></script>
<h4>Table of Contents</h4>
<ul>
<li class="inline"><a href="#auth">Introduction</a></li>
<li class="inline"><a href="#symm">Symmetric Key Cryptography</a></li>
<li class="inline"><a href="#windows">Microsoft Windows Authentication</a></li>
<li class="inline"><a href="#pub">Public Key Cryptography</a></li>
</ul>
<hr>
<h4 id="auth">Introduction</h4>
<p>This page describes the various cryptographic authentication provisions in NTPv4. Authentication support allows the NTP client to verify that servers are in fact known and trusted and not intruders intending accidentally or intentionally to masquerade as a legitimate server. A detailed discussion of the NTP multi-layer security model and vulnerability analysis is in the white paper <a href="http://www.eecis.udel.edu/~mills/security.html">NTP Security Analysis</a>.</p>
<p> The NTPv3 specification (RFC-1305) defined an authentication scheme properly described as <em>symmetric key cryptography</em>. It used the Data Encryption Standard (DES) algorithm operating in cipher-block chaining (CBC) mode. Subsequently, this algorithm was replaced by the RSA Message Digest 5 (MD5) algorithm commonly called keyed-MD5. Either algorithm computes a message digest or one-way hash which can be used to verify the client has the same message digest as the server. The MD5 message digest algorithm is included in the distribution, so without further cryptographic support, the distribution can be freely exported.</p>
<p>If the OpenSSL cryptographic library is installed prior to building the distribution, all message digest algorithms included in the library may be used, including SHA and SHA1. However, if conformance to FIPS 140-2 is required, only a limited subset of these algorithms can be used. This library is available from <a href="http://www.openssl.org">http://www.openssl.org</a> and can be installed using the procedures outlined in the <a href="build.html">Building and Installing the Distribution</a> page. Once installed, the configure and build process automatically detects the library and links the library routines
required.</p>
<p>In addition to the symmetric key algorithms, this distribution includes support for the Autokey public key algorithms and protocol specified in RFC-5906 &quot;Network Time Protocol Version 4: Autokey Specification&quot;. This support is available only if the OpenSSL library has been installed and the <tt>--enable-autokey</tt> option is used when the distribution is built.</p>
<p> Public key cryptography is generally considered more secure than symmetric key cryptography, since the security is based on private and public values which are generated by each participant and where the private value is never revealed. Autokey uses X.509 public certificates, which can be produced by commercial services, the OpenSSL application program, or the <a href="keygen.html"><tt>ntp-keygen</tt></a> utility program in the NTP software distribution.</p>
<p>Note that according to US law, NTP binaries including OpenSSL library components, including the OpenSSL library itself, cannot be exported outside the US without license from the US Department of Commerce. Builders outside the US are advised to obtain the OpenSSL library directly from OpenSSL, which is outside the US, and build outside the US.</p>
<p>Authentication is configured separately for each association using the <tt>key</tt> or <tt>autokey</tt> option of the <tt>server</tt> configuration command, as described in the <a href="confopt.html">Server Options</a> page. The <a href="keygen.html">ntp-keygen</a> page describes the files required for the various authentication schemes. Further details are in the briefings, papers and reports at the NTP project page linked from <a href="http://www.ntp.org">www.ntp.org</a>.</p>
<p>By default, the client sends non-authenticated packets and the server responds with non-authenticated packets. If the client sends authenticated packets, the server responds with authenticated packets if correct, or a crypto-NAK packet if not. In the case of unsolicited packets which might consume significant resources, such as broadcast or symmetric mode packets, authentication is required, unless overridden by a <tt>disable auth</tt> command. In the current climate of targeted broadcast or &quot;letterbomb&quot; attacks, defeating this requirement would be decidedly dangerous. In any case, the <tt>notrust </tt>flag, described on the <a href="authopt.html">Access Control Options</a> page, can be used to disable access to all but correctly authenticated clients.</p>
<h4 id="symm">Symmetric Key Cryptography</h4>
<p>The original NTPv3 specification (RFC-1305), as well as the current NTPv4 specification (RFC-5905), allows any one of possibly 65,534 message digest keys (excluding zero), each distinguished by a 32-bit key ID, to authenticate an association. The servers and clients involved must agree on the key ID, key type and key to authenticate NTP packets.</p>
<p>The message digest is a cryptographic hash computed by an algorithm such as MD5, SHA, or AES-128 CMAC. When authentication is specified, a message authentication code (MAC) is appended to the NTP packet header. The MAC consists of a 32-bit key identifier (key ID) followed by a 128- or 160-bit message digest. The algorithm computes the digest as the hash of a 128- or 160- bit message digest key concatenated with the NTP packet header fields with the exception of the MAC. On transmit, the message digest is computed and inserted in the MAC. On receive, the message digest is computed and compared with the MAC. The packet is accepted only if the two MACs are identical. If a discrepancy is found by the client, the client ignores the packet, but raises an alarm. If this happens at the server, the server returns a special message called a <em>crypto-NAK</em>. Since the crypto-NAK is protected by the loopback test, an intruder cannot disrupt the protocol by sending a bogus crypto-NAK.</p>
<p>Keys and related information are specified in a keys file, which must be distributed and stored using secure means beyond the scope of the NTP protocol itself. Besides the keys used for ordinary NTP associations, additional keys can be used as passwords for the <tt><a href="ntpq.html">ntpq</a></tt> and <tt><a href="ntpdc.html">ntpdc</a></tt> utility programs. Ordinarily, the <tt>ntp.keys</tt> file is generated by the <tt><a href="keygen.html">ntp-keygen</a></tt> program, but it can be constructed and edited using an ordinary text editor.</p>
<p> Each line of the keys file consists of three or four fields: a key ID in the range 1 to 65,534, inclusive, a key type, a message digest key consisting of a printable ASCII string less than 40 characters or a 40-character hex digit string, and an optional comma-separated list of IPs that are allowed to serve time. If the OpenSSL library is installed, the key type can be any message digest algorithm supported by the library. If the OpenSSL library is not installed, the only permitted key type is MD5.</p>
<table>
<caption style="caption-side: bottom;">
Figure 1. Typical Symmetric Key File
</caption>
<tr><td style="border: 1px solid black; border-spacing: 0;">
<pre style="color:grey;">
# ntpkey_MD5key_bk.ntp.org.3595864945
# Thu Dec 12 19:22:25 2013
<head>
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
<meta name="generator" content="HTML Tidy, see www.w3.org">
<title>Authentication Support</title>
<!-- Changed by: Harlan Stenn, 24-Jul-2018 -->
<link href="scripts/style.css" type="text/css" rel="stylesheet">
<style type="text/css">
<!--
<style1 {
color: #FF0000;
font-weight: bold;
}
.style1 {color: #FF0000}
-->
</style>
</head>
<body>
<h3>Authentication Support</h3>
<img src="pic/alice44.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
<p>Our resident cryptographer; now you see him, now you don't.</p>
<p>Last update:
<!-- #BeginDate format:En2m -->24-Jul-2018 09:12<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
<script type="text/javascript" language="javascript" src="scripts/hand.txt"></script>
<script type="text/javascript" language="javascript" src="scripts/authopt.txt"></script>
<h4>Table of Contents</h4>
<ul>
<li class="inline"><a href="#auth">Introduction</a></li>
<li class="inline"><a href="#symm">Symmetric Key Cryptography</a></li>
<li class="inline"><a href="#windows">Microsoft Windows Authentication</a></li>
<li class="inline"><a href="#pub">Public Key Cryptography</a></li>
</ul>
<hr>
<h4 id="auth">Introduction</h4>
<p>This page describes the various cryptographic authentication
provisions in NTPv4. Authentication support allows the NTP client to
verify that servers are in fact known and trusted and not intruders
intending accidentally or intentionally to masquerade as a legitimate
server. A detailed discussion of the NTP multi-layer security model
and vulnerability analysis is in the white
paper <a href="http://www.eecis.udel.edu/~mills/security.html">NTP
Security Analysis</a>.</p>
<p>The NTPv3 specification (RFC-1305) defined an authentication scheme
properly described as <em>symmetric key cryptography</em>. It used
the Data Encryption Standard (DES) algorithm operating in cipher-block
chaining (CBC) mode. Subsequently, this algorithm was replaced by the
RSA Message Digest 5 (MD5) algorithm commonly called keyed-MD5.
Either algorithm computes a message digest or one-way hash which can
be used to verify the client has the same message digest as the
server. The MD5 message digest algorithm is included in the
distribution, so without further cryptographic support, the
distribution can be freely exported.</p>
<p>If the OpenSSL cryptographic library is installed prior to building
the distribution, all message digest algorithms included in the
library may be used, including SHA and SHA1. However, if conformance
to FIPS 140-2 is required, only a limited subset of these algorithms
can be used. This library is available
from <a href="http://www.openssl.org">http://www.openssl.org</a> and
can be installed using the procedures outlined in
the <a href="build.html">Building and Installing the Distribution</a>
page. Once installed, the configure and build process automatically
detects the library and links the library routines required.</p>
<p>In addition to the symmetric key algorithms, this distribution
includes support for the Autokey public key algorithms and protocol
specified in RFC-5906 &quot;Network Time Protocol Version 4: Autokey
Specification&quot;. This support is available only if the OpenSSL
library has been installed and the <tt>--enable-autokey</tt> option is
used when the distribution is built.</p>
<p> Public key cryptography is generally considered more secure than
symmetric key cryptography, since the security is based on private and
public values which are generated by each participant and where the
private value is never revealed. Autokey uses X.509 public
certificates, which can be produced by commercial services, the
OpenSSL application program, or
the <a href="keygen.html"><tt>ntp-keygen</tt></a> utility program in
the NTP software distribution.</p>
<p>Note that according to US law, NTP binaries including OpenSSL library
components, including the OpenSSL library itself, cannot be exported
outside the US without license from the US Department of Commerce.
Builders outside the US are advised to obtain the OpenSSL library
directly from OpenSSL, which is outside the US, and build outside the
US.</p>
<p>Authentication is configured separately for each association using
the <tt>key</tt> or <tt>autokey</tt> option of the <tt>server</tt>
configuration command, as described in
the <a href="confopt.html">Server Options</a> page.
The <a href="keygen.html">ntp-keygen</a> page describes the files
required for the various authentication schemes. Further details are
in the briefings, papers and reports at the NTP project page linked
from <a href="http://www.ntp.org">www.ntp.org</a>.</p>
<p>By default, the client sends non-authenticated packets and the server
responds with non-authenticated packets. If the client sends
authenticated packets, the server responds with authenticated packets
if correct, or a crypto-NAK packet if not. In the case of unsolicited
packets which might consume significant resources, such as broadcast
or symmetric mode packets, authentication is required, unless
overridden by a <tt>disable auth</tt> command. In the current climate
of targeted broadcast or &quot;letterbomb&quot; attacks, defeating
this requirement would be decidedly dangerous. In any case,
the <tt>notrust </tt>flag, described on
the <a href="authopt.html">Access Control Options</a> page, can be
used to disable access to all but correctly authenticated clients.</p>
<h4 id="symm">Symmetric Key Cryptography</h4>
<p>The original NTPv3 specification (RFC-1305), as well as the current
NTPv4 specification (RFC-5905), allows any one of possibly 65,535
message digest keys (excluding zero), each distinguished by a 32-bit
key ID, to authenticate an association. The servers and clients
involved must agree on the key ID, key type and key to authenticate
NTP packets.</p>
<p>The message digest is a cryptographic hash computed by an algorithm
such as MD5, SHA, or AES-128 CMAC. When authentication is specified,
a message authentication code (MAC) is appended to the NTP packet
header. The MAC consists of a 32-bit key identifier (key ID) followed
by a 128- or 160-bit message digest. The algorithm computes the
digest as the hash of a 128- or 160- bit message digest key
concatenated with the NTP packet header fields with the exception of
the MAC. On transmit, the message digest is computed and inserted in
the MAC. On receive, the message digest is computed and compared with
the MAC. The packet is accepted only if the two MACs are identical.
If a discrepancy is found by the client, the client ignores the
packet, but raises an alarm. If this happens at the server, the
server returns a special message called a <em>crypto-NAK</em>. Since
the crypto-NAK is protected by the loopback test, an intruder cannot
disrupt the protocol by sending a bogus crypto-NAK.</p>
<p>Keys and related information are specified in a keys file, which must
be distributed and stored using secure means beyond the scope of the
NTP protocol itself. Besides the keys used for ordinary NTP
associations, additional keys can be used as passwords for
the <tt><a href="ntpq.html">ntpq</a></tt>
and <tt><a href="ntpdc.html">ntpdc</a></tt> utility programs.
Ordinarily, the <tt>ntp.keys</tt> file is generated by
the <tt><a href="keygen.html">ntp-keygen</a></tt> program, but it can
be constructed and edited using an ordinary text editor.</p>
<p> Each line of the keys file consists of three or four fields: a key
ID in the range 1 to 65,535, inclusive, a key type, a message digest
key consisting of a printable ASCII string less than 40 characters or
a 40-character hex digit string, and an optional comma-separated list
of IPs that are allowed to serve time. If the OpenSSL library is
installed, the key type can be any message digest algorithm supported
by the library. If the OpenSSL library is not installed, the only
permitted key type is MD5.</p>
<table>
<caption style="caption-side: bottom;">
Figure 1. Typical Symmetric Key File
</caption>
<tr><td style="border: 1px solid black; border-spacing: 0;">
<pre style="color:grey;">
# ntpkey_MD5key_bk.ntp.org.3595864945
# Thu Dec 12 19:22:25 2013
1 MD5 L";Nw&lt;`.I&lt;f4U0)247"i # MD5 key
2 MD5 &amp;&gt;l0%XXK9O'51VwV&lt;xq~ # MD5 key
3 MD5 lb4zLW~d^!K:]RsD'qb6 # MD5 key
4 MD5 Yue:tL[+vR)M`n~bY,'? # MD5 key
5 MD5 B;fxlKgr/&amp;4ZTbL6=RxA # MD5 key
6 MD5 4eYwa`o}3i@@V@..R9!l # MD5 key
7 MD5 `A.([h+;wTQ|xfi%Sn_! # MD5 key
8 MD5 45:V,r4]l6y^JH6"Sh?F # MD5 key
9 MD5 3-5vcn*6l29DS?Xdsg)* # MD5 key
10 MD5 2late4Me # MD5 key
11 SHA1 a27872d3030a9025b8446c751b4551a7629af65c # SHA1 key
12 SHA1 21bc3b4865dbb9e920902abdccb3e04ff97a5e74 # SHA1 key
13 SHA1 2b7736fe24fef5ba85ae11594132ab5d6f6daba9 # SHA1 key
14 SHA a5332809c8878dd3a5b918819108a111509aeceb # SHA key
15 MD2 2fe16c88c760ff2f16d4267e36c1aa6c926e6964 # MD2 key
16 MD4 b2691811dc19cfc0e2f9bcacd74213f29812183d # MD4 key
17 MD5 e4d6735b8bdad58ec5ffcb087300a17f7fef1f7c # MD5 key
18 MDC2 a8d5e2315c025bf3a79174c87fbd10477de2eabc # MDC2 key
19 RIPEMD160 77ca332cafb30e3cafb174dcd5b80ded7ba9b3d2 # RIPEMD160 key
20 AES128CMAC f92ff73eee86c1e7dc638d6489a04e4e555af878 # AES128CMAC key
</pre></td></tr></table>
<p>Figure 1 shows a typical keys file used by the reference implementation when the OpenSSL library is installed. In this figure, for key IDs in he range 1-10, the key is interpreted as a printable ASCII string. For key IDs in the range 11-20, the key is a 40-character hex digit string. The key is truncated or zero-filled internally to either 128 or 160 bits, depending on the key type. The line can be edited later or new lines can be added to change any field. The key can be changed to a password, such as <tt>2late4Me</tt> for key ID 10. Note that two or more keys files can be combined in any order as long as the key IDs are distinct.</p>
<p>When <tt>ntpd</tt> is started, it reads the keys file specified by the <tt>keys</tt> command and installs the keys in the key cache. However, individual keys must be activated with the <tt>trustedkey</tt> configuration command before use. This allows, for instance, the installation of possibly several batches of keys and then activating a key remotely using <tt>ntpq</tt> or <tt>ntpdc</tt>. The <tt>requestkey</tt> command selects the key ID used as the password for the <tt>ntpdc</tt> utility, while the <tt>controlkey</tt> command selects the key ID used as the password for the <tt>ntpq</tt> utility.</p>
<h4 id="windows">Microsoft Windows Authentication</h4>
<p>In addition to the above means, <tt>ntpd</tt> now supports Microsoft Windows MS-SNTP authentication using Active Directory services. This support was contributed by the Samba Team and is still in development. It is enabled using the <tt>mssntp</tt> flag of the <tt>restrict</tt> command described on the <a href="accopt.html#restrict">Access Control Options</a> page. <span class="style1">Note: Potential users should be aware that these services involve a TCP connection to another process that could potentially block, denying services to other users. Therefore, this flag should be used only for a dedicated server with no clients other than MS-SNTP.</span></p>
<h4 id="pub">Public Key Cryptography</h4>
<p>See the <a href="autokey.html">Autokey Public-Key Authentication</a> page.</p>
<hr>
<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
</body>
1 MD5 L";Nw&lt;`.I&lt;f4U0)247"i # MD5 key
2 MD5 &amp;&gt;l0%XXK9O'51VwV&lt;xq~ # MD5 key
3 MD5 lb4zLW~d^!K:]RsD'qb6 # MD5 key
4 MD5 Yue:tL[+vR)M`n~bY,'? # MD5 key
5 MD5 B;fxlKgr/&amp;4ZTbL6=RxA # MD5 key
6 MD5 4eYwa`o}3i@@V@..R9!l # MD5 key
7 MD5 `A.([h+;wTQ|xfi%Sn_! # MD5 key
8 MD5 45:V,r4]l6y^JH6"Sh?F # MD5 key
9 MD5 3-5vcn*6l29DS?Xdsg)* # MD5 key
10 MD5 2late4Me # MD5 key
11 SHA1 a27872d3030a9025b8446c751b4551a7629af65c # SHA1 key
12 SHA1 21bc3b4865dbb9e920902abdccb3e04ff97a5e74 # SHA1 key
13 SHA1 2b7736fe24fef5ba85ae11594132ab5d6f6daba9 # SHA1 key
14 SHA a5332809c8878dd3a5b918819108a111509aeceb # SHA key
15 MD2 2fe16c88c760ff2f16d4267e36c1aa6c926e6964 # MD2 key
16 MD4 b2691811dc19cfc0e2f9bcacd74213f29812183d # MD4 key
17 MD5 e4d6735b8bdad58ec5ffcb087300a17f7fef1f7c # MD5 key
18 MDC2 a8d5e2315c025bf3a79174c87fbd10477de2eabc # MDC2 key
19 RIPEMD160 77ca332cafb30e3cafb174dcd5b80ded7ba9b3d2 # RIPEMD160 key
20 AES128CMAC f92ff73eee86c1e7dc638d6489a04e4e555af878 # AES128CMAC key
21 MD5 sampo 10.1.2.3/24
</pre></td></tr></table>
<p>Figure 1 shows a typical symmetric keys file used by the reference
implementation when the OpenSSL library is installed. Each line of
the file contains three or four fields. The first field is an integer
between 1 and 65535, inclusive, representing the key identifier. The
second field is the digest algorithm, which in the absence of the
OpenSSL library must be <tt>MD5</tt>, which designates the MD5 message
digest algorithm. The third field is the key. The optional fourth
field is one or more comma-separated IPs. An IP may end with an
optional <tt>/subnetbits</tt> suffix, which limits the acceptance of
the key identifier to packets claiming to be from the described IP
space. In this example, for the key IDs in the range 1-10 the key is
interpreted as a printable ASCII string. For the key IDs in the range
11-20, the key is a 40-character hex digit string. In either case,
the key is truncated or zero-filled internally to either 128 or 160
bits, depending on the key type. The line can be edited later or new
lines can be added to change any field. The key can be changed to a
password, such as <tt>2late4Me</tt> for key ID 10. Note that two or
more keys files can be combined in any order as long as the key IDs
are distinct.</p>
<p>When <tt>ntpd</tt> is started, it reads the keys file specified by
the <tt>keys</tt> command and installs the keys in the key cache.
However, individual keys must be activated with
the <tt>trustedkey</tt> configuration command before use. This
allows, for instance, the installation of possibly several batches of
keys and then activating a key remotely using <tt>ntpq</tt>
or <tt>ntpdc</tt>. The <tt>requestkey</tt> command selects the key ID
used as the password for the <tt>ntpdc</tt> utility, while
the <tt>controlkey</tt> command selects the key ID used as the
password for the <tt>ntpq</tt> utility.</p>
<h4 id="windows">Microsoft Windows Authentication</h4>
<p>In addition to the above means, <tt>ntpd</tt> now supports Microsoft
Windows MS-SNTP authentication using Active Directory services. This
support was contributed by the Samba Team and is still in development.
It is enabled using the <tt>mssntp</tt> flag of the <tt>restrict</tt>
command described on the <a href="accopt.html#restrict">Access Control
Options</a> page. <span class="style1">Note: Potential users should
be aware that these services involve a TCP connection to another
process that could potentially block, denying services to other users.
Therefore, this flag should be used only for a dedicated server with
no clients other than MS-SNTP.</span></p>
<h4 id="pub">Public Key Cryptography</h4>
<p>See the <a href="autokey.html">Autokey Public-Key Authentication</a>
page.</p>
<hr>
<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
</body>
</html>

49
contrib/ntp/html/authopt.html
View File

@ -4,6 +4,7 @@
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
<meta name="generator" content="HTML Tidy, see www.w3.org">
<title>Authentication Commands and Options</title>
<!-- Changed by: stenn, 25-May-2018 -->
<link href="scripts/style.css" type="text/css" rel="stylesheet">
<style type="text/css">
.style1 {
@ -17,7 +18,7 @@
<img src="pic/alice44.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
<p>Our resident cryptographer; now you see him, now you don't.</p>
<p>Last update:
<!-- #BeginDate format:En2m -->15-Oct-2011 01:00<!-- #EndDate -->
<!-- #BeginDate format:En2m -->24-Jul-2018 07:27<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
@ -28,65 +29,65 @@
<p>Unless noted otherwise, further information about these commands is on the <a href="authentic.html">Authentication Support</a> page.</p>
<dl>
<dt id=automax><tt>automax [<i>logsec</i>]</tt></dt>
<dd>Specifies the interval between regenerations of the session key list used with the Autokey protocol, as a power of 2 in seconds. Note that the size of the key list for each association depends on this interval and the current poll interval. The default interval is 12 (about 1.1 hr). For poll intervals above the specified interval, a session key list with a single entry will be regenerated for every message sent. See the <a href="autokey.html">Autokey Public Key Authentication</a> page for further information.</dd>
<dd>Specifies the interval between regenerations of the session key list used with the Autokey protocol, as a power of 2 in seconds. Note that the size of the key list for each association depends on this interval and the current poll interval. The default interval is 12 (about 1.1 hr). For poll intervals above the specified interval, a session key list with a single entry will be regenerated for every message sent. See the <a href="autokey.html">Autokey Public Key Authentication</a> page for further information.</dd>
<dt id="controlkey"><tt>controlkey <i>keyid</i></tt></dt>
<dd>Specifies the key ID for the <a
href="ntpq.html"><tt>ntpq</tt></a> utility, which uses the
standard protocol defined in RFC-1305. The <tt><i>keyid</i></tt> argument is the key ID for a <a href="#trustedkey">trusted
key</a>, where the value can be in the range 1 to 65534,
standard protocol defined in RFC-1305. The <tt><i>keyid</i></tt> argument is the key ID for a <a href="#trustedkey">trusted
key</a>, where the value can be in the range 1 to 65535,
inclusive.</dd>
<dt id="crypto"><tt>crypto [digest</tt> <em><tt>digest</tt></em><tt>]</tt> <tt>[host <i>name</i>] [ident <i>name</i>] [pw <i>password</i>] [randfile <i>file</i>]</tt></dt>
<dt id="crypto"><tt>crypto [digest <i>digest</i>] [host <i>name</i>] [ident <i>name</i>] [pw <i>password</i>] [randfile <i>file</i>]</tt></dt>
<dd>This command activates the Autokey public key cryptography
and loads the required host keys and certificate. If one or more files
are unspecified, the default names are used. Unless
and loads the required host keys and certificate. If one or more files
are unspecified, the default names are used. Unless
the complete path and name of the file are specified, the location of a file
is relative to the keys directory specified in the <tt>keysdir</tt> configuration
command with default <tt>/usr/local/etc</tt>. See the <a href="autokey.html">Autokey Public Key Authentication</a> page for further information. Following are the options.</dd>
command with default <tt>/usr/local/etc</tt>. See the <a href="autokey.html">Autokey Public Key Authentication</a> page for further information. Following are the options.</dd>
<dd>
<dl>
<dt><tt>digest</tt> <em><tt>digest</tt></em></dt>
<dt><tt>digest</tt> <i>digest</i></dt>
<dd>&nbsp;</dd>
<dd>Specify the message digest algorithm, with default MD5. If the OpenSSL library
is installed, <tt><i>digest</i></tt> can be be any message digest algorithm supported
by the library. The current selections are: <tt>MD2</tt>, <tt>MD4</tt>, <tt>MD5,</tt> <tt>MDC2</tt>, <tt>RIPEMD160</tt>, <tt>SHA</tt> and <tt>SHA1</tt>. All
participants in an Autokey subnet must use the same algorithm. The Autokey message digest algorithm is separate and distinct from the symmetric
key message digest algorithm. Note: If compliance with FIPS 140-2 is required,
by the library. The current selections are: <tt>MD2</tt>, <tt>MD4</tt>, <tt>MD5,</tt> <tt>MDC2</tt>, <tt>RIPEMD160</tt>, <tt>SHA</tt> and <tt>SHA1</tt>. All
participants in an Autokey subnet must use the same algorithm. The Autokey message digest algorithm is separate and distinct from the symmetric
key message digest algorithm. Note: If compliance with FIPS 140-2 is required,
the algorithm must be ether <tt>SHA</tt> or <tt>SHA1</tt>.</dd>
<dt><tt>host <i>name</i></tt></dt>
<dd>Specify the cryptographic media names for the host, sign and certificate files. If this option is not specified, the default name is the string returned by the Unix <tt>gethostname()</tt> routine.</dd>
<dd>Specify the cryptographic media names for the host, sign and certificate files. If this option is not specified, the default name is the string returned by the Unix <tt>gethostname()</tt> routine.</dd>
<dd><span class="style1">Note: In the latest Autokey version, this option has no effect other than to change the cryptographic media file names.</span></dd>
<dt><tt>ident <i>group</i></tt></dt>
<dd>Specify the cryptographic media names for the identity scheme files. If this option is not specified, the default name is the string returned by the Unix <tt>gethostname()</tt> routine.</dd>
<dd>Specify the cryptographic media names for the identity scheme files. If this option is not specified, the default name is the string returned by the Unix <tt>gethostname()</tt> routine.</dd>
<dd><span class="style1">Note: In the latest Autokey version, this option has no effect other than to change the cryptographic media file names.</span></dd>
<dt><tt>pw <i>password</i></tt></dt>
<dd>Specifies the password to decrypt files previously encrypted by the <tt>ntp-keygen</tt> program with the <tt>-p</tt> option. If this option is not specified, the default password is the string returned by the Unix <tt>gethostname()</tt> routine. </dd>
<dd>Specifies the password to decrypt files previously encrypted by the <tt>ntp-keygen</tt> program with the <tt>-p</tt> option. If this option is not specified, the default password is the string returned by the Unix <tt>gethostname()</tt> routine.</dd>
<dt><tt>randfile <i>file</i></tt></dt>
<dd>Specifies the location of the random seed file used by the OpenSSL library. The defaults are described on the <a href="keygen.html"><tt>ntp-keygen</tt> page</a>.</dd>
<dd>Specifies the location of the random seed file used by the OpenSSL library. The defaults are described on the <a href="keygen.html"><tt>ntp-keygen</tt> page</a>.</dd>
</dl>
</dd>
<dt id="ident"><tt>ident <i>group</i></tt></dt>
<dd>Specifies the group name for ephemeral associations mobilized by broadcast and symmetric passive modes. See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</dd>
<dd>Specifies the group name for ephemeral associations mobilized by broadcast and symmetric passive modes. See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</dd>
<dt id="keys"><tt>keys <i>path</i></tt></dt>
<dd>Specifies the complete directory path for the key file containing the key IDs, key types and keys used by <tt>ntpd</tt>, <tt>ntpq</tt> and <tt>ntpdc</tt> when operating with symmetric key cryptography. The format of the keyfile is described on the <a href="keygen.html"><tt>ntp-keygen</tt> page</a>. This is the same operation as the <tt>-k</tt> command line option. Note that the directory path for Autokey cryptographic media is specified by the <tt>keysdir</tt> command.</dd>
<dd>Specifies the complete directory path for the key file containing the key IDs, key types and keys used by <tt>ntpd</tt>, <tt>ntpq</tt> and <tt>ntpdc</tt> when operating with symmetric key cryptography. The format of the keyfile is described on the <a href="keygen.html"><tt>ntp-keygen</tt> page</a>. This is the same operation as the <tt>-k</tt> command line option. Note that the directory path for Autokey cryptographic media is specified by the <tt>keysdir</tt> command.</dd>
<dt id="keysdir"><tt>keysdir <i>path</i></tt></dt>
<dd>Specifies the complete directory path for the Autokey cryptographic keys, parameters and certificates. The default is <tt>/usr/local/etc/</tt>. Note that the path for the symmetric keys file is specified by the <tt>keys</tt> command.</dd>
<dd>Specifies the complete directory path for the Autokey cryptographic keys, parameters and certificates. The default is <tt>/usr/local/etc/</tt>. Note that the path for the symmetric keys file is specified by the <tt>keys</tt> command.</dd>
<dt id="requestkey"><tt>requestkey <i>keyid</i></tt></dt>
<dd>Specifies the key ID for the <a href="ntpdc.html"><tt>ntpdc</tt></a> utility program, which
uses a proprietary protocol specific to this implementation of <tt>ntpd</tt>. The <tt><i>keyid</i></tt> argument is a key ID
uses a proprietary protocol specific to this implementation of <tt>ntpd</tt>. The <tt><i>keyid</i></tt> argument is a key ID
for a <a href="#trustedkey">trusted key</a>, in the range 1 to
65534, inclusive.</dd>
65535, inclusive.</dd>
<dt id="revoke"><tt>revoke [<i>logsec</i>]</tt></dt>
<dd>Specifies the interval between re-randomization of certain cryptographic values used by the Autokey scheme, as a power of 2 in seconds, with default 17 (36 hr). See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</dd>
<dt id="trustedkey"><tt>trustedkey [<i>keyid</i> | (<i>lowid</i> ... <i>highid</i>)] [...]</tt></dt>
<dd>Specifies the key ID(s) which are trusted for the purposes of
authenticating peers with symmetric key cryptography. Key IDs
used to authenticate <tt>ntpq</tt> and <tt>ntpdc</tt> operations
must be listed here and additionally be enabled with <a href="#controlkey">controlkey</a> and/or <a href="#requestkey">requestkey</a>. The authentication
must be listed here and additionally be enabled with <a href="#controlkey">controlkey</a> and/or <a href="#requestkey">requestkey</a>. The authentication
procedure for time transfer requires that both the local and
remote NTP servers employ the same key ID and secret for this
purpose, although different keys IDs may be used with different
servers. Ranges of trusted key IDs may be specified: <tt>trustedkey (1 ... 19) 1000 (100 ... 199)</tt> enables the
lowest 120 key IDs which start with the digit 1. The spaces
servers. Ranges of trusted key IDs may be specified: <tt>trustedkey (1 ... 19) 1000 (100 ... 199)</tt> enables the
lowest 120 key IDs which start with the digit 1. The spaces
surrounding the ellipsis are required when specifying a range.</dd>
</dl>
<hr>

4
contrib/ntp/html/confopt.html
View File

@ -13,7 +13,7 @@
Walt Kelly</a>
<p>The chicken is getting configuration advice.</p>
<p>Last update:
<!-- #BeginDate format:En2m -->10-Mar-2014 05:01<!-- #EndDate -->
<!-- #BeginDate format:En2m -->24-Jul-2018 07:27<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
@ -67,7 +67,7 @@ Walt Kelly</a>
<dt><tt>ident</tt> <em><tt>group</tt></em></dt>
<dd>Specify the group name for the association. See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</dd>
<dt><tt>key</tt> <i><tt>key</tt></i></dt>
<dd>Send and receive packets authenticated by the symmetric key scheme described in the <a href="authentic.html">Authentication Support</a> page. The <i><tt>key</tt></i> specifies the key identifier with values from 1 to 65534, inclusive. This option is mutually exclusive with the <tt>autokey</tt> option.</dd> <dt><tt>minpoll <i>minpoll<br>
<dd>Send and receive packets authenticated by the symmetric key scheme described in the <a href="authentic.html">Authentication Support</a> page. The <i><tt>key</tt></i> specifies the key identifier with values from 1 to 65535, inclusive. This option is mutually exclusive with the <tt>autokey</tt> option.</dd> <dt><tt>minpoll <i>minpoll<br>
</i></tt><tt>maxpoll <i>maxpoll</i></tt></dt>
<dd>These options specify the minimum and maximum poll intervals for NTP messages, in seconds as a power of two. The maximum poll interval defaults to 10 (1024 s), but can be increased by the <tt>maxpoll</tt> option to an upper limit of 17 (36 hr). The minimum poll interval defaults to 6 (64 s), but can be decreased by the <tt>minpoll</tt> option to a lower limit of 3 (8 s). Additional information about this option is on the <a href="poll.html">Poll Program</a> page.</dd>
<dt><tt>mode <i>option</i></tt></dt>

4
contrib/ntp/html/keygen.html
View File

@ -11,7 +11,7 @@
<p><img src="pic/alice23.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a></p>
<p>Alice holds the key.</p>
<p>Last update:
<!-- #BeginDate format:En2m -->11-Jan-2018 11:55<!-- #EndDate -->
<!-- #BeginDate format:En2m -->24-Jul-2018 07:27<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
@ -313,7 +313,7 @@
</pre></td></tr></table>
<p>Figure 1 shows a typical symmetric keys file used by the reference
implementation. Each line of the file contains three or four fields,
first an integer between 1 and 65534, inclusive, representing the key
first an integer between 1 and 65535, inclusive, representing the key
identifier used in the <tt>server</tt> and <tt>peer</tt> configuration
commands. Second is the key type for the message digest algorithm,
which in the absence of the OpenSSL library must be <tt>MD5</tt> to

4
contrib/ntp/html/ntpdate.html
View File

@ -11,7 +11,7 @@
<img src="pic/rabbit.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
<p>I told you it was eyeball and wristwatch.</p>
<p>Last update:
<!-- #BeginDate format:En2m -->9-Feb-2014 03:34<!-- #EndDate -->
<!-- #BeginDate format:En2m -->21-Jul-2018 04:09<!-- #EndDate -->
UTC</p>
<br clear="left">
<hr>
@ -63,7 +63,7 @@ Protocol (SNTP) Client</a> page. After a suitable period of mourning, the <tt>n
<dt><tt>-s</tt></dt>
<dd>Divert logging output from the standard output (default) to the system <tt>syslog</tt> facility. This is designed primarily for convenience of <tt>cron</tt> scripts.</dd>
<dt><tt>-t <i>timeout</i></tt></dt>
<dd>Specify the maximum time waiting for a server response as the value <i>timeout</i>, in seconds and fraction. The value is is rounded to a multiple of 0.2 seconds. The default is 1 second, a value suitable for polling across a LAN.</dd>
<dd>Specify the maximum time waiting for a server response as the value <i>timeout</i>, in seconds and fraction. The value is is rounded to a multiple of 0.2 seconds. The default is 2 seconds, a value suitable for polling across a LAN.</dd>
<dt><tt>-u</tt></dt>
<dd>Direct <tt>ntpdate</tt> to use an unprivileged port for outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronize with hosts beyond the firewall. Note that the <tt>-d</tt> option always uses unprivileged ports.
<dt><tt>-<i>v</i></tt></dt>

4
contrib/ntp/include/Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

4
contrib/ntp/include/isc/Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

12
contrib/ntp/include/ntp.h
View File

@ -610,6 +610,18 @@ struct pkt {
#define STRATUM_TO_PKT(s) ((u_char)(((s) == (STRATUM_UNSPEC)) ?\
(STRATUM_PKT_UNSPEC) : (s)))
/*
* A test to determine if the refid should be interpreted as text string.
* This is usually the case for a refclock, which has stratum 0 internally,
* which results in sys_stratum 1 if the refclock becomes system peer, or
* in case of a kiss-of-death (KoD) packet that has STRATUM_PKT_UNSPEC (==0)
* in the packet which is converted to STRATUM_UNSPEC when the packet
* is evaluated.
*/
#define REFID_ISTEXT(s) (((s) <= 1) || ((s) >= STRATUM_UNSPEC))
/*
* Event codes. Used for reporting errors/events to the control module
*/

24
contrib/ntp/include/ntp_calendar.h
View File

@ -93,6 +93,7 @@ extern systime_func_ptr ntpcal_set_timefunc(systime_func_ptr);
#define SECSPERLEAPYEAR (366 * SECSPERDAY) /* leap year */
#define SECSPERAVGYEAR 31556952 /* mean year length over 400yrs */
#define GPSWEEKS 1024 /* GPS week cycle */
/*
* Gross hacks. I have illicit knowlege that there won't be overflows
* here, the compiler often can't tell this.
@ -404,14 +405,21 @@ basedate_get_eracenter(void);
extern time_t
basedate_get_erabase(void);
extern uint32_t
basedate_get_gpsweek(void);
extern uint32_t
basedate_expand_gpsweek(unsigned short weekno);
/*
* Additional support stuff for Ed Rheingold's calendrical calculations
*/
/*
* Start day of NTP time as days past the imaginary date 12/1/1 BC.
* (This is the beginning of the Christian Era, or BCE.)
* Start day of NTP time as days past 0000-12-31 in the proleptic
* Gregorian calendar. (So 0001-01-01 is day number 1; this is the Rata
* Die counting scheme used by Ed Rheingold in his book "Calendrical
* Calculations".)
*/
#define DAY_NTP_STARTS 693596
@ -420,15 +428,25 @@ basedate_get_erabase(void);
*/
#define DAY_UNIX_STARTS 719163
/*
* Start day of the GPS epoch. This is the Rata Die of 1980-01-06
*/
#define DAY_GPS_STARTS 722819
/*
* Difference between UN*X and NTP epoch (25567).
*/
#define NTP_TO_UNIX_DAYS (DAY_UNIX_STARTS - DAY_NTP_STARTS)
/*
* Difference between GPS and NTP epoch (29224)
*/
#define NTP_TO_GPS_DAYS (DAY_GPS_STARTS - DAY_NTP_STARTS)
/*
* Days in a normal 4 year leap year calendar cycle (1461).
*/
#define GREGORIAN_NORMAL_LEAP_CYCLE_DAYS (3 * 365 + 366)
#define GREGORIAN_NORMAL_LEAP_CYCLE_DAYS (4 * 365 + 1)
/*
* Days in a normal 100 year leap year calendar (36524). We lose a

7
contrib/ntp/include/ntp_md5.h
View File

@ -7,8 +7,13 @@
#define NTP_MD5_H
#ifdef OPENSSL
# include "openssl/evp.h"
# include <openssl/evp.h>
# include "libssl_compat.h"
# ifdef HAVE_OPENSSL_CMAC_H
# include <openssl/cmac.h>
# define CMAC "AES128CMAC"
# define AES_128_KEY_SIZE 16
# endif /*HAVE_OPENSSL_CMAC_H*/
#else /* !OPENSSL follows */
/*
* Provide OpenSSL-alike MD5 API if we're not using OpenSSL

3
contrib/ntp/include/ntp_stdlib.h
View File

@ -40,6 +40,9 @@ extern void setup_logfile (const char *);
extern void errno_to_str(int, char *, size_t);
#endif
extern int xvsbprintf(char**, char* const, char const*, va_list) NTP_PRINTF(3, 0);
extern int xsbprintf(char**, char* const, char const*, ...) NTP_PRINTF(3, 4);
/*
* When building without OpenSSL, use a few macros of theirs to
* minimize source differences in NTP.

4
contrib/ntp/include/ntpd.h
View File

@ -275,8 +275,8 @@ extern u_long orphwait; /* orphan wait time */
extern char *sys_hostname; /* host name */
extern char *sys_groupname; /* group name */
extern char *group_name; /* group name */
extern u_long sys_revoke; /* keys revoke timeout */
extern u_long sys_automax; /* session key timeout */
extern u_char sys_revoke; /* keys revoke timeout */
extern u_char sys_automax; /* session key timeout */
#endif /* AUTOKEY */
/* ntp_util.c */

1
contrib/ntp/include/parse.h
View File

@ -108,7 +108,6 @@ extern unsigned int splclock (void);
* some constants useful for GPS time conversion
*/
#define GPSORIGIN 2524953600UL /* NTP origin - GPS origin in seconds */
#define GPSWRAP 990 /* assume week count less than this in the previous epoch */
#define GPSWEEKS 1024 /* number of weeks until the GPS epch rolls over */
/*

4
contrib/ntp/kernel/Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

4
contrib/ntp/kernel/sys/Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

1
contrib/ntp/libntp/Makefile.am
View File

@ -110,6 +110,7 @@ libntp_a_SRCS = \
vint64ops.c \
work_fork.c \
work_thread.c \
xsbprintf.c \
ymd2yd.c \
$(libisc_SRCS) \
$(NULL)

14
contrib/ntp/libntp/Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -160,7 +160,7 @@ am__libntp_a_SOURCES_DIST = systime.c a_md5encrypt.c adjtime.c \
snprintf.c socket.c socktoa.c socktohost.c ssl_init.c \
statestr.c strdup.c strl_obsd.c syssignal.c timetoa.c \
timevalops.c uglydate.c vint64ops.c work_fork.c work_thread.c \
ymd2yd.c $(srcdir)/../lib/isc/assertions.c \
xsbprintf.c ymd2yd.c $(srcdir)/../lib/isc/assertions.c \
$(srcdir)/../lib/isc/buffer.c \
$(srcdir)/../lib/isc/backtrace-emptytbl.c \
$(srcdir)/../lib/isc/backtrace.c \
@ -224,8 +224,8 @@ am__objects_4 = a_md5encrypt.$(OBJEXT) adjtime.$(OBJEXT) \
ssl_init.$(OBJEXT) statestr.$(OBJEXT) strdup.$(OBJEXT) \
strl_obsd.$(OBJEXT) syssignal.$(OBJEXT) timetoa.$(OBJEXT) \
timevalops.$(OBJEXT) uglydate.$(OBJEXT) vint64ops.$(OBJEXT) \
work_fork.$(OBJEXT) work_thread.$(OBJEXT) ymd2yd.$(OBJEXT) \
$(am__objects_3) $(am__objects_1)
work_fork.$(OBJEXT) work_thread.$(OBJEXT) xsbprintf.$(OBJEXT) \
ymd2yd.$(OBJEXT) $(am__objects_3) $(am__objects_1)
am_libntp_a_OBJECTS = systime.$(OBJEXT) $(am__objects_4)
libntp_a_OBJECTS = $(am_libntp_a_OBJECTS)
libntpsim_a_AR = $(AR) $(ARFLAGS)
@ -244,7 +244,7 @@ am__libntpsim_a_SOURCES_DIST = systime_s.c a_md5encrypt.c adjtime.c \
snprintf.c socket.c socktoa.c socktohost.c ssl_init.c \
statestr.c strdup.c strl_obsd.c syssignal.c timetoa.c \
timevalops.c uglydate.c vint64ops.c work_fork.c work_thread.c \
ymd2yd.c $(srcdir)/../lib/isc/assertions.c \
xsbprintf.c ymd2yd.c $(srcdir)/../lib/isc/assertions.c \
$(srcdir)/../lib/isc/buffer.c \
$(srcdir)/../lib/isc/backtrace-emptytbl.c \
$(srcdir)/../lib/isc/backtrace.c \
@ -704,6 +704,7 @@ libntp_a_SRCS = \
vint64ops.c \
work_fork.c \
work_thread.c \
xsbprintf.c \
ymd2yd.c \
$(libisc_SRCS) \
$(NULL)
@ -876,6 +877,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vint64ops.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/work_fork.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/work_thread.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xsbprintf.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ymd2yd.Po@am__quote@
.c.o:

17
contrib/ntp/libntp/a_md5encrypt.c
View File

@ -12,12 +12,6 @@
#include "ntp_md5.h" /* provides OpenSSL digest API */
#include "isc/string.h"
#ifdef OPENSSL
# include "openssl/cmac.h"
# define CMAC "AES128CMAC"
# define AES_128_KEY_SIZE 16
#endif
typedef struct {
const void * buf;
size_t len;
@ -28,7 +22,7 @@ typedef struct {
size_t len;
} rwbuffT;
#ifdef OPENSSL
#if defined(OPENSSL) && defined(ENABLE_CMAC)
static size_t
cmac_ctx_size(
CMAC_CTX * ctx)
@ -42,7 +36,7 @@ cmac_ctx_size(
}
return mlen;
}
#endif /*OPENSSL*/
#endif /*OPENSSL && ENABLE_CMAC*/
static size_t
make_mac(
@ -63,6 +57,7 @@ make_mac(
INIT_SSL();
/* Check if CMAC key type specific code required */
# ifdef ENABLE_CMAC
if (ktype == NID_cmac) {
CMAC_CTX * ctx = NULL;
void const * keyptr = key->buf;
@ -100,7 +95,9 @@ make_mac(
if (ctx)
CMAC_CTX_cleanup(ctx);
}
else { /* generic MAC handling */
else
# endif /*ENABLE_CMAC*/
{ /* generic MAC handling */
EVP_MD_CTX * ctx = EVP_MD_CTX_new();
u_int uilen = 0;
@ -153,7 +150,7 @@ make_mac(
if (ktype == NID_md5)
{
EVP_MD_CTX * ctx = EVP_MD_CTX_new();
uint uilen = 0;
u_int uilen = 0;
if (digest->len < 16) {
msyslog(LOG_ERR, "%s", "MAC encrypt: MAC md5 buf too small.");

2
contrib/ntp/libntp/authreadkeys.c
View File

@ -221,12 +221,14 @@ authreadkeys(
log_maybe(NULL,
"authreadkeys: invalid type for key %d",
keyno);
# ifdef ENABLE_CMAC
} else if (NID_cmac != keytype &&
EVP_get_digestbynid(keytype) == NULL) {
log_maybe(NULL,
"authreadkeys: no algorithm for key %d",
keyno);
keytype = 0;
# endif /* ENABLE_CMAC */
}
#else /* !OPENSSL follows */
/*

2
contrib/ntp/libntp/calyearstart.c
View File

@ -54,7 +54,7 @@ calmonthstart(u_int32 ntptime, const time_t *pivot)
}
/*
* calweekstart - get NTP time at midnight of the last monday on or
* calweekstart - get NTP time at midnight of the last Monday on or
* before the current date.
*/
u_int32

40
contrib/ntp/libntp/ntp_calendar.c
View File

@ -1832,6 +1832,7 @@ isocal_date_to_ntp(
*/
static int32_t s_baseday = NTP_TO_UNIX_DAYS;
static int32_t s_gpsweek = 0;
int32_t
basedate_eval_buildstamp(void)
@ -1873,7 +1874,7 @@ basedate_eval_string(
goto buildstamp;
}
rc = scanf(str, "%lu%n", &ned, &nc);
rc = sscanf(str, "%lu%n", &ned, &nc);
if (rc == 1 && (size_t)nc == sl) {
if (ned <= INT32_MAX)
return (int32_t)ned;
@ -1901,6 +1902,7 @@ basedate_set_day(
struct calendar jd;
int32_t retv;
/* set NTP base date for NTP era unfolding */
if (day < NTP_TO_UNIX_DAYS) {
msyslog(LOG_WARNING,
"baseday_set_day: invalid day (%lu), UNIX epoch substituted",
@ -1912,6 +1914,17 @@ basedate_set_day(
ntpcal_rd_to_date(&jd, day + DAY_NTP_STARTS);
msyslog(LOG_INFO, "basedate set to %04hu-%02hu-%02hu",
jd.year, (u_short)jd.month, (u_short)jd.monthday);
/* set GPS base week for GPS week unfolding */
day = ntpcal_weekday_ge(day + DAY_NTP_STARTS, CAL_SUNDAY)
- DAY_NTP_STARTS;
if (day < NTP_TO_GPS_DAYS)
day = NTP_TO_GPS_DAYS;
s_gpsweek = (day - NTP_TO_GPS_DAYS) / DAYSPERWEEK;
ntpcal_rd_to_date(&jd, day + DAY_NTP_STARTS);
msyslog(LOG_INFO, "gps base set to %04hu-%02hu-%02hu (week %d)",
jd.year, (u_short)jd.month, (u_short)jd.monthday, s_gpsweek);
return retv;
}
@ -1934,4 +1947,29 @@ basedate_get_erabase(void)
return retv;
}
uint32_t
basedate_get_gpsweek(void)
{
return s_gpsweek;
}
uint32_t
basedate_expand_gpsweek(
unsigned short weekno
)
{
/* We do a fast modulus expansion here. Since all quantities are
* unsigned and we cannot go before the start of the GPS epoch
* anyway, and since the truncated GPS week number is 10 bit, the
* expansion becomes a simple sub/and/add sequence.
*/
#if GPSWEEKS != 1024
# error GPSWEEKS defined wrong -- should be 1024!
#endif
uint32_t diff;
diff = ((uint32_t)weekno - s_gpsweek) & (GPSWEEKS - 1);
return s_gpsweek + diff;
}
/* -*-EOF-*- */

5
contrib/ntp/libntp/prettydate.c
View File

@ -170,6 +170,11 @@ common_prettydate(
LIB_GETBUF(bp);
if (ts->l_ui == 0 && ts->l_uf == 0) {
strlcpy (bp, "(no time)", LIB_BUFLENGTH);
return (bp);
}
/* get & fix milliseconds */
ntps = ts->l_ui;
msec = ts->l_uf / 4294967; /* fract / (2 ** 32 / 1000) */

27
contrib/ntp/libntp/ssl_init.c
View File

@ -13,16 +13,16 @@
#include <lib_strbuf.h>
#ifdef OPENSSL
# include "openssl/cmac.h"
# include "openssl/crypto.h"
# include "openssl/err.h"
# include "openssl/evp.h"
# include "openssl/opensslv.h"
# include <openssl/crypto.h>
# include <openssl/err.h>
# include <openssl/evp.h>
# include <openssl/opensslv.h>
# include "libssl_compat.h"
# define CMAC_LENGTH 16
# define CMAC "AES128CMAC"
# ifdef HAVE_OPENSSL_CMAC_H
# include <openssl/cmac.h>
# define CMAC_LENGTH 16
# define CMAC "AES128CMAC"
# endif /*HAVE_OPENSSL_CMAC_H*/
int ssl_init_done;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
@ -126,6 +126,7 @@ keytype_from_text(
key_type = OBJ_sn2nid(upcased);
# ifdef ENABLE_CMAC
if (!key_type && !strncmp(CMAC, upcased, strlen(CMAC) + 1)) {
key_type = NID_cmac;
@ -134,6 +135,7 @@ keytype_from_text(
__FILE__, __LINE__, __func__, CMAC);
}
}
# endif /*ENABLE_CMAC*/
#else
key_type = 0;
@ -153,6 +155,7 @@ keytype_from_text(
digest_len = (md) ? EVP_MD_size(md) : 0;
if (!md || digest_len <= 0) {
# ifdef ENABLE_CMAC
if (key_type == NID_cmac) {
digest_len = CMAC_LENGTH;
@ -160,7 +163,9 @@ keytype_from_text(
fprintf(stderr, "%s:%d:%s():%s:len\n",
__FILE__, __LINE__, __func__, CMAC);
}
} else {
} else
# endif /*ENABLE_CMAC*/
{
fprintf(stderr,
"key type %s is not supported by OpenSSL\n",
keytype_name(key_type));
@ -209,6 +214,7 @@ keytype_name(
INIT_SSL();
name = OBJ_nid2sn(nid);
# ifdef ENABLE_CMAC
if (NID_cmac == nid) {
name = CMAC;
@ -217,6 +223,7 @@ keytype_name(
__FILE__, __LINE__, __func__, CMAC);
}
} else
# endif /*ENABLE_CMAC*/
if (NULL == name) {
name = unknown_type;
}

9
contrib/ntp/libntp/syssignal.c
View File

@ -138,12 +138,13 @@ set_ctrl_c_hook(
if (NULL == c_hook) {
handler = SIG_DFL;
ctrl_c_hook = NULL;
} else {
handler = &sigint_handler;
signal_no_reset(SIGINT, handler);
ctrl_c_hook = c_hook;
} else {
ctrl_c_hook = c_hook;
handler = &sigint_handler;
signal_no_reset(SIGINT, handler);
}
signal_no_reset(SIGINT, handler);
}
#else /* SYS_WINNT follows */
/*

8
contrib/ntp/libntp/work_fork.c
View File

@ -89,6 +89,10 @@ netwrite(
}
#if defined(HAVE_DROPROOT)
extern int set_user_group_ids(void);
#endif
/* === functions === */
/*
* exit_worker()
@ -592,6 +596,10 @@ fork_blocking_child(
init_logging("ntp_intres", 0, FALSE);
setup_logfile(NULL);
#ifdef HAVE_DROPROOT
(void) set_user_group_ids();
#endif
/*
* And now back to the portable code
*/

17
contrib/ntp/libntp/work_thread.c
View File

@ -56,6 +56,17 @@
# define THREAD_MAXSTACKSIZE THREAD_MINSTACKSIZE
#endif
/* need a good integer to store a pointer... */
#ifndef UINTPTR_T
# if defined(UINTPTR_MAX)
# define UINTPTR_T uintptr_t
# elif defined(UINT_PTR)
# define UINTPTR_T UINT_PTR
# else
# define UINTPTR_T size_t
# endif
#endif
#ifdef SYS_WINNT
@ -66,7 +77,7 @@ static BOOL same_os_sema(const sem_ref obj, void * osobj);
#else
# define thread_exit(c) pthread_exit((void*)(size_t)(c))
# define thread_exit(c) pthread_exit((void*)(UINTPTR_T)(c))
# define tickle_sem sem_post
void * blocking_thread(void *);
static void block_thread_signals(sigset_t *);
@ -374,7 +385,9 @@ send_blocking_resp_internal(
if (empty)
{
# ifdef WORK_PIPE
write(c->resp_write_pipe, "", 1);
if (1 != write(c->resp_write_pipe, "", 1))
msyslog(LOG_WARNING, "async resolver: %s",
"failed to notify main thread!");
# else
tickle_sem(c->responses_pending);
# endif

75
contrib/ntp/libntp/xsbprintf.c Normal file
View File

@ -0,0 +1,75 @@
/*
* xsbprintf.c - string buffer formatting helpers
*
* Written by Juergen Perlinger (perlinger@ntp.org) for the NTP project.
* The contents of 'html/copyright.html' apply.
*/
#include <config.h>
#include <sys/types.h>
#include "ntp_stdlib.h"
/* eXtended Varlist String Buffer printf
*
* Formats via 'vsnprintf' into a string buffer, with some semantic
* specialties:
*
* - The start of the buffer pointer is updated according to the number
* of characters written.
* - If the buffer is insufficient to format the number of charactes,
* the partial result will be be discarded, and zero is returned to
* indicate nothing was written to the buffer.
* - On successful formatting, the return code is the return value of
* the inner call to 'vsnprintf()'.
* - If there is any error, the state of the buffer will not be
* changed. (Bytes in the buffer might be smashed, but the buffer
* position does not change, and the NUL marker stays in place at the
* current buffer position.)
* - If '(*ppbuf - pend) <= 0' (or ppbuf is NULL), fail with EINVAL.
*/
int
xvsbprintf(
char **ppbuf, /* pointer to buffer pointer (I/O) */
char * const pend, /* buffer end (I) */
char const *pfmt, /* printf-like format string */
va_list va /* formatting args for above */
)
{
char *pbuf = (ppbuf) ? *ppbuf : NULL;
int rc = -1;
if (pbuf && (pend - pbuf > 0)) {
size_t blen = (size_t)(pend - pbuf);
rc = vsnprintf(pbuf, blen, pfmt, va);
if (rc > 0) {
if ((size_t)rc >= blen)
rc = 0;
pbuf += rc;
}
*pbuf = '\0'; /* fear of bad vsnprintf */
*ppbuf = pbuf;
} else {
errno = EINVAL;
}
return rc;
}
/* variadic wrapper around the buffer string formatter */
int
xsbprintf(
char **ppbuf, /* pointer to buffer pointer (I/O) */
char * const pend, /* buffer end (I) */
char const *pfmt, /* printf-like format string */
... /* formatting args for above */
)
{
va_list va;
int rc;
va_start(va, pfmt);
rc = xvsbprintf(ppbuf, pend, pfmt, va);
va_end(va);
return rc;
}
/* that's all folks! */

4
contrib/ntp/libparse/Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

14
contrib/ntp/libparse/clk_trimtsip.c
View File

@ -265,9 +265,7 @@ cvt_trimtsip(
clock_time->flags = PARSEB_POWERUP;
return CVT_OK;
}
if (week < GPSWRAP) {
week += GPSWEEKS;
}
week = basedate_expand_gpsweek(week);
/* time OK */
@ -351,14 +349,12 @@ cvt_trimtsip(
int tls = t->t_gpsutc = (u_short) getshort((unsigned char *)&mb(12)); /* current leap correction (GPS-UTC) */
int tlsf = t->t_gpsutcleap = (u_short) getshort((unsigned char *)&mb(24)); /* new leap correction */
t->t_weekleap = (u_short) getshort((unsigned char *)&mb(20)); /* week no of leap correction */
if (t->t_weekleap < GPSWRAP)
t->t_weekleap = (u_short)(t->t_weekleap + GPSWEEKS);
t->t_weekleap = basedate_expand_gpsweek(
(u_short) getshort((unsigned char *)&mb(20))); /* week no of leap correction */
t->t_dayleap = (u_short) getshort((unsigned char *)&mb(22)); /* day in week of leap correction */
t->t_week = (u_short) getshort((unsigned char *)&mb(18)); /* current week no */
if (t->t_week < GPSWRAP)
t->t_week = (u_short)(t->t_weekleap + GPSWEEKS);
t->t_week = basedate_expand_gpsweek(
(u_short) getshort((unsigned char *)&mb(18))); /* current week no */
lbp = (unsigned char *)&mb(14); /* last update time */
if (fetch_ieee754(&lbp, IEEE_SINGLE, &t0t, trim_offsets) != IEEE_OK)

5
contrib/ntp/libparse/gpstolfp.c
View File

@ -45,11 +45,6 @@ gpstolfp(
l_fp * lfp
)
{
if (weeks < GPSWRAP)
{
weeks += GPSWEEKS;
}
lfp->l_ui = (uint32_t)(weeks * SECSPERWEEK + days * SECSPERDAY + seconds + GPSORIGIN); /* convert to NTP time */
lfp->l_uf = 0;
}

4
contrib/ntp/ntpd/Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

2
contrib/ntp/ntpd/complete.conf.in
View File

@ -21,7 +21,7 @@ crypto digest md5 host myhostname ident wedent pw cryptopass randfile /.rnd
revoke 10
keysdir "/etc/ntp/keys"
keys "/etc/ntp.keys"
trustedkey 1 2 3 4 5 6 7 8 9 10 11 12 (14 ... 16) 18 (32768 ... 65534)
trustedkey 1 2 3 4 5 6 7 8 9 10 11 12 (14 ... 16) 18 (32768 ... 65535)
controlkey 12
requestkey 12
enable auth ntp monitor stats

12
contrib/ntp/ntpd/invoke-ntp.conf.texi
View File

@ -6,7 +6,7 @@
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi)
#
# It has been AutoGen-ed February 27, 2018 at 05:14:34 PM by AutoGen 5.18.5
# It has been AutoGen-ed February 20, 2019 at 09:56:39 AM by AutoGen 5.18.5
# From the definitions ntp.conf.def
# and the template file agtexi-file.tpl
@end ignore
@ -284,7 +284,7 @@ option.
All packets sent to and received from the server or peer are to
include authentication fields encrypted using the specified
@kbd{key}
identifier with values from 1 to 65534, inclusive.
identifier with values from 1 to 65535, inclusive.
The
default is to include no encryption field.
@item @code{minpoll} @kbd{minpoll}
@ -543,7 +543,7 @@ and reports at the NTP project page linked from
@code{http://www.ntp.org/}.
@subsubsection Symmetric-Key Cryptography
The original RFC-1305 specification allows any one of possibly
65,534 keys, each distinguished by a 32-bit key identifier, to
65,535 keys, each distinguished by a 32-bit key identifier, to
authenticate an association.
The servers and clients involved must
agree on the key and key identifier to
@ -827,7 +827,7 @@ The
@kbd{key}
argument is
the key identifier for a trusted key, where the value can be in the
range 1 to 65,534, inclusive.
range 1 to 65,535, inclusive.
@item @code{crypto} @code{[@code{cert} @kbd{file}]} @code{[@code{leap} @kbd{file}]} @code{[@code{randfile} @kbd{file}]} @code{[@code{host} @kbd{file}]} @code{[@code{sign} @kbd{file}]} @code{[@code{gq} @kbd{file}]} @code{[@code{gqpar} @kbd{file}]} @code{[@code{iffpar} @kbd{file}]} @code{[@code{mvpar} @kbd{file}]} @code{[@code{pw} @kbd{password}]}
This command requires the OpenSSL library.
It activates public key
@ -920,7 +920,7 @@ The
@kbd{key}
argument is a key identifier
for the trusted key, where the value can be in the range 1 to
65,534, inclusive.
65,535, inclusive.
@item @code{revoke} @kbd{logsec}
Specifies the interval between re-randomization of certain
cryptographic values used by the Autokey scheme, as a power of 2 in
@ -947,7 +947,7 @@ servers.
The
@kbd{key}
arguments are 32-bit unsigned
integers with values from 1 to 65,534.
integers with values from 1 to 65,535.
@end table
@subsubsection Error Codes
The following error codes are reported via the NTP control

6
contrib/ntp/ntpd/invoke-ntp.keys.texi
View File

@ -6,7 +6,7 @@
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi)
#
# It has been AutoGen-ed February 27, 2018 at 05:14:37 PM by AutoGen 5.18.5
# It has been AutoGen-ed February 20, 2019 at 09:56:41 AM by AutoGen 5.18.5
# From the definitions ntp.keys.def
# and the template file agtexi-file.tpl
@end ignore
@ -29,7 +29,7 @@ statement in the configuration file.
While key number 0 is fixed by the NTP standard
(as 56 zero bits)
and may not be changed,
one or more keys numbered between 1 and 65534
one or more keys numbered between 1 and 65535
may be arbitrarily set in the keys file.
The key file uses the same comment conventions
@ -42,7 +42,7 @@ Key entries use a fixed format of the form
where
@kbd{keyno}
is a positive integer (between 1 and 65534),
is a positive integer (between 1 and 65535),
@kbd{type}
is the message digest algorithm,
@kbd{key}

8
contrib/ntp/ntpd/invoke-ntpd.texi
View File

@ -6,7 +6,7 @@
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpd.texi)
#
# It has been AutoGen-ed February 27, 2018 at 05:14:39 PM by AutoGen 5.18.5
# It has been AutoGen-ed February 20, 2019 at 09:56:42 AM by AutoGen 5.18.5
# From the definitions ntpd-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@ -142,7 +142,7 @@ with a status code of 0.
@exampleindent 0
@example
ntpd - NTP daemon program - Ver. 4.2.8p11
ntpd - NTP daemon program - Ver. 4.2.8p13
Usage: ntpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \
[ <server1> ... <serverN> ]
Flg Arg Option-Name Description
@ -164,7 +164,7 @@ Usage: ntpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \
-g no panicgate Allow the first adjustment to be Big
- may appear multiple times
-G no force-step-once Step any initial offset correction.
-i Str jaildir Jail directory
-i --- jaildir built without --enable-clockctl or --enable-linuxcaps or --enable-solarisprivs
-I Str interface Listen on an interface name or address
- may appear multiple times
-k Str keyfile path to symmetric keys
@ -187,7 +187,7 @@ Usage: ntpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \
-s Str statsdir Statistics file location
-t Str trustedkey Trusted key number
- may appear multiple times
-u Str user Run as userid (or userid:groupid)
-u --- user built without --enable-clockctl or --enable-linuxcaps or --enable-solarisprivs
-U Num updateinterval interval in seconds between scans for new or dropped interfaces
Str var make ARG an ntp variable (RW)
- may appear multiple times

16
contrib/ntp/ntpd/ntp.conf.5man
View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntp.conf 5man "27 Feb 2018" "4.2.8p11" "File Formats"
.TH ntp.conf 5man "20 Feb 2019" "4.2.8p13" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LkaqTP/ag-XkaiSP)
.\" EDIT THIS FILE WITH CAUTION (in-mem file)
.\"
.\" It has been AutoGen-ed February 27, 2018 at 05:14:22 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 20, 2019 at 09:56:43 AM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def
.\" and the template file agman-cmd.tpl
.SH NAME
@ -326,7 +326,7 @@ option.
All packets sent to and received from the server or peer are to
include authentication fields encrypted using the specified
\f\*[I-Font]key\f[]
identifier with values from 1 to 65534, inclusive.
identifier with values from 1 to 65535, inclusive.
The
default is to include no encryption field.
.TP 7
@ -611,7 +611,7 @@ and reports at the NTP project page linked from
\f[C]http://www.ntp.org/\f[].
.SS Symmetric-Key Cryptography
The original RFC-1305 specification allows any one of possibly
65,534 keys, each distinguished by a 32-bit key identifier, to
65,535 keys, each distinguished by a 32-bit key identifier, to
authenticate an association.
The servers and clients involved must
agree on the key and key identifier to
@ -932,7 +932,7 @@ The
\f\*[I-Font]key\f[]
argument is
the key identifier for a trusted key, where the value can be in the
range 1 to 65,534, inclusive.
range 1 to 65,535, inclusive.
.TP 7
.NOP \f\*[B-Font]crypto\f[] [\f\*[B-Font]cert\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]leap\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]randfile\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]host\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]sign\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gq\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gqpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]iffpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]mvpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]pw\f[] \f\*[I-Font]password\f[]]
This command requires the OpenSSL library.
@ -1038,7 +1038,7 @@ The
\f\*[I-Font]key\f[]
argument is a key identifier
for the trusted key, where the value can be in the range 1 to
65,534, inclusive.
65,535, inclusive.
.TP 7
.NOP \f\*[B-Font]revoke\f[] \f\*[I-Font]logsec\f[]
Specifies the interval between re-randomization of certain
@ -1067,7 +1067,7 @@ servers.
The
\f\*[I-Font]key\f[]
arguments are 32-bit unsigned
integers with values from 1 to 65,534.
integers with values from 1 to 65,535.
.PP
.SS Error Codes
The following error codes are reported via the NTP control

14
contrib/ntp/ntpd/ntp.conf.5mdoc
View File

@ -1,9 +1,9 @@
.Dd February 27 2018
.Dd February 20 2019
.Dt NTP_CONF 5mdoc File Formats
.Os
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
.\" It has been AutoGen-ed February 27, 2018 at 05:14:42 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 20, 2019 at 09:56:34 AM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
@ -325,7 +325,7 @@ option.
All packets sent to and received from the server or peer are to
include authentication fields encrypted using the specified
.Ar key
identifier with values from 1 to 65534, inclusive.
identifier with values from 1 to 65535, inclusive.
The
default is to include no encryption field.
.It Cm minpoll Ar minpoll
@ -583,7 +583,7 @@ and reports at the NTP project page linked from
.Li http://www.ntp.org/ .
.Ss Symmetric\-Key Cryptography
The original RFC\-1305 specification allows any one of possibly
65,534 keys, each distinguished by a 32\-bit key identifier, to
65,535 keys, each distinguished by a 32\-bit key identifier, to
authenticate an association.
The servers and clients involved must
agree on the key and key identifier to
@ -877,7 +877,7 @@ The
.Ar key
argument is
the key identifier for a trusted key, where the value can be in the
range 1 to 65,534, inclusive.
range 1 to 65,535, inclusive.
.It Xo Ic crypto
.Op Cm cert Ar file
.Op Cm leap Ar file
@ -981,7 +981,7 @@ The
.Ar key
argument is a key identifier
for the trusted key, where the value can be in the range 1 to
65,534, inclusive.
65,535, inclusive.
.It Ic revoke Ar logsec
Specifies the interval between re\-randomization of certain
cryptographic values used by the Autokey scheme, as a power of 2 in
@ -1008,7 +1008,7 @@ servers.
The
.Ar key
arguments are 32\-bit unsigned
integers with values from 1 to 65,534.
integers with values from 1 to 65,535.
.El
.Ss Error Codes
The following error codes are reported via the NTP control

10
contrib/ntp/ntpd/ntp.conf.def
View File

@ -327,7 +327,7 @@ option.
All packets sent to and received from the server or peer are to
include authentication fields encrypted using the specified
.Ar key
identifier with values from 1 to 65534, inclusive.
identifier with values from 1 to 65535, inclusive.
The
default is to include no encryption field.
.It Cm minpoll Ar minpoll
@ -585,7 +585,7 @@ and reports at the NTP project page linked from
.Li http://www.ntp.org/ .
.Ss Symmetric-Key Cryptography
The original RFC-1305 specification allows any one of possibly
65,534 keys, each distinguished by a 32-bit key identifier, to
65,535 keys, each distinguished by a 32-bit key identifier, to
authenticate an association.
The servers and clients involved must
agree on the key and key identifier to
@ -879,7 +879,7 @@ The
.Ar key
argument is
the key identifier for a trusted key, where the value can be in the
range 1 to 65,534, inclusive.
range 1 to 65,535, inclusive.
.It Xo Ic crypto
.Op Cm cert Ar file
.Op Cm leap Ar file
@ -983,7 +983,7 @@ The
.Ar key
argument is a key identifier
for the trusted key, where the value can be in the range 1 to
65,534, inclusive.
65,535, inclusive.
.It Ic revoke Ar logsec
Specifies the interval between re-randomization of certain
cryptographic values used by the Autokey scheme, as a power of 2 in
@ -1010,7 +1010,7 @@ servers.
The
.Ar key
arguments are 32-bit unsigned
integers with values from 1 to 65,534.
integers with values from 1 to 65,535.
.El
.Ss Error Codes
The following error codes are reported via the NTP control

2948
contrib/ntp/ntpd/ntp.conf.html
View File

File diff suppressed because it is too large Load Diff

16
contrib/ntp/ntpd/ntp.conf.man.in
View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntp.conf 5 "27 Feb 2018" "4.2.8p11" "File Formats"
.TH ntp.conf 5 "20 Feb 2019" "4.2.8p13" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LkaqTP/ag-XkaiSP)
.\" EDIT THIS FILE WITH CAUTION (in-mem file)
.\"
.\" It has been AutoGen-ed February 27, 2018 at 05:14:22 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 20, 2019 at 09:56:43 AM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def
.\" and the template file agman-cmd.tpl
.SH NAME
@ -326,7 +326,7 @@ option.
All packets sent to and received from the server or peer are to
include authentication fields encrypted using the specified
\f\*[I-Font]key\f[]
identifier with values from 1 to 65534, inclusive.
identifier with values from 1 to 65535, inclusive.
The
default is to include no encryption field.
.TP 7
@ -611,7 +611,7 @@ and reports at the NTP project page linked from
\f[C]http://www.ntp.org/\f[].
.SS Symmetric-Key Cryptography
The original RFC-1305 specification allows any one of possibly
65,534 keys, each distinguished by a 32-bit key identifier, to
65,535 keys, each distinguished by a 32-bit key identifier, to
authenticate an association.
The servers and clients involved must
agree on the key and key identifier to
@ -932,7 +932,7 @@ The
\f\*[I-Font]key\f[]
argument is
the key identifier for a trusted key, where the value can be in the
range 1 to 65,534, inclusive.
range 1 to 65,535, inclusive.
.TP 7
.NOP \f\*[B-Font]crypto\f[] [\f\*[B-Font]cert\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]leap\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]randfile\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]host\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]sign\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gq\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gqpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]iffpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]mvpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]pw\f[] \f\*[I-Font]password\f[]]
This command requires the OpenSSL library.
@ -1038,7 +1038,7 @@ The
\f\*[I-Font]key\f[]
argument is a key identifier
for the trusted key, where the value can be in the range 1 to
65,534, inclusive.
65,535, inclusive.
.TP 7
.NOP \f\*[B-Font]revoke\f[] \f\*[I-Font]logsec\f[]
Specifies the interval between re-randomization of certain
@ -1067,7 +1067,7 @@ servers.
The
\f\*[I-Font]key\f[]
arguments are 32-bit unsigned
integers with values from 1 to 65,534.
integers with values from 1 to 65,535.
.PP
.SS Error Codes
The following error codes are reported via the NTP control

14
contrib/ntp/ntpd/ntp.conf.mdoc.in
View File

@ -1,9 +1,9 @@
.Dd February 27 2018
.Dd February 20 2019
.Dt NTP_CONF 5 File Formats
.Os
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
.\" It has been AutoGen-ed February 27, 2018 at 05:14:42 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 20, 2019 at 09:56:34 AM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
@ -325,7 +325,7 @@ option.
All packets sent to and received from the server or peer are to
include authentication fields encrypted using the specified
.Ar key
identifier with values from 1 to 65534, inclusive.
identifier with values from 1 to 65535, inclusive.
The
default is to include no encryption field.
.It Cm minpoll Ar minpoll
@ -583,7 +583,7 @@ and reports at the NTP project page linked from
.Li http://www.ntp.org/ .
.Ss Symmetric\-Key Cryptography
The original RFC\-1305 specification allows any one of possibly
65,534 keys, each distinguished by a 32\-bit key identifier, to
65,535 keys, each distinguished by a 32\-bit key identifier, to
authenticate an association.
The servers and clients involved must
agree on the key and key identifier to
@ -877,7 +877,7 @@ The
.Ar key
argument is
the key identifier for a trusted key, where the value can be in the
range 1 to 65,534, inclusive.
range 1 to 65,535, inclusive.
.It Xo Ic crypto
.Op Cm cert Ar file
.Op Cm leap Ar file
@ -981,7 +981,7 @@ The
.Ar key
argument is a key identifier
for the trusted key, where the value can be in the range 1 to
65,534, inclusive.
65,535, inclusive.
.It Ic revoke Ar logsec
Specifies the interval between re\-randomization of certain
cryptographic values used by the Autokey scheme, as a power of 2 in
@ -1008,7 +1008,7 @@ servers.
The
.Ar key
arguments are 32\-bit unsigned
integers with values from 1 to 65,534.
integers with values from 1 to 65,535.
.El
.Ss Error Codes
The following error codes are reported via the NTP control

8
contrib/ntp/ntpd/ntp.keys.5man
View File

@ -1,8 +1,8 @@
.TH ntp.keys 5man "27 Feb 2018" "4.2.8p11" "File Formats"
.TH ntp.keys 5man "20 Feb 2019" "4.2.8p13" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\"
.\" It has been AutoGen-ed February 27, 2018 at 05:14:26 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 20, 2019 at 09:56:44 AM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def
.\" and the template file agman-file.tpl
.Sh NAME
@ -54,7 +54,7 @@ statement in the configuration file.
While key number 0 is fixed by the NTP standard
(as 56 zero bits)
and may not be changed,
one or more keys numbered between 1 and 65534
one or more keys numbered between 1 and 65535
may be arbitrarily set in the keys file.
.sp \n(Ppu
.ne 2
@ -73,7 +73,7 @@ Key entries use a fixed format of the form
where
\f\*[I-Font]keyno\f[]
is a positive integer (between 1 and 65534),
is a positive integer (between 1 and 65535),
\f\*[I-Font]type\f[]
is the message digest algorithm,
\f\*[I-Font]key\f[]

10
contrib/ntp/ntpd/ntp.keys.5mdoc
View File

@ -1,9 +1,9 @@
.Dd February 27 2018
.Dd February 20 2019
.Dt NTP_KEYS 5mdoc File Formats
.Os SunOS 5.10
.Os FreeBSD 11.2-RELEASE_SI
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
.\" It has been AutoGen-ed February 27, 2018 at 05:14:46 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 20, 2019 at 09:56:35 AM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def
.\" and the template file agmdoc-file.tpl
.Sh NAME
@ -37,7 +37,7 @@ statement in the configuration file.
While key number 0 is fixed by the NTP standard
(as 56 zero bits)
and may not be changed,
one or more keys numbered between 1 and 65534
one or more keys numbered between 1 and 65535
may be arbitrarily set in the keys file.
.Pp
The key file uses the same comment conventions
@ -48,7 +48,7 @@ Key entries use a fixed format of the form
.Pp
where
.Ar keyno
is a positive integer (between 1 and 65534),
is a positive integer (between 1 and 65535),
.Ar type
is the message digest algorithm,
.Ar key

4
contrib/ntp/ntpd/ntp.keys.def
View File

@ -36,7 +36,7 @@ statement in the configuration file.
While key number 0 is fixed by the NTP standard
(as 56 zero bits)
and may not be changed,
one or more keys numbered between 1 and 65534
one or more keys numbered between 1 and 65535
may be arbitrarily set in the keys file.
.Pp
The key file uses the same comment conventions
@ -47,7 +47,7 @@ Key entries use a fixed format of the form
.Pp
where
.Ar keyno
is a positive integer (between 1 and 65534),
is a positive integer (between 1 and 65535),
.Ar type
is the message digest algorithm,
.Ar key

287
contrib/ntp/ntpd/ntp.keys.html
View File

@ -1,103 +1,145 @@
<html lang="en">
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- Created by GNU Texinfo 6.5, http://www.gnu.org/software/texinfo/ -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>NTP Symmetric Key</title>
<meta http-equiv="Content-Type" content="text/html">
<meta name="description" content="NTP Symmetric Key">
<meta name="generator" content="makeinfo 4.7">
<link title="Top" rel="top" href="#Top">
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
<meta http-equiv="Content-Style-Type" content="text/css">
<style type="text/css"><!--
pre.display { font-family:inherit }
pre.format { font-family:inherit }
pre.smalldisplay { font-family:inherit; font-size:smaller }
pre.smallformat { font-family:inherit; font-size:smaller }
pre.smallexample { font-size:smaller }
pre.smalllisp { font-size:smaller }
span.sc { font-variant:small-caps }
span.roman { font-family: serif; font-weight: normal; }
--></style>
<meta name="keywords" content="NTP Symmetric Key">
<meta name="resource-type" content="document">
<meta name="distribution" content="global">
<meta name="Generator" content="makeinfo">
<link href="#Top" rel="start" title="Top">
<link href="dir.html#Top" rel="up" title="(dir)">
<style type="text/css">
<!--
a.summary-letter {text-decoration: none}
blockquote.indentedblock {margin-right: 0em}
blockquote.smallindentedblock {margin-right: 0em; font-size: smaller}
blockquote.smallquotation {font-size: smaller}
div.display {margin-left: 3.2em}
div.example {margin-left: 3.2em}
div.lisp {margin-left: 3.2em}
div.smalldisplay {margin-left: 3.2em}
div.smallexample {margin-left: 3.2em}
div.smalllisp {margin-left: 3.2em}
kbd {font-style: oblique}
pre.display {font-family: inherit}
pre.format {font-family: inherit}
pre.menu-comment {font-family: serif}
pre.menu-preformatted {font-family: serif}
pre.smalldisplay {font-family: inherit; font-size: smaller}
pre.smallexample {font-size: smaller}
pre.smallformat {font-family: inherit; font-size: smaller}
pre.smalllisp {font-size: smaller}
span.nolinebreak {white-space: nowrap}
span.roman {font-family: initial; font-weight: normal}
span.sansserif {font-family: sans-serif; font-weight: normal}
ul.no-bullet {list-style: none}
-->
</style>
</head>
<body>
<h1 class="settitle">NTP Symmetric Key</h1>
<div class="node">
<p><hr>
<a name="Top"></a>Next:&nbsp;<a rel="next" accesskey="n" href="#ntp_002ekeys-Description">ntp.keys Description</a>,
Previous:&nbsp;<a rel="previous" accesskey="p" href="#dir">(dir)</a>,
Up:&nbsp;<a rel="up" accesskey="u" href="#dir">(dir)</a>
<br>
<body lang="en">
<h1 class="settitle" align="center">NTP Symmetric Key</h1>
<a name="Top"></a>
<div class="header">
<p>
Next: <a href="#ntp_002ekeys-Description" accesskey="n" rel="next">ntp.keys Description</a>, Previous: <a href="dir.html#Top" accesskey="p" rel="prev">(dir)</a>, Up: <a href="dir.html#Top" accesskey="u" rel="up">(dir)</a> &nbsp; </p>
</div>
<a name="NTP_0027s-Symmetric-Key-File-User-Manual"></a>
<h1 class="top">NTP&rsquo;s Symmetric Key File User Manual</h1>
<h2 class="unnumbered">NTP's Symmetric Key File User Manual</h2>
<p>This document describes the symmetric key file for the NTP Project's
<p>This document describes the symmetric key file for the NTP Project&rsquo;s
<code>ntpd</code> program.
</p>
<p>This document applies to version 4.2.8p13 of <code>ntp.keys</code>.
</p>
<a name="SEC_Overview"></a>
<h2 class="shortcontents-heading">Short Table of Contents</h2>
<p>This document applies to version 4.2.8p11 of <code>ntp.keys</code>.
<div class="shortcontents">
<h2>Short Contents</h2>
<ul>
<a href="#Top">NTP's Symmetric Key File User Manual</a>
<div class="shortcontents">
<ul class="no-bullet">
<li><a name="stoc-Description" href="#toc-Description">1 Description</a></li>
</ul>
</div>
<ul class="menu">
<li><a accesskey="1" href="#ntp_002ekeys-Description">ntp.keys Description</a>
<li><a accesskey="2" href="#ntp_002ekeys-Notes">ntp.keys Notes</a>
</ul>
<div class="node">
<p><hr>
<a name="ntp_002ekeys-Description"></a>Previous:&nbsp;<a rel="previous" accesskey="p" href="#Top">Top</a>,
Up:&nbsp;<a rel="up" accesskey="u" href="#Top">Top</a>
<br>
<table class="menu" border="0" cellspacing="0">
<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-Description" accesskey="1">ntp.keys Description</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
</td></tr>
<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-Notes" accesskey="2">ntp.keys Notes</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
</td></tr>
</table>
<hr>
<a name="ntp_002ekeys-Description"></a>
<div class="header">
<p>
Previous: <a href="#Top" accesskey="p" rel="prev">Top</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> &nbsp; </p>
</div>
<!-- node-name, next, previous, up -->
<h3 class="section">Description</h3>
<a name="Description"></a>
<h2 class="chapter">1 Description</h2>
<p>The name and location of the symmetric key file for <code>ntpd</code> can
be specified in a configuration file, by default <code>/etc/ntp.keys</code>.
</p>
<table class="menu" border="0" cellspacing="0">
<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-Notes" accesskey="1">ntp.keys Notes</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
</td></tr>
</table>
<div class="node">
<p><hr>
<hr>
<a name="ntp_002ekeys-Notes"></a>
<br>
<div class="header">
<p>
Previous: <a href="#ntp_002ekeys-See-Also" accesskey="p" rel="prev">ntp.keys See Also</a>, Up: <a href="#ntp_002ekeys-Description" accesskey="u" rel="up">ntp.keys Description</a> &nbsp; </p>
</div>
<a name="Notes-about-ntp_002ekeys"></a>
<h3 class="section">1.1 Notes about ntp.keys</h3>
<a name="index-ntp_002ekeys"></a>
<a name="index-NTP-symmetric-key-file-format"></a>
<h3 class="section">Notes about ntp.keys</h3>
<p><a name="index-ntp_002ekeys-1"></a><a name="index-NTP-symmetric-key-file-format-2"></a>
<p>This document describes the format of an NTP symmetric key file.
<p>This document describes the format of an NTP symmetric key file.
For a description of the use of this type of file, see the
"Authentication Support"
&quot;Authentication Support&quot;
section of the
<code>ntp.conf(5)</code>
page.
<p><code>ntpd(8)</code>
</p>
<p><code>ntpd(8)</code>
reads its keys from a file specified using the
<code>-k</code>
command line option or the
<code>keys</code>
statement in the configuration file.
statement in the configuration file.
While key number 0 is fixed by the NTP standard
(as 56 zero bits)
and may not be changed,
one or more keys numbered between 1 and 65534
one or more keys numbered between 1 and 65535
may be arbitrarily set in the keys file.
<p>The key file uses the same comment conventions
as the configuration file.
</p>
<p>The key file uses the same comment conventions
as the configuration file.
Key entries use a fixed format of the form
</p>
<div class="example">
<pre class="example"><kbd>keyno</kbd> <kbd>type</kbd> <kbd>key</kbd> <kbd>opt_IP_list</kbd>
</pre></div>
<pre class="example"> <kbd>keyno</kbd> <kbd>type</kbd> <kbd>key</kbd> <kbd>opt_IP_list</kbd>
</pre>
<p>where
<p>where
<kbd>keyno</kbd>
is a positive integer (between 1 and 65534),
is a positive integer (between 1 and 65535),
<kbd>type</kbd>
is the message digest algorithm,
<kbd>key</kbd>
@ -106,111 +148,120 @@ is the key itself, and
is an optional comma-separated list of IPs
where the
<kbd>keyno</kbd>
should be trusted.
that are allowed to serve time.
should be trusted.
that are allowed to serve time.
Each IP in
<kbd>opt_IP_list</kbd>
may contain an optional
<code>/subnetbits</code>
specification which identifies the number of bits for
the desired subnet of trust.
the desired subnet of trust.
If
<kbd>opt_IP_list</kbd>
is empty,
any properly-authenticated message will be
accepted.
<p>The
</p>
<p>The
<kbd>key</kbd>
may be given in a format
controlled by the
<kbd>type</kbd>
field.
field.
The
<kbd>type</kbd>
<code>MD5</code>
is always supported.
is always supported.
If
<code>ntpd</code>
was built with the OpenSSL library
then any digest library supported by that library may be specified.
then any digest library supported by that library may be specified.
However, if compliance with FIPS 140-2 is required the
<kbd>type</kbd>
must be either
<code>SHA</code>
or
<code>SHA1</code>.
<p>What follows are some key types, and corresponding formats:
<dl>
<dt><code>MD5</code><dd>The key is 1 to 16 printable characters terminated by
</p>
<p>What follows are some key types, and corresponding formats:
</p>
<dl compact="compact">
<dt><code>MD5</code></dt>
<dd><p>The key is 1 to 16 printable characters terminated by
an EOL,
whitespace,
or
a
<code>#</code>
(which is the "start of comment" character).
<br><dt><code>SHA</code><br><dt><code>SHA1</code><br><dt><code>RMD160</code><dd>The key is a hex-encoded ASCII string of 40 characters,
which is truncated as necessary.
(which is the &quot;start of comment&quot; character).
</p>
</dd>
<dt><code>SHA</code></dt>
<dt><code>SHA1</code></dt>
<dt><code>RMD160</code></dt>
<dd><p>The key is a hex-encoded ASCII string of 40 characters,
which is truncated as necessary.
</p></dd>
</dl>
<p>Note that the keys used by the
<p>Note that the keys used by the
<code>ntpq(8)</code>
and
<code>ntpdc(8)</code>
programs are checked against passwords
requested by the programs and entered by hand,
so it is generally appropriate to specify these keys in ASCII format.
<p>This section was generated by <strong>AutoGen</strong>,
using the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntp.keys</code> program.
</p>
<p>This section was generated by <strong>AutoGen</strong>,
using the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntp.keys</code> program.
This software is released under the NTP license, &lt;http://ntp.org/license&gt;.
</p>
<table class="menu" border="0" cellspacing="0">
<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-Files" accesskey="1">ntp.keys Files</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">Files
</td></tr>
<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-See-Also" accesskey="2">ntp.keys See Also</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">See Also
</td></tr>
<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-Notes" accesskey="3">ntp.keys Notes</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">Notes
</td></tr>
</table>
<ul class="menu">
<li><a accesskey="1" href="#ntp_002ekeys-Files">ntp.keys Files</a>: Files
<li><a accesskey="2" href="#ntp_002ekeys-See-Also">ntp.keys See Also</a>: See Also
<li><a accesskey="3" href="#ntp_002ekeys-Notes">ntp.keys Notes</a>: Notes
</ul>
<div class="node">
<p><hr>
<a name="ntp_002ekeys-Files"></a>Next:&nbsp;<a rel="next" accesskey="n" href="#ntp_002ekeys-See-Also">ntp.keys See Also</a>,
Up:&nbsp;<a rel="up" accesskey="u" href="#ntp_002ekeys-Notes">ntp.keys Notes</a>
<br>
<hr>
<a name="ntp_002ekeys-Files"></a>
<div class="header">
<p>
Next: <a href="#ntp_002ekeys-See-Also" accesskey="n" rel="next">ntp.keys See Also</a>, Up: <a href="#ntp_002ekeys-Notes" accesskey="u" rel="up">ntp.keys Notes</a> &nbsp; </p>
</div>
<h4 class="subsection">ntp.keys Files</h4>
<dl>
<dt><span class="file">/etc/ntp.keys</span><dd>the default name of the configuration file
<a name="ntp_002ekeys-Files-1"></a>
<h4 class="subsection">1.1.1 ntp.keys Files</h4>
<dl compact="compact">
<dt><samp>/etc/ntp.keys</samp></dt>
<dd><p>the default name of the configuration file
</p></dd>
</dl>
<div class="node">
<p><hr>
<a name="ntp_002ekeys-See-Also"></a>Next:&nbsp;<a rel="next" accesskey="n" href="#ntp_002ekeys-Notes">ntp.keys Notes</a>,
Previous:&nbsp;<a rel="previous" accesskey="p" href="#ntp_002ekeys-Files">ntp.keys Files</a>,
Up:&nbsp;<a rel="up" accesskey="u" href="#ntp_002ekeys-Notes">ntp.keys Notes</a>
<br>
<hr>
<a name="ntp_002ekeys-See-Also"></a>
<div class="header">
<p>
Previous: <a href="#ntp_002ekeys-Files" accesskey="p" rel="prev">ntp.keys Files</a>, Up: <a href="#ntp_002ekeys-Notes" accesskey="u" rel="up">ntp.keys Notes</a> &nbsp; </p>
</div>
<h4 class="subsection">ntp.keys See Also</h4>
<a name="ntp_002ekeys-See-Also-1"></a>
<h4 class="subsection">1.1.2 ntp.keys See Also</h4>
<p><code>ntp.conf(5)</code>,
<code>ntpd(1ntpdmdoc)</code>,
<code>ntpdate(1ntpdatemdoc)</code>,
<code>ntpdc(1ntpdcmdoc)</code>,
<code>sntp(1sntpmdoc)</code>
<div class="node">
<p><hr>
<a name="ntp_002ekeys-Notes"></a>Previous:&nbsp;<a rel="previous" accesskey="p" href="#ntp_002ekeys-See-Also">ntp.keys See Also</a>,
Up:&nbsp;<a rel="up" accesskey="u" href="#ntp_002ekeys-Notes">ntp.keys Notes</a>
<br>
</p><hr>
<div class="header">
<p>
&nbsp; </p>
</div>
<h4 class="subsection">ntp.keys Notes</h4>
<a name="ntp_002ekeys-Notes-1"></a>
<h4 class="subsection">1.1.3 ntp.keys Notes</h4>
<p>This document was derived from FreeBSD.
</p><hr>
</body></html>
</body>
</html>

8
contrib/ntp/ntpd/ntp.keys.man.in
View File

@ -1,8 +1,8 @@
.TH ntp.keys 5 "27 Feb 2018" "4.2.8p11" "File Formats"
.TH ntp.keys 5 "20 Feb 2019" "4.2.8p13" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\"
.\" It has been AutoGen-ed February 27, 2018 at 05:14:26 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 20, 2019 at 09:56:44 AM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def
.\" and the template file agman-file.tpl
.Sh NAME
@ -54,7 +54,7 @@ statement in the configuration file.
While key number 0 is fixed by the NTP standard
(as 56 zero bits)
and may not be changed,
one or more keys numbered between 1 and 65534
one or more keys numbered between 1 and 65535
may be arbitrarily set in the keys file.
.sp \n(Ppu
.ne 2
@ -73,7 +73,7 @@ Key entries use a fixed format of the form
where
\f\*[I-Font]keyno\f[]
is a positive integer (between 1 and 65534),
is a positive integer (between 1 and 65535),
\f\*[I-Font]type\f[]
is the message digest algorithm,
\f\*[I-Font]key\f[]

10
contrib/ntp/ntpd/ntp.keys.mdoc.in
View File

@ -1,9 +1,9 @@
.Dd February 27 2018
.Dd February 20 2019
.Dt NTP_KEYS 5 File Formats
.Os SunOS 5.10
.Os FreeBSD 11.2-RELEASE_SI
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
.\" It has been AutoGen-ed February 27, 2018 at 05:14:46 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 20, 2019 at 09:56:35 AM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def
.\" and the template file agmdoc-file.tpl
.Sh NAME
@ -37,7 +37,7 @@ statement in the configuration file.
While key number 0 is fixed by the NTP standard
(as 56 zero bits)
and may not be changed,
one or more keys numbered between 1 and 65534
one or more keys numbered between 1 and 65535
may be arbitrarily set in the keys file.
.Pp
The key file uses the same comment conventions
@ -48,7 +48,7 @@ Key entries use a fixed format of the form
.Pp
where
.Ar keyno
is a positive integer (between 1 and 65534),
is a positive integer (between 1 and 65535),
.Ar type
is the message digest algorithm,
.Ar key

62
contrib/ntp/ntpd/ntp_config.c
View File

@ -364,7 +364,7 @@ static u_int32 get_match(const char *, struct masks *);
static u_int32 get_logmask(const char *);
static int/*BOOL*/ is_refclk_addr(const address_node * addr);
static void appendstr(char *, size_t, char *);
static void appendstr(char *, size_t, const char *);
#ifndef SIM
@ -382,14 +382,14 @@ static void fatal_error(const char *fmt, ...)
#endif
{
va_list va;
va_start(va, fmt);
mvsyslog(LOG_EMERG, fmt, va);
va_end(va);
_exit(1);
}
/* FUNCTIONS FOR INITIALIZATION
* ----------------------------
*/
@ -742,7 +742,7 @@ dump_config_tree(
atrv->value.i);
}
break;
case T_Double:
fprintf(df, " %s %s",
keyword(atrv->attr),
@ -938,7 +938,7 @@ dump_config_tree(
if (T_Source == flag_tok_fifo->i) {
s = "source";
break;
}
}
}
} else {
const char *ap = rest_node->addr->address;
@ -1446,7 +1446,7 @@ create_unpeer_node(
/* accumulate with overflow retention */
u = (10 * u + *pch - '0') | (u & 0xFF000000u);
}
if (!*pch && u <= ASSOCID_MAX) {
my_node->assocID = (associd_t)u;
my_node->addr = NULL;
@ -2065,8 +2065,12 @@ config_auth(
#ifdef AUTOKEY
/* crypto revoke command */
if (ptree->auth.revoke)
sys_revoke = 1UL << ptree->auth.revoke;
if (ptree->auth.revoke > 2 && ptree->auth.revoke < 32)
sys_revoke = (u_char)ptree->auth.revoke;
else if (ptree->auth.revoke)
msyslog(LOG_ERR,
"'revoke' value %d ignored",
ptree->auth.revoke);
#endif /* AUTOKEY */
}
#endif /* !SIM */
@ -2112,6 +2116,10 @@ config_tos_clock(
break;
}
}
if (basedate_get_day() <= NTP_TO_UNIX_DAYS)
basedate_set_day(basedate_eval_buildstamp() - 11);
return ret;
}
@ -2132,7 +2140,7 @@ config_tos(
* since three variables with interdependecies are involved. We
* just log an error but do not stop: This might be caused by
* remote config, and it might be fixed by remote config, too.
*/
*/
int l_maxclock = sys_maxclock;
int l_minclock = sys_minclock;
int l_minsane = sys_minsane;
@ -2162,7 +2170,7 @@ config_tos(
tos->value.d = 0;
}
break;
case T_Ceiling:
val = tos->value.d;
if (val > STRATUM_UNSPEC - 1) {
@ -2194,8 +2202,8 @@ config_tos(
case T_Minsane:
val = tos->value.d;
if ((int)tos->value.d < 1)
tos->value.d = 1;
if ((int)tos->value.d < 0)
tos->value.d = 0;
l_minsane = (int)tos->value.d;
break;
}
@ -2207,7 +2215,7 @@ config_tos(
" - daemon will not operate properly!",
l_minsane, l_minclock, l_maxclock);
}
/* -*- phase two: forward the values to the protocol machinery */
tos = HEAD_PFIFO(ptree->orphan_cmds);
for (; tos != NULL; tos = tos->link) {
@ -3383,6 +3391,10 @@ config_ttl(
size_t i = 0;
int_node *curr_ttl;
/* [Bug 3465] There is a built-in default for the TTLs. We must
* overwrite 'sys_ttlmax' if we change that preset, and leave it
* alone otherwise!
*/
curr_ttl = HEAD_PFIFO(ptree->ttl);
for (; curr_ttl != NULL; curr_ttl = curr_ttl->link) {
if (i < COUNTOF(sys_ttl))
@ -3392,7 +3404,8 @@ config_ttl(
"ttl: Number of TTL entries exceeds %zu. Ignoring TTL %d...",
COUNTOF(sys_ttl), curr_ttl->i);
}
sys_ttlmax = (i) ? (i - 1) : 0;
if (0 != i) /* anything written back at all? */
sys_ttlmax = i - 1;
}
#endif /* !SIM */
@ -3621,10 +3634,8 @@ config_fudge(
err_flag = 1;
msyslog(LOG_ERR,
"unrecognized fudge reference clock address %s, line ignored",
stoa(&addr_sock));
}
if (!ISREFCLOCKADR(&addr_sock)) {
addr_node->address);
} else if (!ISREFCLOCKADR(&addr_sock)) {
err_flag = 1;
msyslog(LOG_ERR,
"inappropriate address %s for the fudge command, line ignored",
@ -3696,7 +3707,7 @@ config_fudge(
msyslog(LOG_ERR,
"Unexpected fudge flag %s (%d) for %s",
token_name(curr_opt->attr),
curr_opt->attr, stoa(&addr_sock));
curr_opt->attr, addr_node->address);
exit(curr_opt->attr ? curr_opt->attr : 1);
}
}
@ -3810,7 +3821,12 @@ config_vars(
case T_Automax:
#ifdef AUTOKEY
sys_automax = curr_var->value.i;
if (curr_var->value.i > 2 && curr_var->value.i < 32)
sys_automax = (u_char)curr_var->value.i;
else
msyslog(LOG_ERR,
"'automax' value %d ignored",
curr_var->value.i);
#endif
break;
@ -4565,7 +4581,7 @@ config_ntpd(
if (config_tos_clock(ptree))
clamp_systime();
}
config_nic_rules(ptree, input_from_files);
config_monitor(ptree);
config_auth(ptree);
@ -4845,7 +4861,7 @@ is_refclk_addr(
const address_node * addr
)
{
return addr && addr->address && !strncmp(addr->address, "127.127.", 6);
return addr && addr->address && !strncmp(addr->address, "127.127.", 8);
}
static void
@ -5463,7 +5479,7 @@ static void
appendstr(
char *string,
size_t s,
char *new
const char *new
)
{
if (*string != '\0') {

139
contrib/ntp/ntpd/ntp_control.c
View File

@ -916,7 +916,7 @@ is_safe_filename(const char * name)
u_int widx, bidx, mask;
if ( ! (name && *name))
return FALSE;
mask = 1u;
while (0 != (widx = (u_char)*name++)) {
bidx = (widx & 15) << 1;
@ -955,7 +955,7 @@ save_config(
* level. On POSIX systems we could allow '\\' but such
* filenames are tricky to manipulate from a shell, so just
* reject both types of slashes on all platforms.
*/
*/
/* TALOS-CAN-0062: block directory traversal for VMS, too */
static const char * illegal_in_filename =
#if defined(VMS)
@ -983,8 +983,8 @@ save_config(
# if defined(_O_TEXT) /* windows, again */
| _O_TEXT
#endif
;
;
char filespec[128];
char filename[128];
char fullpath[512];
@ -1046,7 +1046,7 @@ save_config(
/* copy data directly as we exactly know the size */
memcpy(filespec, reqpt, reqlen);
filespec[reqlen] = '\0';
/*
* allow timestamping of the saved config filename with
* strftime() format such as:
@ -1110,7 +1110,7 @@ save_config(
*/
prc = snprintf(fullpath, sizeof(fullpath), "%s%s",
saveconfigdir, filename);
if (prc < 0 || prc >= sizeof(fullpath)) {
if (prc < 0 || (size_t)prc >= sizeof(fullpath)) {
ctl_printf("saveconfig exceeded maximum path length (%u)",
(u_int)sizeof(fullpath));
ctl_flushpkt(0);
@ -1127,8 +1127,8 @@ save_config(
fptr = fdopen(fd, "w");
if (NULL == fptr || -1 == dump_all_config_trees(fptr, 1)) {
ctl_printf("Unable to save configuration to file '%s': %m",
filename);
ctl_printf("Unable to save configuration to file '%s': %s",
filename, strerror(errno));
msyslog(LOG_ERR,
"saveconfig %s from %s failed", filename,
stoa(&rbufp->recv_srcadr));
@ -1154,7 +1154,7 @@ save_config(
#else /* !SAVECONFIG follows */
ctl_printf("%s",
"saveconfig unavailable, configured with --disable-saveconfig");
#endif
#endif
ctl_flushpkt(0);
}
@ -1506,11 +1506,11 @@ ctl_putdata_ex(
} else {
datanotbinflag = TRUE;
add_len = 3;
if (datasent) {
*datapt++ = ',';
datalinelen++;
/* sum up total length */
for (argi = 0, src_len = 0; argi < argc; ++argi)
src_len += argv[argi].len;
@ -1539,14 +1539,14 @@ ctl_putdata_ex(
/* Not enough room in this one, flush it out. */
if (src_len < cur_len)
cur_len = src_len;
memcpy(datapt, src_ptr, cur_len);
datapt += cur_len;
datalinelen += cur_len;
src_ptr += cur_len;
src_len -= cur_len;
ctl_flushpkt(CTL_MORE);
cur_len = (size_t)(dataend - datapt);
}
@ -1571,7 +1571,7 @@ ctl_putdata(
)
{
CtlMemBufT args[1];
args[0].buf = dp;
args[0].len = dlen;
ctl_putdata_ex(args, 1, bin);
@ -1594,7 +1594,7 @@ ctl_putstr(
)
{
CtlMemBufT args[4];
args[0].buf = tag;
args[0].len = strlen(tag);
if (data && len) {
@ -1606,7 +1606,9 @@ ctl_putstr(
args[3].len = 1;
ctl_putdata_ex(args, 4, FALSE);
} else {
ctl_putdata_ex(args, 1, FALSE);
args[1].buf = "=\"\"";
args[1].len = 3;
ctl_putdata_ex(args, 2, FALSE);
}
}
@ -1628,17 +1630,17 @@ ctl_putunqstr(
)
{
CtlMemBufT args[3];
args[0].buf = tag;
args[0].len = strlen(tag);
args[1].buf = "=";
args[1].len = 1;
if (data && len) {
args[1].buf = "=";
args[1].len = 1;
args[2].buf = data;
args[2].len = len;
ctl_putdata_ex(args, 3, FALSE);
args[2].buf = data;
args[2].len = len;
ctl_putdata_ex(args, 3, FALSE);
} else {
ctl_putdata_ex(args, 1, FALSE);
ctl_putdata_ex(args, 2, FALSE);
}
}
@ -1656,7 +1658,7 @@ ctl_putdblf(
{
char buffer[40];
int rc;
rc = snprintf(buffer, sizeof(buffer),
(use_f ? "%.*f" : "%.*g"),
precision, d);
@ -1677,7 +1679,7 @@ ctl_putuint(
int rc;
rc = snprintf(buffer, sizeof(buffer), "%lu", uval);
INSIST(rc >= 0 && rc < sizeof(buffer));
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putunqstr(tag, buffer, rc);
}
@ -1716,7 +1718,7 @@ ctl_putfs(
{
char buffer[16];
int rc;
time_t fstamp = (time_t)uval - JAN_1970;
struct tm *tm = gmtime(&fstamp);
@ -1744,7 +1746,7 @@ ctl_puthex(
{
char buffer[24]; /* must fit 64bit int! */
int rc;
rc = snprintf(buffer, sizeof(buffer), "0x%lx", uval);
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putunqstr(tag, buffer, rc);
@ -1762,9 +1764,9 @@ ctl_putint(
{
char buffer[24]; /*must fit 64bit int */
int rc;
rc = snprintf(buffer, sizeof(buffer), "%ld", ival);
INSIST(rc >= 0 && rc < sizeof(buffer));
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putunqstr(tag, buffer, rc);
}
@ -1780,7 +1782,7 @@ ctl_putts(
{
char buffer[24];
int rc;
rc = snprintf(buffer, sizeof(buffer),
"0x%08lx.%08lx",
(u_long)ts->l_ui, (u_long)ts->l_uf);
@ -1800,7 +1802,7 @@ ctl_putadr(
)
{
const char *cq;
if (NULL == addr)
cq = numtoa(addr32);
else
@ -1827,7 +1829,9 @@ ctl_putrefid(
bytes.w = refid;
for (nc = 0; nc < sizeof(bytes.b) && bytes.b[nc]; ++nc)
if (!isprint(bytes.b[nc]))
if ( !isprint(bytes.b[nc])
|| isspace(bytes.b[nc])
|| bytes.b[nc] == ',' )
bytes.b[nc] = '.';
ctl_putunqstr(tag, (const char*)bytes.b, nc);
}
@ -1874,11 +1878,11 @@ ctl_printf(
va_list va;
char fmtbuf[128];
int rc;
va_start(va, fmt);
rc = vsnprintf(fmtbuf, sizeof(fmtbuf), fmt, va);
va_end(va);
if (rc < 0 || rc >= sizeof(fmtbuf))
if (rc < 0 || (size_t)rc >= sizeof(fmtbuf))
strcpy(fmtbuf + sizeof(fmtbuf) - strlen(ellipsis) - 1,
ellipsis);
ctl_putdata(fmtbuf, strlen(fmtbuf), 0);
@ -1906,11 +1910,13 @@ ctl_putsys(
static struct timex ntx;
static u_long ntp_adjtime_time;
static const double to_ms =
static const double to_ms_usec =
1.0e-3; /* usec to msec */
static const double to_ms_nusec =
# ifdef STA_NANO
1.0e-6; /* nsec to msec */
# else
1.0e-3; /* usec to msec */
to_ms_usec;
# endif
/*
@ -1951,10 +1957,10 @@ ctl_putsys(
break;
case CS_REFID:
if (sys_stratum > 1 && sys_stratum < STRATUM_UNSPEC)
ctl_putadr(sys_var[varid].text, sys_refid, NULL);
else
if (REFID_ISTEXT(sys_stratum))
ctl_putrefid(sys_var[varid].text, sys_refid);
else
ctl_putadr(sys_var[varid].text, sys_refid, NULL);
break;
case CS_REFTIME:
@ -2315,7 +2321,7 @@ ctl_putsys(
case CS_K_OFFSET:
CTL_IF_KERNLOOP(
ctl_putdblf,
(sys_var[varid].text, 0, -1, to_ms * ntx.offset)
(sys_var[varid].text, 0, -1, to_ms_nusec * ntx.offset)
);
break;
@ -2330,7 +2336,7 @@ ctl_putsys(
CTL_IF_KERNLOOP(
ctl_putdblf,
(sys_var[varid].text, 0, 6,
to_ms * ntx.maxerror)
to_ms_usec * ntx.maxerror)
);
break;
@ -2338,7 +2344,7 @@ ctl_putsys(
CTL_IF_KERNLOOP(
ctl_putdblf,
(sys_var[varid].text, 0, 6,
to_ms * ntx.esterror)
to_ms_usec * ntx.esterror)
);
break;
@ -2362,7 +2368,7 @@ ctl_putsys(
CTL_IF_KERNLOOP(
ctl_putdblf,
(sys_var[varid].text, 0, 6,
to_ms * ntx.precision)
to_ms_usec * ntx.precision)
);
break;
@ -2390,7 +2396,7 @@ ctl_putsys(
case CS_K_PPS_JITTER:
CTL_IF_KERNPPS(
ctl_putdbl,
(sys_var[varid].text, to_ms * ntx.jitter)
(sys_var[varid].text, to_ms_nusec * ntx.jitter)
);
break;
@ -2678,11 +2684,10 @@ ctl_putpeer(
break;
}
#endif
if (p->stratum > 1 && p->stratum < STRATUM_UNSPEC)
ctl_putadr(peer_var[id].text, p->refid,
NULL);
else
if (REFID_ISTEXT(p->stratum))
ctl_putrefid(peer_var[id].text, p->refid);
else
ctl_putadr(peer_var[id].text, p->refid, NULL);
break;
case CP_REFTIME:
@ -3061,7 +3066,7 @@ ctl_getitem(
* packet; If it's EOV, it will never be NULL again until the
* variable is found and processed in a given 'var_list'. (That
* is, a result is returned that is neither NULL nor EOV).
*/
*/
static const struct ctl_var eol = { 0, EOV, NULL };
static char buf[128];
static u_long quiet_until;
@ -3101,7 +3106,7 @@ ctl_getitem(
++plhead;
while (plhead != pltail && isspace((u_char)pltail[-1]))
--pltail;
/* check payload size, terminate packet on overflow */
plsize = (size_t)(pltail - plhead);
if (plsize >= sizeof(buf))
@ -3126,7 +3131,7 @@ ctl_getitem(
* variable lists after an EoV was returned. (Such a behavior
* actually caused Bug 3008.)
*/
if (NULL == var_list)
return &eol;
@ -3443,11 +3448,11 @@ write_variables(
* Look through the variables. Dump out at the first sign of
* trouble.
*/
while ((v = ctl_getitem(sys_var, &valuep)) != 0) {
while ((v = ctl_getitem(sys_var, &valuep)) != NULL) {
ext_var = 0;
if (v->flags & EOV) {
if ((v = ctl_getitem(ext_sys_var, &valuep)) !=
0) {
v = ctl_getitem(ext_sys_var, &valuep);
if (v != NULL) {
if (v->flags & EOV) {
ctl_error(CERR_UNKNOWNVAR);
return;
@ -3461,16 +3466,24 @@ write_variables(
ctl_error(CERR_PERMISSION);
return;
}
if (!ext_var && (*valuep == '\0' || !atoint(valuep,
&val))) {
/* [bug 3565] writing makes sense only if we *have* a
* value in the packet!
*/
if (valuep == NULL) {
ctl_error(CERR_BADFMT);
return;
}
if (!ext_var && (val & ~LEAP_NOTINSYNC) != 0) {
ctl_error(CERR_BADVALUE);
return;
if (!ext_var) {
if ( !(*valuep && atoint(valuep, &val))) {
ctl_error(CERR_BADFMT);
return;
}
if ((val & ~LEAP_NOTINSYNC) != 0) {
ctl_error(CERR_BADVALUE);
return;
}
}
if (ext_var) {
octets = strlen(v->text) + strlen(valuep) + 2;
vareqv = emalloc(octets);
@ -3647,7 +3660,7 @@ static u_int32 derive_nonce(
/* [Bug 3457] set flags and don't kill them again */
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_DigestInit_ex(ctx, EVP_get_digestbynid(NID_md5), NULL);
# else
# else
EVP_DigestInit(ctx, EVP_get_digestbynid(NID_md5));
# endif
EVP_DigestUpdate(ctx, salt, sizeof(salt));
@ -3944,7 +3957,7 @@ static void read_mru_list(
int restrict_mask
)
{
static const char nulltxt[1] = { '\0' };
static const char nulltxt[1] = { '\0' };
static const char nonce_text[] = "nonce";
static const char frags_text[] = "frags";
static const char limit_text[] = "limit";
@ -3954,7 +3967,7 @@ static void read_mru_list(
static const char maxlstint_text[] = "maxlstint";
static const char laddr_text[] = "laddr";
static const char resaxx_fmt[] = "0x%hx";
u_int limit;
u_short frags;
u_short resall;

7
contrib/ntp/ntpd/ntp_crypto.c
View File

@ -353,8 +353,8 @@ make_keylist(
* included in the hash is zero if broadcast mode, the peer
* cookie if client mode or the host cookie if symmetric modes.
*/
mpoll = 1 << min(peer->ppoll, peer->hpoll);
lifetime = min(1U << sys_automax, NTP_MAXSESSION * mpoll);
mpoll = 1U << min(peer->ppoll, peer->hpoll);
lifetime = min((1UL << sys_automax), NTP_MAXSESSION * mpoll);
if (peer->hmode == MODE_BROADCAST)
cookie = 0;
else
@ -1486,7 +1486,8 @@ crypto_verify(
return (XEVNT_LEN);
i = (vallen + 3) / 4;
siglen = ntohl(ep->pkt[i++]);
siglen = ntohl(ep->pkt[i]);
++i;
if ( siglen > MAX_VALLEN
|| len - VALUE_LEN < ((vallen + 3) / 4) * 4
|| len - VALUE_LEN - ((vallen + 3) / 4) * 4

55
contrib/ntp/ntpd/ntp_io.c
View File

@ -1612,6 +1612,34 @@ set_wildcard_reuse(
}
#endif /* OS_NEEDS_REUSEADDR_FOR_IFADDRBIND */
static isc_boolean_t
check_flags(
sockaddr_u *psau,
const char *name,
u_int32 flags
)
{
#if defined(SIOCGIFAFLAG_IN)
struct ifreq ifr;
int fd;
if (psau->sa.sa_family != AF_INET)
return ISC_FALSE;
if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
return ISC_FALSE;
ZERO(ifr);
memcpy(&ifr.ifr_addr, &psau->sa, sizeof(ifr.ifr_addr));
strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name));
if (ioctl(fd, SIOCGIFAFLAG_IN, &ifr) < 0) {
close(fd);
return ISC_FALSE;
}
close(fd);
if ((ifr.ifr_addrflags & flags) != 0)
return ISC_TRUE;
#endif /* SIOCGIFAFLAG_IN */
return ISC_FALSE;
}
static isc_boolean_t
check_flags6(
@ -1661,19 +1689,32 @@ is_valid(
const char *name
)
{
u_int32 flags6;
u_int32 flags;
flags6 = 0;
flags = 0;
switch (psau->sa.sa_family) {
case AF_INET:
#ifdef IN_IFF_DETACHED
flags |= IN_IFF_DETACHED;
#endif
#ifdef IN_IFF_TENTATIVE
flags |= IN_IFF_TENTATIVE;
#endif
return check_flags(psau, name, flags) ? ISC_FALSE : ISC_TRUE;
case AF_INET6:
#ifdef IN6_IFF_DEPARTED
flags6 |= IN6_IFF_DEPARTED;
flags |= IN6_IFF_DEPARTED;
#endif
#ifdef IN6_IFF_DETACHED
flags6 |= IN6_IFF_DETACHED;
flags |= IN6_IFF_DETACHED;
#endif
#ifdef IN6_IFF_TENTATIVE
flags6 |= IN6_IFF_TENTATIVE;
flags |= IN6_IFF_TENTATIVE;
#endif
return check_flags6(psau, name, flags6) ? ISC_FALSE : ISC_TRUE;
return check_flags6(psau, name, flags) ? ISC_FALSE : ISC_TRUE;
default:
return ISC_FALSE;
}
}
/*
@ -3092,7 +3133,7 @@ sendpkt(
int cc;
int rc;
u_char cttl;
l_fp fp_zero = { 0, 0 };
l_fp fp_zero = { { 0 }, 0 };
ismcast = IS_MCAST(dest);
if (!ismcast)

44
contrib/ntp/ntpd/ntp_loopfilter.c
View File

@ -246,7 +246,11 @@ ntp_adjtime_error_handler(
)
{
char des[1024] = ""; /* Decoded Error Status */
char *dbp, *ebp;
dbp = des;
ebp = dbp + sizeof(des);
switch (ret) {
case -1:
switch (saved_errno) {
@ -363,37 +367,37 @@ or, from ntp_adjtime():
/* error (see status word) */
if (ptimex->status & STA_UNSYNC)
snprintf(des, sizeof(des), "%s%sClock Unsynchronized",
des, (*des) ? "; " : "");
xsbprintf(&dbp, ebp, "%sClock Unsynchronized",
(*des) ? "; " : "");
if (ptimex->status & STA_CLOCKERR)
snprintf(des, sizeof(des), "%s%sClock Error",
des, (*des) ? "; " : "");
xsbprintf(&dbp, ebp, "%sClock Error",
(*des) ? "; " : "");
if (!(ptimex->status & STA_PPSSIGNAL)
&& ptimex->status & STA_PPSFREQ)
snprintf(des, sizeof(des), "%s%sPPS Frequency Sync wanted but no PPS",
des, (*des) ? "; " : "");
xsbprintf(&dbp, ebp, "%sPPS Frequency Sync wanted but no PPS",
(*des) ? "; " : "");
if (!(ptimex->status & STA_PPSSIGNAL)
&& ptimex->status & STA_PPSTIME)
snprintf(des, sizeof(des), "%s%sPPS Time Sync wanted but no PPS signal",
des, (*des) ? "; " : "");
xsbprintf(&dbp, ebp, "%sPPS Time Sync wanted but no PPS signal",
(*des) ? "; " : "");
if ( ptimex->status & STA_PPSTIME
&& ptimex->status & STA_PPSJITTER)
snprintf(des, sizeof(des), "%s%sPPS Time Sync wanted but PPS Jitter exceeded",
des, (*des) ? "; " : "");
xsbprintf(&dbp, ebp, "%sPPS Time Sync wanted but PPS Jitter exceeded",
(*des) ? "; " : "");
if ( ptimex->status & STA_PPSFREQ
&& ptimex->status & STA_PPSWANDER)
snprintf(des, sizeof(des), "%s%sPPS Frequency Sync wanted but PPS Wander exceeded",
des, (*des) ? "; " : "");
xsbprintf(&dbp, ebp, "%sPPS Frequency Sync wanted but PPS Wander exceeded",
(*des) ? "; " : "");
if ( ptimex->status & STA_PPSFREQ
&& ptimex->status & STA_PPSERROR)
snprintf(des, sizeof(des), "%s%sPPS Frequency Sync wanted but Calibration error detected",
des, (*des) ? "; " : "");
xsbprintf(&dbp, ebp, "%sPPS Frequency Sync wanted but Calibration error detected",
(*des) ? "; " : "");
if (pps_call && !(ptimex->status & STA_PPSSIGNAL))
report_event(EVNT_KERN, NULL,
@ -1099,10 +1103,14 @@ start_kern_loop(void)
pll_control = TRUE;
ZERO(ntv);
ntv.modes = MOD_BITS;
ntv.status = STA_PLL;
ntv.maxerror = MAXDISPERSE;
ntv.esterror = MAXDISPERSE;
ntv.constant = sys_poll; /* why is it that here constant is unconditionally set to sys_poll, whereas elsewhere is is modified depending on nanosecond vs. microsecond kernel? */
ntv.status = STA_PLL | STA_UNSYNC;
ntv.maxerror = MAXDISPERSE * 1.0e6;
ntv.esterror = MAXDISPERSE * 1.0e6;
ntv.constant = sys_poll;
/* ^^^^^^^^ why is it that here constant is
* unconditionally set to sys_poll, whereas elsewhere is is
* modified depending on nanosecond vs. microsecond kernel?
*/
#ifdef SIGSYS
/*
* Use sigsetjmp() to save state and then call ntp_adjtime(); if

677
contrib/ntp/ntpd/ntp_parser.c
View File

File diff suppressed because it is too large Load Diff

2
contrib/ntp/ntpd/ntp_parser.h
View File

@ -454,7 +454,7 @@ extern int yydebug;
union YYSTYPE
{
#line 51 "../../ntpd/ntp_parser.y" /* yacc.c:1909 */
#line 52 "ntp_parser.y" /* yacc.c:1909 */
char * String;
double Double;

153
contrib/ntp/ntpd/ntp_proto.c
View File

@ -33,7 +33,7 @@
/*
* This macro defines the authentication state. If x is 1 authentication
* is required; othewise it is optional.
* is required; otherwise it is optional.
*/
#define AUTH(x, y) ((x) ? (y) == AUTH_OK \
: (y) == AUTH_OK || (y) == AUTH_NONE)
@ -272,7 +272,7 @@ kiss_code_check(
}
/*
/*
* Check that NAK is valid
*/
nak_code
@ -315,7 +315,7 @@ valid_NAK(
return INVALIDNAK;
}
/*
/*
* Make sure that the extra field in the packet is all zeros
*/
rpkt = &rbufp->recv_pkt;
@ -324,10 +324,13 @@ valid_NAK(
return INVALIDNAK;
}
/*
* Only valid if peer uses a key
/*
* During the first few packets of the autokey dance there will
* not (yet) be a keyid, but in this case FLAG_SKEY is set.
* So the NAK is invalid if either there's no peer, or
* if the keyid is 0 and FLAG_SKEY is not set.
*/
if (!peer || !peer->keyid || !(peer->flags & FLAG_SKEY)) {
if (!peer || (!peer->keyid && !(peer->flags & FLAG_SKEY))) {
return INVALIDNAK;
}
@ -371,15 +374,22 @@ transmit(
*/
hpoll = peer->hpoll;
/*
* If we haven't received anything (even if unsync) since last
* send, reset ppoll.
*/
if (peer->outdate > peer->timelastrec && !peer->reach)
peer->ppoll = peer->maxpoll;
/*
* In broadcast mode the poll interval is never changed from
* minpoll.
*/
if (peer->cast_flags & (MDF_BCAST | MDF_MCAST)) {
peer->outdate = current_time;
poll_update(peer, hpoll);
if (sys_leap != LEAP_NOTINSYNC)
peer_xmit(peer);
poll_update(peer, hpoll);
return;
}
@ -398,6 +408,7 @@ transmit(
*/
if (peer->cast_flags & MDF_ACAST) {
peer->outdate = current_time;
poll_update(peer, hpoll);
if (peer->unreach > sys_beacon) {
peer->unreach = 0;
peer->ttl = 0;
@ -409,7 +420,6 @@ transmit(
peer_xmit(peer);
}
peer->unreach++;
poll_update(peer, hpoll);
return;
}
@ -427,11 +437,11 @@ transmit(
*/
if (peer->cast_flags & MDF_POOL) {
peer->outdate = current_time;
poll_update(peer, hpoll);
if ( (peer_associations <= 2 * sys_maxclock)
&& ( peer_associations < sys_maxclock
|| sys_survivors < sys_minclock))
pool_xmit(peer);
poll_update(peer, hpoll);
return;
}
@ -539,9 +549,9 @@ transmit(
/*
* Do not transmit if in broadcast client mode.
*/
poll_update(peer, hpoll);
if (peer->hmode != MODE_BCLIENT)
peer_xmit(peer);
poll_update(peer, hpoll);
return;
}
@ -645,7 +655,7 @@ receive(
hisleap = PKT_LEAP(pkt->li_vn_mode);
hismode = (int)PKT_MODE(pkt->li_vn_mode);
hisstratum = PKT_TO_STRATUM(pkt->stratum);
DPRINTF(2, ("receive: at %ld %s<-%s ippeerlimit %d mode %d iflags %s restrict %s org %#010x.%08x xmt %#010x.%08x\n",
DPRINTF(1, ("receive: at %ld %s<-%s ippeerlimit %d mode %d iflags %s restrict %s org %#010x.%08x xmt %#010x.%08x\n",
current_time, stoa(&rbufp->dstadr->sin),
stoa(&rbufp->recv_srcadr), r4a.ippeerlimit, hismode,
build_iflags(rbufp->dstadr->flags),
@ -737,7 +747,7 @@ receive(
} else {
DPRINTF(2, ("receive: drop: MODE_UNSPEC\n"));
sys_badlength++;
return; /* invalid mode */
return; /* invalid mode */
}
}
@ -841,7 +851,7 @@ receive(
/*
** Packet Data Verification Layer
**
** This layer verifies the packet data content. If
** This layer verifies the packet data content. If
** authentication is required, a MAC must be present.
** If a MAC is present, it must validate.
** Crypto-NAK? Look - a shiny thing!
@ -949,7 +959,7 @@ receive(
if (0 != peer) {
peer->badNAK++;
}
msyslog(LOG_ERR, "Invalid-NAK error at %ld %s<-%s",
msyslog(LOG_ERR, "Invalid-NAK error at %ld %s<-%s",
current_time, stoa(dstadr_sin), stoa(&rbufp->recv_srcadr));
return;
}
@ -957,7 +967,7 @@ receive(
if (has_mac == 0) {
restrict_mask &= ~RES_MSSNTP;
is_authentic = AUTH_NONE; /* not required */
DPRINTF(2, ("receive: at %ld %s<-%s mode %d/%s:%s len %d org %#010x.%08x xmt %#010x.%08x NOMAC\n",
DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s len %d org %#010x.%08x xmt %#010x.%08x NOMAC\n",
current_time, stoa(dstadr_sin),
stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str,
authlen,
@ -966,7 +976,7 @@ receive(
} else if (crypto_nak_test == VALIDNAK) {
restrict_mask &= ~RES_MSSNTP;
is_authentic = AUTH_CRYPTO; /* crypto-NAK */
DPRINTF(2, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org %#010x.%08x xmt %#010x.%08x MAC4\n",
DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org %#010x.%08x xmt %#010x.%08x CRYPTONAK\n",
current_time, stoa(dstadr_sin),
stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str,
skeyid, authlen + has_mac, is_authentic,
@ -989,13 +999,19 @@ receive(
&& (memcmp(zero_key, (char *)pkt + authlen + 4,
MAX_MD5_LEN - 4) == 0)) {
is_authentic = AUTH_NONE;
DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s len %d org %#010x.%08x xmt %#010x.%08x SIGND\n",
current_time, stoa(dstadr_sin),
stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str,
authlen,
ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf),
ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf)));
#endif /* HAVE_NTP_SIGND */
} else {
/*
* has_mac is not 0
* Not a VALID_NAK
* Not an MS-SNTP SIGND packet
* Not an MS-SNTP SIGND packet
*
* So there is a MAC here.
*/
@ -1054,7 +1070,7 @@ receive(
ANY_INTERFACE_CHOOSE(&rbufp->recv_srcadr)) {
DPRINTF(2, ("receive: drop: BCAST from wildcard\n"));
sys_restricted++;
return; /* no wildcard */
return; /* no wildcard */
}
pkeyid = 0;
if (!SOCK_UNSPEC(&rbufp->dstadr->bcast))
@ -1106,7 +1122,7 @@ receive(
if (crypto_flags && skeyid > NTP_MAXKEY)
authtrust(skeyid, 0);
#endif /* AUTOKEY */
DPRINTF(2, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org %#010x.%08x xmt %#010x.%08x\n",
DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org %#010x.%08x xmt %#010x.%08x MAC\n",
current_time, stoa(dstadr_sin),
stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str,
skeyid, authlen + has_mac, is_authentic,
@ -1198,6 +1214,8 @@ receive(
* client association; a symmetric active packet mobilizes a
* symmetric passive association.
*/
DPRINTF(1, ("receive: MATCH_ASSOC dispatch: mode %d/%s:%s \n",
hismode, hm_str, am_str));
switch (retcode) {
/*
@ -1373,7 +1391,7 @@ receive(
if (NULL == peer) {
DPRINTF(2, ("receive: AM_MANYCAST drop: duplicate\n"));
sys_declined++;
return; /* ignore duplicate */
return; /* ignore duplicate */
}
/*
@ -1511,10 +1529,10 @@ receive(
* is fixed at this value.
*/
peer = newpeer(&rbufp->recv_srcadr, NULL, match_ep,
r4a.ippeerlimit, MODE_CLIENT, hisversion,
pkt->ppoll, pkt->ppoll,
FLAG_BC_VOL | FLAG_IBURST | FLAG_PREEMPT, MDF_BCLNT,
0, skeyid, sys_ident);
r4a.ippeerlimit, MODE_CLIENT, hisversion,
pkt->ppoll, pkt->ppoll,
FLAG_BC_VOL | FLAG_IBURST | FLAG_PREEMPT, MDF_BCLNT,
0, skeyid, sys_ident);
if (NULL == peer) {
DPRINTF(2, ("receive: AM_NEWBCL drop: empty newpeer() failed\n"));
sys_restricted++;
@ -1529,15 +1547,19 @@ receive(
return; /* hooray */
/*
* This is the first packet received from a symmetric active
* peer. If the packet is authentic, the first he sent, and
* RES_NOEPEER is not enabled, mobilize a passive association
* If not, kiss the frog.
* This is the first packet received from a potential ephemeral
* symmetric active peer. First, deal with broken Windows clients.
* Then, if NOEPEER is enabled, drop it. If the packet meets our
* authenticty requirements and is the first he sent, mobilize
* a passive association.
* Otherwise, kiss the frog.
*
* There are cases here where we do not call record_raw_stats().
*/
case AM_NEWPASS:
DEBUG_REQUIRE(MODE_ACTIVE == hismode);
#ifdef AUTOKEY
/*
* Do not respond if not the same group.
@ -1551,27 +1573,33 @@ receive(
if (!AUTH(sys_authenticate | (restrict_mask &
(RES_NOPEER | RES_DONTTRUST)), is_authentic)
) {
if (0 == (restrict_mask & RES_NOEPEER)) {
/*
* If authenticated but cannot mobilize an
* association, send a symmetric passive
* response without mobilizing an association.
* This is for drat broken Windows clients. See
* Microsoft KB 875424 for preferred workaround.
*/
if (AUTH(restrict_mask & RES_DONTTRUST,
is_authentic)) {
fast_xmit(rbufp, MODE_PASSIVE, skeyid,
restrict_mask);
return; /* hooray */
}
if (is_authentic == AUTH_ERROR) {
fast_xmit(rbufp, MODE_ACTIVE, 0,
restrict_mask);
sys_restricted++;
return;
}
/*
* If authenticated but cannot mobilize an
* association, send a symmetric passive
* response without mobilizing an association.
* This is for drat broken Windows clients. See
* Microsoft KB 875424 for preferred workaround.
*/
if (AUTH(restrict_mask & RES_DONTTRUST,
is_authentic)) {
fast_xmit(rbufp, MODE_PASSIVE, skeyid,
restrict_mask);
return; /* hooray */
}
/* HMS: Why is this next set of lines a feature? */
if (is_authentic == AUTH_ERROR) {
fast_xmit(rbufp, MODE_PASSIVE, 0,
restrict_mask);
sys_restricted++;
return;
}
if (restrict_mask & RES_NOEPEER) {
DPRINTF(2, ("receive: AM_NEWPASS drop: NOEPEER\n"));
sys_declined++;
return;
}
/* [Bug 2941]
* If we got here, the packet isn't part of an
* existing association, either isn't correctly
@ -1593,6 +1621,12 @@ receive(
return;
}
if (restrict_mask & RES_NOEPEER) {
DPRINTF(2, ("receive: AM_NEWPASS drop: NOEPEER\n"));
sys_declined++;
return;
}
/*
* Do not respond if synchronized and if stratum is
* below the floor or at or above the ceiling. Note,
@ -1670,8 +1704,8 @@ receive(
}
/* This is error-worthy */
if (pkt->ppoll < peer->minpoll ||
pkt->ppoll > peer->maxpoll ) {
if ( pkt->ppoll < peer->minpoll
|| pkt->ppoll > peer->maxpoll) {
msyslog(LOG_INFO, "receive: broadcast poll of %u from %s is out-of-range (%d to %d)!",
pkt->ppoll, stoa(&rbufp->recv_srcadr),
peer->minpoll, peer->maxpoll);
@ -1719,7 +1753,7 @@ receive(
* network is trustable, so we take our accepted
* broadcast packets as we receive them. But
* some folks might want to take additional poll
* delays before believing a backward step.
* delays before believing a backward step.
*/
if (sys_bcpollbstep) {
/* pkt->ppoll or peer->ppoll ? */
@ -1735,8 +1769,8 @@ receive(
tdiff = p_xmt;
L_SUB(&tdiff, &peer->bxmt);
}
if (tdiff.l_i < 0 &&
(current_time - peer->timereceived) < deadband)
if ( tdiff.l_i < 0
&& (current_time - peer->timereceived) < deadband)
{
msyslog(LOG_INFO, "receive: broadcast packet from %s contains non-monotonic timestamp: %#010x.%08x -> %#010x.%08x",
stoa(&rbufp->recv_srcadr),
@ -2431,6 +2465,7 @@ process_packet(
peer->seldisptoolarge++;
DPRINTF(1, ("packet: flash header %04x\n",
peer->flash));
poll_update(peer, peer->hpoll); /* ppoll updated? */
return;
}
@ -2586,7 +2621,7 @@ process_packet(
* between the unicast timestamp and the broadcast
* timestamp. This works for both basic and interleaved
* modes.
* [Bug 3031] Don't keep this peer when the delay
* [Bug 3031] Don't keep this peer when the delay
* calculation gives reason to suspect clock steps.
* This is assumed for delays > 50ms.
*/
@ -2977,8 +3012,6 @@ poll_update(
} else {
if (peer->retry > 0)
hpoll = peer->minpoll;
else if (!(peer->reach))
hpoll = peer->hpoll;
else
hpoll = min(peer->ppoll, peer->hpoll);
#ifdef REFCLOCK
@ -3072,6 +3105,10 @@ peer_clear(
peer->stratum = STRATUM_UNSPEC;
memcpy(&peer->refid, ident, 4);
#ifdef REFCLOCK
} else {
/* Clear refclock sample filter */
peer->procptr->codeproc = 0;
peer->procptr->coderecv = 0;
}
#endif
@ -3987,7 +4024,7 @@ peer_xmit(
DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d len %zu xmt %#010x.%08x\n",
current_time,
peer->dstadr ? stoa(&peer->dstadr->sin) : "-",
stoa(&peer->srcadr), peer->hmode, sendlen,
stoa(&peer->srcadr), peer->hmode, sendlen,
xmt_tx.l_ui, xmt_tx.l_uf));
return;
}
@ -4330,7 +4367,7 @@ leap_smear_add_offs(
return;
}
#endif /* LEAP_SMEAR */
#endif /* LEAP_SMEAR */
/*

2
contrib/ntp/ntpd/ntp_refclock.c
View File

@ -112,7 +112,7 @@ refclock_report(
/* ignore others */
break;
}
if (pp->lastevent < 15)
if ((code != CEVNT_NOMINAL) && (pp->lastevent < 15))
pp->lastevent++;
if (pp->currentstatus != code) {
pp->currentstatus = (u_char)code;

9
contrib/ntp/ntpd/ntp_request.c
View File

@ -890,6 +890,7 @@ peer_info (
ip->flags |= INFO_FLAG_SHORTLIST;
ip->leap = pp->leap;
ip->hmode = pp->hmode;
ip->pmode = pp->pmode;
ip->keyid = pp->keyid;
ip->stratum = pp->stratum;
ip->ppoll = pp->ppoll;
@ -2535,7 +2536,15 @@ get_clock_info(
DTOLFP(clock_stat.fudgetime2, &ltmp);
HTONL_FP(&ltmp, &ic->fudgetime2);
ic->fudgeval1 = htonl((u_int32)clock_stat.fudgeval1);
/* [Bug3527] Backward Incompatible: ic->fudgeval2 is
* a string, instantiated via memcpy() so there is no
* endian issue to correct.
*/
#ifdef DISABLE_BUG3527_FIX
ic->fudgeval2 = htonl(clock_stat.fudgeval2);
#else
ic->fudgeval2 = clock_stat.fudgeval2;
#endif
free_varlist(clock_stat.kv_list);

8
contrib/ntp/ntpd/ntp_timer.c
View File

@ -82,8 +82,8 @@ u_long orphwait; /* orphan wait time */
#ifdef AUTOKEY
static u_long revoke_timer; /* keys revoke timer */
static u_long keys_timer; /* session key timer */
u_long sys_revoke = KEY_REVOKE; /* keys revoke timeout (log2 s) */
u_long sys_automax = NTP_AUTOMAX; /* key list timeout (log2 s) */
u_char sys_revoke = KEY_REVOKE; /* keys revoke timeout (log2 s) */
u_char sys_automax = NTP_AUTOMAX; /* key list timeout (log2 s) */
#endif /* AUTOKEY */
/*
@ -404,7 +404,7 @@ timer(void)
* Garbage collect expired keys.
*/
if (keys_timer <= current_time) {
keys_timer += 1 << sys_automax;
keys_timer += (1UL << sys_automax);
auth_agekeys();
}
@ -413,7 +413,7 @@ timer(void)
* to regenerate cookies.
*/
if (revoke_timer && revoke_timer <= current_time) {
revoke_timer += 1 << sys_revoke;
revoke_timer += (1UL << sys_revoke);
RAND_bytes((u_char *)&sys_private, 4);
}
#endif /* AUTOKEY */

16
contrib/ntp/ntpd/ntpd-opts.c
View File

@ -1,11 +1,11 @@
/*
* EDIT THIS FILE WITH CAUTION (ntpd-opts.c)
*
* It has been AutoGen-ed February 27, 2018 at 05:13:19 PM by AutoGen 5.18.5
* It has been AutoGen-ed February 20, 2019 at 09:56:15 AM by AutoGen 5.18.5
* From the definitions ntpd-opts.def
* and the template file options
*
* Generated from AutoOpts 41:0:16 templates.
* Generated from AutoOpts 41:1:16 templates.
*
* AutoOpts is a copyrighted work. This source file is not encumbered
* by AutoOpts licensing, but is provided under the licensing terms chosen
@ -75,7 +75,7 @@ extern FILE * option_usage_fp;
* static const strings for ntpd options
*/
static char const ntpd_opt_strs[3132] =
/* 0 */ "ntpd 4.2.8p11\n"
/* 0 */ "ntpd 4.2.8p13\n"
"Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
@ -205,12 +205,12 @@ static char const ntpd_opt_strs[3132] =
/* 2901 */ "output version information and exit\0"
/* 2937 */ "version\0"
/* 2945 */ "NTPD\0"
/* 2950 */ "ntpd - NTP daemon program - Ver. 4.2.8p11\n"
/* 2950 */ "ntpd - NTP daemon program - Ver. 4.2.8p13\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n"
"\t\t[ <server1> ... <serverN> ]\n\0"
/* 3082 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 3116 */ "\n\0"
/* 3118 */ "ntpd 4.2.8p11";
/* 3118 */ "ntpd 4.2.8p13";
/**
* ipv4 option description with
@ -1529,7 +1529,7 @@ static void bogus_function(void) {
translate option names.
*/
/* referenced via ntpdOptions.pzCopyright */
puts(_("ntpd 4.2.8p11\n\
puts(_("ntpd 4.2.8p13\n\
Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\
@ -1670,7 +1670,7 @@ implied warranty.\n"));
puts(_("output version information and exit"));
/* referenced via ntpdOptions.pzUsageTitle */
puts(_("ntpd - NTP daemon program - Ver. 4.2.8p11\n\
puts(_("ntpd - NTP daemon program - Ver. 4.2.8p13\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
\t\t[ <server1> ... <serverN> ]\n"));
@ -1678,7 +1678,7 @@ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
puts(_("\n"));
/* referenced via ntpdOptions.pzFullVersion */
puts(_("ntpd 4.2.8p11"));
puts(_("ntpd 4.2.8p13"));
/* referenced via ntpdOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>"));

10
contrib/ntp/ntpd/ntpd-opts.h
View File

@ -1,11 +1,11 @@
/*
* EDIT THIS FILE WITH CAUTION (ntpd-opts.h)
*
* It has been AutoGen-ed February 27, 2018 at 05:13:17 PM by AutoGen 5.18.5
* It has been AutoGen-ed February 20, 2019 at 09:56:15 AM by AutoGen 5.18.5
* From the definitions ntpd-opts.def
* and the template file options
*
* Generated from AutoOpts 41:0:16 templates.
* Generated from AutoOpts 41:1:16 templates.
*
* AutoOpts is a copyrighted work. This header file is not encumbered
* by AutoOpts licensing, but is provided under the licensing terms chosen
@ -53,7 +53,7 @@
* tolerable version is at least as old as what was current when the header
* template was released.
*/
#define AO_TEMPLATE_VERSION 167936
#define AO_TEMPLATE_VERSION 167937
#if (AO_TEMPLATE_VERSION < OPTIONS_MINIMUM_VERSION) \
|| (AO_TEMPLATE_VERSION > OPTIONS_STRUCT_VERSION)
# error option template version mismatches autoopts/options.h header
@ -106,9 +106,9 @@ typedef enum {
/** count of all options for ntpd */
#define OPTION_CT 38
/** ntpd version */
#define NTPD_VERSION "4.2.8p11"
#define NTPD_VERSION "4.2.8p13"
/** Full ntpd version text */
#define NTPD_FULL_VERSION "ntpd 4.2.8p11"
#define NTPD_FULL_VERSION "ntpd 4.2.8p13"
/**
* Interface defines for all options. Replace "n" with the UPPER_CASED

6
contrib/ntp/ntpd/ntpd.1ntpdman
View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntpd 1ntpdman "27 Feb 2018" "4.2.8p11" "User Commands"
.TH ntpd 1ntpdman "20 Feb 2019" "4.2.8p13" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Ffa4WQ/ag-RfaWVQ)
.\" EDIT THIS FILE WITH CAUTION (in-mem file)
.\"
.\" It has been AutoGen-ed February 27, 2018 at 05:14:30 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 20, 2019 at 09:56:46 AM by AutoGen 5.18.5
.\" From the definitions ntpd-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME

4
contrib/ntp/ntpd/ntpd.1ntpdmdoc
View File

@ -1,9 +1,9 @@
.Dd February 27 2018
.Dd February 20 2019
.Dt NTPD 1ntpdmdoc User Commands
.Os
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
.\"
.\" It has been AutoGen-ed February 27, 2018 at 05:14:47 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 20, 2019 at 09:56:37 AM by AutoGen 5.18.5
.\" From the definitions ntpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME

395
contrib/ntp/ntpd/ntpd.c
View File

@ -104,6 +104,10 @@
#endif
#endif
#ifdef SYS_WINNT
# include "ntservice.h"
#endif
#ifdef _AIX
# include <ulimit.h>
#endif /* _AIX */
@ -182,7 +186,6 @@ char *group; /* group to switch to */
const char *chrootdir; /* directory to chroot to */
uid_t sw_uid;
gid_t sw_gid;
char *endp;
struct group *gr;
struct passwd *pw;
#endif /* HAVE_DROPROOT */
@ -523,6 +526,236 @@ set_process_priority(void)
}
#endif /* !SIM */
#if !defined(SIM) && !defined(SYS_WINNT)
/*
* Detach from terminal (much like daemon())
* Nothe that this function calls exit()
*/
# ifdef HAVE_WORKING_FORK
static void
detach_from_terminal(
int pipe_fds[2],
long wait_sync,
const char *logfilename
)
{
int rc;
int exit_code;
# if !defined(HAVE_SETSID) && !defined (HAVE_SETPGID) && defined(TIOCNOTTY)
int fid;
# endif
# ifdef _AIX
struct sigaction sa;
# endif
rc = fork();
if (-1 == rc) {
exit_code = (errno) ? errno : -1;
msyslog(LOG_ERR, "fork: %m");
exit(exit_code);
}
if (rc > 0) {
/* parent */
exit_code = wait_child_sync_if(pipe_fds[0],
wait_sync);
exit(exit_code);
}
/*
* child/daemon
* close all open files excepting waitsync_fd_to_close.
* msyslog() unreliable until after init_logging().
*/
closelog();
if (syslog_file != NULL) {
fclose(syslog_file);
syslog_file = NULL;
syslogit = TRUE;
}
close_all_except(waitsync_fd_to_close);
INSIST(0 == open("/dev/null", 0) && 1 == dup2(0, 1) \
&& 2 == dup2(0, 2));
init_logging(progname, 0, TRUE);
/* we lost our logfile (if any) daemonizing */
setup_logfile(logfilename);
# ifdef SYS_DOMAINOS
{
uid_$t puid;
status_$t st;
proc2_$who_am_i(&puid);
proc2_$make_server(&puid, &st);
}
# endif /* SYS_DOMAINOS */
# ifdef HAVE_SETSID
if (setsid() == (pid_t)-1)
msyslog(LOG_ERR, "setsid(): %m");
# elif defined(HAVE_SETPGID)
if (setpgid(0, 0) == -1)
msyslog(LOG_ERR, "setpgid(): %m");
# else /* !HAVE_SETSID && !HAVE_SETPGID follows */
# ifdef TIOCNOTTY
fid = open("/dev/tty", 2);
if (fid >= 0) {
ioctl(fid, (u_long)TIOCNOTTY, NULL);
close(fid);
}
# endif /* TIOCNOTTY */
ntp_setpgrp(0, getpid());
# endif /* !HAVE_SETSID && !HAVE_SETPGID */
# ifdef _AIX
/* Don't get killed by low-on-memory signal. */
sa.sa_handler = catch_danger;
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_RESTART;
sigaction(SIGDANGER, &sa, NULL);
# endif /* _AIX */
return;
}
# endif /* HAVE_WORKING_FORK */
#ifdef HAVE_DROPROOT
/*
* Map user name/number to user ID
*/
static int
map_user(
)
{
char *endp;
if (isdigit((unsigned char)*user)) {
sw_uid = (uid_t)strtoul(user, &endp, 0);
if (*endp != '\0')
goto getuser;
if ((pw = getpwuid(sw_uid)) != NULL) {
free(user);
user = estrdup(pw->pw_name);
sw_gid = pw->pw_gid;
} else {
errno = 0;
msyslog(LOG_ERR, "Cannot find user ID %s", user);
return 0;
}
} else {
getuser:
errno = 0;
if ((pw = getpwnam(user)) != NULL) {
sw_uid = pw->pw_uid;
sw_gid = pw->pw_gid;
} else {
if (errno)
msyslog(LOG_ERR, "getpwnam(%s) failed: %m", user);
else
msyslog(LOG_ERR, "Cannot find user `%s'", user);
return 0;
}
}
return 1;
}
/*
* Map group name/number to group ID
*/
static int
map_group(void)
{
char *endp;
if (isdigit((unsigned char)*group)) {
sw_gid = (gid_t)strtoul(group, &endp, 0);
if (*endp != '\0')
goto getgroup;
} else {
getgroup:
if ((gr = getgrnam(group)) != NULL) {
sw_gid = gr->gr_gid;
} else {
errno = 0;
msyslog(LOG_ERR, "Cannot find group `%s'", group);
return 0;
}
}
return 1;
}
static int
set_group_ids(void)
{
if (user && initgroups(user, sw_gid)) {
msyslog(LOG_ERR, "Cannot initgroups() to user `%s': %m", user);
return 0;
}
if (group && setgid(sw_gid)) {
msyslog(LOG_ERR, "Cannot setgid() to group `%s': %m", group);
return 0;
}
if (group && setegid(sw_gid)) {
msyslog(LOG_ERR, "Cannot setegid() to group `%s': %m", group);
return 0;
}
if (group) {
if (0 != setgroups(1, &sw_gid)) {
msyslog(LOG_ERR, "setgroups(1, %d) failed: %m", sw_gid);
return 0;
}
}
else if (pw)
if (0 != initgroups(pw->pw_name, pw->pw_gid)) {
msyslog(LOG_ERR, "initgroups(<%s>, %d) filed: %m", pw->pw_name, pw->pw_gid);
return 0;
}
return 1;
}
static int
set_user_ids(void)
{
if (user && setuid(sw_uid)) {
msyslog(LOG_ERR, "Cannot setuid() to user `%s': %m", user);
return 0;
}
if (user && seteuid(sw_uid)) {
msyslog(LOG_ERR, "Cannot seteuid() to user `%s': %m", user);
return 0;
}
return 1;
}
/*
* Change (effective) user and group IDs, also initialize the supplementary group access list
*/
int set_user_group_ids(void);
int
set_user_group_ids(void)
{
/* If the the user was already mapped, no need to map it again */
if ((NULL != user) && (0 == sw_uid)) {
if (0 == map_user())
exit (-1);
}
/* same applies for the group */
if ((NULL != group) && (0 == sw_gid)) {
if (0 == map_group())
exit (-1);
}
if (getegid() != sw_gid && 0 == set_group_ids())
return 0;
if (geteuid() != sw_uid && 0 == set_user_ids())
return 0;
return 1;
}
#endif /* HAVE_DROPROOT */
#endif /* !SIM */
/*
* Main program. Initialize us, disconnect us from the tty if necessary,
@ -549,12 +782,6 @@ ntpdmain(
int pipe_fds[2];
int rc;
int exit_code;
# ifdef _AIX
struct sigaction sa;
# endif
# if !defined(HAVE_SETSID) && !defined (HAVE_SETPGID) && defined(TIOCNOTTY)
int fid;
# endif
# endif /* HAVE_WORKING_FORK*/
# ifdef SCO5_CLOCK
int fd;
@ -717,6 +944,11 @@ ntpdmain(
init_lib();
# ifdef SYS_WINNT
/*
* Make sure the service is initialized before we do anything else
*/
ntservice_init();
/*
* Start interpolation thread, must occur before first
* get_systime()
@ -736,70 +968,7 @@ ntpdmain(
if (!nofork) {
# ifdef HAVE_WORKING_FORK
rc = fork();
if (-1 == rc) {
exit_code = (errno) ? errno : -1;
msyslog(LOG_ERR, "fork: %m");
exit(exit_code);
}
if (rc > 0) {
/* parent */
exit_code = wait_child_sync_if(pipe_fds[0],
wait_sync);
exit(exit_code);
}
/*
* child/daemon
* close all open files excepting waitsync_fd_to_close.
* msyslog() unreliable until after init_logging().
*/
closelog();
if (syslog_file != NULL) {
fclose(syslog_file);
syslog_file = NULL;
syslogit = TRUE;
}
close_all_except(waitsync_fd_to_close);
INSIST(0 == open("/dev/null", 0) && 1 == dup2(0, 1) \
&& 2 == dup2(0, 2));
init_logging(progname, 0, TRUE);
/* we lost our logfile (if any) daemonizing */
setup_logfile(logfilename);
# ifdef SYS_DOMAINOS
{
uid_$t puid;
status_$t st;
proc2_$who_am_i(&puid);
proc2_$make_server(&puid, &st);
}
# endif /* SYS_DOMAINOS */
# ifdef HAVE_SETSID
if (setsid() == (pid_t)-1)
msyslog(LOG_ERR, "setsid(): %m");
# elif defined(HAVE_SETPGID)
if (setpgid(0, 0) == -1)
msyslog(LOG_ERR, "setpgid(): %m");
# else /* !HAVE_SETSID && !HAVE_SETPGID follows */
# ifdef TIOCNOTTY
fid = open("/dev/tty", 2);
if (fid >= 0) {
ioctl(fid, (u_long)TIOCNOTTY, NULL);
close(fid);
}
# endif /* TIOCNOTTY */
ntp_setpgrp(0, getpid());
# endif /* !HAVE_SETSID && !HAVE_SETPGID */
# ifdef _AIX
/* Don't get killed by low-on-memory signal. */
sa.sa_handler = catch_danger;
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_RESTART;
sigaction(SIGDANGER, &sa, NULL);
# endif /* _AIX */
detach_from_terminal(pipe_fds, wait_sync, logfilename);
# endif /* HAVE_WORKING_FORK */
}
@ -972,51 +1141,12 @@ ntpdmain(
# endif /* HAVE_LINUX_CAPABILITIES || HAVE_SOLARIS_PRIVS */
if (user != NULL) {
if (isdigit((unsigned char)*user)) {
sw_uid = (uid_t)strtoul(user, &endp, 0);
if (*endp != '\0')
goto getuser;
if ((pw = getpwuid(sw_uid)) != NULL) {
free(user);
user = estrdup(pw->pw_name);
sw_gid = pw->pw_gid;
} else {
errno = 0;
msyslog(LOG_ERR, "Cannot find user ID %s", user);
exit (-1);
}
} else {
getuser:
errno = 0;
if ((pw = getpwnam(user)) != NULL) {
sw_uid = pw->pw_uid;
sw_gid = pw->pw_gid;
} else {
if (errno)
msyslog(LOG_ERR, "getpwnam(%s) failed: %m", user);
else
msyslog(LOG_ERR, "Cannot find user `%s'", user);
exit (-1);
}
}
if (0 == map_user())
exit (-1);
}
if (group != NULL) {
if (isdigit((unsigned char)*group)) {
sw_gid = (gid_t)strtoul(group, &endp, 0);
if (*endp != '\0')
goto getgroup;
} else {
getgroup:
if ((gr = getgrnam(group)) != NULL) {
sw_gid = gr->gr_gid;
} else {
errno = 0;
msyslog(LOG_ERR, "Cannot find group `%s'", group);
exit (-1);
}
}
if (0 == map_group())
exit (-1);
}
if (chrootdir ) {
@ -1050,37 +1180,8 @@ getgroup:
exit(-1);
}
# endif /* HAVE_SOLARIS_PRIVS */
if (user && initgroups(user, sw_gid)) {
msyslog(LOG_ERR, "Cannot initgroups() to user `%s': %m", user);
exit (-1);
}
if (group && setgid(sw_gid)) {
msyslog(LOG_ERR, "Cannot setgid() to group `%s': %m", group);
exit (-1);
}
if (group && setegid(sw_gid)) {
msyslog(LOG_ERR, "Cannot setegid() to group `%s': %m", group);
exit (-1);
}
if (group) {
if (0 != setgroups(1, &sw_gid)) {
msyslog(LOG_ERR, "setgroups(1, %d) failed: %m", sw_gid);
exit (-1);
}
}
else if (pw)
if (0 != initgroups(pw->pw_name, pw->pw_gid)) {
msyslog(LOG_ERR, "initgroups(<%s>, %d) filed: %m", pw->pw_name, pw->pw_gid);
exit (-1);
}
if (user && setuid(sw_uid)) {
msyslog(LOG_ERR, "Cannot setuid() to user `%s': %m", user);
exit (-1);
}
if (user && seteuid(sw_uid)) {
msyslog(LOG_ERR, "Cannot seteuid() to user `%s': %m", user);
exit (-1);
}
if (0 == set_user_group_ids())
exit(-1);
# if !defined(HAVE_LINUX_CAPABILITIES) && !defined(HAVE_SOLARIS_PRIVS)
/*
@ -1245,6 +1346,10 @@ int scmp_sc[] = {
}
#endif /* LIBSECCOMP and KERN_SECCOMP */
#ifdef SYS_WINNT
ntservice_isup();
#endif
# ifdef HAVE_IO_COMPLETION_PORT
for (;;) {

1449
contrib/ntp/ntpd/ntpd.html
View File

File diff suppressed because it is too large Load Diff

6
contrib/ntp/ntpd/ntpd.man.in
View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntpd @NTPD_MS@ "27 Feb 2018" "4.2.8p11" "User Commands"
.TH ntpd @NTPD_MS@ "20 Feb 2019" "4.2.8p13" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Ffa4WQ/ag-RfaWVQ)
.\" EDIT THIS FILE WITH CAUTION (in-mem file)
.\"
.\" It has been AutoGen-ed February 27, 2018 at 05:14:30 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 20, 2019 at 09:56:46 AM by AutoGen 5.18.5
.\" From the definitions ntpd-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME

4
contrib/ntp/ntpd/ntpd.mdoc.in
View File

@ -1,9 +1,9 @@
.Dd February 27 2018
.Dd February 20 2019
.Dt NTPD @NTPD_MS@ User Commands
.Os
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
.\"
.\" It has been AutoGen-ed February 27, 2018 at 05:14:47 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 20, 2019 at 09:56:37 AM by AutoGen 5.18.5
.\" From the definitions ntpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME

2
contrib/ntp/ntpd/rc_cmdlength.c
View File

@ -5,6 +5,8 @@
# include <unistd.h>
#endif
// XXX: Move to header.
size_t remoteconfig_cmdlength( const char *, const char *);
/* Bug 2853 */
/* evaluate the length of the command sequence. This breaks at the first

119
contrib/ntp/ntpd/refclock_bancomm.c
View File

@ -60,6 +60,9 @@
#include <stdio.h>
#include <syslog.h>
#include <ctype.h>
#ifdef HAVE_SYS_IOCTL_H
# include <sys/ioctl.h>
#endif
struct btfp_time /* Structure for reading 5 time words */
/* in one ioctl(2) operation. */
@ -74,17 +77,16 @@ struct btfp_time /* Structure for reading 5 time words */
#define IOCIOWN( l, n, s ) ( BTFPIOC | n )
/***** Simple ioctl commands *****/
#define RUNLOCK IOCIOR(b, 19, int ) /* Release Capture Lockout */
#define RCR0 IOCIOR(b, 22, int ) /* Read control register zero.*/
#define WCR0 IOCIOWN(b, 23, int) /* Write control register zero*/
#define RUNLOCK IOCIOR(b, 19, int ) /* Release Capture Lockout */
#define RCR0 IOCIOR(b, 22, int ) /* Read control register zero.*/
#define WCR0 IOCIOWN(b, 23, int) /* Write control register zero*/
/***** Compound ioctl commands *****/
/* Read all 5 time words in one call. */
#define READTIME IOCIORN(b, 32, sizeof( struct btfp_time ))
#if defined(__FreeBSD__)
#undef READTIME
#define READTIME _IOR('u', 5, struct btfp_time )
# define READTIME _IOR('u', 5, struct btfp_time )
#else
# define READTIME IOCIORN(b, 32, sizeof( struct btfp_time ))
#endif
/* Solaris specific section */
@ -165,18 +167,76 @@ static void vme_poll (int unit, struct peer *);
struct vmedate *get_datumtime(struct vmedate *);
void tvme_fill(struct vmedate *, uint32_t btm[2]);
void stfp_time2tvme(struct vmedate *time_vme, struct stfp_time *stfp);
inline const char *DEVICE_NAME(int n);
static const char *get_devicename(int n);
/* [Bug 3558] and [Bug 1674] perlinger@ntp.org says:
*
* bcReadBinTime() is defined to use two DWORD pointers on Windows and
* Linux in the BANCOMM SDK. DWORD is of course Windows-specific
* (*shudder*), and it is defined as 'unsigned long' under
* Linux/Unix. (*sigh*)
*
* This creates quite some headache. The size of 'unsigned long' is
* platform/compiler/memory-model dependent (LP32 vs LP64 vs LLP64),
* while the card itself always creates 32bit time stamps. What a
* bummer. And DWORD has tendency to contain 64bit on Win64 (which is
* why we have a DWORD32 defined on Win64) so it can be used as
* substitute for 'UINT_PTR' in Windows API headers. I won't even try
* to comment on that, because anything I have to say will not be civil.
*
* We work around this by possibly using a wrapper function that makes
* the necessary conversions/casts. It might be a bit tricky to
* maintain the conditional logic below, but any lingering disease needs
* constant care to avoid a breakout.
*/
#if defined(__linux__)
typedef unsigned long bcBinTimeT;
# if SIZEOF_LONG == 4
# define safeReadBinTime bcReadBinTime
# endif
#elif defined(SYS_WINNT)
typedef DWORD bcBinTimeT;
# if !defined(_WIN64) || _WIN64 == 0
# define safeReadBinTime bcReadBinTime
# endif
#else
typedef uint32_t bcBinTimeT;
# define safeReadBinTime bcReadBinTime
#endif
/*
* Define the bc*() functions as weak so we can compile/link without them.
* Only clients with the card will have the proprietary vendor device driver
* and interface library needed for use on Linux/Windows platforms.
*/
extern uint32_t __attribute__ ((weak)) bcReadBinTime(SYMMT_PCI_HANDLE, uint32_t *, uint32_t*, uint8_t*);
extern uint32_t __attribute__ ((weak)) bcReadBinTime(SYMMT_PCI_HANDLE, bcBinTimeT*, bcBinTimeT*, uint8_t*);
extern SYMMT_PCI_HANDLE __attribute__ ((weak)) bcStartPci(void);
extern void __attribute__ ((weak)) bcStopPci(SYMMT_PCI_HANDLE);
/* This is the conversion wrapper for the long/DWORD/uint32_t clash in
* reading binary times.
*/
#ifndef safeReadBinTime
static uint32_t
safeReadBinTime(
SYMMT_PCI_HANDLE hnd,
uint32_t *pt1,
uint32_t *pt2,
uint8_t *p3
)
{
bcBinTimeT t1, t2;
uint32_t rc;
rc = bcReadBinTime(hnd, &t1, &t2, p3);
if (rc != 0) {
*pt1 = (uint32_t)t1;
*pt2 = (uint32_t)t2;
}
return rc;
}
#endif /* !defined(safeReadBinTime) */
/*
* Transfer vector
*/
@ -195,15 +255,27 @@ int regvalue;
int tfp_type; /* mode selector, indicate platform and driver interface */
SYMMT_PCI_HANDLE stfp_handle;
/**
* this macro returns the device name based on
* the platform we are running on and the device number
/* This helper function returns the device name based on the platform we
* are running on and the device number.
*
* Uses a static buffer, so the result is valid only to the next call of
* this function!
*/
#if defined(__sun__)
inline const char *DEVICE_NAME(int n) {static char s[20]={0}; snprintf(s,19,"/dev/stfp%d",n);return s;}
#else
inline const char* DEVICE_NAME(int n) {static char s[20]={0}; snprintf(s,19,"/dev/btfp%d",n);return s;}
#endif /**__sun__**/
static const char*
get_devicename(int n)
{
# if defined(__sun__)
static const char * const template ="/dev/stfp%d";
# else
static const char * const template ="/dev/btfp%d";
# endif
static char namebuf[20];
snprintf(namebuf, sizeof(namebuf), template, n);
namebuf[sizeof(namebuf)-1] = '\0'; /* paranoia rulez! */
return namebuf;
}
/*
* vme_start - open the VME device and initialize data for processing
@ -235,9 +307,9 @@ vme_start(
*/
#ifdef DEBUG
printf("Opening DATUM DEVICE %s\n",DEVICE_NAME(peer->refclkunit));
printf("Opening DATUM DEVICE %s\n",get_devicename(peer->refclkunit));
#endif
if ( (fd_vme = open(DEVICE_NAME(peer->refclkunit), O_RDWR)) < 0) {
if ( (fd_vme = open(get_devicename(peer->refclkunit), O_RDWR)) < 0) {
msyslog(LOG_ERR, "vme_start: failed open of %s: %m", vmedev);
return (0);
}
@ -433,7 +505,7 @@ get_datumtime(struct vmedate *time_vme)
break;
case 2: /* Linux/Windows, PCI, 2 32bit time words */
if (bcReadBinTime(stfp_handle, &btm[1], &btm[0], &dmy) == 0) {
if (safeReadBinTime(stfp_handle, &btm[1], &btm[0], &dmy) == 0) {
msyslog(LOG_ERR, "get_datumtime error: %m");
return(NULL);
}
@ -512,10 +584,11 @@ void
tvme_fill(struct vmedate *time_vme, uint32_t btm[2])
{
struct tm maj;
uint32_t dmaj, dmin;
time_t dmaj;
uint32_t dmin;
dmaj = btm[1]; /* syntax sugar */
dmin = btm[0];
dmaj = btm[1]; /* syntax sugar & expansion */
dmin = btm[0]; /* just syntax sugar */
gmtime_r(&dmaj, &maj);
time_vme->day = maj.tm_yday+1;

3
contrib/ntp/ntpd/refclock_datum.c
View File

@ -485,7 +485,8 @@ datum_pts_receive(
struct recvbuf *rbufp
)
{
int i, nb;
int i;
size_t nb;
l_fp tstmp;
struct peer *p;
struct datum_pts_unit *datum_pts;

4
contrib/ntp/ntpd/refclock_gpsdjson.c
View File

@ -1136,7 +1136,7 @@ json_token_skip(
const json_ctx * ctx,
tok_ref tid)
{
if (tid >= 0 && (u_int)tid < ctx->ntok) {
if (tid >= 0 && tid < ctx->ntok) {
int len = ctx->tok[tid].size;
/* For arrays and objects, the size is the number of
* ITEMS in the compound. Thats the number of objects in
@ -1164,7 +1164,7 @@ json_token_skip(
/* The next condition should never be true, but paranoia
* prevails...
*/
if (tid < 0 || (u_int)tid > ctx->ntok)
if (tid < 0 || tid > ctx->ntok)
tid = ctx->ntok;
}
return tid;

60
contrib/ntp/ntpd/refclock_jupiter.c
View File

@ -139,8 +139,7 @@ static void jupiter_canmsg (struct instance *, u_int);
static u_short jupiter_cksum (u_short *, u_int);
static int jupiter_config (struct instance *);
static void jupiter_debug (struct peer *, const char *,
const char *, ...)
__attribute__ ((format (printf, 3, 4)));
const char *, ...) NTP_PRINTF(3, 4);
static const char * jupiter_parse_t (struct instance *, u_short *);
static const char * jupiter_parse_gpos (struct instance *, u_short *);
static void jupiter_platform (struct instance *, u_int);
@ -159,10 +158,6 @@ static char * jupiter_send (struct instance *, struct jheader *);
static void jupiter_shutdown(int, struct peer *);
static int jupiter_start (int, struct peer *);
static u_int get_full_week(u_int base_week, u_int gpos_week);
static u_int get_base_week(void);
/*
* Transfer vector
*/
@ -856,8 +851,7 @@ jupiter_parse_gpos(struct instance *instance, u_short *sp)
}
instance->gpos_sweek = DS2UI(jg->sweek);
instance->gpos_gweek = get_full_week(get_base_week(),
getshort(jg->gweek));
instance->gpos_gweek = basedate_expand_gpsweek(getshort(jg->gweek));
/* according to the protocol spec, the seconds-in-week cannot
* exceed the nominal value: Is it really necessary to normalise
@ -1130,56 +1124,6 @@ jupiter_recv(struct instance *instance)
return (cc);
}
static u_int
get_base_week(void)
{
static int init_done /* = 0 */;
static u_int base_week;
/* Get the build date, convert to days since GPS epoch and
* finally weeks since GPS epoch. Note that the build stamp is
* trusted once it is fetched -- only dates before the GPS epoch
* are not permitted. This will permit proper synchronisation
* for a time range of 1024 weeks starting with 00:00:00 of the
* last Sunday on or before the build time.
*
* If the impossible happens and fetching the build date fails,
* a 1024-week cycle starting with 2016-01-03 is assumed to
* avoid catastropic errors. This will work until 2035-08-19.
*/
if (!init_done) {
struct calendar bd;
if (ntpcal_get_build_date(&bd)) {
int32_t days = ntpcal_date_to_rd(&bd);
if (days > RDN_GPS_EPOCH)
days -= RDN_GPS_EPOCH;
else
days = 0;
base_week = days / 7;
} else {
base_week = 1878; /* 2016-01-03, Sunday */
msyslog(LOG_ERR,
"refclock_jupiter: ntpcal_get_build_date() failed: %s",
"using 2016-01-03 as GPS base!");
}
init_done = 1;
}
return base_week;
}
static u_int
get_full_week(
u_int base_week,
u_int gpos_week
)
{
/* Periodic extension on base week. Since the period is 1024
* weeks and we do unsigned arithmetic here, we can do wonderful
* things with masks and the well-defined overflow behaviour.
*/
return base_week + ((gpos_week - base_week) & 1023);
}
#else /* not (REFCLOCK && CLOCK_JUPITER && HAVE_PPSAPI) */
int refclock_jupiter_bs;
#endif /* not (REFCLOCK && CLOCK_JUPITER && HAVE_PPSAPI) */

3
contrib/ntp/ntpd/refclock_parse.c
View File

@ -4256,8 +4256,7 @@ mk_utcinfo(
struct tm *tm;
int nc;
if (wnlsf < GPSWRAP)
wnlsf += GPSWEEKS;
wnlsf = basedate_expand_gpsweek(wnlsf);
/* 'wnt' not used here: would need the same treatment as 'wnlsf */
t_ls = (time_t) wnlsf * SECSPERWEEK

1
contrib/ntp/ntpd/refclock_shm.c
View File

@ -340,6 +340,7 @@ shm_poll(
if (pp->coderecv != pp->codeproc) {
/* have some samples, everything OK */
pp->lastref = pp->lastrec;
refclock_report(peer, CEVNT_NOMINAL);
refclock_receive(peer);
} else if (NULL == up->shm) { /* is this possible at all? */
/* we're out of business without SHM access */

2
contrib/ntp/ntpd/refclock_true.c
View File

@ -640,7 +640,7 @@ true_send(
size_t len = strlen(cmd);
true_debug(peer, "Send '%s'\n", cmd);
if (write(pp->io.fd, cmd, (unsigned)len) != len)
if (write(pp->io.fd, cmd, len) != (ssize_t)len)
refclock_report(peer, CEVNT_FAULT);
else
pp->polls++;

4
contrib/ntp/ntpdate/Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

196
contrib/ntp/ntpdate/ntpdate.c
View File

@ -154,7 +154,7 @@ char const *progname;
/*
* Systemwide parameters and flags
*/
int sys_samples = DEFSAMPLES; /* number of samples/server */
int sys_samples = 0; /* number of samples/server, will be modified later */
u_long sys_timeout = DEFTIMEOUT; /* timeout time, in TIMER_HZ units */
struct server *sys_servers; /* the server list */
int sys_numservers = 0; /* number of servers to poll */
@ -220,7 +220,7 @@ void input_handler (void);
static int l_adj_systime (l_fp *);
static int l_step_systime (l_fp *);
static void printserver (struct server *, FILE *);
static void print_server (struct server *, FILE *);
#ifdef SYS_WINNT
int on = 1;
@ -429,7 +429,7 @@ ntpdatemain (
default:
break;
}
if (errflg) {
(void) fprintf(stderr,
"usage: %s [-46bBdqsuv] [-a key#] [-e delay] [-k file] [-p samples] [-o version#] [-t timeo] server ...\n",
@ -437,6 +437,14 @@ ntpdatemain (
exit(2);
}
/*
* If number of Samples (-p) not specified by user:
* - if a simple_query (-q) just ONE will do
* - otherwise the normal is DEFSAMPLES
*/
if (sys_samples == 0)
sys_samples = (simple_query ? 1 : DEFSAMPLES);
if (debug || simple_query) {
#ifdef HAVE_SETVBUF
static char buf[BUFSIZ];
@ -651,9 +659,6 @@ transmit(
{
struct pkt xpkt;
if (debug)
printf("transmit(%s)\n", stoa(&server->srcadr));
if (server->filter_nextpt < server->xmtcnt) {
l_fp ts;
/*
@ -674,6 +679,9 @@ transmit(
return;
}
if (debug)
printf("transmit(%s)\n", stoa(&server->srcadr));
/*
* If we're here, send another message to the server. Fill in
* the packet and let 'er rip.
@ -849,7 +857,7 @@ receive(
NTOHL_FP(&rpkt->xmt, &server->org);
/*
* Make sure the server is at least somewhat sane. If not, try
* Make sure the server is at least somewhat sane. If not, try
* again.
*/
if (L_ISZERO(&rec) || !L_ISHIS(&server->org, &rec)) {
@ -956,7 +964,7 @@ clock_filter(
int ord[NTP_SHIFT];
INSIST((0 < sys_samples) && (sys_samples <= NTP_SHIFT));
/*
* Sort indices into increasing delay order
*/
@ -1042,15 +1050,15 @@ clock_select(void)
/*
* This first chunk of code is supposed to go through all
* servers we know about to find the NTP_MAXLIST servers which
* are most likely to succeed. We run through the list
* are most likely to succeed. We run through the list
* doing the sanity checks and trying to insert anyone who
* looks okay. We are at all times aware that we should
* looks okay. We are at all times aware that we should
* only keep samples from the top two strata and we only need
* NTP_MAXLIST of them.
*/
nlist = 0; /* none yet */
for (server = sys_servers; server != NULL; server = server->next_server) {
if (server->delay == 0) {
if (server->stratum == 0) {
if (debug)
printf("%s: Server dropped: no data\n", ntoa(&server->srcadr));
continue; /* no data */
@ -1062,25 +1070,25 @@ clock_select(void)
}
if (server->delay > NTP_MAXWGT) {
if (debug)
printf("%s: Server dropped: server too far away\n",
printf("%s: Server dropped: server too far away\n",
ntoa(&server->srcadr));
continue; /* too far away */
}
if (server->leap == LEAP_NOTINSYNC) {
if (debug)
printf("%s: Server dropped: Leap not in sync\n", ntoa(&server->srcadr));
printf("%s: Server dropped: leap not in sync\n", ntoa(&server->srcadr));
continue; /* he's in trouble */
}
if (!L_ISHIS(&server->org, &server->reftime)) {
if (debug)
printf("%s: Server dropped: server is very broken\n",
printf("%s: Server dropped: server is very broken\n",
ntoa(&server->srcadr));
continue; /* very broken host */
}
if ((server->org.l_ui - server->reftime.l_ui)
>= NTP_MAXAGE) {
if (debug)
printf("%s: Server dropped: Server has gone too long without sync\n",
printf("%s: Server dropped: server has gone too long without sync\n",
ntoa(&server->srcadr));
continue; /* too long without sync */
}
@ -1256,8 +1264,10 @@ clock_adjust(void)
server = clock_select();
if (debug || simple_query) {
if (debug)
printf ("\n");
for (sp = sys_servers; sp != NULL; sp = sp->next_server)
printserver(sp, stdout);
print_server(sp, stdout);
}
if (server == 0) {
@ -1283,31 +1293,17 @@ clock_adjust(void)
}
if (dostep) {
if (simple_query || debug || l_step_systime(&server->offset)){
if (simple_query || l_step_systime(&server->offset)){
msyslog(LOG_NOTICE, "step time server %s offset %s sec",
stoa(&server->srcadr),
lfptoa(&server->offset, 6));
}
} else {
#ifndef SYS_WINNT
if (simple_query || l_adj_systime(&server->offset)) {
msyslog(LOG_NOTICE, "adjust time server %s offset %s sec",
stoa(&server->srcadr),
lfptoa(&server->offset, 6));
}
#else
/* The NT SetSystemTimeAdjustment() call achieves slewing by
* changing the clock frequency. This means that we cannot specify
* it to slew the clock by a definite amount and then stop like
* the Unix adjtime() routine. We can technically adjust the clock
* frequency, have ntpdate sleep for a while, and then wake
* up and reset the clock frequency, but this might cause some
* grief if the user attempts to run ntpd immediately after
* ntpdate and the socket is in use.
*/
printf("\nThe -b option is required by ntpdate on Windows NT platforms\n");
exit(1);
#endif /* SYS_WINNT */
}
return(0);
}
@ -1440,7 +1436,7 @@ findserver(
if (SRCPORT(addr) != NTP_PORT)
return 0;
for (server = sys_servers; server != NULL;
for (server = sys_servers; server != NULL;
server = server->next_server) {
if (SOCK_EQ(addr, &server->srcadr))
return server;
@ -1451,7 +1447,7 @@ findserver(
}
}
if (mc_server != NULL) {
if (mc_server != NULL) {
struct server *sp;
@ -1494,7 +1490,7 @@ timer(void)
* who's event timers have expired. Give these to
* the transmit routine.
*/
for (server = sys_servers; server != NULL;
for (server = sys_servers; server != NULL;
server = server->next_server) {
if (server->event_time != 0
&& server->event_time <= current_time)
@ -1520,7 +1516,7 @@ alarming(
alarm_flag++;
}
#else /* SYS_WINNT follows */
void CALLBACK
void CALLBACK
alarming(UINT uTimerID, UINT uMsg, DWORD dwUser, DWORD dw1, DWORD dw2)
{
UNUSED_ARG(uTimerID); UNUSED_ARG(uMsg); UNUSED_ARG(dwUser);
@ -1605,24 +1601,26 @@ init_alarm(void)
#else /* SYS_WINNT follows */
_tzset();
/*
* Get privileges needed for fiddling with the clock
*/
if (!simple_query && !debug) {
/*
* Get privileges needed for fiddling with the clock
*/
/* get the current process token handle */
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
msyslog(LOG_ERR, "OpenProcessToken failed: %m");
exit(1);
/* get the current process token handle */
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
msyslog(LOG_ERR, "OpenProcessToken failed: %m");
exit(1);
}
/* get the LUID for system-time privilege. */
LookupPrivilegeValue(NULL, SE_SYSTEMTIME_NAME, &tkp.Privileges[0].Luid);
tkp.PrivilegeCount = 1; /* one privilege to set */
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
/* get set-time privilege for this process. */
AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,(PTOKEN_PRIVILEGES) NULL, 0);
/* cannot test return value of AdjustTokenPrivileges. */
if (GetLastError() != ERROR_SUCCESS)
msyslog(LOG_ERR, "AdjustTokenPrivileges failed: %m");
}
/* get the LUID for system-time privilege. */
LookupPrivilegeValue(NULL, SE_SYSTEMTIME_NAME, &tkp.Privileges[0].Luid);
tkp.PrivilegeCount = 1; /* one privilege to set */
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
/* get set-time privilege for this process. */
AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,(PTOKEN_PRIVILEGES) NULL, 0);
/* cannot test return value of AdjustTokenPrivileges. */
if (GetLastError() != ERROR_SUCCESS)
msyslog(LOG_ERR, "AdjustTokenPrivileges failed: %m");
/*
* Set up timer interrupts for every 2**EVENT_TIMEOUT seconds
@ -1996,7 +1994,6 @@ input_handler(void)
}
#if !defined SYS_WINNT && !defined SYS_CYGWIN32
/*
* adj_systime - do a big long slew of the system time
*/
@ -2041,15 +2038,30 @@ l_adj_systime(
adjtv.tv_usec = -adjtv.tv_usec;
}
if (adjtv.tv_usec != 0 && !debug) {
if (!debug && (adjtv.tv_usec != 0)) {
/* A time correction needs to be applied. */
#if !defined SYS_WINNT && !defined SYS_CYGWIN32
/* Slew the time on systems that support this. */
if (adjtime(&adjtv, &oadjtv) < 0) {
msyslog(LOG_ERR, "Can't adjust the time of day: %m");
exit(1);
}
#else /* SYS_WINNT or SYS_CYGWIN32 is defined */
/*
* The NT SetSystemTimeAdjustment() call achieves slewing by
* changing the clock frequency. This means that we cannot specify
* it to slew the clock by a definite amount and then stop like
* the Unix adjtime() routine. We can technically adjust the clock
* frequency, have ntpdate sleep for a while, and then wake
* up and reset the clock frequency, but this might cause some
* grief if the user attempts to run ntpd immediately after
* ntpdate and the socket is in use.
*/
printf("\nSlewing the system time is not supported on Windows. Use the -b option to step the time.\n");
#endif /* defined SYS_WINNT || defined SYS_CYGWIN32 */
}
return 1;
}
#endif /* SYS_WINNT */
/*
@ -2068,11 +2080,14 @@ l_step_systime(
int isneg;
int n;
if (debug) return 1;
if (debug)
return 1;
/*
* Take the absolute value of the offset
*/
ftmp = *ts;
if (L_ISNEG(&ftmp)) {
L_NEG(&ftmp);
isneg = 1;
@ -2082,9 +2097,9 @@ l_step_systime(
if (ftmp.l_ui >= 3) { /* Step it and slew - we might win */
LFPTOD(ts, dtemp);
n = step_systime(dtemp);
if (!n)
return n;
if (isneg)
if (n == 0)
return 0;
if (isneg) /* WTF! */
ts->l_ui = ~0;
else
ts->l_ui = ~0;
@ -2113,12 +2128,12 @@ l_step_systime(
}
/* XXX ELIMINATE printserver similar in ntptrace.c, ntpdate.c */
/* XXX ELIMINATE print_server similar in ntptrace.c, ntpdate.c */
/*
* printserver - print detail information for a server
* print_server - print detail information for a server
*/
static void
printserver(
print_server(
register struct server *pp,
FILE *fp
)
@ -2127,6 +2142,9 @@ printserver(
char junk[5];
const char *str;
if (pp->stratum == 0) /* Nothing received => nothing to print */
return;
if (!debug) {
(void) fprintf(fp, "server %s, stratum %d, offset %s, delay %s\n",
stoa(&pp->srcadr), pp->stratum,
@ -2143,45 +2161,53 @@ printserver(
pp->leap & 0x1 ? '1' : '0',
pp->trust);
if (pp->stratum == 1) {
junk[4] = 0;
memmove(junk, (char *)&pp->refid, 4);
if (REFID_ISTEXT(pp->stratum)) {
str = (char *) &pp->refid;
for (i=0; i<4 && str[i]; i++) {
junk[i] = (isprint(str[i]) ? str[i] : '.');
}
junk[i] = 0; // force terminating 0
str = junk;
} else {
str = stoa(&pp->srcadr);
str = numtoa(pp->refid);
}
(void) fprintf(fp,
"refid [%s], delay %s, dispersion %s\n",
str, fptoa((s_fp)pp->delay, 5),
ufptoa(pp->dispersion, 5));
"refid [%s], root delay %s, root dispersion %s\n",
str, fptoa((s_fp)pp->rootdelay, 6),
ufptoa(pp->rootdisp, 6));
(void) fprintf(fp, "transmitted %d, in filter %d\n",
if (pp->xmtcnt != pp->filter_nextpt)
(void) fprintf(fp, "transmitted %d, in filter %d\n",
pp->xmtcnt, pp->filter_nextpt);
(void) fprintf(fp, "reference time: %s\n",
(void) fprintf(fp, "reference time: %s\n",
prettydate(&pp->reftime));
(void) fprintf(fp, "originate timestamp: %s\n",
prettydate(&pp->org));
(void) fprintf(fp, "transmit timestamp: %s\n",
prettydate(&pp->xmt));
(void) fprintf(fp, "filter delay: ");
for (i = 0; i < NTP_SHIFT; i++) {
(void) fprintf(fp, " %-8.8s", fptoa(pp->filter_delay[i], 5));
if (i == (NTP_SHIFT>>1)-1)
(void) fprintf(fp, "\n ");
}
(void) fprintf(fp, "\n");
if (sys_samples > 1) {
(void) fprintf(fp, "filter delay: ");
for (i = 0; i < NTP_SHIFT; i++) {
if (i == (NTP_SHIFT>>1))
(void) fprintf(fp, "\n ");
(void) fprintf(fp, " %-10.10s",
(i<sys_samples ? fptoa(pp->filter_delay[i], 5) : "----"));
}
(void) fprintf(fp, "\n");
(void) fprintf(fp, "filter offset:");
for (i = 0; i < PEER_SHIFT; i++) {
(void) fprintf(fp, " %-8.8s", lfptoa(&pp->filter_offset[i], 6));
if (i == (PEER_SHIFT>>1)-1)
(void) fprintf(fp, "\n ");
(void) fprintf(fp, "filter offset:");
for (i = 0; i < PEER_SHIFT; i++) {
if (i == (PEER_SHIFT>>1))
(void) fprintf(fp, "\n ");
(void) fprintf(fp, " %-10.10s",
(i<sys_samples ? lfptoa(&pp->filter_offset[i], 6): "----"));
}
(void) fprintf(fp, "\n");
}
(void) fprintf(fp, "\n");
(void) fprintf(fp, "delay %s, dispersion %s\n",
(void) fprintf(fp, "delay %s, dispersion %s, ",
fptoa((s_fp)pp->delay, 5), ufptoa(pp->dispersion, 5));
(void) fprintf(fp, "offset %s\n\n",
@ -2227,7 +2253,7 @@ isc_boolean_t ntp_port_inuse(int af, u_short port)
* Check if NTP socket is already in use on this system
* This is only for Windows Systems, as they tend not to fail on the real bind() below
*/
SOCKET checksocket;
struct sockaddr_in checkservice;
checksocket = socket(af, SOCK_DGRAM, 0);

4
contrib/ntp/ntpdc/Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

4
contrib/ntp/ntpdc/invoke-ntpdc.texi
View File

@ -6,7 +6,7 @@
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpdc.texi)
#
# It has been AutoGen-ed February 27, 2018 at 05:15:06 PM by AutoGen 5.18.5
# It has been AutoGen-ed February 20, 2019 at 09:56:51 AM by AutoGen 5.18.5
# From the definitions ntpdc-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@ -76,7 +76,7 @@ with a status code of 0.
@exampleindent 0
@example
ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p11
ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p13
Usage: ntpdc [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...]
Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution

2
contrib/ntp/ntpdc/nl.pl
View File

@ -1,4 +1,4 @@
#! /usr/local/bin/perl -w
#! /ntpbuild/bin/perl -w
$found = 0;
$last = 0;

16
contrib/ntp/ntpdc/ntpdc-opts.c
View File

@ -1,11 +1,11 @@
/*
* EDIT THIS FILE WITH CAUTION (ntpdc-opts.c)
*
* It has been AutoGen-ed February 27, 2018 at 05:14:56 PM by AutoGen 5.18.5
* It has been AutoGen-ed February 20, 2019 at 09:56:48 AM by AutoGen 5.18.5
* From the definitions ntpdc-opts.def
* and the template file options
*
* Generated from AutoOpts 41:0:16 templates.
* Generated from AutoOpts 41:1:16 templates.
*
* AutoOpts is a copyrighted work. This source file is not encumbered
* by AutoOpts licensing, but is provided under the licensing terms chosen
@ -69,7 +69,7 @@ extern FILE * option_usage_fp;
* static const strings for ntpdc options
*/
static char const ntpdc_opt_strs[1914] =
/* 0 */ "ntpdc 4.2.8p11\n"
/* 0 */ "ntpdc 4.2.8p13\n"
"Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
@ -128,14 +128,14 @@ static char const ntpdc_opt_strs[1914] =
/* 1695 */ "no-load-opts\0"
/* 1708 */ "no\0"
/* 1711 */ "NTPDC\0"
/* 1717 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p11\n"
/* 1717 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p13\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0"
/* 1848 */ "$HOME\0"
/* 1854 */ ".\0"
/* 1856 */ ".ntprc\0"
/* 1863 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 1897 */ "\n\0"
/* 1899 */ "ntpdc 4.2.8p11";
/* 1899 */ "ntpdc 4.2.8p13";
/**
* ipv4 option description with
@ -796,7 +796,7 @@ static void bogus_function(void) {
translate option names.
*/
/* referenced via ntpdcOptions.pzCopyright */
puts(_("ntpdc 4.2.8p11\n\
puts(_("ntpdc 4.2.8p13\n\
Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\
@ -862,14 +862,14 @@ implied warranty.\n"));
puts(_("load options from a config file"));
/* referenced via ntpdcOptions.pzUsageTitle */
puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p11\n\
puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p13\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n"));
/* referenced via ntpdcOptions.pzExplain */
puts(_("\n"));
/* referenced via ntpdcOptions.pzFullVersion */
puts(_("ntpdc 4.2.8p11"));
puts(_("ntpdc 4.2.8p13"));
/* referenced via ntpdcOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>"));

10
contrib/ntp/ntpdc/ntpdc-opts.h
View File

@ -1,11 +1,11 @@
/*
* EDIT THIS FILE WITH CAUTION (ntpdc-opts.h)
*
* It has been AutoGen-ed February 27, 2018 at 05:14:56 PM by AutoGen 5.18.5
* It has been AutoGen-ed February 20, 2019 at 09:56:48 AM by AutoGen 5.18.5
* From the definitions ntpdc-opts.def
* and the template file options
*
* Generated from AutoOpts 41:0:16 templates.
* Generated from AutoOpts 41:1:16 templates.
*
* AutoOpts is a copyrighted work. This header file is not encumbered
* by AutoOpts licensing, but is provided under the licensing terms chosen
@ -53,7 +53,7 @@
* tolerable version is at least as old as what was current when the header
* template was released.
*/
#define AO_TEMPLATE_VERSION 167936
#define AO_TEMPLATE_VERSION 167937
#if (AO_TEMPLATE_VERSION < OPTIONS_MINIMUM_VERSION) \
|| (AO_TEMPLATE_VERSION > OPTIONS_STRUCT_VERSION)
# error option template version mismatches autoopts/options.h header
@ -83,9 +83,9 @@ typedef enum {
/** count of all options for ntpdc */
#define OPTION_CT 15
/** ntpdc version */
#define NTPDC_VERSION "4.2.8p11"
#define NTPDC_VERSION "4.2.8p13"
/** Full ntpdc version text */
#define NTPDC_FULL_VERSION "ntpdc 4.2.8p11"
#define NTPDC_FULL_VERSION "ntpdc 4.2.8p13"
/**
* Interface defines for all options. Replace "n" with the UPPER_CASED

6
contrib/ntp/ntpdc/ntpdc.1ntpdcman
View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntpdc 1ntpdcman "27 Feb 2018" "4.2.8p11" "User Commands"
.TH ntpdc 1ntpdcman "20 Feb 2019" "4.2.8p13" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-MnaqKS/ag-YnaiJS)
.\" EDIT THIS FILE WITH CAUTION (in-mem file)
.\"
.\" It has been AutoGen-ed February 27, 2018 at 05:15:03 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 20, 2019 at 09:56:53 AM by AutoGen 5.18.5
.\" From the definitions ntpdc-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME

4
contrib/ntp/ntpdc/ntpdc.1ntpdcmdoc
View File

@ -1,9 +1,9 @@
.Dd February 27 2018
.Dd February 20 2019
.Dt NTPDC 1ntpdcmdoc User Commands
.Os
.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc)
.\"
.\" It has been AutoGen-ed February 27, 2018 at 05:15:09 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 20, 2019 at 09:56:50 AM by AutoGen 5.18.5
.\" From the definitions ntpdc-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME

80
contrib/ntp/ntpdc/ntpdc.c
View File

@ -226,15 +226,27 @@ static const char *chosts[MAXHOSTS];
#define STREQ(a, b) (*(a) == *(b) && strcmp((a), (b)) == 0)
/*
* Jump buffer for longjumping back to the command level
* Jump buffer for longjumping back to the command level.
*
* See ntpq/ntpq.c for an explanation why 'sig{set,long}jmp()' is used
* when available.
*/
static jmp_buf interrupt_buf;
static volatile int jump = 0;
#if HAVE_DECL_SIGSETJMP && HAVE_DECL_SIGLONGJMP
# define JMP_BUF sigjmp_buf
# define SETJMP(x) sigsetjmp((x), 1)
# define LONGJMP(x, v) siglongjmp((x),(v))
#else
# define JMP_BUF jmp_buf
# define SETJMP(x) setjmp((x))
# define LONGJMP(x, v) longjmp((x),(v))
#endif
static JMP_BUF interrupt_buf;
static volatile int jump = 0;
/*
* Pointer to current output unit
*/
static FILE *current_output;
static FILE *current_output = NULL;
/*
* Command table imported from ntpdc_ops.c
@ -275,7 +287,6 @@ ntpdcmain(
char *argv[]
)
{
delay_time.l_ui = 0;
delay_time.l_uf = DEFDELAY;
@ -352,7 +363,7 @@ ntpdcmain(
#ifndef SYS_WINNT /* Under NT cannot handle SIGINT, WIN32 spawns a handler */
if (interactive)
(void) signal_no_reset(SIGINT, abortcmd);
(void) signal_no_reset(SIGINT, abortcmd);
#endif /* SYS_WINNT */
/*
@ -393,31 +404,28 @@ openhost(
)
{
char temphost[LENHOSTNAME];
int a_info, i;
int a_info;
struct addrinfo hints, *ai = NULL;
sockaddr_u addr;
size_t octets;
register const char *cp;
const char *cp;
char name[LENHOSTNAME];
char service[5];
/*
* We need to get by the [] if they were entered
*/
cp = hname;
if (*cp == '[') {
cp++;
for (i = 0; *cp && *cp != ']'; cp++, i++)
name[i] = *cp;
if (*cp == ']') {
name[i] = '\0';
hname = name;
} else {
if (*hname == '[') {
cp = strchr(hname + 1, ']');
if (!cp || (octets = (size_t)(cp - hname) - 1) >= sizeof(name)) {
errno = EINVAL;
warning("%s", "bad hostname/address");
return 0;
}
}
memcpy(name, hname + 1, octets);
name[octets] = '\0';
hname = name;
}
/*
* First try to resolve it as an ip address and if that fails,
@ -944,7 +952,7 @@ sendrequest(
if (!maclen) {
fprintf(stderr, "Key not found\n");
return 1;
} else if (maclen != (int)(info_auth_hashlen + sizeof(keyid_t))) {
} else if (maclen != (size_t)(info_auth_hashlen + sizeof(keyid_t))) {
fprintf(stderr,
"%zu octet MAC, %zu expected with %zu octet digest\n",
maclen, (info_auth_hashlen + sizeof(keyid_t)),
@ -1118,12 +1126,14 @@ abortcmd(
int sig
)
{
if (current_output == stdout)
(void) fflush(stdout);
(void)fflush(stdout);
putc('\n', stderr);
(void) fflush(stderr);
if (jump) longjmp(interrupt_buf, 1);
(void)fflush(stderr);
if (jump) {
jump = 0;
LONGJMP(interrupt_buf, 1);
}
}
#endif /* SYS_WINNT */
@ -1235,14 +1245,22 @@ docmd(
current_output = stdout;
}
if (interactive && setjmp(interrupt_buf)) {
return;
if (interactive) {
if ( ! SETJMP(interrupt_buf)) {
jump = 1;
(xcmd->handler)(&pcmd, current_output);
jump = 0;
} else {
fflush(current_output);
fputs("\n >>> command aborted <<<\n", stderr);
fflush(stderr);
}
} else {
jump = 1;
(xcmd->handler)(&pcmd, current_output);
jump = 0;
if (current_output != stdout)
(void) fclose(current_output);
(xcmd->handler)(&pcmd, current_output);
}
if ((NULL != current_output) && (stdout != current_output)) {
(void)fclose(current_output);
current_output = NULL;
}
}

775
contrib/ntp/ntpdc/ntpdc.html
View File

@ -1,158 +1,220 @@
<html lang="en">
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- Created by GNU Texinfo 6.5, http://www.gnu.org/software/texinfo/ -->
<head>
<title>ntpdc: NTPD Control User's Manual</title>
<meta http-equiv="Content-Type" content="text/html">
<meta name="description" content="ntpdc: NTPD Control User's Manual">
<meta name="generator" content="makeinfo 4.7">
<link title="Top" rel="top" href="#Top">
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
<meta http-equiv="Content-Style-Type" content="text/css">
<style type="text/css"><!--
pre.display { font-family:inherit }
pre.format { font-family:inherit }
pre.smalldisplay { font-family:inherit; font-size:smaller }
pre.smallformat { font-family:inherit; font-size:smaller }
pre.smallexample { font-size:smaller }
pre.smalllisp { font-size:smaller }
span.sc { font-variant:small-caps }
span.roman { font-family: serif; font-weight: normal; }
--></style>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>ntpdc: NTPD Control User&rsquo;s Manual</title>
<meta name="description" content="ntpdc: NTPD Control User&rsquo;s Manual">
<meta name="keywords" content="ntpdc: NTPD Control User&rsquo;s Manual">
<meta name="resource-type" content="document">
<meta name="distribution" content="global">
<meta name="Generator" content="makeinfo">
<link href="#Top" rel="start" title="Top">
<link href="dir.html#Top" rel="up" title="(dir)">
<style type="text/css">
<!--
a.summary-letter {text-decoration: none}
blockquote.indentedblock {margin-right: 0em}
blockquote.smallindentedblock {margin-right: 0em; font-size: smaller}
blockquote.smallquotation {font-size: smaller}
div.display {margin-left: 3.2em}
div.example {margin-left: 3.2em}
div.lisp {margin-left: 3.2em}
div.smalldisplay {margin-left: 3.2em}
div.smallexample {margin-left: 3.2em}
div.smalllisp {margin-left: 3.2em}
kbd {font-style: oblique}
pre.display {font-family: inherit}
pre.format {font-family: inherit}
pre.menu-comment {font-family: serif}
pre.menu-preformatted {font-family: serif}
pre.smalldisplay {font-family: inherit; font-size: smaller}
pre.smallexample {font-size: smaller}
pre.smallformat {font-family: inherit; font-size: smaller}
pre.smalllisp {font-size: smaller}
span.nolinebreak {white-space: nowrap}
span.roman {font-family: initial; font-weight: normal}
span.sansserif {font-family: sans-serif; font-weight: normal}
ul.no-bullet {list-style: none}
-->
</style>
</head>
<body>
<h1 class="settitle">ntpdc: NTPD Control User's Manual</h1>
<div class="node">
<p><hr>
<a name="Top"></a>Next:&nbsp;<a rel="next" accesskey="n" href="#ntpdc-Description">ntpdc Description</a>,
Previous:&nbsp;<a rel="previous" accesskey="p" href="#dir">(dir)</a>,
Up:&nbsp;<a rel="up" accesskey="u" href="#dir">(dir)</a>
<br>
<body lang="en">
<h1 class="settitle" align="center">ntpdc: NTPD Control User&rsquo;s Manual</h1>
<a name="Top"></a>
<div class="header">
<p>
Next: <a href="#ntpdc-Description" accesskey="n" rel="next">ntpdc Description</a>, Previous: <a href="dir.html#Top" accesskey="p" rel="prev">(dir)</a>, Up: <a href="dir.html#Top" accesskey="u" rel="up">(dir)</a> &nbsp; </p>
</div>
<a name="ntpdc_003a-NTPD-Control-User-Manual"></a>
<h1 class="top">ntpdc: NTPD Control User Manual</h1>
<h2 class="unnumbered">ntpdc: NTPD Control User Manual</h2>
<p>This document describes the use of the NTP Project's <code>ntpdc</code> program,
<p>This document describes the use of the NTP Project&rsquo;s <code>ntpdc</code> program,
that can be used to query a Network Time Protocol (NTP) server and
display the time offset of the system clock relative to the server
clock. Run as root, it can correct the system clock to this offset as
well. It can be run as an interactive command or from a cron job.
<p>This document applies to version 4.2.8p11 of <code>ntpdc</code>.
<p>The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
</p>
<p>This document applies to version 4.2.8p13 of <code>ntpdc</code>.
</p>
<p>The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
IETF specification.
</p>
<a name="SEC_Overview"></a>
<h2 class="shortcontents-heading">Short Table of Contents</h2>
<div class="shortcontents">
<h2>Short Contents</h2>
<ul>
<a href="#Top">ntpdc: NTPD Control User Manual</a>
<div class="shortcontents">
<ul class="no-bullet">
<li><a name="stoc-Description" href="#toc-Description">1 Description</a></li>
</ul>
</div>
<ul class="menu">
<li><a accesskey="1" href="#ntpdc-Description">ntpdc Description</a>: Description
<li><a accesskey="2" href="#ntpdc-Invocation">ntpdc Invocation</a>: Invoking ntpdc
<li><a accesskey="3" href="#Usage">Usage</a>: Usage
</ul>
<div class="node">
<p><hr>
<table class="menu" border="0" cellspacing="0">
<tr><td align="left" valign="top">&bull; <a href="#ntpdc-Description" accesskey="1">ntpdc Description</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">Description
</td></tr>
<tr><td align="left" valign="top">&bull; <a href="#ntpdc-Invocation" accesskey="2">ntpdc Invocation</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">Invoking ntpdc
</td></tr>
<tr><td align="left" valign="top">&bull; <a href="#Usage" accesskey="3">Usage</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">Usage
</td></tr>
</table>
<hr>
<a name="ntpdc-Description"></a>
<br>
<div class="header">
<p>
Next: <a href="#ntpdc-Invocation" accesskey="n" rel="next">ntpdc Invocation</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> &nbsp; </p>
</div>
<!-- node-name, next, previous, up -->
<h3 class="section">Description</h3>
<a name="Description"></a>
<h2 class="chapter">1 Description</h2>
<p>By default, <code>ntpdc</code> writes the local data and time (i.e., not UTC) to the
standard output in the format:
</p>
<div class="example">
<pre class="example">1996-10-15 20:17:25.123 (+0800) +4.567 +/- 0.089 secs
</pre></div>
<pre class="example"> 1996-10-15 20:17:25.123 (+0800) +4.567 +/- 0.089 secs
</pre>
<p>where
<p>where
YYYY-MM-DD HH:MM:SS.SUBSEC is the local date and time,
(+0800) is the local timezone adjustment (so we would add 8 hours and 0 minutes to convert the reported local time to UTC),
and
the +4.567 +/- 0.089 secs indicates the time offset and
error bound of the system clock relative to the server clock.
</p>
<table class="menu" border="0" cellspacing="0">
<tr><td align="left" valign="top">&bull; <a href="#ntpdc-Invocation" accesskey="1">ntpdc Invocation</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
</td></tr>
<tr><td align="left" valign="top">&bull; <a href="#Usage" accesskey="2">Usage</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
</td></tr>
</table>
<div class="node">
<p><hr>
<hr>
<a name="ntpdc-Invocation"></a>
<br>
<div class="header">
<p>
Next: <a href="#Usage" accesskey="n" rel="next">Usage</a>, Previous: <a href="#ntpdc-Description" accesskey="p" rel="prev">ntpdc Description</a>, Up: <a href="#ntpdc-Description" accesskey="u" rel="up">ntpdc Description</a> &nbsp; </p>
</div>
<a name="Invoking-ntpdc"></a>
<h3 class="section">1.1 Invoking ntpdc</h3>
<a name="index-ntpdc"></a>
<a name="index-vendor_002dspecific-NTPD-control-program"></a>
<h3 class="section">Invoking ntpdc</h3>
<p><a name="index-ntpdc-1"></a><a name="index-vendor_002dspecific-NTPD-control-program-2"></a>
<p><code>ntpdc</code>
is deprecated.
<p><code>ntpdc</code>
is deprecated.
Please use
<code>ntpq(1ntpqmdoc)</code> instead - it can do everything
<code>ntpdc</code>
used to do, and it does so using a much more sane interface.
<p><code>ntpdc</code>
</p>
<p><code>ntpdc</code>
is a utility program used to query
<code>ntpd(1ntpdmdoc)</code>
about its
current state and to request changes in that state.
It uses NTP mode 7 control message formats described in the source code.
current state and to request changes in that state.
It uses NTP mode 7 control message formats described in the source code.
The program may
be run either in interactive mode or controlled using command line
arguments.
arguments.
Extensive state and statistics information is available
through the
<code>ntpdc</code>
interface.
interface.
In addition, nearly all the
configuration options which can be specified at startup using
ntpd's configuration file may also be specified at run time using
ntpd&rsquo;s configuration file may also be specified at run time using
<code>ntpdc</code>
<p>This section was generated by <strong>AutoGen</strong>,
using the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntpdc</code> program.
</p>
<p>This section was generated by <strong>AutoGen</strong>,
using the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntpdc</code> program.
This software is released under the NTP license, &lt;http://ntp.org/license&gt;.
</p>
<table class="menu" border="0" cellspacing="0">
<tr><td align="left" valign="top">&bull; <a href="#ntpdc-usage" accesskey="1">ntpdc usage</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">ntpdc help/usage (<samp>--help</samp>)
</td></tr>
<tr><td align="left" valign="top">&bull; <a href="#ntpdc-ipv4" accesskey="2">ntpdc ipv4</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">ipv4 option (-4)
</td></tr>
<tr><td align="left" valign="top">&bull; <a href="#ntpdc-ipv6" accesskey="3">ntpdc ipv6</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">ipv6 option (-6)
</td></tr>
<tr><td align="left" valign="top">&bull; <a href="#ntpdc-command" accesskey="4">ntpdc command</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">command option (-c)
</td></tr>
<tr><td align="left" valign="top">&bull; <a href="#ntpdc-interactive" accesskey="5">ntpdc interactive</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">interactive option (-i)
</td></tr>
<tr><td align="left" valign="top">&bull; <a href="#ntpdc-listpeers" accesskey="6">ntpdc listpeers</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">listpeers option (-l)
</td></tr>
<tr><td align="left" valign="top">&bull; <a href="#ntpdc-numeric" accesskey="7">ntpdc numeric</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">numeric option (-n)
</td></tr>
<tr><td align="left" valign="top">&bull; <a href="#ntpdc-peers" accesskey="8">ntpdc peers</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">peers option (-p)
</td></tr>
<tr><td align="left" valign="top">&bull; <a href="#ntpdc-showpeers" accesskey="9">ntpdc showpeers</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">showpeers option (-s)
</td></tr>
<tr><td align="left" valign="top">&bull; <a href="#ntpdc-config">ntpdc config</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">presetting/configuring ntpdc
</td></tr>
<tr><td align="left" valign="top">&bull; <a href="#ntpdc-exit-status">ntpdc exit status</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">exit status
</td></tr>
<tr><td align="left" valign="top">&bull; <a href="#ntpdc-Usage">ntpdc Usage</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">Usage
</td></tr>
<tr><td align="left" valign="top">&bull; <a href="#ntpdc-See-Also">ntpdc See Also</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">See Also
</td></tr>
<tr><td align="left" valign="top">&bull; <a href="#ntpdc-Authors">ntpdc Authors</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">Authors
</td></tr>
<tr><td align="left" valign="top">&bull; <a href="#ntpdc-Bugs">ntpdc Bugs</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">Bugs
</td></tr>
</table>
<ul class="menu">
<li><a accesskey="1" href="#ntpdc-usage">ntpdc usage</a>: ntpdc help/usage (<span class="option">--help</span>)
<li><a accesskey="2" href="#ntpdc-ipv4">ntpdc ipv4</a>: ipv4 option (-4)
<li><a accesskey="3" href="#ntpdc-ipv6">ntpdc ipv6</a>: ipv6 option (-6)
<li><a accesskey="4" href="#ntpdc-command">ntpdc command</a>: command option (-c)
<li><a accesskey="5" href="#ntpdc-interactive">ntpdc interactive</a>: interactive option (-i)
<li><a accesskey="6" href="#ntpdc-listpeers">ntpdc listpeers</a>: listpeers option (-l)
<li><a accesskey="7" href="#ntpdc-numeric">ntpdc numeric</a>: numeric option (-n)
<li><a accesskey="8" href="#ntpdc-peers">ntpdc peers</a>: peers option (-p)
<li><a accesskey="9" href="#ntpdc-showpeers">ntpdc showpeers</a>: showpeers option (-s)
<li><a href="#ntpdc-config">ntpdc config</a>: presetting/configuring ntpdc
<li><a href="#ntpdc-exit-status">ntpdc exit status</a>: exit status
<li><a href="#ntpdc-Usage">ntpdc Usage</a>: Usage
<li><a href="#ntpdc-See-Also">ntpdc See Also</a>: See Also
<li><a href="#ntpdc-Authors">ntpdc Authors</a>: Authors
<li><a href="#ntpdc-Bugs">ntpdc Bugs</a>: Bugs
</ul>
<div class="node">
<p><hr>
<a name="ntpdc-usage"></a>Next:&nbsp;<a rel="next" accesskey="n" href="#ntpdc-ipv4">ntpdc ipv4</a>,
Up:&nbsp;<a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
<br>
<hr>
<a name="ntpdc-usage"></a>
<div class="header">
<p>
Next: <a href="#ntpdc-ipv4" accesskey="n" rel="next">ntpdc ipv4</a>, Up: <a href="#ntpdc-Invocation" accesskey="u" rel="up">ntpdc Invocation</a> &nbsp; </p>
</div>
<a name="ntpdc-help_002fusage-_0028_002d_002dhelp_0029"></a>
<h4 class="subsection">1.1.1 ntpdc help/usage (<samp>--help</samp>)</h4>
<a name="index-ntpdc-help"></a>
<h4 class="subsection">ntpdc help/usage (<span class="option">--help</span>)</h4>
<p><a name="index-ntpdc-help-3"></a>
This is the automatically generated usage text for ntpdc.
<p>The text printed is the same whether selected with the <code>help</code> option
(<span class="option">--help</span>) or the <code>more-help</code> option (<span class="option">--more-help</span>). <code>more-help</code> will print
the usage text by passing it through a pager program.
<p>This is the automatically generated usage text for ntpdc.
</p>
<p>The text printed is the same whether selected with the <code>help</code> option
(<samp>--help</samp>) or the <code>more-help</code> option (<samp>--more-help</samp>). <code>more-help</code> will print
the usage text by passing it through a pager program.
<code>more-help</code> is disabled on platforms without a working
<code>fork(2)</code> function. The <code>PAGER</code> environment variable is
used to select the program, defaulting to <span class="file">more</span>. Both will exit
used to select the program, defaulting to <samp>more</samp>. Both will exit
with a status code of 0.
<pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p11
</p>
<div class="example">
<pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p13
Usage: ntpdc [ -&lt;flag&gt; [&lt;val&gt;] | --&lt;name&gt;[{=| }&lt;val&gt;] ]... [ host ...]
Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution
@ -196,320 +258,333 @@ The following option preset mechanisms are supported:
- examining environment variables named NTPDC_*
Please send bug reports to: &lt;http://bugs.ntp.org, bugs@ntp.org&gt;
</pre>
<div class="node">
<p><hr>
<a name="ntpdc-ipv4"></a>Next:&nbsp;<a rel="next" accesskey="n" href="#ntpdc-ipv6">ntpdc ipv6</a>,
Previous:&nbsp;<a rel="previous" accesskey="p" href="#ntpdc-usage">ntpdc usage</a>,
Up:&nbsp;<a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
<br>
</pre></div>
<hr>
<a name="ntpdc-ipv4"></a>
<div class="header">
<p>
Next: <a href="#ntpdc-ipv6" accesskey="n" rel="next">ntpdc ipv6</a>, Previous: <a href="#ntpdc-usage" accesskey="p" rel="prev">ntpdc usage</a>, Up: <a href="#ntpdc-Invocation" accesskey="u" rel="up">ntpdc Invocation</a> &nbsp; </p>
</div>
<a name="ipv4-option-_0028_002d4_0029"></a>
<h4 class="subsection">1.1.2 ipv4 option (-4)</h4>
<a name="index-ntpdc_002dipv4"></a>
<h4 class="subsection">ipv4 option (-4)</h4>
<p>This is the &ldquo;force ipv4 dns name resolution&rdquo; option.
</p>
<p>This option has some usage constraints. It:
</p><ul>
<li> must not appear in combination with any of the following options:
ipv6.
</li></ul>
<p><a name="index-ntpdc_002dipv4-4"></a>
This is the &ldquo;force ipv4 dns name resolution&rdquo; option.
<p class="noindent">This option has some usage constraints. It:
<ul>
<li>must not appear in combination with any of the following options:
ipv6.
</ul>
<p>Force DNS resolution of following host names on the command line
to the IPv4 namespace.
<div class="node">
<p><hr>
<a name="ntpdc-ipv6"></a>Next:&nbsp;<a rel="next" accesskey="n" href="#ntpdc-command">ntpdc command</a>,
Previous:&nbsp;<a rel="previous" accesskey="p" href="#ntpdc-ipv4">ntpdc ipv4</a>,
Up:&nbsp;<a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
<br>
<p>Force DNS resolution of following host names on the command line
to the IPv4 namespace.
</p><hr>
<a name="ntpdc-ipv6"></a>
<div class="header">
<p>
Next: <a href="#ntpdc-command" accesskey="n" rel="next">ntpdc command</a>, Previous: <a href="#ntpdc-ipv4" accesskey="p" rel="prev">ntpdc ipv4</a>, Up: <a href="#ntpdc-Invocation" accesskey="u" rel="up">ntpdc Invocation</a> &nbsp; </p>
</div>
<a name="ipv6-option-_0028_002d6_0029"></a>
<h4 class="subsection">1.1.3 ipv6 option (-6)</h4>
<a name="index-ntpdc_002dipv6"></a>
<h4 class="subsection">ipv6 option (-6)</h4>
<p>This is the &ldquo;force ipv6 dns name resolution&rdquo; option.
</p>
<p>This option has some usage constraints. It:
</p><ul>
<li> must not appear in combination with any of the following options:
ipv4.
</li></ul>
<p><a name="index-ntpdc_002dipv6-5"></a>
This is the &ldquo;force ipv6 dns name resolution&rdquo; option.
<p class="noindent">This option has some usage constraints. It:
<ul>
<li>must not appear in combination with any of the following options:
ipv4.
</ul>
<p>Force DNS resolution of following host names on the command line
to the IPv6 namespace.
<div class="node">
<p><hr>
<a name="ntpdc-command"></a>Next:&nbsp;<a rel="next" accesskey="n" href="#ntpdc-interactive">ntpdc interactive</a>,
Previous:&nbsp;<a rel="previous" accesskey="p" href="#ntpdc-ipv6">ntpdc ipv6</a>,
Up:&nbsp;<a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
<br>
<p>Force DNS resolution of following host names on the command line
to the IPv6 namespace.
</p><hr>
<a name="ntpdc-command"></a>
<div class="header">
<p>
Next: <a href="#ntpdc-interactive" accesskey="n" rel="next">ntpdc interactive</a>, Previous: <a href="#ntpdc-ipv6" accesskey="p" rel="prev">ntpdc ipv6</a>, Up: <a href="#ntpdc-Invocation" accesskey="u" rel="up">ntpdc Invocation</a> &nbsp; </p>
</div>
<a name="command-option-_0028_002dc_0029"></a>
<h4 class="subsection">1.1.4 command option (-c)</h4>
<a name="index-ntpdc_002dcommand"></a>
<h4 class="subsection">command option (-c)</h4>
<p>This is the &ldquo;run a command and exit&rdquo; option.
This option takes a string argument <samp>cmd</samp>.
</p>
<p>This option has some usage constraints. It:
</p><ul>
<li> may appear an unlimited number of times.
</li></ul>
<p><a name="index-ntpdc_002dcommand-6"></a>
This is the &ldquo;run a command and exit&rdquo; option.
This option takes a string argument <span class="file">cmd</span>.
<p class="noindent">This option has some usage constraints. It:
<ul>
<li>may appear an unlimited number of times.
</ul>
<p>The following argument is interpreted as an interactive format command
<p>The following argument is interpreted as an interactive format command
and is added to the list of commands to be executed on the specified
host(s).
<div class="node">
<p><hr>
<a name="ntpdc-interactive"></a>Next:&nbsp;<a rel="next" accesskey="n" href="#ntpdc-listpeers">ntpdc listpeers</a>,
Previous:&nbsp;<a rel="previous" accesskey="p" href="#ntpdc-command">ntpdc command</a>,
Up:&nbsp;<a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
<br>
host(s).
</p><hr>
<a name="ntpdc-interactive"></a>
<div class="header">
<p>
Next: <a href="#ntpdc-listpeers" accesskey="n" rel="next">ntpdc listpeers</a>, Previous: <a href="#ntpdc-command" accesskey="p" rel="prev">ntpdc command</a>, Up: <a href="#ntpdc-Invocation" accesskey="u" rel="up">ntpdc Invocation</a> &nbsp; </p>
</div>
<a name="interactive-option-_0028_002di_0029"></a>
<h4 class="subsection">1.1.5 interactive option (-i)</h4>
<a name="index-ntpdc_002dinteractive"></a>
<h4 class="subsection">interactive option (-i)</h4>
<p>This is the &ldquo;force ntpq to operate in interactive mode&rdquo; option.
</p>
<p>This option has some usage constraints. It:
</p><ul>
<li> must not appear in combination with any of the following options:
command, listpeers, peers, showpeers.
</li></ul>
<p><a name="index-ntpdc_002dinteractive-7"></a>
This is the &ldquo;force ntpq to operate in interactive mode&rdquo; option.
<p class="noindent">This option has some usage constraints. It:
<ul>
<li>must not appear in combination with any of the following options:
command, listpeers, peers, showpeers.
</ul>
<p>Force ntpq to operate in interactive mode. Prompts will be written
to the standard output and commands read from the standard input.
<div class="node">
<p><hr>
<a name="ntpdc-listpeers"></a>Next:&nbsp;<a rel="next" accesskey="n" href="#ntpdc-numeric">ntpdc numeric</a>,
Previous:&nbsp;<a rel="previous" accesskey="p" href="#ntpdc-interactive">ntpdc interactive</a>,
Up:&nbsp;<a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
<br>
<p>Force ntpq to operate in interactive mode. Prompts will be written
to the standard output and commands read from the standard input.
</p><hr>
<a name="ntpdc-listpeers"></a>
<div class="header">
<p>
Next: <a href="#ntpdc-numeric" accesskey="n" rel="next">ntpdc numeric</a>, Previous: <a href="#ntpdc-interactive" accesskey="p" rel="prev">ntpdc interactive</a>, Up: <a href="#ntpdc-Invocation" accesskey="u" rel="up">ntpdc Invocation</a> &nbsp; </p>
</div>
<a name="listpeers-option-_0028_002dl_0029"></a>
<h4 class="subsection">1.1.6 listpeers option (-l)</h4>
<a name="index-ntpdc_002dlistpeers"></a>
<h4 class="subsection">listpeers option (-l)</h4>
<p>This is the &ldquo;print a list of the peers&rdquo; option.
</p>
<p>This option has some usage constraints. It:
</p><ul>
<li> must not appear in combination with any of the following options:
command.
</li></ul>
<p><a name="index-ntpdc_002dlistpeers-8"></a>
This is the &ldquo;print a list of the peers&rdquo; option.
<p class="noindent">This option has some usage constraints. It:
<ul>
<li>must not appear in combination with any of the following options:
command.
</ul>
<p>Print a list of the peers known to the server as well as a summary of
their state. This is equivalent to the 'listpeers' interactive command.
<div class="node">
<p><hr>
<a name="ntpdc-numeric"></a>Next:&nbsp;<a rel="next" accesskey="n" href="#ntpdc-peers">ntpdc peers</a>,
Previous:&nbsp;<a rel="previous" accesskey="p" href="#ntpdc-listpeers">ntpdc listpeers</a>,
Up:&nbsp;<a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
<br>
<p>Print a list of the peers known to the server as well as a summary of
their state. This is equivalent to the &rsquo;listpeers&rsquo; interactive command.
</p><hr>
<a name="ntpdc-numeric"></a>
<div class="header">
<p>
Next: <a href="#ntpdc-peers" accesskey="n" rel="next">ntpdc peers</a>, Previous: <a href="#ntpdc-listpeers" accesskey="p" rel="prev">ntpdc listpeers</a>, Up: <a href="#ntpdc-Invocation" accesskey="u" rel="up">ntpdc Invocation</a> &nbsp; </p>
</div>
<a name="numeric-option-_0028_002dn_0029"></a>
<h4 class="subsection">1.1.7 numeric option (-n)</h4>
<a name="index-ntpdc_002dnumeric"></a>
<h4 class="subsection">numeric option (-n)</h4>
<p><a name="index-ntpdc_002dnumeric-9"></a>
This is the &ldquo;numeric host addresses&rdquo; option.
<p>This is the &ldquo;numeric host addresses&rdquo; option.
Output all host addresses in dotted-quad numeric format rather than
converting to the canonical host names.
<div class="node">
<p><hr>
<a name="ntpdc-peers"></a>Next:&nbsp;<a rel="next" accesskey="n" href="#ntpdc-showpeers">ntpdc showpeers</a>,
Previous:&nbsp;<a rel="previous" accesskey="p" href="#ntpdc-numeric">ntpdc numeric</a>,
Up:&nbsp;<a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
<br>
</p><hr>
<a name="ntpdc-peers"></a>
<div class="header">
<p>
Next: <a href="#ntpdc-showpeers" accesskey="n" rel="next">ntpdc showpeers</a>, Previous: <a href="#ntpdc-numeric" accesskey="p" rel="prev">ntpdc numeric</a>, Up: <a href="#ntpdc-Invocation" accesskey="u" rel="up">ntpdc Invocation</a> &nbsp; </p>
</div>
<a name="peers-option-_0028_002dp_0029"></a>
<h4 class="subsection">1.1.8 peers option (-p)</h4>
<a name="index-ntpdc_002dpeers"></a>
<h4 class="subsection">peers option (-p)</h4>
<p>This is the &ldquo;print a list of the peers&rdquo; option.
</p>
<p>This option has some usage constraints. It:
</p><ul>
<li> must not appear in combination with any of the following options:
command.
</li></ul>
<p><a name="index-ntpdc_002dpeers-10"></a>
This is the &ldquo;print a list of the peers&rdquo; option.
<p class="noindent">This option has some usage constraints. It:
<ul>
<li>must not appear in combination with any of the following options:
command.
</ul>
<p>Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'peers' interactive command.
<div class="node">
<p><hr>
<a name="ntpdc-showpeers"></a>Next:&nbsp;<a rel="next" accesskey="n" href="#ntpdc-config">ntpdc config</a>,
Previous:&nbsp;<a rel="previous" accesskey="p" href="#ntpdc-peers">ntpdc peers</a>,
Up:&nbsp;<a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
<br>
<p>Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the &rsquo;peers&rsquo; interactive command.
</p><hr>
<a name="ntpdc-showpeers"></a>
<div class="header">
<p>
Next: <a href="#ntpdc-config" accesskey="n" rel="next">ntpdc config</a>, Previous: <a href="#ntpdc-peers" accesskey="p" rel="prev">ntpdc peers</a>, Up: <a href="#ntpdc-Invocation" accesskey="u" rel="up">ntpdc Invocation</a> &nbsp; </p>
</div>
<a name="showpeers-option-_0028_002ds_0029"></a>
<h4 class="subsection">1.1.9 showpeers option (-s)</h4>
<a name="index-ntpdc_002dshowpeers"></a>
<h4 class="subsection">showpeers option (-s)</h4>
<p>This is the &ldquo;show a list of the peers&rdquo; option.
</p>
<p>This option has some usage constraints. It:
</p><ul>
<li> must not appear in combination with any of the following options:
command.
</li></ul>
<p><a name="index-ntpdc_002dshowpeers-11"></a>
This is the &ldquo;show a list of the peers&rdquo; option.
<p>Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the &rsquo;dmpeers&rsquo; interactive command.
</p>
<p class="noindent">This option has some usage constraints. It:
<ul>
<li>must not appear in combination with any of the following options:
command.
</ul>
<p>Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'dmpeers' interactive command.
<div class="node">
<p><hr>
<a name="ntpdc-config"></a>Next:&nbsp;<a rel="next" accesskey="n" href="#ntpdc-exit-status">ntpdc exit status</a>,
Previous:&nbsp;<a rel="previous" accesskey="p" href="#ntpdc-showpeers">ntpdc showpeers</a>,
Up:&nbsp;<a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
<br>
<hr>
<a name="ntpdc-config"></a>
<div class="header">
<p>
Next: <a href="#ntpdc-exit-status" accesskey="n" rel="next">ntpdc exit status</a>, Previous: <a href="#ntpdc-showpeers" accesskey="p" rel="prev">ntpdc showpeers</a>, Up: <a href="#ntpdc-Invocation" accesskey="u" rel="up">ntpdc Invocation</a> &nbsp; </p>
</div>
<h4 class="subsection">presetting/configuring ntpdc</h4>
<a name="presetting_002fconfiguring-ntpdc"></a>
<h4 class="subsection">1.1.10 presetting/configuring ntpdc</h4>
<p>Any option that is not marked as <i>not presettable</i> may be preset by
loading values from configuration ("rc" or "ini") files, and values from environment variables named <code>NTPDC</code> and <code>NTPDC_&lt;OPTION_NAME&gt;</code>. <code>&lt;OPTION_NAME&gt;</code> must be one of
the options listed above in upper case and segmented with underscores.
loading values from configuration (&quot;rc&quot; or &quot;ini&quot;) files, and values from environment variables named <code>NTPDC</code> and <code>NTPDC_&lt;OPTION_NAME&gt;</code>. <code>&lt;OPTION_NAME&gt;</code> must be one of
the options listed above in upper case and segmented with underscores.
The <code>NTPDC</code> variable will be tokenized and parsed like
the command line. The remaining variables are tested for existence and their
values are treated like option arguments.
</p>
<p class="noindent"><code>libopts</code> will search in 2 places for configuration files:
<ul>
<li>$HOME
<li>$PWD
</ul>
The environment variables <code>HOME</code>, and <code>PWD</code>
are expanded and replaced when <span class="file">ntpdc</span> runs.
For any of these that are plain files, they are simply processed.
For any that are directories, then a file named <span class="file">.ntprc</span> is searched for
<p><code>libopts</code> will search in 2 places for configuration files:
</p><ul>
<li> $HOME
</li><li> $PWD
</li></ul>
<p>The environment variables <code>HOME</code>, and <code>PWD</code>
are expanded and replaced when <samp>ntpdc</samp> runs.
For any of these that are plain files, they are simply processed.
For any that are directories, then a file named <samp>.ntprc</samp> is searched for
within that directory and processed.
<p>Configuration files may be in a wide variety of formats.
</p>
<p>Configuration files may be in a wide variety of formats.
The basic format is an option name followed by a value (argument) on the
same line. Values may be separated from the option name with a colon,
equal sign or simply white space. Values may be continued across multiple
lines by escaping the newline with a backslash.
<p>Multiple programs may also share the same initialization file.
</p>
<p>Multiple programs may also share the same initialization file.
Common options are collected at the top, followed by program specific
segments. The segments are separated by lines like:
<pre class="example"> [NTPDC]
</pre>
<p class="noindent">or by
<pre class="example"> &lt;?program ntpdc&gt;
</pre>
<p class="noindent">Do not mix these styles within one configuration file.
<p>Compound values and carefully constructed string values may also be
</p><div class="example">
<pre class="example">[NTPDC]
</pre></div>
<p>or by
</p><div class="example">
<pre class="example">&lt;?program ntpdc&gt;
</pre></div>
<p>Do not mix these styles within one configuration file.
</p>
<p>Compound values and carefully constructed string values may also be
specified using XML syntax:
<pre class="example"> &lt;option-name&gt;
&lt;sub-opt&gt;...&amp;lt;...&amp;gt;...&lt;/sub-opt&gt;
&lt;/option-name&gt;
</pre>
<p class="noindent">yielding an <code>option-name.sub-opt</code> string value of
<pre class="example"> "...&lt;...&gt;..."
</pre>
<p><code>AutoOpts</code> does not track suboptions. You simply note that it is a
</p><div class="example">
<pre class="example">&lt;option-name&gt;
&lt;sub-opt&gt;...&amp;lt;...&amp;gt;...&lt;/sub-opt&gt;
&lt;/option-name&gt;
</pre></div>
<p>yielding an <code>option-name.sub-opt</code> string value of
</p><div class="example">
<pre class="example">&quot;...&lt;...&gt;...&quot;
</pre></div>
<p><code>AutoOpts</code> does not track suboptions. You simply note that it is a
hierarchicly valued option. <code>AutoOpts</code> does provide a means for searching
the associated name/value pair list (see: optionFindValue).
<p>The command line options relating to configuration and/or usage help are:
<h5 class="subsubheading">version (-)</h5>
</p>
<p>The command line options relating to configuration and/or usage help are:
</p>
<a name="version-_0028_002d_0029"></a>
<h4 class="subsubheading">version (-)</h4>
<p>Print the program version to standard out, optionally with licensing
information, then exit 0. The optional argument specifies how much licensing
detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument.
detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument.
Only the first letter of the argument is examined:
<dl>
<dt><span class="samp">version</span><dd>Only print the version. This is the default.
<br><dt><span class="samp">copyright</span><dd>Name the copyright usage licensing terms.
<br><dt><span class="samp">verbose</span><dd>Print the full copyright usage licensing terms.
</p>
<dl compact="compact">
<dt>&lsquo;<samp>version</samp>&rsquo;</dt>
<dd><p>Only print the version. This is the default.
</p></dd>
<dt>&lsquo;<samp>copyright</samp>&rsquo;</dt>
<dd><p>Name the copyright usage licensing terms.
</p></dd>
<dt>&lsquo;<samp>verbose</samp>&rsquo;</dt>
<dd><p>Print the full copyright usage licensing terms.
</p></dd>
</dl>
<div class="node">
<p><hr>
<a name="ntpdc-exit-status"></a>Next:&nbsp;<a rel="next" accesskey="n" href="#ntpdc-Usage">ntpdc Usage</a>,
Previous:&nbsp;<a rel="previous" accesskey="p" href="#ntpdc-config">ntpdc config</a>,
Up:&nbsp;<a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
<br>
<hr>
<a name="ntpdc-exit-status"></a>
<div class="header">
<p>
Next: <a href="#ntpdc-Usage" accesskey="n" rel="next">ntpdc Usage</a>, Previous: <a href="#ntpdc-config" accesskey="p" rel="prev">ntpdc config</a>, Up: <a href="#ntpdc-Invocation" accesskey="u" rel="up">ntpdc Invocation</a> &nbsp; </p>
</div>
<h4 class="subsection">ntpdc exit status</h4>
<a name="ntpdc-exit-status-1"></a>
<h4 class="subsection">1.1.11 ntpdc exit status</h4>
<p>One of the following exit values will be returned:
<dl>
<dt><span class="samp">0 (EXIT_SUCCESS)</span><dd>Successful program execution.
<br><dt><span class="samp">1 (EXIT_FAILURE)</span><dd>The operation failed or the command syntax was not valid.
<br><dt><span class="samp">66 (EX_NOINPUT)</span><dd>A specified configuration file could not be loaded.
<br><dt><span class="samp">70 (EX_SOFTWARE)</span><dd>libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
</p><dl compact="compact">
<dt>&lsquo;<samp>0 (EXIT_SUCCESS)</samp>&rsquo;</dt>
<dd><p>Successful program execution.
</p></dd>
<dt>&lsquo;<samp>1 (EXIT_FAILURE)</samp>&rsquo;</dt>
<dd><p>The operation failed or the command syntax was not valid.
</p></dd>
<dt>&lsquo;<samp>66 (EX_NOINPUT)</samp>&rsquo;</dt>
<dd><p>A specified configuration file could not be loaded.
</p></dd>
<dt>&lsquo;<samp>70 (EX_SOFTWARE)</samp>&rsquo;</dt>
<dd><p>libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
</p></dd>
</dl>
<div class="node">
<p><hr>
<a name="ntpdc-Usage"></a>Next:&nbsp;<a rel="next" accesskey="n" href="#ntpdc-See-Also">ntpdc See Also</a>,
Previous:&nbsp;<a rel="previous" accesskey="p" href="#ntpdc-exit-status">ntpdc exit status</a>,
Up:&nbsp;<a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
<br>
<hr>
<a name="ntpdc-Usage"></a>
<div class="header">
<p>
Next: <a href="#ntpdc-See-Also" accesskey="n" rel="next">ntpdc See Also</a>, Previous: <a href="#ntpdc-exit-status" accesskey="p" rel="prev">ntpdc exit status</a>, Up: <a href="#ntpdc-Invocation" accesskey="u" rel="up">ntpdc Invocation</a> &nbsp; </p>
</div>
<h4 class="subsection">ntpdc Usage</h4>
<div class="node">
<p><hr>
<a name="ntpdc-See-Also"></a>Next:&nbsp;<a rel="next" accesskey="n" href="#ntpdc-Authors">ntpdc Authors</a>,
Previous:&nbsp;<a rel="previous" accesskey="p" href="#ntpdc-Usage">ntpdc Usage</a>,
Up:&nbsp;<a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
<br>
<a name="ntpdc-Usage-1"></a>
<h4 class="subsection">1.1.12 ntpdc Usage</h4>
<hr>
<a name="ntpdc-See-Also"></a>
<div class="header">
<p>
Next: <a href="#ntpdc-Authors" accesskey="n" rel="next">ntpdc Authors</a>, Previous: <a href="#ntpdc-Usage" accesskey="p" rel="prev">ntpdc Usage</a>, Up: <a href="#ntpdc-Invocation" accesskey="u" rel="up">ntpdc Invocation</a> &nbsp; </p>
</div>
<h4 class="subsection">ntpdc See Also</h4>
<div class="node">
<p><hr>
<a name="ntpdc-Authors"></a>Next:&nbsp;<a rel="next" accesskey="n" href="#ntpdc-Bugs">ntpdc Bugs</a>,
Previous:&nbsp;<a rel="previous" accesskey="p" href="#ntpdc-See-Also">ntpdc See Also</a>,
Up:&nbsp;<a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
<br>
<a name="ntpdc-See-Also-1"></a>
<h4 class="subsection">1.1.13 ntpdc See Also</h4>
<hr>
<a name="ntpdc-Authors"></a>
<div class="header">
<p>
Next: <a href="#ntpdc-Bugs" accesskey="n" rel="next">ntpdc Bugs</a>, Previous: <a href="#ntpdc-See-Also" accesskey="p" rel="prev">ntpdc See Also</a>, Up: <a href="#ntpdc-Invocation" accesskey="u" rel="up">ntpdc Invocation</a> &nbsp; </p>
</div>
<h4 class="subsection">ntpdc Authors</h4>
<div class="node">
<p><hr>
<a name="ntpdc-Bugs"></a>Previous:&nbsp;<a rel="previous" accesskey="p" href="#ntpdc-Authors">ntpdc Authors</a>,
Up:&nbsp;<a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
<br>
<a name="ntpdc-Authors-1"></a>
<h4 class="subsection">1.1.14 ntpdc Authors</h4>
<hr>
<a name="ntpdc-Bugs"></a>
<div class="header">
<p>
Previous: <a href="#ntpdc-Authors" accesskey="p" rel="prev">ntpdc Authors</a>, Up: <a href="#ntpdc-Invocation" accesskey="u" rel="up">ntpdc Invocation</a> &nbsp; </p>
</div>
<a name="ntpdc-Bugs-1"></a>
<h4 class="subsection">1.1.15 ntpdc Bugs</h4>
<h4 class="subsection">ntpdc Bugs</h4>
<div class="node">
<p><hr>
<hr>
<a name="Usage"></a>
<br>
<div class="header">
<p>
Previous: <a href="#ntpdc-Invocation" accesskey="p" rel="prev">ntpdc Invocation</a>, Up: <a href="#ntpdc-Description" accesskey="u" rel="up">ntpdc Description</a> &nbsp; </p>
</div>
<!-- node-name, next, previous, up -->
<h3 class="section">Usage</h3>
<a name="Usage-1"></a>
<h3 class="section">1.2 Usage</h3>
<p>The simplest use of this program is as an unprivileged command to
check the current time, offset, and error in the local clock.
check the current time, offset, and error in the local clock.
For example:
</p>
<div class="example">
<pre class="example">ntpdc ntpserver.somewhere
</pre></div>
<pre class="example"> ntpdc ntpserver.somewhere
</pre>
<p>With suitable privilege, it can be run as a command or in a
<p>With suitable privilege, it can be run as a command or in a
<code>cron</code> job to reset the local clock from a reliable server, like
the <code>ntpdate</code> and <code>rdate</code> commands.
the <code>ntpdate</code> and <code>rdate</code> commands.
For example:
</p>
<div class="example">
<pre class="example">ntpdc -a ntpserver.somewhere
</pre></div>
<hr>
<pre class="example"> ntpdc -a ntpserver.somewhere
</pre>
</body></html>
</body>
</html>

6
contrib/ntp/ntpdc/ntpdc.man.in
View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntpdc @NTPDC_MS@ "27 Feb 2018" "4.2.8p11" "User Commands"
.TH ntpdc @NTPDC_MS@ "20 Feb 2019" "4.2.8p13" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-MnaqKS/ag-YnaiJS)
.\" EDIT THIS FILE WITH CAUTION (in-mem file)
.\"
.\" It has been AutoGen-ed February 27, 2018 at 05:15:03 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 20, 2019 at 09:56:53 AM by AutoGen 5.18.5
.\" From the definitions ntpdc-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME

4
contrib/ntp/ntpdc/ntpdc.mdoc.in
View File

@ -1,9 +1,9 @@
.Dd February 27 2018
.Dd February 20 2019
.Dt NTPDC @NTPDC_MS@ User Commands
.Os
.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc)
.\"
.\" It has been AutoGen-ed February 27, 2018 at 05:15:09 PM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 20, 2019 at 09:56:50 AM by AutoGen 5.18.5
.\" From the definitions ntpdc-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME

23
contrib/ntp/ntpdc/ntpdc_ops.c
View File

@ -2713,8 +2713,17 @@ again:
lfptoa(&ts, 6));
(void) fprintf(fp, "stratum: %ld\n",
(u_long)ntohl(cl->fudgeval1));
/* [Bug3527] Backward Incompatible: cl->fudgeval2 is
* a string, instantiated via memcpy() so there is no
* endian issue to correct.
*/
#ifdef DISABLE_BUG3527_FIX
(void) fprintf(fp, "reference ID: %s\n",
refid_string(ntohl(cl->fudgeval2), 0));
#else
(void) fprintf(fp, "reference ID: %s\n",
refid_string(cl->fudgeval2, 0));
#endif
(void) fprintf(fp, "fudge flags: 0x%x\n",
cl->flags);
@ -2920,7 +2929,7 @@ kerninfo(
size_t itemsize;
int res;
unsigned status;
double tscale = 1e-6;
double tscale_usec = 1e-6, tscale_unano = 1e-6;
again:
res = doquery(impl_ver, REQ_GET_KERNEL, 0, 0, 0, (char *)NULL,
@ -2945,16 +2954,16 @@ again:
*/
#ifdef STA_NANO
if (status & STA_NANO)
tscale = 1e-9;
tscale_unano = 1e-9;
#endif
(void)fprintf(fp, "pll offset: %g s\n",
(int32)ntohl(ik->offset) * tscale);
(int32)ntohl(ik->offset) * tscale_unano);
(void)fprintf(fp, "pll frequency: %s ppm\n",
fptoa((s_fp)ntohl(ik->freq), 3));
(void)fprintf(fp, "maximum error: %g s\n",
(u_long)ntohl(ik->maxerror) * tscale);
(u_long)ntohl(ik->maxerror) * tscale_usec);
(void)fprintf(fp, "estimated error: %g s\n",
(u_long)ntohl(ik->esterror) * tscale);
(u_long)ntohl(ik->esterror) * tscale_usec);
(void)fprintf(fp, "status: %04x ", status);
#ifdef STA_PLL
if (status & STA_PLL) (void)fprintf(fp, " pll");
@ -3008,7 +3017,7 @@ again:
(void)fprintf(fp, "pll time constant: %ld\n",
(u_long)ntohl(ik->constant));
(void)fprintf(fp, "precision: %g s\n",
(u_long)ntohl(ik->precision) * tscale);
(u_long)ntohl(ik->precision) * tscale_usec);
(void)fprintf(fp, "frequency tolerance: %s ppm\n",
fptoa((s_fp)ntohl(ik->tolerance), 0));
@ -3027,7 +3036,7 @@ again:
(void)fprintf(fp, "pps stability: %s ppm\n",
fptoa((s_fp)ntohl(ik->stabil), 3));
(void)fprintf(fp, "pps jitter: %g s\n",
(u_long)ntohl(ik->jitter) * tscale);
(u_long)ntohl(ik->jitter) * tscale_unano);
(void)fprintf(fp, "calibration interval: %d s\n",
1 << ntohs(ik->shift));
(void)fprintf(fp, "calibration cycles: %ld\n",

Some files were not shown because too many files have changed in this diff Show More