diff options
author | roberto <roberto@FreeBSD.org> | 2004-07-20 15:01:56 +0000 |
---|---|---|
committer | roberto <roberto@FreeBSD.org> | 2004-07-20 15:01:56 +0000 |
commit | 118e757284cbb8fc4f43a713e892b41504b50a5f (patch) | |
tree | 528d12dda44ebdc3ffcc38050f159ac553a69c17 /contrib/ntp/ntpd/ntp_config.c | |
parent | a85d9ae25e8e8696677bc30feb6eaf7fc150e529 (diff) | |
download | FreeBSD-src-118e757284cbb8fc4f43a713e892b41504b50a5f.zip FreeBSD-src-118e757284cbb8fc4f43a713e892b41504b50a5f.tar.gz |
Virgin import of ntpd 4.2.0
Diffstat (limited to 'contrib/ntp/ntpd/ntp_config.c')
-rw-r--r-- | contrib/ntp/ntpd/ntp_config.c | 781 |
1 files changed, 433 insertions, 348 deletions
diff --git a/contrib/ntp/ntpd/ntp_config.c b/contrib/ntp/ntpd/ntp_config.c index 660d2c5..f1428b1 100644 --- a/contrib/ntp/ntpd/ntp_config.c +++ b/contrib/ntp/ntpd/ntp_config.c @@ -18,10 +18,6 @@ #include "ntp_config.h" #include "ntp_cmdargs.h" -#ifdef PUBKEY -# include "ntp_crypto.h" -#endif /* PUBKEY */ - #include <stdio.h> #include <ctype.h> #ifdef HAVE_SYS_PARAM_H @@ -42,6 +38,8 @@ extern HANDLE ResolverThreadHandle; #endif /* SYS_WINNT */ +#include <netdb.h> + extern int priority_done; /* @@ -51,43 +49,6 @@ extern int priority_done; * Lines are considered terminated when a '#' is encountered. Blank * lines are ignored. */ - -/* - * We understand the following configuration entries and defaults. - * - * peer [ addr ] [ version 3 ] [ key 0 ] [ minpoll 6 ] [ maxpoll 10 ] - * server [ addr ] [ version 3 ] [ key 0 ] [ minpoll 6 ] [ maxpoll 10 ] - * broadcast [ addr ] [ version 3 ] [ key 0 ] [ ttl 1 ] - * broadcastclient - * multicastclient [ 224.0.1.1 ] - * manycastclient [ addr ] [ version 3 ] [ key 0 ] [ minpoll 6 ] [ maxpoll 10 ] - * manycastserver [ 224.0.1.1 ] - * broadcastdelay 0.0102 - * restrict [ addr ] [ mask 255.255.255.0 ] ignore|noserve|notrust|noquery - * driftfile file_name - * keys file_name - * publickey file_name - * privatekey file_name - * statsdir /var/NTP/ - * filegen peerstats [ file peerstats ] [ type day ] [ link ] - * clientlimit [ n ] - * clientperiod [ 3600 ] - * trustedkey [ key ] - * requestkey [ key] - * controlkey [ key ] - * trap [ addr ] - * fudge [ addr ] [ stratum ] [ refid ] ... - * pidfile [ ] - * setvar [ ] - * logfile logfile - * logconfig [+|-|=][{sync|sys|peer|clock}{{,all}{info|statistics|events|status}}]... - * enable auth|bclient|pll|kernel|monitor|stats|calibrate - * disable auth|bclient|pll|kernel|monitor|stats|calibrate - * phone ... - * pps device [assert|clear] [hardpps] - * priority high|normal - */ - /* * Translation table - keywords to function index */ @@ -100,16 +61,14 @@ struct keyword { * Command keywords */ static struct keyword keywords[] = { - { "authenticate", CONFIG_AUTHENTICATE }, { "automax", CONFIG_AUTOMAX }, { "broadcast", CONFIG_BROADCAST }, { "broadcastclient", CONFIG_BROADCASTCLIENT }, { "broadcastdelay", CONFIG_BDELAY }, - { "clientlimit", CONFIG_CLIENTLIMIT }, - { "clientperiod", CONFIG_CLIENTPERIOD }, -#ifdef PUBKEY + { "calldelay", CONFIG_CDELAY}, +#ifdef OPENSSL { "crypto", CONFIG_CRYPTO }, -#endif /* PUBKEY */ +#endif /* OPENSSL */ { "controlkey", CONFIG_CONTROLKEY }, { "disable", CONFIG_DISABLE }, { "driftfile", CONFIG_DRIFTFILE }, @@ -118,9 +77,7 @@ static struct keyword keywords[] = { { "fudge", CONFIG_FUDGE }, { "includefile", CONFIG_INCLUDEFILE }, { "keys", CONFIG_KEYS }, -#ifdef PUBKEY { "keysdir", CONFIG_KEYSDIR }, -#endif /* PUBKEY */ { "logconfig", CONFIG_LOGCONFIG }, { "logfile", CONFIG_LOGFILE }, { "manycastclient", CONFIG_MANYCASTCLIENT }, @@ -129,7 +86,7 @@ static struct keyword keywords[] = { { "peer", CONFIG_PEER }, { "phone", CONFIG_PHONE }, { "pidfile", CONFIG_PIDFILE }, - { "pps", CONFIG_PPS }, + { "discard", CONFIG_DISCARD }, { "requestkey", CONFIG_REQUESTKEY }, { "restrict", CONFIG_RESTRICT }, { "revoke", CONFIG_REVOKE }, @@ -137,9 +94,12 @@ static struct keyword keywords[] = { { "setvar", CONFIG_SETVAR }, { "statistics", CONFIG_STATISTICS }, { "statsdir", CONFIG_STATSDIR }, + { "tick", CONFIG_ADJ }, { "tinker", CONFIG_TINKER }, + { "tos", CONFIG_TOS }, { "trap", CONFIG_TRAP }, { "trustedkey", CONFIG_TRUSTEDKEY }, + { "ttl", CONFIG_TTL }, { "", CONFIG_UNKNOWN } }; @@ -156,9 +116,6 @@ static struct keyword mod_keywords[] = { { "mode", CONF_MOD_MODE }, /* refclocks */ { "noselect", CONF_MOD_NOSELECT }, { "prefer", CONF_MOD_PREFER }, -#ifdef PUBKEY - { "publickey", CONF_MOD_PUBLICKEY }, -#endif /* PUBKEY */ { "ttl", CONF_MOD_TTL }, /* NTP peers */ { "version", CONF_MOD_VERSION }, { "", CONFIG_UNKNOWN } @@ -208,7 +165,6 @@ static struct keyword fudge_keywords[] = { { "", CONFIG_UNKNOWN } }; - /* * "filegen" modifier keywords */ @@ -252,12 +208,12 @@ static struct keyword flags_keywords[] = { }; /* - * "pps" modifier keywords + * "discard" modifier keywords */ -static struct keyword pps_keywords[] = { - { "assert", CONF_PPS_ASSERT }, - { "clear", CONF_PPS_CLEAR }, - { "hardpps", CONF_PPS_HARDPPS }, +static struct keyword discard_keywords[] = { + { "average", CONF_DISCARD_AVERAGE }, + { "minimum", CONF_DISCARD_MINIMUM }, + { "monitor", CONF_DISCARD_MONITOR }, { "", CONFIG_UNKNOWN } }; @@ -269,25 +225,51 @@ static struct keyword tinker_keywords[] = { { "panic", CONF_CLOCK_PANIC }, { "dispersion", CONF_CLOCK_PHI }, { "stepout", CONF_CLOCK_MINSTEP }, - { "minpoll", CONF_CLOCK_MINPOLL }, { "allan", CONF_CLOCK_ALLAN }, { "huffpuff", CONF_CLOCK_HUFFPUFF }, + { "freq", CONF_CLOCK_FREQ }, { "", CONFIG_UNKNOWN } }; -#ifdef PUBKEY +/* + * "tos" modifier keywords + */ +static struct keyword tos_keywords[] = { + { "minclock", CONF_TOS_MINCLOCK }, + { "minsane", CONF_TOS_MINSANE }, + { "floor", CONF_TOS_FLOOR }, + { "ceiling", CONF_TOS_CEILING }, + { "cohort", CONF_TOS_COHORT }, + { "", CONFIG_UNKNOWN } +}; + +#ifdef OPENSSL /* * "crypto" modifier keywords */ static struct keyword crypto_keywords[] = { - { "dh", CONF_CRYPTO_DH }, - { "flags", CONF_CRYPTO_FLAGS }, + { "cert", CONF_CRYPTO_CERT }, + { "gqpar", CONF_CRYPTO_GQPAR }, + { "host", CONF_CRYPTO_RSA }, + { "iffpar", CONF_CRYPTO_IFFPAR }, { "leap", CONF_CRYPTO_LEAP }, - { "privatekey", CONF_CRYPTO_PRIVATEKEY }, - { "publickey", CONF_CRYPTO_PUBLICKEY }, + { "mvpar", CONF_CRYPTO_MVPAR }, + { "pw", CONF_CRYPTO_PW }, + { "randfile", CONF_CRYPTO_RAND }, + { "sign", CONF_CRYPTO_SIGN }, + { "", CONFIG_UNKNOWN } +}; +#endif /* OPENSSL */ + +/* + * Address type selection, IPv4 or IPv4. + * Used on various lines. + */ +static struct keyword addr_type[] = { + { "-4", CONF_ADDR_IPV4 }, + { "-6", CONF_ADDR_IPV6 }, { "", CONFIG_UNKNOWN } }; -#endif /* PUBKEY */ /* * "logconfig" building blocks @@ -345,6 +327,7 @@ static struct masks logcfg_item[] = { * File descriptor used by the resolver save routines, and temporary file * name. */ +int call_resolver = 1; /* ntp-genkeys sets this to 0, for example */ static FILE *res_fp; #ifndef SYS_WINNT static char res_file[20]; /* enough for /tmp/ntpXXXXXX\0 */ @@ -358,9 +341,8 @@ static char res_file[MAX_PATH]; */ char const *progname; char sys_phone[MAXPHONE][MAXDIAL]; /* ACTS phone numbers */ +char *keysdir = NTP_KEYSDIR; /* crypto keys directory */ char pps_device[MAXPPS + 1]; /* PPS device name */ -int pps_assert; -int pps_hardpps; #if defined(HAVE_SCHED_SETSCHEDULER) int config_priority_override = 0; int config_priority; @@ -403,13 +385,13 @@ static void free_netinfo_config P((struct netinfo_config_state *)); static int gettokens_netinfo P((struct netinfo_config_state *, char **, int *)); #endif static int gettokens P((FILE *, char *, char **, int *)); -static int matchkey P((char *, struct keyword *)); -static int getnetnum P((const char *, struct sockaddr_in *, int)); +static int matchkey P((char *, struct keyword *, int)); +static int getnetnum P((const char *, struct sockaddr_storage *, int)); static void save_resolve P((char *, int, int, int, int, u_int, int, keyid_t, u_char *)); static void do_resolve_internal P((void)); static void abort_resolve P((void)); -#if !defined(VMS) +#if !defined(VMS) && !defined(SYS_WINNT) static RETSIGTYPE catchchild P((int)); #endif /* VMS */ @@ -490,6 +472,7 @@ getconfig( register int i; int c; int errflg; + int istart; int peerversion; int minpoll; int maxpoll; @@ -501,14 +484,14 @@ getconfig( u_long fudgeflag; u_int peerflags; int hmode; - struct sockaddr_in peeraddr; - struct sockaddr_in maskaddr; + struct sockaddr_storage peeraddr; + struct sockaddr_storage maskaddr; FILE *fp[MAXINCLUDELEVEL+1]; FILE *includefile; int includelevel = 0; char line[MAXLINE]; char *(tokens[MAXTOKENS]); - int ntokens; + int ntokens = 0; int tok = CONFIG_UNKNOWN; struct interface *localaddr; struct refclockstat clock_stat; @@ -627,7 +610,20 @@ getconfig( break; } - if (!getnetnum(tokens[1], &peeraddr, 0)) { + istart = 1; + memset((char *)&peeraddr, 0, sizeof(peeraddr)); + switch (matchkey(tokens[istart], addr_type, 0)) { + case CONF_ADDR_IPV4: + peeraddr.ss_family = AF_INET; + istart++; + break; + case CONF_ADDR_IPV6: + peeraddr.ss_family = AF_INET6; + istart++; + break; + } + + if (!getnetnum(tokens[istart], &peeraddr, 0)) { errflg = -1; } else { errflg = 0; @@ -639,7 +635,7 @@ getconfig( ISBADADR(&peeraddr)) { msyslog(LOG_ERR, "attempt to configure invalid address %s", - ntoa(&peeraddr)); + stoa(&peeraddr)); break; } /* @@ -647,23 +643,45 @@ getconfig( * address for server/peer! * and unicast address for manycastclient! */ - if (((tok == CONFIG_SERVER) || - (tok == CONFIG_PEER)) && + if (peeraddr.ss_family == AF_INET) { + if (((tok == CONFIG_SERVER) || + (tok == CONFIG_PEER)) && #ifdef REFCLOCK - !ISREFCLOCKADR(&peeraddr) && + !ISREFCLOCKADR(&peeraddr) && #endif - IN_CLASSD(ntohl(peeraddr.sin_addr.s_addr))) { - msyslog(LOG_ERR, - "attempt to configure invalid address %s", - ntoa(&peeraddr)); - break; + IN_CLASSD(ntohl(((struct sockaddr_in*)&peeraddr)->sin_addr.s_addr))) { + msyslog(LOG_ERR, + "attempt to configure invalid address %s", + stoa(&peeraddr)); + break; + } + if ((tok == CONFIG_MANYCASTCLIENT) && + !IN_CLASSD(ntohl(((struct sockaddr_in*)&peeraddr)->sin_addr.s_addr))) { + msyslog(LOG_ERR, + "attempt to configure invalid address %s", + stoa(&peeraddr)); + break; + } } - if ((tok == CONFIG_MANYCASTCLIENT) && - !IN_CLASSD(ntohl(peeraddr.sin_addr.s_addr))) { - msyslog(LOG_ERR, - "attempt to configure invalid address %s", - ntoa(&peeraddr)); - break; + else if(peeraddr.ss_family == AF_INET6) { + if (((tok == CONFIG_SERVER) || + (tok == CONFIG_PEER)) && +#ifdef REFCLOCK + !ISREFCLOCKADR(&peeraddr) && +#endif + IN6_IS_ADDR_MULTICAST(&((struct sockaddr_in6*)&peeraddr)->sin6_addr)) { + msyslog(LOG_ERR, + "attempt to configure in valid address %s", + stoa(&peeraddr)); + break; + } + if ((tok == CONFIG_MANYCASTCLIENT) && + !IN6_IS_ADDR_MULTICAST(&((struct sockaddr_in6*)&peeraddr)->sin6_addr)) { + msyslog(LOG_ERR, + "attempt to configure in valid address %s", + stoa(&peeraddr)); + break; + } } } @@ -671,11 +689,12 @@ getconfig( minpoll = NTP_MINDPOLL; maxpoll = NTP_MAXDPOLL; peerkey = 0; - peerkeystr = "*"; + peerkeystr = (u_char *)"*"; peerflags = 0; ttl = 0; - for (i = 2; i < ntokens; i++) - switch (matchkey(tokens[i], mod_keywords)) { + istart++; + for (i = istart; i < ntokens; i++) + switch (matchkey(tokens[i], mod_keywords, 1)) { case CONF_MOD_VERSION: if (i >= ntokens-1) { msyslog(LOG_ERR, @@ -752,43 +771,34 @@ getconfig( case CONF_MOD_IBURST: peerflags |= FLAG_IBURST; break; -#ifdef AUTOKEY +#ifdef OPENSSL case CONF_MOD_SKEY: peerflags |= FLAG_SKEY | FLAG_AUTHENABLE; break; - -#ifdef PUBKEY - case CONF_MOD_PUBLICKEY: - if (i >= ntokens - 1) { - msyslog(LOG_ERR, - "Public key file name required"); - errflg = 1; - break; - } - peerflags |= FLAG_SKEY | - FLAG_AUTHENABLE; - peerkeystr = tokens[++i]; - break; -#endif /* PUBKEY */ -#endif /* AUTOKEY */ +#endif /* OPENSSL */ case CONF_MOD_TTL: if (i >= ntokens-1) { - msyslog(LOG_ERR, - "ttl: argument required"); - errflg = 1; - break; + msyslog(LOG_ERR, + "ttl: argument required"); + errflg = 1; + break; } ttl = atoi(tokens[++i]); + if (ttl >= MAX_TTL) { + msyslog(LOG_ERR, + "ttl: invalid argument"); + errflg = 1; + } break; case CONF_MOD_MODE: if (i >= ntokens-1) { - msyslog(LOG_ERR, - "mode: argument required"); - errflg = 1; - break; + msyslog(LOG_ERR, + "mode: argument required"); + errflg = 1; + break; } ttl = atoi(tokens[++i]); break; @@ -798,17 +808,22 @@ getconfig( break; } if (minpoll > maxpoll) { - msyslog(LOG_ERR, "config error: minpoll > maxpoll"); + msyslog(LOG_ERR, + "config error: minpoll > maxpoll"); errflg = 1; } if (errflg == 0) { - if (peer_config(&peeraddr, any_interface, hmode, - peerversion, minpoll, maxpoll, peerflags, - ttl, peerkey, peerkeystr) == 0) { + if (peer_config(&peeraddr, + ANY_INTERFACE_CHOOSE(&peeraddr), hmode, + peerversion, minpoll, maxpoll, peerflags, + ttl, peerkey, peerkeystr) == 0) { msyslog(LOG_ERR, "configuration of %s failed", - ntoa(&peeraddr)); + stoa(&peeraddr)); } + if (tok == CONFIG_MANYCASTCLIENT) + proto_config(PROTO_MULTICAST_ADD, + 0, 0., &peeraddr); } else if (errflg == -1) { save_resolve(tokens[1], hmode, peerversion, @@ -910,48 +925,63 @@ getconfig( break; case CONFIG_BROADCASTCLIENT: - proto_config(PROTO_BROADCLIENT, 1, 0.); + proto_config(PROTO_BROADCLIENT, 1, 0., NULL); break; - + case CONFIG_MULTICASTCLIENT: case CONFIG_MANYCASTSERVER: if (ntokens > 1) { - for (i = 1; i < ntokens; i++) { + istart = 1; + memset((char *)&peeraddr, 0, sizeof(peeraddr)); + switch (matchkey(tokens[istart], + addr_type, 0)) { + case CONF_ADDR_IPV4: + peeraddr.ss_family = AF_INET; + istart++; + break; + case CONF_ADDR_IPV6: + peeraddr.ss_family = AF_INET6; + istart++; + break; + } + /* + * Abuse maskaddr to store the prefered ip + * version. + */ + memset((char *)&maskaddr, 0, sizeof(maskaddr)); + maskaddr.ss_family = peeraddr.ss_family; + + for (i = istart; i < ntokens; i++) { + memset((char *)&peeraddr, 0, + sizeof(peeraddr)); + peeraddr.ss_family = maskaddr.ss_family; if (getnetnum(tokens[i], &peeraddr, 1)) proto_config(PROTO_MULTICAST_ADD, - peeraddr.sin_addr.s_addr, 0.); + 0, 0., &peeraddr); } } else proto_config(PROTO_MULTICAST_ADD, - htonl(INADDR_NTP), 0.); + 0, 0., NULL); if (tok == CONFIG_MULTICASTCLIENT) sys_bclient = 1; else if (tok == CONFIG_MANYCASTSERVER) sys_manycastserver = 1; break; - case CONFIG_AUTHENTICATE: - errflg = 0; + case CONFIG_KEYS: if (ntokens >= 2) { - if (STREQ(tokens[1], "yes")) - proto_config(PROTO_AUTHENTICATE, 1, 0.); - else if (STREQ(tokens[1], "no")) - proto_config(PROTO_AUTHENTICATE, 0, 0.); - else - errflg++; - } else { - errflg++; + getauthkeys(tokens[1]); } - - if (errflg) - msyslog(LOG_ERR, - "should be `authenticate yes|no'"); break; - case CONFIG_KEYS: - if (ntokens >= 2) { - getauthkeys(tokens[1]); + case CONFIG_KEYSDIR: + if (ntokens < 2) { + msyslog(LOG_ERR, + "Keys directory name required"); + break; } + keysdir = emalloc(strlen(tokens[1]) + 1); + strcpy(keysdir, tokens[1]); break; case CONFIG_TINKER: @@ -959,8 +989,7 @@ getconfig( int temp; double ftemp; - temp = matchkey(tokens[i++], - tinker_keywords); + temp = matchkey(tokens[i++], tinker_keywords, 1); if (i > ntokens - 1) { msyslog(LOG_ERR, "tinker: missing argument"); @@ -969,6 +998,7 @@ getconfig( } sscanf(tokens[i], "%lf", &ftemp); switch(temp) { + case CONF_CLOCK_MAX: loop_config(LOOP_MAX, ftemp); break; @@ -985,10 +1015,6 @@ getconfig( loop_config(LOOP_MINSTEP, ftemp); break; - case CONF_CLOCK_MINPOLL: - loop_config(LOOP_MINPOLL, ftemp); - break; - case CONF_CLOCK_ALLAN: loop_config(LOOP_ALLAN, ftemp); break; @@ -996,14 +1022,96 @@ getconfig( case CONF_CLOCK_HUFFPUFF: loop_config(LOOP_HUFFPUFF, ftemp); break; + + case CONF_CLOCK_FREQ: + loop_config(LOOP_FREQ, ftemp); + break; } } break; -#ifdef AUTOKEY + case CONFIG_TOS: + for (i = 1; i < ntokens; i++) { + int temp; + double ftemp; + + temp = matchkey(tokens[i++], tos_keywords, 1); + if (i > ntokens - 1) { + msyslog(LOG_ERR, + "tinker: missing argument"); + errflg++; + break; + } + sscanf(tokens[i], "%lf", &ftemp); + switch(temp) { + + case CONF_TOS_MINCLOCK: + proto_config(PROTO_MINCLOCK, 0, ftemp, NULL); + break; + + case CONF_TOS_MINSANE: + proto_config(PROTO_MINSANE, 0, ftemp, NULL); + break; + + case CONF_TOS_FLOOR: + proto_config(PROTO_FLOOR, 0, ftemp, NULL); + break; + + case CONF_TOS_CEILING: + proto_config(PROTO_CEILING, 0, ftemp, NULL); + break; + + case CONF_TOS_COHORT: + proto_config(PROTO_COHORT, 0, ftemp, NULL); + break; + } + } + break; + + case CONFIG_TTL: + for (i = 1; i < ntokens && i < MAX_TTL; i++) { + sys_ttl[i - 1] = (u_char) atoi(tokens[i]); + sys_ttlmax = i - 1; + } + break; + + case CONFIG_DISCARD: + for (i = 1; i < ntokens; i++) { + int temp; + + temp = matchkey(tokens[i++], + discard_keywords, 1); + if (i > ntokens - 1) { + msyslog(LOG_ERR, + "discard: missing argument"); + errflg++; + break; + } + switch(temp) { + case CONF_DISCARD_AVERAGE: + res_avg_interval = atoi(tokens[i++]); + break; + + case CONF_DISCARD_MINIMUM: + res_min_interval = atoi(tokens[i++]); + break; + + case CONF_DISCARD_MONITOR: + mon_age = atoi(tokens[i++]); + break; + + default: + msyslog(LOG_ERR, + "discard: unknown keyword"); + break; + } + } + break; + +#ifdef OPENSSL case CONFIG_REVOKE: if (ntokens >= 2) - sys_revoke = 1 << max(atoi(tokens[1]), 10); + sys_revoke = (u_char) max(atoi(tokens[1]), KEY_REVOKE); break; case CONFIG_AUTOMAX: @@ -1011,25 +1119,16 @@ getconfig( sys_automax = 1 << max(atoi(tokens[1]), 10); break; -#ifdef PUBKEY - case CONFIG_KEYSDIR: - if (ntokens < 2) { - msyslog(LOG_ERR, - "Keys directory name required"); - break; - } - crypto_config(CRYPTO_CONF_KEYS, tokens[1]); - break; - case CONFIG_CRYPTO: if (ntokens == 1) { - crypto_config(CRYPTO_CONF_FLAGS , "0"); + crypto_config(CRYPTO_CONF_NONE, NULL); break; } for (i = 1; i < ntokens; i++) { int temp; - temp = matchkey(tokens[i++], crypto_keywords); + temp = matchkey(tokens[i++], + crypto_keywords, 1); if (i > ntokens - 1) { msyslog(LOG_ERR, "crypto: missing argument"); @@ -1037,48 +1136,88 @@ getconfig( break; } switch(temp) { - case CONF_CRYPTO_FLAGS: - crypto_config(CRYPTO_CONF_FLAGS, tokens[i]); + + case CONF_CRYPTO_CERT: + crypto_config(CRYPTO_CONF_CERT, + tokens[i]); break; - case CONF_CRYPTO_LEAP: - crypto_config(CRYPTO_CONF_LEAP, tokens[i]); + case CONF_CRYPTO_RSA: + crypto_config(CRYPTO_CONF_PRIV, + tokens[i]); break; - case CONF_CRYPTO_DH: - crypto_config(CRYPTO_CONF_DH, tokens[i]); + case CONF_CRYPTO_IFFPAR: + crypto_config(CRYPTO_CONF_IFFPAR, + tokens[i]); break; - case CONF_CRYPTO_PRIVATEKEY: - crypto_config(CRYPTO_CONF_PRIV, tokens[i]); + case CONF_CRYPTO_GQPAR: + crypto_config(CRYPTO_CONF_GQPAR, + tokens[i]); break; - case CONF_CRYPTO_PUBLICKEY: - crypto_config(CRYPTO_CONF_PUBL, tokens[i]); + case CONF_CRYPTO_MVPAR: + crypto_config(CRYPTO_CONF_MVPAR, + tokens[i]); break; - case CONF_CRYPTO_CERT: - crypto_config(CRYPTO_CONF_CERT, tokens[i]); + case CONF_CRYPTO_LEAP: + crypto_config(CRYPTO_CONF_LEAP, + tokens[i]); + break; + + case CONF_CRYPTO_PW: + crypto_config(CRYPTO_CONF_PW, + tokens[i]); + break; + + case CONF_CRYPTO_RAND: + crypto_config(CRYPTO_CONF_RAND, + tokens[i]); + break; + + case CONF_CRYPTO_SIGN: + crypto_config(CRYPTO_CONF_SIGN, + tokens[i]); break; default: - msyslog(LOG_ERR, "crypto: unknown keyword"); + msyslog(LOG_ERR, + "crypto: unknown keyword"); break; } } break; -#endif /* PUBKEY */ -#endif /* AUTOKEY */ +#endif /* OPENSSL */ case CONFIG_RESTRICT: if (ntokens < 2) { msyslog(LOG_ERR, "restrict requires an address"); break; } - if (STREQ(tokens[1], "default")) - peeraddr.sin_addr.s_addr = htonl(INADDR_ANY); - else if (!getnetnum(tokens[1], &peeraddr, 1)) - break; + istart = 1; + memset((char *)&peeraddr, 0, sizeof(peeraddr)); + switch (matchkey(tokens[istart], addr_type, 0)) { + case CONF_ADDR_IPV4: + peeraddr.ss_family = AF_INET; + istart++; + break; + case CONF_ADDR_IPV6: + peeraddr.ss_family = AF_INET6; + istart++; + break; + } + + /* + * Assume default means an IPv4 address, except + * if forced by a -4 or -6. + */ + if (STREQ(tokens[istart], "default")) { + if (peeraddr.ss_family == 0) + peeraddr.ss_family = AF_INET; + } else if (!getnetnum(tokens[istart], &peeraddr, 1)) + break; /* * Use peerversion as flags, peerkey as mflags. Ick. @@ -1086,9 +1225,10 @@ getconfig( peerversion = 0; peerkey = 0; errflg = 0; - maskaddr.sin_addr.s_addr = ~(u_int32)0; - for (i = 2; i < ntokens; i++) { - switch (matchkey(tokens[i], res_keywords)) { + SET_HOSTMASK(&maskaddr, peeraddr.ss_family); + istart++; + for (i = istart; i < ntokens; i++) { + switch (matchkey(tokens[i], res_keywords, 1)) { case CONF_RES_MASK: if (i >= ntokens-1) { msyslog(LOG_ERR, @@ -1154,8 +1294,8 @@ getconfig( break; } } - if (SRCADR(&peeraddr) == htonl(INADDR_ANY)) - maskaddr.sin_addr.s_addr = 0; + if (SOCKNUL(&peeraddr)) + ANYSOCK(&maskaddr); if (!errflg) hack_restrict(RESTRICT_FLAGS, &peeraddr, &maskaddr, (int)peerkey, peerversion); @@ -1170,11 +1310,23 @@ getconfig( "broadcastdelay value %s undecodable", tokens[1]); } else { - proto_config(PROTO_BROADDELAY, 0, tmp); + proto_config(PROTO_BROADDELAY, 0, tmp, NULL); } } break; + case CONFIG_CDELAY: + if (ntokens >= 2) { + u_long ui; + + if (sscanf(tokens[1], "%ld", &ui) != 1) + msyslog(LOG_ERR, + "illegal value - line ignored"); + else + proto_config(PROTO_CALLDELAY, ui, 0, NULL); + } + break; + case CONFIG_TRUSTEDKEY: for (i = 1; i < ntokens; i++) { keyid_t tkey; @@ -1232,7 +1384,20 @@ getconfig( "no address for trap command, line ignored"); break; } - if (!getnetnum(tokens[1], &peeraddr, 1)) + istart = 1; + memset((char *)&peeraddr, 0, sizeof(peeraddr)); + switch (matchkey(tokens[istart], addr_type, 0)) { + case CONF_ADDR_IPV4: + peeraddr.ss_family = AF_INET; + istart++; + break; + case CONF_ADDR_IPV6: + peeraddr.ss_family = AF_INET6; + istart++; + break; + } + + if (!getnetnum(tokens[istart], &peeraddr, 1)) break; /* @@ -1241,8 +1406,9 @@ getconfig( errflg = 0; peerversion = 0; localaddr = 0; - for (i = 2; i < ntokens-1; i++) - switch (matchkey(tokens[i], trap_keywords)) { + istart++; + for (i = istart; i < ntokens-1; i++) + switch (matchkey(tokens[i], trap_keywords, 1)) { case CONF_TRAP_PORT: if (i >= ntokens-1) { msyslog(LOG_ERR, @@ -1268,6 +1434,9 @@ getconfig( break; } + memset((char *)&maskaddr, 0, + sizeof(maskaddr)); + maskaddr.ss_family = peeraddr.ss_family; if (!getnetnum(tokens[++i], &maskaddr, 1)) { errflg = 1; @@ -1278,7 +1447,7 @@ getconfig( if (localaddr == NULL) { msyslog(LOG_ERR, "can't find interface with address %s", - ntoa(&maskaddr)); + stoa(&maskaddr)); errflg = 1; } break; @@ -1290,16 +1459,16 @@ getconfig( if (!errflg) { if (peerversion != 0) - peeraddr.sin_port = htons( (u_short) peerversion); + ((struct sockaddr_in6*)&peeraddr)->sin6_port = htons( (u_short) peerversion); else - peeraddr.sin_port = htons(TRAPPORT); + ((struct sockaddr_in6*)&peeraddr)->sin6_port = htons(TRAPPORT); if (localaddr == NULL) - localaddr = any_interface; + localaddr = ANY_INTERFACE_CHOOSE(&peeraddr); if (!ctlsettrap(&peeraddr, localaddr, 0, NTP_VERSION)) msyslog(LOG_ERR, "can't set trap for %s, no resources", - ntoa(&peeraddr)); + stoa(&peeraddr)); } break; @@ -1309,13 +1478,14 @@ getconfig( "no address for fudge command, line ignored"); break; } + memset((char *)&peeraddr, 0, sizeof(peeraddr)); if (!getnetnum(tokens[1], &peeraddr, 1)) break; if (!ISREFCLOCKADR(&peeraddr)) { msyslog(LOG_ERR, "%s is inappropriate address for the fudge command, line ignored", - ntoa(&peeraddr)); + stoa(&peeraddr)); break; } @@ -1324,13 +1494,13 @@ getconfig( errflg = 0; for (i = 2; i < ntokens-1; i++) { switch (c = matchkey(tokens[i], - fudge_keywords)) { + fudge_keywords, 1)) { case CONF_FDG_TIME1: if (sscanf(tokens[++i], "%lf", &clock_stat.fudgetime1) != 1) { msyslog(LOG_ERR, "fudge %s time1 value in error", - ntoa(&peeraddr)); + stoa(&peeraddr)); errflg = i; break; } @@ -1342,7 +1512,7 @@ getconfig( &clock_stat.fudgetime2) != 1) { msyslog(LOG_ERR, "fudge %s time2 value in error", - ntoa(&peeraddr)); + stoa(&peeraddr)); errflg = i; break; } @@ -1355,7 +1525,7 @@ getconfig( { msyslog(LOG_ERR, "fudge %s stratum value in error", - ntoa(&peeraddr)); + stoa(&peeraddr)); errflg = i; break; } @@ -1379,7 +1549,7 @@ getconfig( || fudgeflag > 1) { msyslog(LOG_ERR, "fudge %s flag value in error", - ntoa(&peeraddr)); + stoa(&peeraddr)); errflg = i; break; } @@ -1475,7 +1645,8 @@ getconfig( errflg = 0; for (i = 2; i < ntokens; i++) { - switch (matchkey(tokens[i], filegen_keywords)) { + switch (matchkey(tokens[i], + filegen_keywords, 1)) { case CONF_FGEN_FILE: if (i >= ntokens - 1) { msyslog(LOG_ERR, @@ -1494,7 +1665,8 @@ getconfig( errflg = i; break; } - peerkey = matchkey(tokens[++i], fgen_types); + peerkey = matchkey(tokens[++i], + fgen_types, 1); if (peerkey == CONFIG_UNKNOWN) { msyslog(LOG_ERR, "filegen %s unknown type \"%s\"", @@ -1532,55 +1704,12 @@ getconfig( "no value for setvar command - line ignored"); } else { set_sys_var(tokens[1], strlen(tokens[1])+1, - RW | + (u_short) (RW | ((((ntokens > 2) && !strcmp(tokens[2], "default"))) ? DEF - : 0)); - } - break; - - case CONFIG_CLIENTLIMIT: - if (ntokens < 2) { - msyslog(LOG_ERR, - "no value for clientlimit command - line ignored"); - } else { - u_long ui; - - if (!atouint(tokens[1], &ui) || !ui) { - msyslog(LOG_ERR, - "illegal value for clientlimit command - line ignored"); - } else { - char bp[80]; - -#ifdef DEBUG - if (debug) - sprintf(bp, "client_limit=%lu", ui); -#endif - set_sys_var(bp, strlen(bp)+1, RO); - client_limit = ui; - } - } - break; - - case CONFIG_CLIENTPERIOD: - if (ntokens < 2) { - msyslog(LOG_ERR, - "no value for clientperiod command - line ignored"); - } else { - u_long ui; - - if (!atouint(tokens[1], &ui) || ui < 64) { - msyslog(LOG_ERR, - "illegal value for clientperiod command - line ignored"); - } else { - char bp[80]; - - sprintf(bp, "client_limit_period=%ld", ui); - set_sys_var(bp, strlen(bp)+1, RO); - client_limit_period = ui; - } + : 0))); } break; @@ -1588,7 +1717,7 @@ getconfig( for (i = 1; i < ntokens; i++) { int flag; - flag = matchkey(tokens[i], flags_keywords); + flag = matchkey(tokens[i], flags_keywords, 1); if (flag == CONFIG_UNKNOWN) { msyslog(LOG_ERR, "enable unknown flag %s", @@ -1596,7 +1725,7 @@ getconfig( errflg = 1; break; } - proto_config(flag, 1, 0.); + proto_config(flag, 1, 0., NULL); } break; @@ -1604,7 +1733,7 @@ getconfig( for (i = 1; i < ntokens; i++) { int flag; - flag = matchkey(tokens[i], flags_keywords); + flag = matchkey(tokens[i], flags_keywords, 1); if (flag == CONFIG_UNKNOWN) { msyslog(LOG_ERR, "disable unknown flag %s", @@ -1612,7 +1741,7 @@ getconfig( errflg = 1; break; } - proto_config(flag, 0, 0.); + proto_config(flag, 0, 0., NULL); } break; @@ -1624,38 +1753,14 @@ getconfig( sys_phone[i - 1][0] = '\0'; break; - case CONFIG_PPS: - if (ntokens < 2) { - msyslog(LOG_ERR, - "pps missing device name"); - break; - } - (void)strncpy(pps_device, tokens[1], MAXPPS); - for (i = 2; i < ntokens; i++) { - int flag; + case CONFIG_ADJ: { + double ftemp; - flag = matchkey(tokens[i], pps_keywords); - switch(flag) { - case CONF_PPS_ASSERT: - pps_assert = 0; - break; - case CONF_PPS_CLEAR: - pps_assert = 1; - break; - case CONF_PPS_HARDPPS: - pps_hardpps = 1; - break; - default: - msyslog(LOG_ERR, - "pps unknown flag %s", - tokens[i]); - errflg = 1; - break; - } - if(errflg) - break; + sscanf(tokens[1], "%lf", &ftemp); + proto_config(PROTO_ADJ, 0, ftemp, NULL); } break; + } } if (fp[0]) @@ -1680,7 +1785,7 @@ getconfig( for (i = 0; i < 8; i++) for (j = 1; j < 100; ++j) { - rankey[i] = RANDOM & 0xff; + rankey[i] = (char) (RANDOM & 0xff); if (rankey[i] != 0) break; } rankey[8] = 0; @@ -1697,10 +1802,12 @@ getconfig( #endif /* !defined(VMS) && !defined(SYS_VXWORKS) */ if (res_fp != NULL) { - /* - * Need name resolution - */ - do_resolve_internal(); + if (call_resolver) { + /* + * Need name resolution + */ + do_resolve_internal(); + } } } @@ -1801,7 +1908,7 @@ gettokens_netinfo ( for (index = 0; index < namelist.ni_namelist_len; index++) { char *value = namelist.ni_namelist_val[index]; - if (! (val_list[index] = (char*)malloc(strlen(value+1)))) + if (! (val_list[index] = (char*)malloc(strlen(value)+1))) { msyslog(LOG_ERR, "out of memory while configuring"); break; } strcpy(val_list[index], value); @@ -1921,7 +2028,7 @@ gettokens ( * Return the match */ *ntokens = ntok + 1; - ntok = matchkey(tokenlist[0], keywords); + ntok = matchkey(tokenlist[0], keywords, 1); if (ntok == CONFIG_UNKNOWN) goto again; return ntok; @@ -1935,14 +2042,16 @@ gettokens ( static int matchkey( register char *word, - register struct keyword *keys + register struct keyword *keys, + int complain ) { for (;;) { if (keys->keytype == CONFIG_UNKNOWN) { - msyslog(LOG_ERR, - "configure: keyword \"%s\" unknown, line ignored", - word); + if (complain) + msyslog(LOG_ERR, + "configure: keyword \"%s\" unknown, line ignored", + word); return CONFIG_UNKNOWN; } if (STRSAME(word, keys->text)) @@ -1958,77 +2067,53 @@ matchkey( static int getnetnum( const char *num, - struct sockaddr_in *addr, + struct sockaddr_storage *addr, int complain ) { - register const char *cp; - register char *bp; - register int i; - register int temp; - char buf[80]; /* will core dump on really stupid stuff */ - u_int32 netnum; - - /* XXX ELIMINATE replace with decodenetnum */ - cp = num; - netnum = 0; - for (i = 0; i < 4; i++) { - bp = buf; - while (isdigit((int)*cp)) - *bp++ = *cp++; - if (bp == buf) - break; + struct addrinfo hints; + struct addrinfo *ptr; - if (i < 3) { - if (*cp++ != '.') - break; - } else if (*cp != '\0') - break; + /* Get host address. Looking for UDP datagram connection */ + memset(&hints, 0, sizeof (hints)); + if (addr->ss_family == AF_INET || addr->ss_family == AF_INET6) + hints.ai_family = addr->ss_family; + else + hints.ai_family = AF_UNSPEC; - *bp = '\0'; - temp = atoi(buf); - if (temp > 255) - break; - netnum <<= 8; - netnum += temp; + hints.ai_socktype = SOCK_DGRAM; #ifdef DEBUG if (debug > 3) - printf("getnetnum %s step %d buf %s temp %d netnum %lu\n", - num, i, buf, temp, (u_long)netnum); + printf("getaddrinfo %s\n", num); #endif - } - - if (i < 4) { + if (getaddrinfo(num, "ntp", &hints, &ptr)!=0) { if (complain) msyslog(LOG_ERR, - "getnetnum: \"%s\" invalid host number, line ignored", + "getaddrinfo: \"%s\" invalid host address, line ignored", num); #ifdef DEBUG if (debug > 3) printf( - "getnetnum: \"%s\" invalid host number, line ignored\n", - num); + "getaddrinfo: \"%s\" invalid host address%s.\n", + num, (complain) + ? ", line ignored" + : ""); #endif return 0; } - /* - * make up socket address. Clear it out for neatness. - */ - memset((void *)addr, 0, sizeof(struct sockaddr_in)); - addr->sin_family = AF_INET; - addr->sin_port = htons(NTP_PORT); - addr->sin_addr.s_addr = htonl(netnum); + memcpy(addr, ptr->ai_addr, ptr->ai_addrlen); #ifdef DEBUG if (debug > 1) - printf("getnetnum given %s, got %s (%lx)\n", - num, ntoa(addr), (u_long)netnum); + printf("getnetnum given %s, got %s \n", + num, stoa(addr)); #endif + freeaddrinfo(ptr); return 1; } -#if !defined(VMS) +#if !defined(VMS) && !defined(SYS_WINNT) /* * catchchild - receive the resolver's exit status */ @@ -2072,8 +2157,7 @@ save_resolve( #else /* no /tmp directory under NT */ { - DWORD len; - if(!(len = GetTempPath((DWORD)MAX_PATH, (LPTSTR)res_file))) { + if(!(GetTempPath((DWORD)MAX_PATH, (LPTSTR)res_file))) { msyslog(LOG_ERR, "cannot get pathname for temporary directory: %m"); return; } @@ -2211,7 +2295,7 @@ do_resolve_internal(void) */ closelog(); - kill_asyncio(); + kill_asyncio(0); (void) signal_no_reset(SIGCHLD, SIG_DFL); @@ -2266,13 +2350,14 @@ do_resolve_internal(void) */ DWORD dwThreadId; fflush(stdout); - if (!(ResolverThreadHandle = CreateThread( - NULL, /* no security attributes */ - 0, /* use default stack size */ + ResolverThreadHandle = CreateThread( + NULL, /* no security attributes */ + 0, /* use default stack size */ (LPTHREAD_START_ROUTINE) ntp_intres, /* thread function */ - NULL, /* argument to thread function */ - 0, /* use default creation flags */ - &dwThreadId))) { /* returns the thread identifier */ + NULL, /* argument to thread function */ + 0, /* use default creation flags */ + &dwThreadId); /* returns the thread identifier */ + if (ResolverThreadHandle == NULL) { msyslog(LOG_ERR, "CreateThread() failed, can't start ntp_intres"); abort_resolve(); } |