diff options
| author | Otto Moerbeek <otto@cvs.openbsd.org> | 2019-11-06 13:35:26 +0000 |
|---|---|---|
| committer | Otto Moerbeek <otto@cvs.openbsd.org> | 2019-11-06 13:35:26 +0000 |
| commit | 6e1c78e76908146800e0e242e140a1672222dcb0 (patch) | |
| tree | 4bdb2c5efca765e334dcb21489601d19b4ec7763 | |
| parent | 19e9b5a69dce8e802b3facc43137b892c5b55221 (diff) | |
Allow the singular constraint clause to list multiple addresses;
ok deraadt@
| -rw-r--r-- | usr.sbin/ntpd/ntpd.conf.5 | 11 | ||||
| -rw-r--r-- | usr.sbin/ntpd/parse.y | 36 |
2 files changed, 41 insertions, 6 deletions
diff --git a/usr.sbin/ntpd/ntpd.conf.5 b/usr.sbin/ntpd/ntpd.conf.5 index 08062bcf28c..a501b3cef43 100644 --- a/usr.sbin/ntpd/ntpd.conf.5 +++ b/usr.sbin/ntpd/ntpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ntpd.conf.5,v 1.37 2017/08/10 22:59:42 job Exp $ +.\" $OpenBSD: ntpd.conf.5,v 1.38 2019/11/06 13:35:25 otto Exp $ .\" .\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT .\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 10 2017 $ +.Dd $Mdocdate: November 6 2019 $ .Dt NTPD.CONF 5 .Os .Sh NAME @@ -193,9 +193,13 @@ Received NTP packets with time information falling outside of a range near the constraint will be discarded and such NTP servers will be marked as invalid. .Bl -tag -width Ds -.It Ic constraint from Ar url +.It Ic constraint from Ar url [ip...] Specify the URL, IP address or the hostname of an HTTPS server to provide a constraint. +If the url is followed by one or more addresses the url and addresses will be +tried until a working one is found. +The url path and expected certificate name is always taken from the +url specified. If .Ic constraint from is used more than once, @@ -204,6 +208,7 @@ will calculate a median constraint from all the servers specified. .Bd -literal -offset indent server ntp.example.org constraint from www.example.com +constraint from "https://9.9.9.9" "2620:fe::9" .Ed .It Ic constraints from Ar url As with diff --git a/usr.sbin/ntpd/parse.y b/usr.sbin/ntpd/parse.y index a58da2f2ee7..51379ae3cbb 100644 --- a/usr.sbin/ntpd/parse.y +++ b/usr.sbin/ntpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.73 2019/07/16 14:15:40 otto Exp $ */ +/* $OpenBSD: parse.y,v 1.74 2019/11/06 13:35:25 otto Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -88,7 +88,7 @@ typedef struct { %token ERROR %token <v.string> STRING %token <v.number> NUMBER -%type <v.addr> address url +%type <v.addr> address url urllist %type <v.opts> listen_opts listen_opts_l listen_opt %type <v.opts> server_opts server_opts_l server_opt %type <v.opts> sensor_opts sensor_opts_l sensor_opt @@ -272,7 +272,7 @@ main : LISTEN ON address listen_opts { free($3->name); free($3); } - | CONSTRAINT FROM url { + | CONSTRAINT FROM urllist { struct constraint *p; struct ntp_addr *h, *next; @@ -329,6 +329,36 @@ address : STRING { } ; +urllist : urllist address { + struct ntp_addr *p, *q = NULL; + struct in_addr ina; + struct in6_addr in6a; + + if (inet_pton(AF_INET, $2->name, &ina) != 1 && + inet_pton(AF_INET6, $2->name, &in6a) != 1) { + yyerror("url can only be followed by IP " + "addresses"); + free($2->name); + free($2); + YYERROR; + } + p = $2->a; + while (p != NULL) { + q = p; + p = p->next; + } + if (q != NULL) { + q->next = $1->a; + $1->a = $2->a; + free($2); + } + $$ = $1; + } + | url { + $$ = $1; + } + ; + url : STRING { char *hname, *path; |