diff options
| author | Otto Moerbeek <otto@cvs.openbsd.org> | 2019-11-11 06:32:53 +0000 |
|---|---|---|
| committer | Otto Moerbeek <otto@cvs.openbsd.org> | 2019-11-11 06:32:53 +0000 |
| commit | 0fa50156127e902692e885118a0089d5c9941e7a (patch) | |
| tree | 6f5fe575e769ec3b2edd9c65189854887ae8669c /usr.sbin | |
| parent | 639e63a50406183848367ffe8eb09f5b5afcfc9d (diff) | |
Also implement "trusted" for sensors; do not do constraint validation
for these. ok deraadt@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/ntpd/ntp.c | 5 | ||||
| -rw-r--r-- | usr.sbin/ntpd/ntpd.c | 6 | ||||
| -rw-r--r-- | usr.sbin/ntpd/ntpd.h | 5 | ||||
| -rw-r--r-- | usr.sbin/ntpd/parse.y | 11 | ||||
| -rw-r--r-- | usr.sbin/ntpd/sensors.c | 5 |
5 files changed, 22 insertions, 10 deletions
diff --git a/usr.sbin/ntpd/ntp.c b/usr.sbin/ntpd/ntp.c index f3f5041331a..02c5b6bd913 100644 --- a/usr.sbin/ntpd/ntp.c +++ b/usr.sbin/ntpd/ntp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ntp.c,v 1.161 2019/11/10 19:24:47 otto Exp $ */ +/* $OpenBSD: ntp.c,v 1.162 2019/11/11 06:32:52 otto Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -300,7 +300,8 @@ ntp_main(struct ntpd_conf *nconf, struct passwd *pw, int argc, char **argv) idx_clients = i; if (!TAILQ_EMPTY(&conf->ntp_conf_sensors) && - (constraint_cnt == 0 || conf->constraint_median != 0)) { + (conf->trusted_sensors || constraint_cnt == 0 || + conf->constraint_median != 0)) { if (last_sensor_scan == 0 || last_sensor_scan + SENSOR_SCAN_INTERVAL <= getmonotime()) { sensors_cnt = sensor_scan(); diff --git a/usr.sbin/ntpd/ntpd.c b/usr.sbin/ntpd/ntpd.c index f60569eeb33..d54d35c8b25 100644 --- a/usr.sbin/ntpd/ntpd.c +++ b/usr.sbin/ntpd/ntpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ntpd.c,v 1.127 2019/11/11 01:04:55 deraadt Exp $ */ +/* $OpenBSD: ntpd.c,v 1.128 2019/11/11 06:32:52 otto Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -114,8 +114,8 @@ auto_preconditions(const struct ntpd_conf *cnf) if (sysctl(mib, 2, &securelevel, &sz, NULL, 0) == -1) err(1, "sysctl"); constraints = !TAILQ_EMPTY(&cnf->constraints); - return !cnf->settime && (constraints || cnf->trusted_peers) && - securelevel == 0; + return !cnf->settime && (constraints || cnf->trusted_peers || + conf->trusted_sensors) && securelevel == 0; } #define POLL_MAX 8 diff --git a/usr.sbin/ntpd/ntpd.h b/usr.sbin/ntpd/ntpd.h index 3f1ffbf763e..04940e76e2a 100644 --- a/usr.sbin/ntpd/ntpd.h +++ b/usr.sbin/ntpd/ntpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ntpd.h,v 1.147 2019/11/10 19:24:47 otto Exp $ */ +/* $OpenBSD: ntpd.h,v 1.148 2019/11/11 06:32:52 otto Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -189,6 +189,7 @@ struct ntp_sensor { u_int8_t stratum; u_int8_t weight; u_int8_t shift; + u_int8_t trusted; }; struct constraint { @@ -213,6 +214,7 @@ struct ntp_conf_sensor { int correction; u_int8_t stratum; u_int8_t weight; + u_int8_t trusted; }; struct ntp_freq { @@ -242,6 +244,7 @@ struct ntpd_conf { u_int8_t noaction; u_int8_t filters; u_int8_t trusted_peers; + u_int8_t trusted_sensors; time_t constraint_last; time_t constraint_median; u_int constraint_errors; diff --git a/usr.sbin/ntpd/parse.y b/usr.sbin/ntpd/parse.y index 51f1ddb02af..8d7ab09de34 100644 --- a/usr.sbin/ntpd/parse.y +++ b/usr.sbin/ntpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.75 2019/11/10 19:24:47 otto Exp $ */ +/* $OpenBSD: parse.y,v 1.76 2019/11/11 06:32:52 otto Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -183,6 +183,8 @@ main : LISTEN ON address listen_opts { p = new_peer(); p->weight = $3.weight; p->trusted = $3.trusted; + conf->trusted_peers = conf->trusted_peers || + $3.trusted; p->query_addr4 = query_addr4; p->query_addr6 = query_addr6; p->addr = h; @@ -223,6 +225,8 @@ main : LISTEN ON address listen_opts { p->weight = $3.weight; p->trusted = $3.trusted; + conf->trusted_peers = conf->trusted_peers || + $3.trusted; p->query_addr4 = query_addr4; p->query_addr6 = query_addr6; p->addr_head.a = p->addr; @@ -319,6 +323,9 @@ main : LISTEN ON address listen_opts { s->correction = $3.correction; s->refstr = $3.refstr; s->stratum = $3.stratum; + s->trusted = $3.trusted; + conf->trusted_sensors = conf->trusted_sensors || + $3.trusted; free($2); TAILQ_INSERT_TAIL(&conf->ntp_conf_sensors, s, entry); } @@ -428,6 +435,7 @@ sensor_opt : correction | refid | stratum | weight + | trusted ; correction : CORRECTION NUMBER { @@ -481,7 +489,6 @@ rtable : RTABLE NUMBER { trusted : TRUSTED { opts.trusted = 1; - conf->trusted_peers = 1; } %% diff --git a/usr.sbin/ntpd/sensors.c b/usr.sbin/ntpd/sensors.c index 4ca9a554065..ff0eec09b64 100644 --- a/usr.sbin/ntpd/sensors.c +++ b/usr.sbin/ntpd/sensors.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sensors.c,v 1.53 2019/11/10 07:32:58 otto Exp $ */ +/* $OpenBSD: sensors.c,v 1.54 2019/11/11 06:32:52 otto Exp $ */ /* * Copyright (c) 2006 Henning Brauer <henning@openbsd.org> @@ -134,6 +134,7 @@ sensor_add(int sensordev, char *dxname) s->weight = cs->weight; s->correction = cs->correction; s->stratum = cs->stratum - 1; + s->trusted = cs->trusted; if ((s->device = strdup(dxname)) == NULL) fatal("sensor_add strdup"); s->sensordevid = sensordev; @@ -195,7 +196,7 @@ sensor_query(struct ntp_sensor *s) s->last = sensor.tv.tv_sec; - if (!TAILQ_EMPTY(&conf->constraints)) { + if (!s->trusted && !TAILQ_EMPTY(&conf->constraints)) { if (conf->constraint_median == 0) { return; } |