| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2017-09-06 | ntpd has been on by default for over two years now, so rework | Jason McIntyre | |
| the text about enabling it; ok deraadt | |||
| 2017-08-11 | zero out sockaddr_in before use; fixes use of stack garbage as port number | Christian Weisgerber | |
| in "query from"; ok phessler@ job@ | |||
| 2017-08-10 | naddy@ reported confusion on why "query from" seemed to be ignored in | job | |
| some cases. OK naddy@ henning@ | |||
| 2017-05-31 | tweak previous; | Jason McIntyre | |
| 2017-05-30 | add option "query from <ip>" to ntpd.conf, to specify a local IP | Sebastian Benoit | |
| address for outgoing ntp queries. From Job Snijders, thanks! with feedback and ok henning@ | |||
| 2017-04-17 | don't manipulate hdr.len, it's used internally by libutil now; ok florian@ | Otto Moerbeek | |
| 2017-03-21 | From a syslog perspective it does not make sense to log fatal and | Alexander Bluhm | |
| warn with the same severity. Switch log_warn() to LOG_ERR and keep fatal() at LOG_CRIT. OK reyk@ florian@ | |||
| 2017-03-01 | *nargv[] holds an array of pointers, so it should be | Gleydson Soares | |
| terminated by a null pointer. ok rzalamena@ reyk@ | |||
| 2017-01-20 | add logging messages to distinguish which safty check failed | Peter Hessler | |
| 2017-01-09 | Stop accessing verbose and debug variables from log.c directly. | Reyk Floeter | |
| This replaces log_verbose() and "extern int verbose" with the two functions log_setverbose() and log_getverbose(). Pointed out by benno@ OK krw@ eric@ gilles@ (OK gilles@ for the snmpd bits as well) | |||
| 2017-01-09 | Replace hand-rolled for(;;) traversal of ctl_conns TAILQ with | Kenneth R Westerback | |
| TAILQ_FOREACH(). No intentional functional change. ok reyk@ | |||
| 2017-01-08 | Sync log.c with the latest version from vmd/log.c that preserves errno | Reyk Floeter | |
| so it is safe calling log_* after an error without loosing the it. | |||
| 2016-12-30 | markup from jan stary; | Jason McIntyre | |
| 2016-12-05 | Use the stack to hold the constraint child process variables instead of | Rafael Zalamena | |
| using the heap. ok bcook@ | |||
| 2016-12-01 | Remove unused variable which was leaking memory, and while here remove 2 other | Ricardo Mestre | |
| variables that were also never used OK otto@ | |||
| 2016-10-18 | Check for EAGAIN on imsg_flush() return otherwise we might be failing | Rafael Zalamena | |
| to send message to the child process. Do like we learned in httpd(8). ok deraadt@ | |||
| 2016-10-18 | Save the constraint process pid by getting the start_child() return value, | Rafael Zalamena | |
| this should fix the problem with random ntpd(8) deaths. ok deraadt@ | |||
| 2016-10-12 | copy updated log.c from vmd: for correctness, save errno when doing | Reyk Floeter | |
| additional actions before printing it. OK rzalamena@ | |||
| 2016-10-03 | Fix a possible bug that will happen with dup2() when oldd == newd. In that | Rafael Zalamena | |
| case the dup2() would fail silently and the descriptor would remain with the CLOEXEC flag causing the exec*()d child process to have unexpected behavior. ok guenther@ | |||
| 2016-09-26 | Teach ntpd(8) constraint process to use exec*() instead of just forking, | Rafael Zalamena | |
| with this change we get the pledge() ability back to the parent process. some tweaks from and ok reyk@ | |||
| 2016-09-26 | Teach ntpd(8) how to use socket status to shutdown the daemon. While at | Rafael Zalamena | |
| it, remove some verbose shutdown messages that we had before with pipe close. ok reyk@ | |||
| 2016-09-14 | Teach ntpd(8) how to fork+exec. | Rafael Zalamena | |
| ok reyk@, bcook@ | |||
| 2016-09-14 | Add clarifications ("comments") to three places where it wasn't | Reyk Floeter | |
| obvious why it is implemented this way. The whole idea of constraints is to isolate them as much as possible, in a semi-paranoid way. OK rzalamena@ | |||
| 2016-09-14 | Fix copyright disclaimer in util.c. | Reyk Floeter | |
| OK from the original author Alexander Guy | |||
| 2016-09-03 | Remove the oh so funny "LOSS OF MIND" from the diclaimer that was not | Reyk Floeter | |
| part of the original ISC license that we use in OpenBSD. Done for files were Henning is the original author. OK henning@ deraadt@ | |||
| 2016-08-27 | Pull in <sys/time.h> for struct timespec, timeval, or clockrate | Philip Guenther | |
| ok deraadt@ | |||
| 2016-07-13 | Adjust existing tls_config_set_cipher() callers for TLS cipher group | Joel Sing | |
| changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release. Discussed with beck@ | |||
| 2016-06-01 | ntpd is too aggressive about retrying constraint connections. This | Theo de Raadt | |
| became more visible recently because a log_debug was changed to log_warnx. Change it back for now. ok jsing | |||
| 2016-05-21 | Harden TLS for ntpd constraints - stop disabling server name verification, | Joel Sing | |
| ensure that we load the CA certificates and use tls_connect_servername() so that we can verify the server we are connecting to (even though we've already resolved the hostname). Also add additional warnings for TLS connect and TLS write failures so that we know what is happening and why. Lack of server name verification also reported by Luis M. Merino <luismiguelmerino at gmail dot com> - thanks! ok deraadt@ reyk@ | |||
| 2016-05-06 | Unconfuse things by renaming variables to match their contents. | Joel Sing | |
| ok deraadt@ reyk@ | |||
| 2016-05-02 | prepare userland for removing chroot(2) from allowed syscalls under pledge(2). | Sebastien Marie | |
| for ntpd(8), removing the pledge call is a first step: futher redesign will occurs later. ok reyk@ benno@ | |||
| 2016-03-27 | Rename session_socket_blockmode() to session_socket_nonblockmode(), | Kenneth R Westerback | |
| removing its second parameter and the enum() that provided the values for said parameter. The function was only called with the second parameter set to one value (BM_NONBLOCKING) from the enum(). So just do the right thing. Similar to changes made in smtpd. While here remove the pointless third parameter from the fcntl(F_GETFL) call. No functional change. ok guenther@ bcook@ deraadt@ | |||
| 2016-03-05 | According to RFC7231, section 7.1.1.1, the HTTP date header supports | Christian Weisgerber | |
| no other timezone than the fixed string "GMT". Avoid using strptime %Z, which is nonstandard and can give surprising results on other operating systems. ok deraadt@ giovanni@ bcook@ | |||
| 2016-02-02 | Remove setproctitle() for the parent process. Because rc.d(8) uses process | Stuart Henderson | |
| titles (including flags) to distinguish between daemons, this makes it possible to manage multiple copies of a daemon using the normal infrastructure by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@ | |||
| 2016-01-27 | Don't attempt to kill() the constraint in the wrong process. The | Reyk Floeter | |
| process management of the contraint processes has been moved from ntp to the parent, for better privsep and pledge, but the ntp process still attempted to kill the constraints on timeout directly. Fix this regression by introducing a new imsg from ntp to the parent and the related logic to kill a constraint at the right place. Reported & tested by bcook@ Ok bcook@ | |||
| 2016-01-27 | update ntpd log initialization to work like relayd, fix debug log levels | Brent Cook | |
| ok reyk@ | |||
| 2016-01-11 | sneaky whitespace snuck in again | Theo de Raadt | |
| 2015-12-29 | Don't assume fprintf() will set the FILE * error condition. | Todd C. Miller | |
| Instead, check the return value of fprintf() and fflush() and call clearerr() before returning on error. OK jca@ | |||
| 2015-12-19 | No need for an extra log.h | Reyk Floeter | |
| OK bcook@ | |||
| 2015-12-19 | Switch and sync to the log.c variant from httpd/relayd/iked/snmpd/vmd. | Reyk Floeter | |
| OK bcook@ jung@ | |||
| 2015-12-19 | Move log_sockaddr() to from log.c to util.c as it is a local addition | Reyk Floeter | |
| and actually not a "logging" function. No functional change. | |||
| 2015-12-05 | EAGAIN handling for imsg_read. OK henning@ benno@ | Claudio Jeker | |
| 2015-11-24 | Cache values from getpwnam() done at initialization, which need to be | Theo de Raadt | |
| used by the constraint processes setup later (chroot, setuid...) [late getpwnam discovered during a further audit] ok millert | |||
| 2015-11-20 | use RMS for jitter. we're linking with enough libraries that libm is tiny. | Ted Unangst | |
| ok deraadt | |||
| 2015-11-19 | Simplify all instances of get_string() and get_data() using malloc() and | mmcc | |
| strndup(). ok millert@ | |||
| 2015-11-17 | fix memory leak; from David CARLIER | Theo de Raadt | |
| 2015-10-31 | fully revert some parts introduced with the original server rtable support, | Christian Weisgerber | |
| so servers with numeric IP addresses won't be skipped; ok reyk@ | |||
| 2015-10-30 | drop unused define; ok reyk@ | Christian Weisgerber | |
| 2015-10-30 | Remove support for sending status reports to syslog on SIGINFO; | Reyk Floeter | |
| we have ntpctl now and ntpd doesn't need redundant/obsolete features. Pointed out by naddy@, with input from zhuk@ (SIGINFO doesn't need SIG_IGN) OK deraadt@ | |||
| 2015-10-25 | the DNS process was not discarding & redirecting stdin/out/err to | Theo de Raadt | |
| /dev/null. copy the code from the ntp engine. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |