#
911793fe |
| 12-Apr-2020 |
otto <otto@openbsd.org> |
If all addresses are numeric no use for dns probe; ok florian@ sthen@
|
#
6a6b450e |
| 07-Jul-2019 |
otto <otto@openbsd.org> |
Sometimes ntp peers are unreliable (looking at you pool.ntp.org!) and net config can change as well. So if a peer does not respond, throw it out of the pool if it's a pool member and re-resolve to fi
Sometimes ntp peers are unreliable (looking at you pool.ntp.org!) and net config can change as well. So if a peer does not respond, throw it out of the pool if it's a pool member and re-resolve to find a replacement. Hold on to good peers so we end up with a good set of peers. ok benno@
show more ...
|
#
c9addb91 |
| 12-Jun-2019 |
otto <otto@openbsd.org> |
Fix init of syslog for childs and teach dns process about synced state. ok benno@
|
#
b98b0a5c |
| 28-May-2019 |
otto <otto@openbsd.org> |
A step in solving the bootstrap problem in a dnssec environement. If the time is wrong, we cannot validate dnssec, leading to failed DNS lookups, so we cannot adjust or set the time. Work around thi
A step in solving the bootstrap problem in a dnssec environement. If the time is wrong, we cannot validate dnssec, leading to failed DNS lookups, so we cannot adjust or set the time. Work around this by repeating a failed DNS lookup with a lookup with the DC (check disabled) bit set. ok florian@
show more ...
|
#
f8e1109c |
| 07-Sep-2018 |
kn <kn@openbsd.org> |
Make host_*() AF-agnostic
Merge host_v{4,6}() into much simpler host_ip() using just getaddrinfo().
host_dns() uses the same procedure.
OK naddy
|
#
a257dd04 |
| 12-Oct-2015 |
reyk <reyk@openbsd.org> |
Move execution of the constraints from the ntp to the parent process. This helps the ntp process to a) give a better pledge(2) and to b) keep the promise of "saving the world again... on time" by rem
Move execution of the constraints from the ntp to the parent process. This helps the ntp process to a) give a better pledge(2) and to b) keep the promise of "saving the world again... on time" by removing the delays that have been introduced by expensive constraint forks. The new design offers better privsep but introduces a few more imsgs and runs a little bit more code in the privileged parent. The privileged code is minimal, carefully checked, and does not attempt to "parse" any contents; the forked constraints instantly drop all privileges and pledge to "stdio inet".
OK beck@ deraadt@
show more ...
|
#
842d7e97 |
| 18-Jul-2015 |
bcook <bcook@openbsd.org> |
replace bzero with memset
ok phessler@ deraadt@
|
#
bc58a738 |
| 10-Feb-2015 |
reyk <reyk@openbsd.org> |
Add support for "constraints": when configured, ntpd(8) will query the time from HTTPS servers, by parsing the Date: header, and use the median constraint time as a boundary to verify NTP responses.
Add support for "constraints": when configured, ntpd(8) will query the time from HTTPS servers, by parsing the Date: header, and use the median constraint time as a boundary to verify NTP responses. This adds some level of authentication and protection against MITM attacks while preserving the accuracy of the NTP protocol; without relying on authentication options for NTP that are basically unavailable at present. This is an initial implementation and the semantics will be improved once it is in the tree.
Discussed with deraadt@ and henning@ OK henning@
show more ...
|
#
110a1c68 |
| 08-Feb-2015 |
reyk <reyk@openbsd.org> |
Add a comment that ntpd MUST NOT use AI_ADDRCONFIG in host_dns()
OK henning@
|
#
a5426be6 |
| 19-Jan-2015 |
bcook <bcook@openbsd.org> |
remove a couple of unused headers.
reported by Jonas 'Sortie' Termansen
|
#
c0cb3bf1 |
| 13-Jan-2015 |
bcook <bcook@openbsd.org> |
fix some memory leaks in dns handling.
- Nothing seems to free the result of host_dns(), so add host_dns_free() and call after each query. - If imsg_add() fails, it frees buf. Avoid subsequentl
fix some memory leaks in dns handling.
- Nothing seems to free the result of host_dns(), so add host_dns_free() and call after each query. - If imsg_add() fails, it frees buf. Avoid subsequently dereferencing the freed buf in imsg_close().
ok millert@ deraadt@
show more ...
|
#
2388a8b4 |
| 10-Jan-2015 |
tedu <tedu@openbsd.org> |
don't check for a return value that host() doesn't return, so future generations don't try to change any of the values and break the code. ok deraadt
|
#
910f6a33 |
| 10-Jan-2015 |
bcook <bcook@openbsd.org> |
revert host() back to correct behavior.
unbreak config file address parsing
|
#
406616ca |
| 09-Jan-2015 |
bcook <bcook@openbsd.org> |
return -1 on host() address parsing failure, not 1.
Match what parse.y expects it to return.
ok millert@
|
#
009f3548 |
| 27-May-2006 |
henning <henning@openbsd.org> |
config file bits for timedelta sensors, so one can specify which devices to use. "sensors *" just uses all. untested due to lack of hardware. hacked on the road somewhere between vancouver and calgary
|
#
6aaaa6e3 |
| 11-May-2005 |
henning <henning@openbsd.org> |
don't touch *hn in failure case. no real change due to the way we use it but more correct. from Michael Knudsen <e@molioner.dk>
|
#
2224caf9 |
| 09-Mar-2005 |
henning <henning@openbsd.org> |
nasty: host_dns used to run before forking and chrooting etc, so it was guaranteed that its res_init() call was done once before fork etc... that is no longer the case. call res_init() in main() earl
nasty: host_dns used to run before forking and chrooting etc, so it was guaranteed that its res_init() call was done once before fork etc... that is no longer the case. call res_init() in main() early.
show more ...
|
#
96959c71 |
| 08-Mar-2005 |
henning <henning@openbsd.org> |
from the "shut the fuck up, ntpd" department: don't whine about temporary dns errors
|
#
b683bdca |
| 16-Dec-2004 |
dtucker <dtucker@openbsd.org> |
Limit the number of addresses used by the 'servers' directive to 8; ok henning@
|
#
1b65b24f |
| 30-Aug-2004 |
henning <henning@openbsd.org> |
don't forget to set *hn... theo ok
|
#
b7de29fd |
| 30-Aug-2004 |
deraadt <deraadt@openbsd.org> |
skip early DNS lookups -- they are deferred to later; ok otto ho henning
|
#
e908848c |
| 24-Aug-2004 |
henning <henning@openbsd.org> |
don't fatal() if getaddrinfo() returns EAI_NONAME
|
#
5c35bc7e |
| 12-Aug-2004 |
henning <henning@openbsd.org> |
do not try to getaddrinfo() in the unprivileged process, send an imsg asking the privileged one to do it. sends back an imsg with the resulting addresses in a bunch of struct sockaddr_storage in the
do not try to getaddrinfo() in the unprivileged process, send an imsg asking the privileged one to do it. sends back an imsg with the resulting addresses in a bunch of struct sockaddr_storage in the data part. this should fix all remaining issues with dns (non-)availability at ntpd startup, be it due to named on localhost or something else. tested by marco@ and Chris Paul <chris.paul@sentinare.com>
show more ...
|
#
97c9f460 |
| 10-Aug-2004 |
henning <henning@openbsd.org> |
move memory allocation for new peers into a new function, makes ID allocation easier
|
#
547afbf8 |
| 28-Jul-2004 |
henning <henning@openbsd.org> |
when a dns lookup fails at parse time, do not abort but try again to resolve the hostname every 60 seconds fixes ntpd invocations before e. g. a dialup link is established and such. as we want ntpd t
when a dns lookup fails at parse time, do not abort but try again to resolve the hostname every 60 seconds fixes ntpd invocations before e. g. a dialup link is established and such. as we want ntpd to be a "fire and forget" background daemon it should cope with such situations. tested by many
show more ...
|