1. 23 Jan, 2022 1 commit
    • Cy Schubert's avatar
      rc.d/ntp: Ensure ntpd.leap-seconds.list is readable by ntpd · 28d0a782
      Cy Schubert authored
      When a use sets umask in login.conf(5) to 027 or 077 a subsequently
      fetched /var/db/ntpd.leap-seconds.list will inherit the permissions
      allowed by the umask, resulting in a file that may not be readable
      ntpd running under the ntp account. This patch adds a umask command
      to preempt the umask in login.conf(5) prior to fetching a new copy
      of the leap-seconds file.
      
      PR:		261298
      Reported by:	Martin Waschbusch <martin@waschbuesch.de>
      
      (cherry picked from commit c6806434)
      28d0a782
  2. 22 Dec, 2019 2 commits
    • ian's avatar
      MFC r355100: · 02ee0cb0
      ian authored
      Allow opt-out of automatic ntpd leapfile checking/fetching.
      
      When a system has no internet connection, or when it is configured to obtain
      ntpd leapfiles from some source other than the internet, or even when the
      sysadmin has decided for some reason to customize ntp.conf to eliminate use
      of the leapfile, the rc.d/ntpd script emits various error messages related
      to the file.
      
      This change allows setting the rc var ntp_db_leapfile to NONE to disable all
      automatic processing related to that file in rc.d/ntpd.
      
      Differential Revision:	https://reviews.freebsd.org/D22461
      02ee0cb0
    • Ian Lepore's avatar
      MFC r355100: · 127abdc0
      Ian Lepore authored
      Allow opt-out of automatic ntpd leapfile checking/fetching.
      
      When a system has no internet connection, or when it is configured to obtain
      ntpd leapfiles from some source other than the internet, or even when the
      sysadmin has decided for some reason to customize ntp.conf to eliminate use
      of the leapfile, the rc.d/ntpd script emits various error messages related
      to the file.
      
      This change allows setting the rc var ntp_db_leapfile to NONE to disable all
      automatic processing related to that file in rc.d/ntpd.
      
      Differential Revision:	https://reviews.freebsd.org/D22461
      127abdc0
  3. 23 Jun, 2019 2 commits
    • ian's avatar
      MFC r348141, r348143 · d46a7004
      ian authored
      r348141:
      Handle the driftfile option correctly when ntpd_flags is empty.
      
      The logic I originally wrote to detect whether a driftfile option was in the
      set of flags was based on the result of removing the pattern *flag* being an
      empty string.  That didn't handle the case where the string was empty to
      begin with.  Doh!  So now it also specifically checks for an empty string.
      
      The result of the bad check was that ntpd would run without a driftfile, but
      it would do so only if it was running as root instead of the non-priveleged
      ntpd user, which isn't a typical case.  Ntpd runs fine without a driftfile,
      although it does take it longer to stabilize the clock frequency at startup.
      
      Reported by:	avg@
      Pointy hat:	ian@
      
      r348143:
      Remove accidentally-added blank line; the style throughout this file
      is to use no whitespace between a comment block and the code it describes.
      d46a7004
    • Ian Lepore's avatar
      MFC r348141, r348143 · a9ccea3e
      Ian Lepore authored
      r348141:
      Handle the driftfile option correctly when ntpd_flags is empty.
      
      The logic I originally wrote to detect whether a driftfile option was in the
      set of flags was based on the result of removing the pattern *flag* being an
      empty string.  That didn't handle the case where the string was empty to
      begin with.  Doh!  So now it also specifically checks for an empty string.
      
      The result of the bad check was that ntpd would run without a driftfile, but
      it would do so only if it was running as root instead of the non-priveleged
      ntpd user, which isn't a typical case.  Ntpd runs fine without a driftfile,
      although it does take it longer to stabilize the clock frequency at startup.
      
      Reported by:	avg@
      Pointy hat:	ian@
      
      r348143:
      Remove accidentally-added blank line; the style throughout this file
      is to use no whitespace between a comment block and the code it describes.
      a9ccea3e
  4. 17 Oct, 2018 2 commits
    • bz's avatar
      Move the rc framework out of sbin/init into libexec/rc. · 6fa8790c
      bz authored
      The reasons for this are forward looking to pkgbase:
       * /sbin/init is a special binary; try not to replace it with
         every package update because an rc script was touched.
         (a follow-up commit will make init its own package)
       * having rc in its own place will allow more easy replacement
         of the rc framework with alternatives, such as openrc.
      
      Discussed with:		brd (during BSDCam), kmoore
      Requested by:		cem, bz
      PR:			231522
      Approved by:		re (gjb)
      6fa8790c
    • Bjoern A. Zeeb's avatar
      Move the rc framework out of sbin/init into libexec/rc. · 0696600c
      Bjoern A. Zeeb authored
      The reasons for this are forward looking to pkgbase:
       * /sbin/init is a special binary; try not to replace it with
         every package update because an rc script was touched.
         (a follow-up commit will make init its own package)
       * having rc in its own place will allow more easy replacement
         of the rc framework with alternatives, such as openrc.
      
      Discussed with:		brd (during BSDCam), kmoore
      Requested by:		cem, bz
      PR:			231522
      Approved by:		re (gjb)
      0696600c
  5. 28 Jul, 2018 2 commits
  6. 20 Jul, 2018 2 commits
    • ian's avatar
      Automatically run ntpd as non-root when possible. · c8e20b84
      ian authored
      Ntpd needs only a subset of full root privileges to do its job. Specifically
      it needs the ability to manipulate system time, and to re-bind to a
      privileged UDP port after interface changes. The mac_ntpd(4) policy module
      (see r336525) can grant these privs.
      
      These changes detect the availability of mac_ntpd(4). If enabled, and if the
      ntpd configuration is fairly vanilla, it automatically runs ntpd as the
      non-root user 'ntpd' (uid 123). "Vanilla" means the config doesn't include
      command line or ntp.conf options changing the location of files or using any
      files/dirs likely to be inaccessible to user ntpd.  Ntpd can still run as
      non-root when using such options, but the admin must ensure all required
      files and dirs are accessible, and then set ntpd_user=ntpd in rc.conf.
      
      Note that these changes also address PR 199127 by using the command_args
      technique suggested in the patch. They also tangentially address PR 113552,
      which is primarily about inconsistent filenames in documentation, but some
      of the inconsistancy was caused by old code in rc.d/ntpd which is leftover
      from the intial import from netbsd. There was code to do chroot setup which
      required the use of the netbsd clockctl(4) device; that code never had any
      effect on freebsd, because we lack that device and don't build ntpd with the
      options that would allow using it.
      
      PR:		113552 199127
      Relnotes:	yes
      Differential Revision:	https://reviews.freebsd.org/D16050
      c8e20b84
    • Ian Lepore's avatar
      Automatically run ntpd as non-root when possible. · d11f4dfd
      Ian Lepore authored
      Ntpd needs only a subset of full root privileges to do its job. Specifically
      it needs the ability to manipulate system time, and to re-bind to a
      privileged UDP port after interface changes. The mac_ntpd(4) policy module
      (see r336525) can grant these privs.
      
      These changes detect the availability of mac_ntpd(4). If enabled, and if the
      ntpd configuration is fairly vanilla, it automatically runs ntpd as the
      non-root user 'ntpd' (uid 123). "Vanilla" means the config doesn't include
      command line or ntp.conf options changing the location of files or using any
      files/dirs likely to be inaccessible to user ntpd.  Ntpd can still run as
      non-root when using such options, but the admin must ensure all required
      files and dirs are accessible, and then set ntpd_user=ntpd in rc.conf.
      
      Note that these changes also address PR 199127 by using the command_args
      technique suggested in the patch. They also tangentially address PR 113552,
      which is primarily about inconsistent filenames in documentation, but some
      of the inconsistancy was caused by old code in rc.d/ntpd which is leftover
      from the intial import from netbsd. There was code to do chroot setup which
      required the use of the netbsd clockctl(4) device; that code never had any
      effect on freebsd, because we lack that device and don't build ntpd with the
      options that would allow using it.
      
      PR:		113552 199127
      Relnotes:	yes
      Differential Revision:	https://reviews.freebsd.org/D16050
      d11f4dfd
  7. 28 Jun, 2018 4 commits
  8. 23 Jun, 2018 2 commits
    • ian's avatar
      Use 'mv -f' in rc.d/ntpd to avoid spuriously halting the boot. · 7db692a1
      ian authored
      The final 'mv' to install a fetched leap-list file can fail (due to a
      readonly fs, or schg flags, for example), and that leads to mv(1)
      prompting the user, stopping the boot process.  Instead, use mv -f
      to supress the prompting, and if verbose mode is on, emit a warning
      that the existing file cannot be replaced.
      
      PR:		219255
      7db692a1
    • Ian Lepore's avatar
      Use 'mv -f' in rc.d/ntpd to avoid spuriously halting the boot. · 6014f3c4
      Ian Lepore authored
      The final 'mv' to install a fetched leap-list file can fail (due to a
      readonly fs, or schg flags, for example), and that leads to mv(1)
      prompting the user, stopping the boot process.  Instead, use mv -f
      to supress the prompting, and if verbose mode is on, emit a warning
      that the existing file cannot be replaced.
      
      PR:		219255
      6014f3c4
  9. 09 Jan, 2018 2 commits
    • cy's avatar
      USNO and possibly others have misinterpreted the maining of the · b55d60aa
      cy authored
      leapseconds last-update field and incorrectly increment it when changing
      the file even though the leapsecond data has not changed. For instance,
      if a leapsecond file is obtained from USNO, when it expires it will not
      be replaced by a newer file from other sources because it has an
      incorrect later last-update (version).
      
      This corrects r304780.
      
      PR:		225029
      Submitted by:	ian
      MFC after:	3 days
      b55d60aa
    • Cy Schubert's avatar
      USNO and possibly others have misinterpreted the maining of the · da7a237f
      Cy Schubert authored
      leapseconds last-update field and incorrectly increment it when changing
      the file even though the leapsecond data has not changed. For instance,
      if a leapsecond file is obtained from USNO, when it expires it will not
      be replaced by a newer file from other sources because it has an
      incorrect later last-update (version).
      
      This corrects r304780.
      
      PR:		225029
      Submitted by:	ian
      MFC after:	3 days
      da7a237f
  10. 28 Nov, 2017 2 commits
  11. 19 Oct, 2017 2 commits
    • cy's avatar
      Anticongestion refinements for ntpd rc script. This reverts r324681 · ff539934
      cy authored
      and checks if ntp leapfile needs fetching before entering into the
      anticongestion sleep.
      
      Unfortunately some ports still use their own sleeps so, this commit
      doesn't address the complete problem which is compounded by every
      port that uses its own anticongestion mechanism.
      
      Discussed with:		asomers
      ff539934
    • Cy Schubert's avatar
      Anticongestion refinements for ntpd rc script. This reverts r324681 · dde76442
      Cy Schubert authored
      and checks if ntp leapfile needs fetching before entering into the
      anticongestion sleep.
      
      Unfortunately some ports still use their own sleeps so, this commit
      doesn't address the complete problem which is compounded by every
      port that uses its own anticongestion mechanism.
      
      Discussed with:		asomers
      dde76442
  12. 27 Aug, 2016 1 commit
    • cy's avatar
      MFC r304779, r304780, r304781, r304782, r304802 · cd108e3a
      cy authored
      r304779:
      
        Revert r298887 (spelling fix) and remove $FreeBSD$ because text changes
        to leap-seconds invaldidates validation hash at the end of the file.
      
        Remove svn:keywords and replace with fbsd:nokeywords=yes to
        support this change.
      
      r304780:
      
        Change the algorithm by which /var/db/leap-seconds is updated.
      
        1. Use the leap-seconds version number (update time) to determine
           whether to update the file or not.
      
        2. If the version numbers of the files is the same, use the later
           expiry date to determine which file to use.
      
        Suggested by:	ian@
      
      r304781:
      
        Add logic to replace the working ntp leap-seconds file in /var/db
        if it contains a $FreeBSD$ header. The header will cause the file
        to fail checksum of the hash causing ntpd to ignore the file.
      
      r304782:
      
        Make validation of the leap-seconds file unconditional.
      
      r304802:
      
        Remove the gratuitous check for $FreeBSD$ and rename the function
        to ntpd_init_leapfile, to ensure a copy exists in /var/db if a copy
        isn't already there.
      
        Reported by:	ache@
      cd108e3a
  13. 25 Aug, 2016 8 commits
  14. 28 May, 2016 1 commit
    • cy's avatar
      MFC r300638: · 7c96bdb9
      cy authored
      Use the expiry date to determine whether to replace the DB copy of
      leapfile instead of using the leapfile serial number (create
      timestamp).
      
      PR:		209577
      7c96bdb9
  15. 27 May, 2016 1 commit
  16. 25 May, 2016 2 commits
  17. 23 Apr, 2016 2 commits
  18. 14 Feb, 2016 1 commit
  19. 11 Feb, 2016 1 commit