rpms/chrony
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- move getdate.y and git diff to sources

Browse Source
This commit is contained in:
Miroslav Lichvar 2008-11-24 12:58:34 +00:00
parent 9709697373
commit 3655f5d981
4 changed files with 4 additions and 1593 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -1 +1,3 @@
chrony-1.23.tar.gz
getdate.y
chrony-1.23-gitbe42b4.patch

544
chrony-1.23-gitbe42b4.patch
View File

@ -1,544 +0,0 @@
From 2f2446c7dc074b2d1728a5e3f7a600c10cea2425 Mon Sep 17 00:00:00 2001
From: Goswin Brederlow <brederlo@informatik.uni-tuebingen.de>
Date: Sat, 29 Mar 2008 20:49:59 +0000
Subject: [PATCH] Fix for chronyc "sources" command on 64 bit machines
(Taken from
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348412
)
Attached is a patchlet to make the "sources" command of chrony output properly
signed numbers. The chronyd code (see e.g. ntp.h) properly uses int32_t and
friends to get the right number of bits per datatype while client.c just uses
short, int, long. But long will be 64 bit or 32 bit depending on the cpu.
---
client.c | 20 +++++++++++++-------
1 files changed, 13 insertions(+), 7 deletions(-)
diff --git a/client.c b/client.c
index b7e5bcb..85d6e84 100644
--- a/client.c
+++ b/client.c
@@ -45,6 +45,12 @@
#include <readline/history.h>
#endif
+#ifdef HAS_STDINT_H
+#include <stdint.h>
+#elif defined(HAS_INTTYPES_H)
+#include <inttypes.h>
+#endif
+
/* ================================================== */
static int sock_fd;
@@ -1383,16 +1389,16 @@ process_cmd_sources(char *line)
int n_sources, i;
int verbose = 0;
- long orig_latest_meas, latest_meas, est_offset;
- unsigned long ip_addr;
- unsigned long latest_meas_err, est_offset_err;
- unsigned long latest_meas_ago;
- unsigned short poll, stratum;
- unsigned short state, mode;
+ int32_t orig_latest_meas, latest_meas, est_offset;
+ uint32_t ip_addr;
+ uint32_t latest_meas_err, est_offset_err;
+ uint32_t latest_meas_ago;
+ uint16_t poll, stratum;
+ uint16_t state, mode;
double resid_freq, resid_skew;
const char *dns_lookup;
char hostname_buf[32];
- unsigned short status;
+ uint16_t status;
/* Check whether to output verbose headers */
verbose = check_for_verbose_flag(line);
--
1.5.6.5
From 71aa36aa6e5477be5ed9bc97954da19c5885c933 Mon Sep 17 00:00:00 2001
From: Thomas Zajic <zlatko@zlatko.fdns.net>
Date: Tue, 29 Jul 2008 23:35:42 +0100
Subject: [PATCH] Fix IP addressing in chronyc
Thomas wrote:
I found a bug in the chrony client (chronyc) that affects its ability to talk
to remote hosts over the control port (323/udp).
For example, running "chronyc -h 192.168.1.3 sources -v" would just sit there
and hang, and eventually timeout. I found out with tcpdump that chronyc
actually tries to connect to 255.168.1.3 instead of 192.168.1.3.
---
client.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/client.c b/client.c
index 85d6e84..66f297f 100644
--- a/client.c
+++ b/client.c
@@ -163,10 +163,10 @@ get_address(const char *hostname)
exit(1);
} else {
address0 = host->h_addr_list[0];
- result = ((((unsigned long) address0[0]) << 24) |
- (((unsigned long) address0[1]) << 16) |
- (((unsigned long) address0[2]) << 8) |
- (((unsigned long) address0[3])));
+ result = ((((unsigned long) address0[0] & 0xff) << 24) |
+ (((unsigned long) address0[1] & 0xff) << 16) |
+ (((unsigned long) address0[2] & 0xff) << 8) |
+ (((unsigned long) address0[3] & 0xff)));
}
return result;
--
1.5.6.5
From bc0aaa9217d1ca85dbb0f7a5452a0705e7a28264 Mon Sep 17 00:00:00 2001
From: John Hasler <john@dhh.gt.org>
Date: Tue, 29 Apr 2008 12:40:15 -0500
Subject: [PATCH] Fix fault where chronyd enters an endless loop on x86_64
John writes:
Here is a patch that should prevent the endless loop. I've changed
UTI_NormaliseTimeval() to use divide/remainder instead of a loop. It also
replaces some similar loops with calls to UTI_NormaliseTimeval() and fixes
an unrelated bug in UTI_DiffTimevals().
---
util.c | 38 +++++++++++---------------------------
1 files changed, 11 insertions(+), 27 deletions(-)
diff --git a/util.c b/util.c
index 431be1e..d506ffd 100644
--- a/util.c
+++ b/util.c
@@ -87,15 +87,17 @@ UTI_CompareTimevals(struct timeval *a, struct timeval *b)
INLINE_STATIC void
UTI_NormaliseTimeval(struct timeval *x)
{
- while (x->tv_usec >= 1000000) {
- ++x->tv_sec;
- x->tv_usec -= 1000000;
+ /* Reduce tv_usec to within +-1000000 of zero. JGH */
+ if ((x->tv_usec >= 1000000) || (x->tv_usec <= -1000000)) {
+ x->tv_sec += x->tv_usec/1000000;
+ x->tv_usec = x->tv_usec%1000000;
}
- while (x->tv_usec < 0) {
+ /* Make tv_usec positive. JGH */
+ if (x->tv_usec < 0) {
--x->tv_sec;
x->tv_usec += 1000000;
- }
+ }
}
@@ -110,17 +112,9 @@ UTI_DiffTimevals(struct timeval *result,
result->tv_usec = a->tv_usec - b->tv_usec;
/* Correct microseconds field to bring it into the range
- [0,1000000) */
+ (0,1000000) */
- while (result->tv_usec < 0) {
- result->tv_usec += 1000000;
- --result->tv_sec;
- }
-
- while (result->tv_usec > 999999) {
- result->tv_usec -= 1000000;
- ++result->tv_sec;
- }
+ UTI_NormaliseTimeval(result); /* JGH */
return;
}
@@ -191,7 +185,7 @@ UTI_AverageDiffTimevals (struct timeval *earlier,
}
tvhalf.tv_sec = tvdiff.tv_sec / 2;
- tvhalf.tv_usec = tvdiff.tv_usec / 2 + (tvdiff.tv_sec % 2);
+ tvhalf.tv_usec = tvdiff.tv_usec / 2 + (tvdiff.tv_sec % 2) * 500000; /* JGH */
average->tv_sec = earlier->tv_sec + tvhalf.tv_sec;
average->tv_usec = earlier->tv_usec + tvhalf.tv_usec;
@@ -199,17 +193,7 @@ UTI_AverageDiffTimevals (struct timeval *earlier,
/* Bring into range */
UTI_NormaliseTimeval(average);
- while (average->tv_usec >= 1000000) {
- ++average->tv_sec;
- average->tv_usec -= 1000000;
- }
-
- while (average->tv_usec < 0) {
- --average->tv_sec;
- average->tv_usec += 1000000;
- }
-
-}
+ }
/* ================================================== */
--
1.5.6.5
From 8336f14680f59340ad1f6d01910cb9f307de9443 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed, 5 Nov 2008 23:48:58 +0000
Subject: [PATCH] Fix errors detected by valgrind
I tried running chronyd in valgrind and the result was that there are four
places where memory is not initialized. A patch fixing the errors is in the
attachment.
---
cmdmon.c | 4 +++-
ntp_core.c | 3 +++
sourcestats.c | 8 ++++++--
3 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/cmdmon.c b/cmdmon.c
index e88d7c3..819977c 100644
--- a/cmdmon.c
+++ b/cmdmon.c
@@ -166,7 +166,7 @@ CAM_Initialise(void)
int port_number;
struct sockaddr_in my_addr;
unsigned long bind_address;
- int on_off;
+ int on_off = 1;
if (initialised) {
CROAK("Shouldn't be initialised");
@@ -1631,11 +1631,13 @@ read_from_cmd_socket(void *anything)
tx_message.reply = htons(RPY_NULL);
tx_message.number = htons(1);
tx_message.total = htons(1);
+ tx_message.pad1 = 0;
tx_message.utoken = htonl(utoken);
/* Set this to a default (invalid) value. This protects against the
token field being set to an arbitrary value if we reject the
message, e.g. due to the host failing the access check. */
tx_message.token = htonl(0xffffffffUL);
+ memset(&tx_message.auth, 0, sizeof(tx_message.auth));
remote_ip = ntohl(where_from.sin_addr.s_addr);
remote_port = ntohs(where_from.sin_port);
diff --git a/ntp_core.c b/ntp_core.c
index 60d433c..8dfd6cf 100644
--- a/ntp_core.c
+++ b/ntp_core.c
@@ -300,6 +300,9 @@ create_instance(NTP_Remote_Address *remote_addr, NTP_Mode mode, SourceParameters
result->tx_count = 0;
+ result->remote_orig.hi = 0;
+ result->remote_orig.lo = 0;
+
result->score = 0;
if (params->online) {
diff --git a/sourcestats.c b/sourcestats.c
index 163a2eb..564eb3a 100644
--- a/sourcestats.c
+++ b/sourcestats.c
@@ -721,8 +721,12 @@ SST_PredictOffset(SST_Stats inst, struct timeval *when)
if (inst->n_samples < 3) {
/* We don't have any useful statistics, and presumably the poll
interval is minimal. We can't do any useful prediction other
- than use the latest sample */
- return inst->offsets[inst->n_samples - 1];
+ than use the latest sample or zero if we don't have any samples */
+ if (inst->n_samples > 0) {
+ return inst->offsets[inst->n_samples - 1];
+ } else {
+ return 0.0;
+ }
} else {
UTI_DiffTimevalsToDouble(&elapsed, when, &inst->offset_time);
return inst->estimated_offset + elapsed * inst->estimated_frequency;
--
1.5.6.5
From be42b4eeea268d1eaee25423fabe3a46836f5b08 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed, 5 Nov 2008 23:50:48 +0000
Subject: [PATCH] Linux capabilities support
Attached is a patch adding a linux capabilities support to chronyd. It
adds -u option which can be used to specify the user which chronyd
should switch to.
---
chrony.texi | 3 +++
chronyd.8 | 4 ++++
configure | 9 +++++++++
main.c | 20 ++++++++++++++------
sys.c | 8 ++++++++
sys.h | 3 +++
sys_linux.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
sys_linux.h | 2 ++
8 files changed, 95 insertions(+), 6 deletions(-)
diff --git a/chrony.texi b/chrony.texi
index 909a0cc..045f02c 100644
--- a/chrony.texi
+++ b/chrony.texi
@@ -1089,6 +1089,9 @@ to work well, it relies on @code{chronyd} having been able to determine
accurate statistics for the difference between the real time clock and
system clock last time the computer was on.
+@item -u <user>
+When this option is used, chronyd will drop root privileges to the specified
+user. So far, it works only on Linux when compiled with capabilities support.
@item -v
This option displays @code{chronyd's} version number to the terminal and
exits.
diff --git a/chronyd.8 b/chronyd.8
index 78fbe17..dfc4004 100644
--- a/chronyd.8
+++ b/chronyd.8
@@ -79,6 +79,10 @@ been able to determine accurate statistics for the difference
between the real time clock and system clock last time the
computer was on.
.TP
+\fB\-u\fR \fIuser\fR
+When this option is used, chronyd will drop root privileges to the specified
+user. So far, it works only on Linux when compiled with capabilities support.
+.TP
.B \-v
This option displays \fBchronyd\fR's version number to the terminal and exits
diff --git a/configure b/configure
index 2bb2ac0..9027b85 100755
--- a/configure
+++ b/configure
@@ -134,6 +134,7 @@ For better control, use the options below.
--readline-lib-dir=DIR Specify where readline lib directory is
--with-ncurses-library=DIR Specify where ncurses lib directory is
--disable-rtc Don't include RTC even on Linux
+ --enable-linuxcaps Enable Linux capabilities support
Fine tuning of the installation directories:
--infodir=DIR info documentation [PREFIX/info]
@@ -174,6 +175,7 @@ SYSDEFS=""
# Support for readline (on by default)
feat_readline=1
feat_rtc=1
+feat_linuxcaps=0
readline_lib=""
readline_inc=""
ncurses_lib=""
@@ -211,6 +213,9 @@ do
--disable-rtc)
feat_rtc=0
;;
+ --enable-linuxcaps)
+ feat_linuxcaps=1
+ ;;
--help | -h )
usage
exit 0
@@ -248,6 +253,10 @@ case $SYSTEM in
EXTRA_OBJECTS+=" rtc_linux.o"
EXTRA_DEFS+=" -DFEAT_RTC=1"
fi
+ if [ $feat_linuxcaps -eq 1 ] ; then
+ EXTRA_DEFS+=" -DFEAT_LINUXCAPS=1"
+ EXTRA_LIBS="-lcap"
+ fi
SYSDEFS="-DLINUX"
echo "Configuring for " $SYSTEM
if [ "${MACHINE}" = "alpha" ]; then
diff --git a/main.c b/main.c
index 18312e0..ba6e4a9 100644
--- a/main.c
+++ b/main.c
@@ -83,19 +83,19 @@ MAI_CleanupAndExit(void)
SRC_DumpSources();
}
- RTC_Finalise();
MNL_Finalise();
ACQ_Finalise();
- CAM_Finalise();
KEY_Finalise();
CLG_Finalise();
- NIO_Finalise();
NSR_Finalise();
NCR_Finalise();
BRD_Finalise();
SRC_Finalise();
SST_Finalise();
REF_Finalise();
+ RTC_Finalise();
+ CAM_Finalise();
+ NIO_Finalise();
SYS_Finalise();
SCH_Finalise();
LCL_Finalise();
@@ -206,6 +206,7 @@ int main
(int argc, char **argv)
{
char *conf_file = NULL;
+ char *user = NULL;
int debug = 0;
int do_init_rtc = 0;
int other_pid;
@@ -220,6 +221,9 @@ int main
conf_file = *argv;
} else if (!strcmp("-r", *argv)) {
reload = 1;
+ } else if (!strcmp("-u", *argv)) {
+ ++argv, --argc;
+ user = *argv;
} else if (!strcmp("-s", *argv)) {
do_init_rtc = 1;
} else if (!strcmp("-v", *argv) || !strcmp("--version",*argv)) {
@@ -269,19 +273,23 @@ int main
LCL_Initialise();
SCH_Initialise();
SYS_Initialise();
+ NIO_Initialise();
+ CAM_Initialise();
+ RTC_Initialise();
+
+ if (user)
+ SYS_DropRoot(user);
+
REF_Initialise();
SST_Initialise();
SRC_Initialise();
BRD_Initialise();
NCR_Initialise();
NSR_Initialise();
- NIO_Initialise();
CLG_Initialise();
KEY_Initialise();
- CAM_Initialise();
ACQ_Initialise();
MNL_Initialise();
- RTC_Initialise();
/* From now on, it is safe to do finalisation on exit */
initialised = 1;
diff --git a/sys.c b/sys.c
index 9052cf7..048ba4d 100644
--- a/sys.c
+++ b/sys.c
@@ -97,6 +97,14 @@ SYS_Finalise(void)
}
/* ================================================== */
+
+void SYS_DropRoot(char *user)
+{
+#if defined(LINUX) && defined (FEAT_LINUXCAPS)
+ SYS_Linux_DropRoot(user);
+#endif
+}
+
/* ================================================== */
/* ================================================== */
diff --git a/sys.h b/sys.h
index 973da42..50b8e46 100644
--- a/sys.h
+++ b/sys.h
@@ -39,4 +39,7 @@ extern void SYS_Initialise(void);
/* Called at the end of the run to do final clean-up */
extern void SYS_Finalise(void);
+/* Drop root privileges to the specified user */
+extern void SYS_DropRoot(char *user);
+
#endif /* GOT_SYS_H */
diff --git a/sys_linux.c b/sys_linux.c
index 137e55b..65eb563 100644
--- a/sys_linux.c
+++ b/sys_linux.c
@@ -39,6 +39,14 @@
#include <assert.h>
#include <sys/utsname.h>
+#ifdef FEAT_LINUXCAPS
+#include <sys/types.h>
+#include <pwd.h>
+#include <sys/prctl.h>
+#include <sys/capability.h>
+#include <grp.h>
+#endif
+
#include "localp.h"
#include "sys_linux.h"
#include "sched.h"
@@ -831,6 +839,50 @@ SYS_Linux_GetKernelVersion(int *major, int *minor, int *patchlevel)
/* ================================================== */
+#ifdef FEAT_LINUXCAPS
+void
+SYS_Linux_DropRoot(char *user)
+{
+ struct passwd *pw;
+ cap_t cap;
+
+ if (user == NULL)
+ return;
+
+ if ((pw = getpwnam(user)) == NULL) {
+ LOG_FATAL(LOGF_SysLinux, "getpwnam(%s) failed", user);
+ }
+
+ if (prctl(PR_SET_KEEPCAPS, 1)) {
+ LOG_FATAL(LOGF_SysLinux, "prcap() failed");
+ }
+
+ if (setgroups(0, NULL)) {
+ LOG_FATAL(LOGF_SysLinux, "setgroups() failed");
+ }
+
+ if (setgid(pw->pw_gid)) {
+ LOG_FATAL(LOGF_SysLinux, "setgid(%d) failed", pw->pw_gid);
+ }
+
+ if (setuid(pw->pw_uid)) {
+ LOG_FATAL(LOGF_SysLinux, "setuid(%d) failed", pw->pw_uid);
+ }
+
+ if ((cap = cap_from_text("cap_sys_time=ep")) == NULL) {
+ LOG_FATAL(LOGF_SysLinux, "cap_from_text() failed");
+ }
+
+ if (cap_set_proc(cap)) {
+ LOG_FATAL(LOGF_SysLinux, "cap_set_proc() failed");
+ }
+
+ LOG(LOGS_INFO, LOGF_SysLinux, "Privileges dropped to user %s", user);
+}
+#endif
+
+/* ================================================== */
+
#endif /* LINUX */
/* vim:ts=8
diff --git a/sys_linux.h b/sys_linux.h
index a17e51e..53639a5 100644
--- a/sys_linux.h
+++ b/sys_linux.h
@@ -37,4 +37,6 @@ extern void SYS_Linux_Finalise(void);
extern void SYS_Linux_GetKernelVersion(int *major, int *minor, int *patchlevel);
+extern void SYS_Linux_DropRoot(char *user);
+
#endif /* GOT_SYS_LINUX_H */
--
1.5.6.5

1049
getdate.y
View File

File diff suppressed because it is too large Load Diff

2
sources
View File

@ -1 +1,3 @@
ffce77695e55d8efda19ab0b78309c23 chrony-1.23.tar.gz
ad8091c4b507f7bde3804b8dc1150c56 getdate.y
c5f94f3fc4c78546b954e050b8027dc5 chrony-1.23-gitbe42b4.patch