[Bug 2009] cleanup warning about adj_systime() returning no value.

[Bug 2020] Expand ntp-keygen-opts.def explanations of host name and
  group name options and how they affect output, rename -i long form
  from --issuer-name to --ident to match reality.

bk: 4e83ff12P-_520hnj-JFgNiA7YgRpA

diff --git a/libntp/systime.c b/libntp/systime.c
index c1bd2bd616843ec8df944f0bd371f57920ec92bc..d2d2e2c47a32b1195d9ebae7d0d9a8d4c842ea34 100644 (file)
--- a/libntp/systime.c
+++ b/libntp/systime.c
@@ -146,7 +146,7 @@ adj_systime(
         * triggered by sys_residual.
         */
        if (0. == now)
-               return;
+               return TRUE;
 
        /*
         * Most Unix adjtime() implementations adjust the system clock
@@ -179,10 +179,10 @@ adj_systime(
        if (adjtv.tv_sec != 0 || adjtv.tv_usec != 0) {
                if (adjtime(&adjtv, &oadjtv) < 0) {
                        msyslog(LOG_ERR, "adj_systime: %m");
-                       return (0);
+                       return FALSE;
                }
        }
-       return (1);
+       return TRUE;
 }
 #endif
 

diff --git a/util/ntp-keygen-opts.def b/util/ntp-keygen-opts.def
index 33f148a6df74352b9a53785a983d593f676fb7dd..d1ece91a05b8146a27714894ae30b54bf7ad643c 100644 (file)
--- a/util/ntp-keygen-opts.def
+++ b/util/ntp-keygen-opts.def
@@ -81,14 +81,20 @@ flag = {
 
 flag = {
     value     = i;
-    name      = issuer-name;
+    name      = ident;
     ifdef     = AUTOKEY;
     arg-type  = string;
-    arg-name  = issuer-name;
-    descrip   = "set issuer name";
+    arg-name  = group;
+    descrip   = "set Autokey group name";
     doc = <<-  _EndOfDoc_
-       Set the issuer name to name.  This is used for the issuer field
-       in certificates and in the file name for host and sign keys.
+       Set the optional Autokey group name to name.  This is used in
+       the file name of IFF, GQ, and MV client parameters files.  In
+       that role, the default is the host name if this option is not
+       provided.  The group name, if specified using -i/--ident or
+       using -s/--subject-name following an '@' character, is also a
+       part of the self-signed host certificate's subject and issuer
+       names in the form host@group and should match the 'crypto ident'
+       or 'server ident' configuration in ntpd's configuration file. 
        _EndOfDoc_;
 };
 
@@ -180,12 +186,20 @@ flag = {
     value     = s;
     name      = subject-name;
     arg-type  = string;
-    arg-name  = host;
+    arg-name  = host@group;
     ifdef     = AUTOKEY;
-    descrip   = "set subject name";
+    descrip   = "set host and optionally group name";
     doc = <<-  _EndOfDoc_
-       Set the subject name to name.  This is used as the subject field
-       in certificates and in the file name for identity files.
+       Set the Autokey host name, and optionally, group name specified
+       following an '@' character.  The host name is used in the file
+       name of generated host and signing certificates, without the
+       group name.  The host name, and if provided, group name are used
+       in host@group form for the host certificate's subject and issuer
+       fields.  Specifying '-s @group' is allowed, and results in
+       leaving the host name unchanged while appending @group to the
+       subject and issuer fields, as with -i group.  The group name, or
+       if not provided, the host name are also used in the file names
+       of IFF, GQ, and MV client parameter files.
                _EndOfDoc_;
 };
 

diff --git a/util/ntp-keygen.c b/util/ntp-keygen.c
index f5e571d5ada90b57f41c00abc6e68a748cd3d9b9..3c25e087233349554211bff832b317aebb5e1e8c 100644 (file)
--- a/util/ntp-keygen.c
+++ b/util/ntp-keygen.c
@@ -163,7 +163,7 @@ time_t      epoch;                  /* Unix epoch (seconds) since 1970 */
 u_int  fstamp;                 /* NTP filestamp */
 char   *hostname = NULL;       /* host name */
 char   *groupname = NULL;      /* group name */
-char   *certname = NULL;       /* certificate subjetc/issuer name */
+char   *certname = NULL;       /* certificate subject/issuer name */
 char   *passwd1 = NULL;        /* input private key password */
 char   *passwd2 = NULL;        /* output private key password */
 char   filename[MAXFILENAME + 1]; /* file name */
@@ -243,6 +243,8 @@ main(
 {
        struct timeval tv;      /* initialization vector */
        int     md5key = 0;     /* generate MD5 keys */
+       int     optct;          /* option count */
+       char *  pch;
 #ifdef AUTOKEY
        X509    *cert = NULL;   /* X509 certificate */
        X509_EXTENSION *ext;    /* X509v3 extension */
@@ -296,12 +298,9 @@ main(
        epoch = tv.tv_sec;
        fstamp = (u_int)(epoch + JAN_1970);
 
-       {
-               int optct = ntpOptionProcess(&ntp_keygenOptions,
-                                            argc, argv);
-               argc -= optct;
-               argv += optct;
-       }
+       optct = ntpOptionProcess(&ntp_keygenOptions, argc, argv);
+       argc -= optct;
+       argv += optct;
 
 #ifdef OPENSSL
        if (SSLeay() == SSLEAY_VERSION_NUMBER)
@@ -350,6 +349,7 @@ main(
                scheme = OPT_ARG( CERTIFICATE );
 
        if (HAVE_OPT( SUBJECT_NAME )) {
+               
                if (*OPT_ARG(SUBJECT_NAME) != '@') {
                        certname = estrdup(OPT_ARG(SUBJECT_NAME));
                } else {
@@ -359,8 +359,8 @@ main(
                }
        }
 
-       if (HAVE_OPT( ISSUER_NAME ))
-               groupname = estrdup(OPT_ARG( ISSUER_NAME ));
+       if (HAVE_OPT( IDENT ))
+               groupname = estrdup(OPT_ARG( IDENT ));
 
        if (HAVE_OPT( LIFETIME ))
                lifetime = OPT_VALUE_LIFETIME;