From: Harlan Stenn Date: Fri, 24 Nov 2006 02:09:08 +0000 (-0500) Subject: sntp -u will use an unprivileged port for its queries X-Git-Tag: NTP_4_2_3P69_RC~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e7799aa3f6f40502880c3621c32f0a33936ac99a;p=thirdparty%2Fntp.git sntp -u will use an unprivileged port for its queries bk: 45665444L85AiOWQi40d7njCQRxLYg --- diff --git a/NEWS b/NEWS index 4fa7e11df..4b12cd7f4 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,4 @@ +* sntp -u will use an unprivileged port for its queries. * [Bug 741] "burst" doesn't work with !unfit peers. * [Bug 735] Fix a make/gmake VPATH issue on Solaris. * [Bug 739] ntpd -x should not take an argument. diff --git a/sntp/main.c b/sntp/main.c index 35bc78168..0552f858f 100644 --- a/sntp/main.c +++ b/sntp/main.c @@ -180,6 +180,7 @@ const char *argv0 = NULL; /* For diagnostics only - not NULL */ int verbose = 0, /* Default = 0, -v = 1, -V = 2, -W = 3 */ operation = 0; /* Defined in header.h - see action */ const char *lockname = NULL; /* The name of the lock file */ +int unprivport = 0; /* Use an unpriv port for query? */ #define COUNT_MAX 25 /* Do NOT increase this! */ #define WEEBLE_FACTOR 1.2 /* See run_server() and run_daemon() */ @@ -286,7 +287,7 @@ helpfully. This is called before any files or sockets are opened. */ fprintf(stderr," [ -c count ] [ -e minerr ] [ -E maxerr ]\n"); fprintf(stderr," [ -d delay | -x [ separation ] "); fprintf(stderr,"[ -f savefile ] ]\n"); - fprintf(stderr," [ -4 | -6 ] [ address(es) ] ]\n"); + fprintf(stderr," [ -4 | -6 ] [-u] [ address(es) ] ]\n"); if (halt) exit(EXIT_FAILURE); } @@ -476,7 +477,7 @@ packets is an abomination, anyway, so reject it. */ delay2 = data->current-data->originate; failed = ( ( data->stratum != 0 - && data->stratum != NTP_STRATUM_MAX + /* && data->stratum != NTP_STRATUM_MAX */ && data->reference == 0.0 ) || data->transmit == 0.0 @@ -494,6 +495,12 @@ packets is an abomination, anyway, so reject it. */ argv0,which); return 1; } + if (data->stratum == NTP_STRATUM_MAX) { + fprintf(stderr, + "%s: unsynch NTP response on socket %d\n", + argv0,which); + return 1; + } /* If it is a response, check that it corresponds to one of our requests and has got here in a reasonable length of time. */ @@ -1530,8 +1537,10 @@ one of the specialised routines to do the work. */ ++argv0; else argv0 = argv[0]; + setvbuf(stdout,NULL,_IOLBF,BUFSIZ); setvbuf(stderr,NULL,_IOLBF,BUFSIZ); + if (INT_MAX < 2147483647) fatal(0,"sntp requires >= 32-bit ints",NULL); if (DBL_EPSILON > 1.0e-13) fatal(0,"sntp requires doubles with eps <= 1.0e-13",NULL); @@ -1545,6 +1554,8 @@ one of the specialised routines to do the work. */ preferred_family(PREF_FAM_INET); else if (strcmp(argv[1],"-6") == 0) preferred_family(PREF_FAM_INET6); + else if (strcmp(argv[1],"-u") == 0) + ++unprivport; else if (strcmp(argv[1],"-q") == 0 && action == 0) action = action_query; else if (strcmp(argv[1],"-r") == 0 && action == 0) diff --git a/sntp/sntp-opts.def b/sntp/sntp-opts.def index 507b20237..d0ee84fbc 100644 --- a/sntp/sntp-opts.def +++ b/sntp/sntp-opts.def @@ -54,6 +54,15 @@ flag = { _EndOfDoc_; }; +flag = { + name = unprivport; + value = u; + descrip = "Use an unprivileged port"; + doc = <<- _EndOfDoc_ + Use an unprivilegded UDP port for our queries. + _EndOfDoc_; +}; + flag = { name = normalverbose; value = v; @@ -176,14 +185,7 @@ UTC) to the standard output in a format like .BR "'1996 Oct 15 20:17:25.123 + 4.567 +/- 0.089 secs'" , where the .B "'+ 4.567 +/- 0.089 secs'" -indicates the estimated error in the time on the local system. In daemon mode, -it will add drift information in a format like -.BR "' + 1.3 +/- 0.1 ppm'" , -and display this at roughly -.I separation -intervals (see under the -.B \-x -option for details). +indicates the estimated error in the time on the local system. .TP .BI \-l " lockfile" sets the name of the lock file to ensure that there is only @@ -229,40 +231,6 @@ sets a rough limit on the total running time to seconds. Acceptable values are from 1 to 3600, and the default is 15 if a NTP host is specified and 300 otherwise. .TP -.BI \-x " separation" -causes the program to run as a daemon (i.e. forever), and to estimate and -correct for the clock drift. -.I separation -sets the minimum time between calls to the server in minutes if a NTP host is -specified, and between broadcast packets if not. Acceptable values are from 1 -to 1440 (a day), and the default (if -.B \-x -is specified but -.I separation -is omitted) is 300. -.TP -.BI \-f " savefile" -may be used with the -.B \-x -option to store a record of previous packets, which speeds up recalculating -the drift after -.I sntp -has to be restarted (e.g. because of network or server outages). In order to -restart the data, -.I sntp -must be restarted reasonably soon after it died (within a few times the value of -.IR separation ), -with the same value of the -.B \-c -option, the same value of -.IR separation , -in the same mode (i.e. broadcast or client), though the NTP servers need not -be the same for client mode, and with compatible values of other settings. -Note that the file will be created with the default ownerships and permissions, -using standard C facilities. The default is installation-dependent, but will -usually be -.IR /etc/sntp.state . -.TP .B -4 force IPv4 DNS resolution. .TP @@ -294,16 +262,6 @@ In update mode, .B maxerr must be less than .BR prompt. -.IP -In daemon mode (i.e. when -.B \-x -is specified), -.B minerr -must be less than -.B maxerr -which must be less than -.B separation -(note that this is in minutes, not seconds, but the numeric value is compared). .PP Note that none of the above values are closely linked to the limits described in the NTP protocol (RFC 1305). @@ -313,12 +271,6 @@ current time and error in the local clock. For example: .IP .B sntp ntpserver.somewhere .PP -It can be run as a unprivileged background process to check on the clock drift -as well as the current error; this will probably fail if the local clock is -reset while it is running. For example: -.IP -.B sntp -x ntpserver.somewhere > output 2>\&1 \& -.PP With suitable privilege, it can be run as a command or in a .I cron job to reset the local clock from a reliable server, like the @@ -329,10 +281,6 @@ commands. For example: .IP .B sntp -a ntpserver.somewhere .PP -It can also be run as a daemon to keep the local clock in step. For example: -.IP -.B sntp -a -x ntpserver.somewhere > output 2>\&1 \& -.PP More information on how to use this utility is given in the .I README file in the distribution. In particular, this diff --git a/sntp/socket.c b/sntp/socket.c index 18744c83e..02fabb8af 100644 --- a/sntp/socket.c +++ b/sntp/socket.c @@ -110,6 +110,8 @@ void display_sock_in_hex (struct sockaddr_in *sock) { } #endif +extern int unprivport; + #ifdef HAVE_IPV6 void open_socket (int which, char *hostname, int timespan) { @@ -145,7 +147,7 @@ be reset before use in server mode. */ memset(&here[which], 0, sizeof(struct sockaddr_storage)); here[which] = anywhere; - if (operation != op_listen) + if (operation != op_listen || unprivport) ((struct sockaddr_in6 *)&here[which])->sin6_port = 0; memset(&there[which], 0, sizeof(struct sockaddr_storage)); there[which] = address; @@ -210,7 +212,7 @@ number is in network format. */ memset(&here[which],0,sizeof(struct sockaddr_in)); here[which].sin_family = AF_INET; here[which].sin_port = - (operation == op_listen ? port : 0); + (operation == op_listen || !unprivport ? port : 0); here[which].sin_addr = anywhere; memset(&there[which],0,sizeof(struct sockaddr_in)); there[which].sin_family = AF_INET;