1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
|
#!/bin/sh
#
#
# PROVIDE: ntpd
# REQUIRE: DAEMON ntpdate FILESYSTEMS devfs
# BEFORE: LOGIN
# KEYWORD: nojail resume shutdown
. /etc/rc.subr
name="ntpd"
desc="Network Time Protocol daemon"
rcvar="ntpd_enable"
command="/usr/sbin/${name}"
extra_commands="fetch needfetch resume"
fetch_cmd="ntpd_fetch_leapfile"
needfetch_cmd="ntpd_needfetch_leapfile"
resume_cmd="ntpd_resume"
start_precmd="ntpd_precmd"
_ntp_tmp_leapfile="/var/run/ntpd.leap-seconds.list"
_ntp_default_dir="/var/db/ntp"
_ntp_default_driftfile="${_ntp_default_dir}/ntpd.drift"
_ntp_old_driftfile="/var/db/ntpd.drift"
pidfile="${_ntp_default_dir}/${name}.pid"
load_rc_config $name
# doesn't make sense to run in a svcj: nojail keyword
ntpd_svcj="NO"
leapfile_is_disabled() {
# Return true (0) if automatic leapfile handling is disabled.
case "$ntp_db_leapfile" in
[Nn][Oo] | [Nn][Oo][Nn][Ee] )
return 0;;
* )
return 1;;
esac
}
can_run_nonroot()
{
# If the admin set what uid to use, we don't change it.
if [ -n "${ntpd_user}" ]; then
return 1
fi
# If the admin set any command line options involving files, we
# may not be able to access them as user ntpd.
case "${rc_flags}" in
*-f* | *--driftfile* | *-i* | *--jaildir* | \
*-k* | *--keyfile* | *-l* | *--logfile* | \
*-p* | *--pidfile* | *-s* | *--statsdir* )
return 1;;
esac
# If the admin set any options in ntp.conf involving files,
# we may not be able to access them as user ntpd.
local fileopts="^[ \t]*crypto|^[ \t]*driftfile|^[ \t]*key|^[ \t]*logfile|^[ \t]*statsdir"
grep -E -q "${fileopts}" "${ntpd_config}" && return 1
# Try to set up the MAC ntpd policy so ntpd can run with reduced
# privileges. Detect whether MAC is compiled into the kernel, load
# the policy module if not already present, then check whether the
# policy has been disabled via tunable or sysctl.
[ -n "$(sysctl -qn security.mac.version)" ] || return 1
sysctl -qn security.mac.ntpd >/dev/null || kldload -qn mac_ntpd || return 1
[ "$(sysctl -qn security.mac.ntpd.enabled)" == "1" ] || return 1
# On older existing systems, the ntp dir may by owned by root, change
# it to ntpd to give the daemon create/write access to the driftfile.
if [ "$(stat -f %u ${_ntp_default_dir})" = "0" ]; then
chown ntpd:ntpd "${_ntp_default_dir}" || return 1
chmod 0755 "${_ntp_default_dir}" || return 1
logger -s -t "rc.d/ntpd" -p daemon.notice \
"${_ntp_default_dir} updated to owner ntpd:ntpd, mode 0755"
fi
# If the driftfile exists in the standard location for older existing
# systems, move it into the ntp dir and fix the ownership if we can.
if [ -f "${_ntp_old_driftfile}" ] && [ ! -L "${_ntp_old_driftfile}" ]; then
mv "${_ntp_old_driftfile}" "${_ntp_default_driftfile}" &&
chown ntpd:ntpd "${_ntp_default_driftfile}" || return 1
logger -s -t "rc.d/ntpd" -p daemon.notice \
"${_ntp_default_driftfile} updated to owner ntpd:ntpd"
logger -s -t "rc.d/ntpd" -p daemon.notice \
"${_ntp_old_driftfile} moved to ${_ntp_default_driftfile}"
fi
}
ntpd_precmd()
{
local driftopt
# If we can run as a non-root user, switch uid to ntpd and use the
# new default location for the driftfile inside the ntpd-owned dir.
# Otherwise, figure out what to do about the driftfile option. If set
# by the admin, we don't add the option. If the file exists in the old
# default location we use that, else we use the new default location.
if can_run_nonroot; then
driftopt="-f ${_ntp_default_driftfile}"
elif grep -q "^[ \t]*driftfile" "${ntpd_config}" ||
[ -n "${rc_flags}" ] &&
( [ -z "${rc_flags##*-f*}" ] ||
[ -z "${rc_flags##*--driftfile*}" ] ); then
driftopt="" # admin set the option, we don't need to add it.
elif [ -f "${_ntp_old_driftfile}" ]; then
driftopt="-f ${_ntp_old_driftfile}"
else
driftopt="-f ${_ntp_default_driftfile}"
fi
# Set command_args based on the various config vars.
command_args="-p ${pidfile} -c ${ntpd_config} ${driftopt} -u ${ntpd_user:=ntpd:ntpd}"
# Unset ntpd_user because rc.subr uses $${name}_user to determine
# whether to invoke su(1) to setuid() to $ntpd_user for us. We want
# ntpd to do the setuid() itself through the -u argument, above.
unset ntpd_user
if checkyesno ntpd_sync_on_start; then
command_args="${command_args} -g"
fi
# Make sure the leapfile is ready to use, unless leapfile
# handling is disabled.
if leapfile_is_disabled; then
return
fi
ntpd_init_leapfile
if [ ! -f "${ntp_db_leapfile}" ]; then
ntpd_fetch_leapfile
fi
}
current_ntp_ts() {
# Seconds between 1900-01-01 and 1970-01-01
# echo $(((70*365+17)*86400))
ntp_to_unix=2208988800
echo $(($(date -u +%s)+$ntp_to_unix))
}
get_ntp_leapfile_ver() {
# Leapfile update date (version number).
expr "$(awk '$1 == "#$" { print $2 }' "$1" 2>/dev/null)" : \
'^\([1-9][0-9]*\)$' \| 0
}
get_ntp_leapfile_expiry() {
# Leapfile expiry date.
expr "$(awk '$1 == "#@" { print $2 }' "$1" 2>/dev/null)" : \
'^\([1-9][0-9]*\)$' \| 0
}
ntpd_init_leapfile() {
if leapfile_is_disabled; then
return
fi
# Refresh working leapfile with an invalid hash due to
# FreeBSD id header. Ntpd will ignore leapfiles with a
# mismatch hash. The file must be the virgin file from
# the source.
if [ ! -f $ntp_db_leapfile ]; then
cp -p $ntp_src_leapfile $ntp_db_leapfile
fi
}
ntpd_needfetch_leapfile() {
local rc verbose
if leapfile_is_disabled; then
# Return code 1: ntp leapfile fetch not needed
return 1
fi
if checkyesno ntp_leapfile_fetch_verbose; then
verbose=echo
else
verbose=:
fi
ntp_ver_no_src=$(get_ntp_leapfile_ver $ntp_src_leapfile)
ntp_expiry_src=$(get_ntp_leapfile_expiry $ntp_src_leapfile)
ntp_ver_no_db=$(get_ntp_leapfile_ver $ntp_db_leapfile)
ntp_expiry_db=$(get_ntp_leapfile_expiry $ntp_db_leapfile)
$verbose ntp_src_leapfile version is $ntp_ver_no_src expires $ntp_expiry_src
$verbose ntp_db_leapfile version is $ntp_ver_no_db expires $ntp_expiry_db
if [ "$ntp_ver_no_src" -gt "$ntp_ver_no_db" -o \
"$ntp_ver_no_src" -eq "$ntp_ver_no_db" -a \
"$ntp_expiry_src" -gt "$ntp_expiry_db" ]; then
$verbose replacing $ntp_db_leapfile with $ntp_src_leapfile
cp -p $ntp_src_leapfile $ntp_db_leapfile
ntp_ver_no_db=$ntp_ver_no_src
else
$verbose not replacing $ntp_db_leapfile with $ntp_src_leapfile
fi
ntp_leapfile_expiry_seconds=$((ntp_leapfile_expiry_days*86400))
ntp_leap_expiry=$(get_ntp_leapfile_expiry $ntp_db_leapfile)
ntp_leap_fetch_date=$((ntp_leap_expiry-ntp_leapfile_expiry_seconds))
if [ $(current_ntp_ts) -ge $ntp_leap_fetch_date ]; then
$verbose Within ntp leapfile expiry limit, initiating fetch
# Return code 0: ntp leapfile fetch needed
return 0
fi
# Return code 1: ntp leapfile fetch not needed
return 1
}
ntpd_fetch_leapfile() {
if leapfile_is_disabled; then
return
fi
if checkyesno ntp_leapfile_fetch_verbose; then
verbose=echo
else
verbose=:
fi
if ntpd_needfetch_leapfile ; then
for url in $ntp_leapfile_sources ; do
$verbose fetching $url
# Circumvent umask 027 and 077 in login.conf(5)
umask 022
fetch $ntp_leapfile_fetch_opts -o $_ntp_tmp_leapfile $url && break
done
ntp_ver_no_tmp=$(get_ntp_leapfile_ver $_ntp_tmp_leapfile)
ntp_expiry_tmp=$(get_ntp_leapfile_expiry $_ntp_tmp_leapfile)
if [ "$ntp_expiry_tmp" -gt "$ntp_expiry_db" -o \
"$ntp_expiry_tmp" -eq "$ntp_expiry_db" -a \
"$ntp_ver_no_tmp" -gt "$ntp_ver_no_db" ]; then
$verbose using $url as $ntp_db_leapfile
mv -f $_ntp_tmp_leapfile $ntp_db_leapfile ||
$verbose "warning: cannot replace $ntp_db_leapfile (read-only fs?)"
else
$verbose using existing $ntp_db_leapfile
fi
fi
}
ntpd_resume()
{
run_rc_command restart
}
run_rc_command "$1"
|
