diff --git a/client.c b/client.c index ca55b78..aa78959 100644 --- a/client.c +++ b/client.c @@ -52,7 +52,7 @@ union sockaddr_in46 { struct sockaddr_in in4; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 struct sockaddr_in6 in6; #endif struct sockaddr u; @@ -160,7 +160,7 @@ open_io(const char *hostname, int port) his_addr.in4.sin_port = htons(port); his_addr_len = sizeof (his_addr.in4); break; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 case IPADDR_INET6: sock_fd = socket(AF_INET6, SOCK_DGRAM, 0); @@ -187,7 +187,7 @@ open_io(const char *hostname, int port) recv_errqueue = 1; } #endif -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 #ifdef IPV6_RECVERR if (ip.family == IPADDR_INET6 && !setsockopt(sock_fd, IPPROTO_IPV6, IPV6_RECVERR, &on_off, sizeof(on_off))) { @@ -1412,7 +1412,7 @@ submit_request(CMD_Request *request, CMD_Reply *reply, int *reply_auth_ok) (where_from.u.sa_family == AF_INET && (where_from.in4.sin_addr.s_addr != his_addr.in4.sin_addr.s_addr || where_from.in4.sin_port != his_addr.in4.sin_port)) || -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 (where_from.u.sa_family == AF_INET6 && (memcmp(where_from.in6.sin6_addr.s6_addr, his_addr.in6.sin6_addr.s6_addr, sizeof (where_from.in6.sin6_addr.s6_addr)) != 0 || diff --git a/cmdmon.c b/cmdmon.c index 58a6c90..7cfab0f 100644 --- a/cmdmon.c +++ b/cmdmon.c @@ -54,7 +54,7 @@ union sockaddr_in46 { struct sockaddr_in in4; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 struct sockaddr_in6 in6; #endif struct sockaddr u; @@ -62,7 +62,7 @@ union sockaddr_in46 { /* File descriptors for command and monitoring sockets */ static int sock_fd4; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 static int sock_fd6; #endif @@ -207,7 +207,7 @@ prepare_socket(int family, int port_number) } #endif -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 if (family == AF_INET6) { #ifdef IPV6_V6ONLY /* Receive IPv6 packets only */ @@ -233,7 +233,7 @@ prepare_socket(int family, int port_number) else my_addr.in4.sin_addr.s_addr = htonl(INADDR_ANY); break; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 case AF_INET6: my_addr_len = sizeof (my_addr.in6); my_addr.in6.sin6_family = family; @@ -304,7 +304,7 @@ CAM_Initialise(int family) sock_fd4 = prepare_socket(AF_INET, port_number); else sock_fd4 = -1; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 if (port_number && (family == IPADDR_UNSPEC || family == IPADDR_INET6)) sock_fd6 = prepare_socket(AF_INET6, port_number); else @@ -312,7 +312,7 @@ CAM_Initialise(int family) #endif if (port_number && sock_fd4 < 0 -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 && sock_fd6 < 0 #endif ) { @@ -333,7 +333,7 @@ CAM_Finalise(void) close(sock_fd4); } sock_fd4 = -1; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 if (sock_fd6 >= 0) { SCH_RemoveInputFileHandler(sock_fd6); close(sock_fd6); @@ -687,7 +687,7 @@ transmit_reply(CMD_Reply *msg, union sockaddr_in46 *where_to, int auth_len) sock_fd = sock_fd4; addrlen = sizeof (where_to->in4); break; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 case AF_INET6: sock_fd = sock_fd6; addrlen = sizeof (where_to->in6); @@ -711,7 +711,7 @@ transmit_reply(CMD_Reply *msg, union sockaddr_in46 *where_to, int auth_len) ip.addr.in4 = ntohl(where_to->in4.sin_addr.s_addr); port = ntohs(where_to->in4.sin_port); break; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 case AF_INET6: ip.family = IPADDR_INET6; memcpy(ip.addr.in6, (where_to->in6.sin6_addr.s6_addr), sizeof(ip.addr.in6)); @@ -1659,7 +1659,7 @@ read_from_cmd_socket(void *anything) remote_port = ntohs(where_from.in4.sin_port); localhost = (remote_ip.addr.in4 == 0x7f000001UL); break; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 case AF_INET6: remote_ip.family = IPADDR_INET6; memcpy(&remote_ip.addr.in6, where_from.in6.sin6_addr.s6_addr, diff --git a/configure b/configure index 3f898bd..c2e54d1 100755 --- a/configure +++ b/configure @@ -112,7 +112,7 @@ For better control, use the options below. --disable-pps Disable PPS refclock driver --disable-ipv6 Disable IPv6 support --disable-rtc Don't include RTC even on Linux - --disable-linuxcaps Disable Linux capabilities support + --disable-linuxcaps Disable libcap (Linux capabilities) support --disable-asyncdns Disable asynchronous name resolving --disable-forcednsretry Don't retry on permanent DNS error --with-ntp-era=SECONDS Specify earliest assumed NTP time in seconds @@ -183,7 +183,7 @@ EXTRA_OBJECTS="" EXTRA_DEFS="" SYSDEFS="" -debug=0 +feat_debug=0 feat_cmdmon=1 feat_ntp=1 feat_refclock=1 @@ -194,8 +194,8 @@ try_nss=1 try_tomcrypt=1 feat_rtc=1 try_rtc=0 -feat_linuxcaps=1 -try_linuxcaps=0 +feat_droproot=1 +try_libcap=0 readline_lib="" readline_inc="" ncurses_lib="" @@ -215,7 +215,7 @@ for option do case "$option" in --enable-debug ) - debug=1 + feat_debug=1 ;; --disable-readline ) feat_readline=0 @@ -290,7 +290,7 @@ do feat_pps=0 ;; --disable-linuxcaps) - feat_linuxcaps=0 + feat_droproot=0 ;; --disable-asyncdns) feat_asyncdns=0 @@ -355,7 +355,7 @@ case $SYSTEM in ;; Linux* ) EXTRA_OBJECTS="sys_generic.o sys_linux.o wrap_adjtimex.o" - try_linuxcaps=1 + try_libcap=1 try_rtc=1 try_setsched=1 try_lockmem=1 @@ -404,6 +404,11 @@ case $SYSTEM in ;; esac +if [ $feat_debug = "1" ]; then + add_def FEAT_DEBUG +fi +add_def DEBUG $feat_debug + if [ $feat_cmdmon = "1" ]; then add_def FEAT_CMDMON EXTRA_OBJECTS="$EXTRA_OBJECTS cmdmon.o manual.o pktlength.o" @@ -488,7 +493,7 @@ if [ $feat_ipv6 = "1" ] && \ n.sin6_addr = in6addr_any; return !inet_ntop(AF_INET6, &n.sin6_addr.s6_addr, p, sizeof(p));' then - add_def HAVE_IPV6 + add_def FEAT_IPV6 if test_code 'in6_pktinfo' 'sys/socket.h netinet/in.h' '' '' ' return sizeof(struct in6_pktinfo);' then @@ -538,17 +543,17 @@ if [ "x$timepps_h" != "x" ] && \ struct timespec ts; return time_pps_fetch(h, PPS_TSFMT_TSPEC, &i, &ts);' then - add_def HAVE_PPSAPI + add_def FEAT_PPS fi -if [ $feat_linuxcaps = "1" ] && [ $try_linuxcaps = "1" ] && \ +if [ $feat_droproot = "1" ] && [ $try_libcap = "1" ] && \ test_code \ - linuxcaps \ + libcap \ 'sys/types.h pwd.h sys/prctl.h sys/capability.h grp.h' \ '' '-lcap' \ 'prctl(PR_SET_KEEPCAPS, 1);cap_set_proc(cap_from_text("cap_sys_time=ep"));' then - add_def FEAT_LINUXCAPS + add_def FEAT_PRIVDROP EXTRA_LIBS="$EXTRA_LIBS -lcap" fi @@ -659,7 +664,7 @@ if [ $try_nss = "1" ]; then HASH_COMPILE="$test_cflags" HASH_LINK="$test_link" LIBS="$LIBS $HASH_LINK" - add_def GENERATE_SHA1_KEY + add_def FEAT_SECHASH fi fi @@ -671,7 +676,7 @@ if [ "x$HASH_LINK" = "x" ] && [ $try_tomcrypt = "1" ]; then HASH_COMPILE="-I/usr/include/tomcrypt" HASH_LINK="-ltomcrypt" LIBS="$LIBS $HASH_LINK" - add_def GENERATE_SHA1_KEY + add_def FEAT_SECHASH fi fi @@ -730,7 +735,6 @@ if [ "x$SETCHRONYVARDIR" != "x" ]; then CHRONYVARDIR=$SETCHRONYVARDIR fi -add_def DEBUG $debug add_def DEFAULT_CONF_FILE "\"$SYSCONFDIR/chrony.conf\"" add_def DEFAULT_USER "\"$default_user\"" add_def MAIL_PROGRAM "\"$mail_program\"" diff --git a/keys.c b/keys.c index 9025fea..6c326ad 100644 --- a/keys.c +++ b/keys.c @@ -63,7 +63,7 @@ static int cache_key_pos; static int generate_key(unsigned long key_id) { -#ifdef GENERATE_SHA1_KEY +#ifdef FEAT_SECHASH unsigned char key[20]; const char *hashname = "SHA1"; #else diff --git a/nameserv.c b/nameserv.c index f8a4b63..56a3a4a 100644 --- a/nameserv.c +++ b/nameserv.c @@ -71,7 +71,7 @@ DNS_Name2IPAddress(const char *name, IPAddr *addr) addr->addr.in4 = ntohl(((struct sockaddr_in *)ai->ai_addr)->sin_addr.s_addr); result = 1; break; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 case AF_INET6: addr->family = IPADDR_INET6; memcpy(&addr->addr.in6, &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr.s6_addr, sizeof (addr->addr.in6)); @@ -115,7 +115,7 @@ DNS_IPAddress2Name(IPAddr *ip_addr, char *name, int len) { char *result = NULL; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 struct sockaddr_in in4; struct sockaddr_in6 in6; char hbuf[NI_MAXHOST]; @@ -151,7 +151,7 @@ DNS_IPAddress2Name(IPAddr *ip_addr, char *name, int len) addr = htonl(ip_addr->addr.in4); host = gethostbyaddr((const char *) &addr, sizeof (ip_addr), AF_INET); break; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 case IPADDR_INET6: host = gethostbyaddr((const void *) ip_addr->addr.in6, sizeof (ip_addr->addr.in6), AF_INET6); break; diff --git a/ntp_io.c b/ntp_io.c index e0f7aea..1af88a2 100644 --- a/ntp_io.c +++ b/ntp_io.c @@ -43,7 +43,7 @@ union sockaddr_in46 { struct sockaddr_in in4; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 struct sockaddr_in6 in6; #endif struct sockaddr u; @@ -52,7 +52,7 @@ union sockaddr_in46 { /* The server/peer and client sockets for IPv4 and IPv6 */ static int server_sock_fd4; static int client_sock_fd4; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 static int server_sock_fd6; static int client_sock_fd6; #endif @@ -116,7 +116,7 @@ prepare_socket(int family, int port_number, int client_only) my_addr_len = sizeof (my_addr.in4); break; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 case AF_INET6: if (!client_only) CNF_GetBindAddress(IPADDR_INET6, &bind_address); @@ -181,7 +181,7 @@ prepare_socket(int family, int port_number, int client_only) } #endif } -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 else if (family == AF_INET6) { #ifdef IPV6_V6ONLY /* Receive IPv6 packets only */ @@ -226,7 +226,7 @@ prepare_separate_client_socket(int family) switch (family) { case IPADDR_INET4: return prepare_socket(AF_INET, 0, 1); -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 case IPADDR_INET6: return prepare_socket(AF_INET6, 0, 1); #endif @@ -252,7 +252,7 @@ connect_socket(int sock_fd, NTP_Remote_Address *remote_addr) addr.in4.sin_addr.s_addr = htonl(remote_addr->ip_addr.addr.in4); addr.in4.sin_port = htons(remote_addr->port); break; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 case IPADDR_INET6: addr_len = sizeof (addr.in6); addr.in6.sin6_family = AF_INET6; @@ -306,7 +306,7 @@ NIO_Initialise(int family) server_sock_fd4 = INVALID_SOCK_FD; client_sock_fd4 = INVALID_SOCK_FD; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 server_sock_fd6 = INVALID_SOCK_FD; client_sock_fd6 = INVALID_SOCK_FD; #endif @@ -321,7 +321,7 @@ NIO_Initialise(int family) client_sock_fd4 = server_sock_fd4; } } -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 if (family == IPADDR_UNSPEC || family == IPADDR_INET6) { if (server_port) server_sock_fd6 = prepare_socket(AF_INET6, server_port, 0); @@ -335,11 +335,11 @@ NIO_Initialise(int family) #endif if ((server_port && server_sock_fd4 == INVALID_SOCK_FD -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 && server_sock_fd6 == INVALID_SOCK_FD #endif ) || (!separate_client_sockets && client_sock_fd4 == INVALID_SOCK_FD -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 && client_sock_fd6 == INVALID_SOCK_FD #endif )) { @@ -356,7 +356,7 @@ NIO_Finalise(void) close_socket(client_sock_fd4); close_socket(server_sock_fd4); server_sock_fd4 = client_sock_fd4 = INVALID_SOCK_FD; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 if (server_sock_fd6 != client_sock_fd6) close_socket(client_sock_fd6); close_socket(server_sock_fd6); @@ -386,7 +386,7 @@ NIO_GetClientSocket(NTP_Remote_Address *remote_addr) switch (remote_addr->ip_addr.family) { case IPADDR_INET4: return client_sock_fd4; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 case IPADDR_INET6: return client_sock_fd6; #endif @@ -404,7 +404,7 @@ NIO_GetServerSocket(NTP_Remote_Address *remote_addr) switch (remote_addr->ip_addr.family) { case IPADDR_INET4: return server_sock_fd4; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 case IPADDR_INET6: return server_sock_fd6; #endif @@ -429,7 +429,7 @@ NIO_IsServerSocket(int sock_fd) { return sock_fd != INVALID_SOCK_FD && (sock_fd == server_sock_fd4 -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 || sock_fd == server_sock_fd6 #endif ); @@ -490,7 +490,7 @@ read_from_socket(void *anything) remote_addr.ip_addr.addr.in4 = ntohl(where_from.in4.sin_addr.s_addr); remote_addr.port = ntohs(where_from.in4.sin_port); break; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 case AF_INET6: remote_addr.ip_addr.family = IPADDR_INET6; memcpy(&remote_addr.ip_addr.addr.in6, where_from.in6.sin6_addr.s6_addr, @@ -589,7 +589,7 @@ send_packet(void *packet, int packetlen, NTP_Remote_Address *remote_addr, NTP_Lo remote.in4.sin_port = htons(remote_addr->port); remote.in4.sin_addr.s_addr = htonl(remote_addr->ip_addr.addr.in4); break; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 case IPADDR_INET6: /* Don't set address with connected socket */ if (local_addr->sock_fd != server_sock_fd6 && separate_client_sockets) diff --git a/refclock_pps.c b/refclock_pps.c index b17f496..cd3cd83 100644 --- a/refclock_pps.c +++ b/refclock_pps.c @@ -29,7 +29,7 @@ #include "refclock.h" -#if HAVE_PPSAPI +#if FEAT_PPS #if defined(HAVE_SYS_TIMEPPS_H) #include diff --git a/sys.c b/sys.c index 765af09..6b6aff4 100644 --- a/sys.c +++ b/sys.c @@ -97,7 +97,7 @@ SYS_Finalise(void) void SYS_DropRoot(char *user) { -#if defined(LINUX) && defined (FEAT_LINUXCAPS) +#if defined(LINUX) && defined (FEAT_PRIVDROP) SYS_Linux_DropRoot(user); #else LOG_FATAL(LOGF_Sys, "dropping root privileges not supported"); diff --git a/sys_linux.c b/sys_linux.c index a8af8df..b342505 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -44,7 +44,7 @@ int SchedPriority = 0; int LockAll = 0; #endif -#ifdef FEAT_LINUXCAPS +#ifdef FEAT_PRIVDROP #include #include #include @@ -352,7 +352,7 @@ SYS_Linux_Finalise(void) /* ================================================== */ -#ifdef FEAT_LINUXCAPS +#ifdef FEAT_PRIVDROP void SYS_Linux_DropRoot(char *user) { diff --git a/sysincl.h b/sysincl.h index adf1997..b0f587c 100644 --- a/sysincl.h +++ b/sysincl.h @@ -78,7 +78,7 @@ #endif -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 /* For inet_ntop() */ #include #endif diff --git a/util.c b/util.c index 08fc0cd..aedf2c9 100644 --- a/util.c +++ b/util.c @@ -277,7 +277,7 @@ UTI_IPToString(IPAddr *addr) break; case IPADDR_INET6: ip6 = addr->addr.in6; -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 inet_ntop(AF_INET6, ip6, result, BUFFER_LENGTH); #else snprintf(result, BUFFER_LENGTH, "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x", @@ -296,7 +296,7 @@ UTI_IPToString(IPAddr *addr) int UTI_StringToIP(const char *addr, IPAddr *ip) { -#ifdef HAVE_IPV6 +#ifdef FEAT_IPV6 struct in_addr in4; struct in6_addr in6;