diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-05-06 18:08:04 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-05-06 18:08:04 +0200 |
commit | 661278ee297247c0c7e0708924f8ce52284529fc (patch) | |
tree | 3354d9078f6709887e827714ffb1657de0dbc279 | |
parent | dfdb269daf539470c6bcf232a58c6cd1e4492fc8 (diff) |
timesyncd: never accept NTP time from server that is older than systemd's release time
-rw-r--r-- | configure.ac | 9 | ||||
-rw-r--r-- | src/timesync/timesyncd.c | 8 |
2 files changed, 16 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac index 318d77b302..972fc2f6bf 100644 --- a/configure.ac +++ b/configure.ac @@ -836,6 +836,14 @@ AC_ARG_WITH(ntp-servers, AC_DEFINE_UNQUOTED(NTP_SERVERS, ["$NTP_SERVERS"], [Default NTP Servers]) AC_SUBST(NTP_SERVERS) +AC_ARG_WITH(time-epoch, + AS_HELP_STRING([--with-time-epoch=SECONDS], + [TIme epoch for time clients]), + [TIME_EPOCH="$withval"], + [TIME_EPOCH="`stat -c %Y ${srcdir}/NEWS 2>/dev/null || echo 0`"]) + +AC_DEFINE_UNQUOTED(TIME_EPOCH, [$TIME_EPOCH], [Time Epoch]) + # ------------------------------------------------------------------------------ have_localed=no AC_ARG_ENABLE(localed, AS_HELP_STRING([--disable-localed], [disable locale daemon])) @@ -1169,6 +1177,7 @@ AC_MSG_RESULT([ timedated: ${have_timedated} timesyncd: ${have_timesyncd} default NTP servers: ${NTP_SERVERS} + time epoch: ${TIME_EPOCH} localed: ${have_localed} networkd: ${have_networkd} coredump: ${have_coredump} diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c index 6e38a2cb89..dabad5e196 100644 --- a/src/timesync/timesyncd.c +++ b/src/timesync/timesyncd.c @@ -573,12 +573,18 @@ static int manager_receive_response(sd_event_source *source, int fd, uint32_t re m->event_timeout = sd_event_source_unref(m->event_timeout); + if (be32toh(ntpmsg.recv_time.sec) < TIME_EPOCH + OFFSET_1900_1970 || + be32toh(ntpmsg.trans_time.sec) < TIME_EPOCH + OFFSET_1900_1970) { + log_debug("Invalid reply, returned times before epoch. Ignoring."); + return manager_connect(m); + } + if (NTP_FIELD_LEAP(ntpmsg.field) == NTP_LEAP_NOTINSYNC) { log_debug("Server is not synchronized. Disconnecting."); return manager_connect(m); } - if (NTP_FIELD_VERSION(ntpmsg.field) != 4 && NTP_FIELD_VERSION(ntpmsg.field) != 3) { + if (!IN_SET(NTP_FIELD_VERSION(ntpmsg.field), 3, 4)) { log_debug("Response NTPv%d. Disconnecting.", NTP_FIELD_VERSION(ntpmsg.field)); return manager_connect(m); } |