/*
* Calculate the reference id from the address. If it is an IPv4
* address, use it as is. If it is an IPv6 address, do a md5 on
* it and use the bottom 4 bytes.
* The result is in network byte order.
*/
u_int32
addr2refid(sockaddr_u *addr)
{
u_char digest[20];
u_int32 addr_refid;
EVP_MD_CTX ctx;
u_int len;
if (IS_IPV4(addr))
return (NSRCADR(addr));
INIT_SSL();
#if defined(OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x0090700fL
EVP_MD_CTX_init(&ctx);
#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
/* MD5 is not used as a crypto hash here. */
EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
#endif
if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) {
msyslog(LOG_ERR,
"MD5 init failed");
exit(1);
}
#else
EVP_DigestInit(&ctx, EVP_md5());
#endif
EVP_DigestUpdate(&ctx, (u_char *)PSOCK_ADDR6(addr),
sizeof(struct in6_addr));
EVP_DigestFinal(&ctx, digest, &len);
memcpy(&addr_refid, digest, sizeof(addr_refid));
return (addr_refid);
}
/*
* Calculate the reference id from the address. If it is an IPv4
* address, use it as is. If it is an IPv6 address, do a md5 on
* it and use the bottom 4 bytes.
* The result is in network byte order.
*/
u_int32
addr2refid(sockaddr_u *addr)
{
u_char digest[20];
u_int32 addr_refid;
EVP_MD_CTX ctx;
u_int len;
if (IS_IPV4(addr))
return (NSRCADR(addr));
INIT_SSL();
EVP_DigestInit(&ctx, EVP_get_digestbynid(NID_md5));
EVP_DigestUpdate(&ctx, (u_char *)PSOCK_ADDR6(addr),
sizeof(struct in6_addr));
EVP_DigestFinal(&ctx, digest, &len);
memcpy(&addr_refid, digest, 4);
return (addr_refid);
}
/* Receive data from broadcast. Couldn't finish that. Need to do some digging
* here, especially for protocol independence and IPv6 multicast */
int
recv_bcst_data (
SOCKET rsock,
char *rdata,
int rdata_len,
sockaddr_u *sas,
sockaddr_u *ras
)
{
char *buf;
int btrue = 1;
int recv_bytes = 0;
int rdy_socks;
GETSOCKNAME_SOCKLEN_TYPE ss_len;
struct timeval timeout_tv;
fd_set bcst_fd;
#ifdef MCAST
struct ip_mreq mdevadr;
TYPEOF_IP_MULTICAST_LOOP mtrue = 1;
#endif
#ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
struct ipv6_mreq mdevadr6;
#endif
setsockopt(rsock, SOL_SOCKET, SO_REUSEADDR, &btrue, sizeof(btrue));
if (IS_IPV4(sas)) {
if (bind(rsock, &sas->sa, SOCKLEN(sas)) < 0) {
if (ENABLED_OPT(NORMALVERBOSE))
printf("sntp recv_bcst_data: Couldn't bind() address %s:%d.\n",
stoa(sas), SRCPORT(sas));
}
#ifdef MCAST
if (setsockopt(rsock, IPPROTO_IP, IP_MULTICAST_LOOP, &mtrue, sizeof(mtrue)) < 0) {
/* some error message regarding setting up multicast loop */
return BROADCAST_FAILED;
}
mdevadr.imr_multiaddr.s_addr = NSRCADR(sas);
mdevadr.imr_interface.s_addr = htonl(INADDR_ANY);
if (mdevadr.imr_multiaddr.s_addr == ~(unsigned)0) {
if (ENABLED_OPT(NORMALVERBOSE)) {
printf("sntp recv_bcst_data: %s:%d is not a broad-/multicast address, aborting...\n",
stoa(sas), SRCPORT(sas));
}
return BROADCAST_FAILED;
}
if (setsockopt(rsock, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mdevadr, sizeof(mdevadr)) < 0) {
if (ENABLED_OPT(NORMALVERBOSE)) {
buf = ss_to_str(sas);
printf("sntp recv_bcst_data: Couldn't add IP membership for %s\n", buf);
free(buf);
}
}
#endif /* MCAST */
}
#ifdef ISC_PLATFORM_HAVEIPV6
else if (IS_IPV6(sas)) {
if (bind(rsock, &sas->sa, SOCKLEN(sas)) < 0) {
if (ENABLED_OPT(NORMALVERBOSE))
printf("sntp recv_bcst_data: Couldn't bind() address.\n");
}
#ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
if (setsockopt(rsock, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &btrue, sizeof (btrue)) < 0) {
/* some error message regarding setting up multicast loop */
return BROADCAST_FAILED;
}
memset(&mdevadr6, 0, sizeof(mdevadr6));
mdevadr6.ipv6mr_multiaddr = SOCK_ADDR6(sas);
if (!IN6_IS_ADDR_MULTICAST(&mdevadr6.ipv6mr_multiaddr)) {
if (ENABLED_OPT(NORMALVERBOSE)) {
buf = ss_to_str(sas);
printf("sntp recv_bcst_data: %s is not a broad-/multicast address, aborting...\n", buf);
free(buf);
}
return BROADCAST_FAILED;
}
if (setsockopt(rsock, IPPROTO_IPV6, IPV6_JOIN_GROUP,
&mdevadr6, sizeof(mdevadr6)) < 0) {
if (ENABLED_OPT(NORMALVERBOSE)) {
buf = ss_to_str(sas);
printf("sntp recv_bcst_data: Couldn't join group for %s\n", buf);
free(buf);
}
}
#endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */
}
#endif /* ISC_PLATFORM_HAVEIPV6 */
FD_ZERO(&bcst_fd);
FD_SET(rsock, &bcst_fd);
if (ENABLED_OPT(TIMEOUT))
timeout_tv.tv_sec = (int) atol(OPT_ARG(TIMEOUT));
else
timeout_tv.tv_sec = 68; /* ntpd broadcasts every 64s */
timeout_tv.tv_usec = 0;
rdy_socks = select(rsock + 1, &bcst_fd, 0, 0, &timeout_tv);
switch (rdy_socks) {
case -1:
if (ENABLED_OPT(NORMALVERBOSE))
perror("sntp recv_bcst_data: select()");
return BROADCAST_FAILED;
break;
case 0:
if (ENABLED_OPT(NORMALVERBOSE))
printf("sntp recv_bcst_data: select() reached timeout (%u sec), aborting.\n",
(unsigned)timeout_tv.tv_sec);
return BROADCAST_FAILED;
break;
default:
ss_len = sizeof(*ras);
recv_bytes = recvfrom(rsock, rdata, rdata_len, 0, &ras->sa, &ss_len);
break;
}
if (recv_bytes == -1) {
if (ENABLED_OPT(NORMALVERBOSE))
perror("sntp recv_bcst_data: recvfrom:");
recv_bytes = BROADCAST_FAILED;
}
#ifdef MCAST
if (IS_IPV4(sas))
setsockopt(rsock, IPPROTO_IP, IP_DROP_MEMBERSHIP, &btrue, sizeof(btrue));
#endif
#ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
if (IS_IPV6(sas))
setsockopt(rsock, IPPROTO_IPV6, IPV6_LEAVE_GROUP, &btrue, sizeof(btrue));
#endif
return recv_bytes;
}
/*
* findhostaddr - resolve a host name into an address (Or vice-versa)
*
* Given one of {ce_peeraddr,ce_name}, find the other one.
* It returns 1 for "success" and 0 for an uncorrectable failure.
* Note that "success" includes try again errors. You can tell that you
* got a "try again" since {ce_peeraddr,ce_name} will still be zero.
*/
static int
findhostaddr(
struct conf_entry *entry
)
{
static int eai_again_seen = 0;
struct addrinfo *addr;
struct addrinfo hints;
int again;
int error;
checkparent(); /* make sure our guy is still running */
if (entry->ce_name != NULL && !SOCK_UNSPEC(&entry->peer_store)) {
/* HMS: Squawk? */
msyslog(LOG_ERR, "findhostaddr: both ce_name and ce_peeraddr are defined...");
return 1;
}
if (entry->ce_name == NULL && SOCK_UNSPEC(&entry->peer_store)) {
msyslog(LOG_ERR, "findhostaddr: both ce_name and ce_peeraddr are undefined!");
return 0;
}
if (entry->ce_name) {
DPRINTF(2, ("findhostaddr: Resolving <%s>\n",
entry->ce_name));
memset(&hints, 0, sizeof(hints));
hints.ai_family = entry->type;
hints.ai_socktype = SOCK_DGRAM;
hints.ai_protocol = IPPROTO_UDP;
/*
* If IPv6 is not available look only for v4 addresses
*/
if (!ipv6_works)
hints.ai_family = AF_INET;
error = getaddrinfo(entry->ce_name, NULL, &hints, &addr);
if (error == 0) {
entry->peer_store = *((sockaddr_u *)(addr->ai_addr));
if (IS_IPV4(&entry->peer_store)) {
entry->ce_peeraddr =
NSRCADR(&entry->peer_store);
entry->ce_config.v6_flag = 0;
} else {
entry->ce_peeraddr6 =
SOCK_ADDR6(&entry->peer_store);
entry->ce_config.v6_flag = 1;
}
freeaddrinfo(addr);
}
} else {
DPRINTF(2, ("findhostaddr: Resolving <%s>\n",
stoa(&entry->peer_store)));
entry->ce_name = emalloc(MAXHOSTNAMELEN);
error = getnameinfo((const struct sockaddr *)&entry->peer_store,
SOCKLEN(&entry->peer_store),
(char *)&entry->ce_name, MAXHOSTNAMELEN,
NULL, 0, 0);
}
if (0 == error) {
/* again is our return value, for success it is 1 */
again = 1;
DPRINTF(2, ("findhostaddr: %s resolved.\n",
(entry->ce_name) ? "name" : "address"));
} else {
/*
* If the resolver failed, see if the failure is
* temporary. If so, return success.
*/
again = 0;
switch (error) {
case EAI_FAIL:
again = 1;
break;
case EAI_AGAIN:
again = 1;
eai_again_seen = 1;
break;
case EAI_NONAME:
#if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
case EAI_NODATA:
#endif
msyslog(LOG_ERR, "host name not found%s%s: %s",
(EAI_NONAME == error) ? "" : " EAI_NODATA",
(eai_again_seen) ? " (permanent)" : "",
entry->ce_name);
again = !eai_again_seen;
break;
#ifdef EAI_SYSTEM
case EAI_SYSTEM:
/*
* EAI_SYSTEM means the real error is in errno. We should be more
* discriminating about which errno values require retrying, but
* this matches existing behavior.
*/
again = 1;
DPRINTF(1, ("intres: EAI_SYSTEM errno %d (%s) means try again, right?\n",
errno, strerror(errno)));
break;
#endif
}
/* do this here to avoid perturbing errno earlier */
DPRINTF(2, ("intres: got error status of: %d\n", error));
}
return again;
}