On Fri, 2015-08-21 at 08:51 +0200, Harald Schmalzbauer wrote:
> Bezüglich Ian Lepore's Nachricht vom 21.08.2015 00:34 (localtime):
> > On Fri, 2015-07-24 at 15:19 +0200, Harald Schmalzbauer wrote:
> >> Bezglich Ian Lepore's Nachricht vom 12.07.2015 17:41 (localtime):
> >>> And let's all just hope that a week or two of testing is enough when
> >>> jumping a major piece of software forward several years in its
> >>> independent evolution.
> >> …
> >>> I wonder how many other such things could be lurking in 4.2.8, waiting
> >>> to be triggered by other peoples' non-stock configurations? We've
> >> …
> >>
> >> I'd like to report one, most likely an upstream problem:
> >>
> >> 'restrict' definitions in ntp.conf(5) no longer work with unqualified DNS
> >> names.
> >> A line like
> >> "restrict time1 nomodify nopeer noquery notrap"
> >> results in:
> >> ntpd[1913]: line 7 column 7 syntax error, unexpected T_Time1
> >> ntpd[1913]: syntax error in /etc/ntp.conf line 7, column 7
> >>
> >> I've always been using unqualified hostnames with 'restrict', and since
> >> defining 'server' with unqualified hostname still works, this seems to be
> >> a significant bug to me. People are forced to change 'restrict'
> >> definitions, but not to also change other unqualified definitions, which
> >> potentially leads to misconfigurations, since intentionally matching
> >> definitions can now differ easily.
> >>
> >> Has anybody already noticed this problem? And any idea if upstream is
> >> aware?
> > I had a quick look at this today. It appears that the problem isn't
> > unqualified names exactly, but rather an unqualified name that exactly
> > matches an ntp.conf keyword will be mistaken by the ntpd config parser
> > as a misplaced keyword token. So most unqualified names should work,
> > but there are about 200 words that won't, many of them very sensible
> > names for ntp servers such as "ntp" and "time1" and "time2".
> >
> > When I look at the ntp_parser.y grammar file it's not clear to me why
> > "server time1" works and "restrict time1" doesn't. I couldn't find any
> > way to trick it into taking a keyword as a hostname following restrict
> > (like using quotes).
>
> Thank you very much! This is very interesting and exactly matches my
> tested host names.
> I wish I had better C skills to find such things myself. Out of
> curiosity: How much time took it to find the ntp_parser.y route? (and
> with what “IDE” I'm stuck with vim)
>
> One additional observation was that the reserved-name-collision only
> happens with CNAME records.
> I hope I'll find some time to actually do look into sources - which I
> didn't at first hand because of my lousy C skills :-( But that's the
> place where to find hints :-)
>
> Thanks,
>
I started out pretty sure what I was going to discover, based on the
error you reported "syntax error, unexpected T_Time1". That 'T_Time1'
just said to me "that's a yacc/bison token constant, this is going to be
an error in their grammar (.y) file". The tricky part is that the .y
file isn't in the base source code, I had to go find it in the vendor
branch.
I don't think the CNAME part matters. I tried changing my 'ntp' CNAME
to a regular A record and the error still happens if I use it as an
unqualified name with restrict.
The IDE I use is SlickEdit, running on freebsd under the linuxulator.
It's a commercial product worth every penny I've paid for various
versions since the 90s. It gets the credit for a lot of my productivity.
-- Ian
_______________________________________________
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
_______________________________________________
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
