HardenedBSD/sntp/sntp-opts.def
Cy Schubert b5e14a1344 Vendor import ntp 4.2.8.
Reviewed by:	roberto
Security:	VUXML: 4033d826-87dd-11e4-9079-3c970e169bc2
Security:	http://www.kb.cert.org/vuls/id/852879
Security:	CVE-2014-9293
Security	CVE-2014-9294
Security	CVE-2014-9295
Security	CVE-2014-9296
2014-12-20 22:52:39 +00:00

321 lines
8.0 KiB
Plaintext

/* -*- Mode: Text -*- */
autogen definitions options;
#include autogen-version.def
#include copyright.def
prog-name = "sntp";
prog-title = "standard Simple Network Time Protocol client program";
argument = '[ hostname-or-IP ...]';
#include homerc.def
long-opts;
config-header = "config.h";
environrc;
#include version.def
flag = {
name = ipv4;
value = 4;
flags-cant = ipv6;
descrip = "Force IPv4 DNS name resolution";
doc = <<- _EndOfDoc_
Force DNS resolution of the following host names on the command line
to the IPv4 namespace.
_EndOfDoc_;
};
flag = {
name = ipv6;
value = 6;
flags-cant = ipv4;
descrip = "Force IPv6 DNS name resolution";
doc = <<- _EndOfDoc_
Force DNS resolution of the following host names on the command line
to the IPv6 namespace.
_EndOfDoc_;
};
flag = {
name = authentication;
value = a;
descrip = "Enable authentication with the key @var{auth-keynumber}";
arg-type = number;
arg-name = "auth-keynumber";
doc = <<- _EndOfDoc_
Enable authentication using the key specified in this option's
argument. The argument of this option is the @option{keyid}, a
number specified in the @option{keyfile} as this key's identifier.
See the @option{keyfile} option (@option{-k}) for more details.
_EndOfDoc_;
};
flag = {
name = broadcast;
value = b;
descrip = "Listen to the address specified for broadcast time sync";
arg-type = string;
arg-name = "broadcast-address";
max = NOLIMIT;
stack-arg;
doc = <<- _EndOfDoc_
If specified @code{sntp} will listen to the specified address
for NTP broadcasts. The default maximum wait time
can (and probably should) be modified with @option{-t}.
_EndOfDoc_;
};
flag = {
name = concurrent;
value = c;
descrip = "Concurrently query all IPs returned for host-name";
arg-type = string;
arg-name = "host-name";
max = NOLIMIT;
stack-arg;
doc = <<- _EndOfDoc_
Requests from an NTP "client" to a "server" should never be sent
more rapidly than one every 2 seconds. By default, any IPs returned
as part of a DNS lookup are assumed to be for a single instance of
@code{ntpd}, and therefore @code{sntp} will send queries to these IPs
one after another, with a 2-second gap in between each query.
The @option{-c} or @option{--concurrent} flag says that any IPs
returned for the DNS lookup of the supplied host-name are on
different machines, so we can send concurrent queries.
_EndOfDoc_;
};
#include debug-opt.def
flag = {
name = gap;
value = g;
descrip = "The gap (in milliseconds) between time requests";
arg-type = number;
arg-name = "milliseconds";
arg-default = 50;
doc = <<- _EndOfDoc_
Since we're only going to use the first valid response we get and
there is benefit to specifying a good number of servers to query,
separate the queries we send out by the specified number of
milliseconds.
_EndOfDoc_;
};
flag = {
name = kod;
value = K;
arg-type = file;
arg-name = "file-name";
arg-default = "/var/db/ntp-kod";
descrip = "KoD history filename";
doc = <<- _EndOfDoc_
Specifies the filename to be used for the persistent history of KoD
responses received from servers. If the file does not exist, a
warning message will be displayed. The file will not be created.
_EndOfDoc_;
};
flag = {
name = keyfile;
value = k;
descrip = "Look in this file for the key specified with @option{-a}";
arg-type = file;
arg-name = "file-name";
doc = <<- _EndOfDoc_
This option specifies the keyfile.
@code{sntp} will search for the key specified with @option{-a}
@file{keyno} in this file. See @command{ntp.keys(5)} for more
information.
_EndOfDoc_;
};
flag = {
name = logfile;
value = l;
arg-type = file;
arg-name = "file-name";
descrip = "Log to specified logfile";
doc = <<- _EndOfDoc_
This option causes the client to write log messages to the specified
@file{logfile}.
_EndOfDoc_;
};
flag = {
name = steplimit;
value = M;
arg-type = number;
arg-range = "0->";
descrip = "Adjustments less than @var{steplimit} msec will be slewed";
doc = <<- _EndOfDoc_
If the time adjustment is less than @file{steplimit} milliseconds,
slew the amount using @command{adjtime(2)}. Otherwise, step the
correction using @command{settimeofday(2)}.
_EndOfDoc_;
};
flag = {
name = ntpversion;
value = o;
descrip = "Send @var{int} as our NTP protocol version";
arg-type = number;
arg-default = 4;
arg-range = "0->7";
doc = <<- _EndOfDoc_
When sending requests to a remote server, tell them we are running
NTP protocol version @file{ntpversion} .
_EndOfDoc_;
};
flag = {
name = usereservedport;
value = r;
descrip = "Use the NTP Reserved Port (port 123)";
doc = <<- _EndOfDoc_
Use port 123, which is reserved for NTP, for our network
communications.
_EndOfDoc_;
};
flag = {
name = step;
value = S;
descrip = "OK to 'step' the time with @command{settimeofday(2)}";
doc = <<- _EndOfDoc_
_EndOfDoc_;
};
flag = {
name = slew;
value = s;
descrip = "OK to 'slew' the time with @command{adjtime(2)}";
doc = <<- _EndOfDoc_
_EndOfDoc_;
};
flag = {
name = timeout;
value = t;
descrip = "The number of seconds to wait for responses";
arg-type = number;
arg-name = "seconds";
arg-default = 5;
doc = <<- _EndOfDoc_
When waiting for a reply, @code{sntp} will wait the number
of seconds specified before giving up. The default should be
more than enough for a unicast response. If @code{sntp} is
only waiting for a broadcast response a longer timeout is
likely needed.
_EndOfDoc_;
};
flag = {
name = "wait";
descrip = "Wait for pending replies (if not setting the time)";
disable = no;
enabled;
settable;
doc = <<- _EndOfDoc_
If we are not setting the time, wait for all pending responses.
_EndOfDoc_;
};
/* explain: Additional information whenever the usage routine is invoked */
explain = <<- _END_EXPLAIN
_END_EXPLAIN;
doc-section = {
ds-type = 'DESCRIPTION';
ds-format = 'mdoc';
ds-text = <<- _END_PROG_MDOC_DESCRIP
.Nm
can be used as an SNTP client to query a NTP or SNTP server and either display
the time or set the local system's time (given suitable privilege). It can be
run as an interactive command or from a
.Ic cron
job.
NTP (the Network Time Protocol) and SNTP (the Simple Network Time Protocol)
are defined and described by RFC 5905.
.Pp
The default is to write the estimated correct local date and time (i.e. not
UTC) to the standard output in a format like:
.Ic "'1996-10-15 20:17:25.123 (+0800) +4.567 +/- 0.089 [host] IP sN'"
where the
.Ic "'(+0800)'"
means that to get to UTC from the reported local time one must
add 8 hours and 0 minutes,
the
.Ic "'+4.567'"
indicates the local clock is 4.567 seconds behind the correct time
(so 4.567 seconds must be added to the local clock to get it to be correct).
Note that the number of decimals printed for this value will change
based on the reported precision of the server.
.Ic "'+/- 0.089'"
is the reported
.Em synchronization distance
(in seconds), which represents the maximum error due to all causes.
If the server does not report valid data needed to calculate the
synchronization distance, this will be reported as
.Ic "'+/- ?'" .
If the
.Em host
is different from the
.Em IP ,
both will be displayed.
Otherwise, only the
.Em IP
is displayed.
Finally, the
.Em stratum
of the host is reported.
_END_PROG_MDOC_DESCRIP;
};
doc-section = {
ds-type = 'USAGE';
ds-format = 'mdoc';
ds-text = <<- _END_MDOC_USAGE
.Bl -tag -width indent
.It Li "sntp ntpserver.somewhere"
is the simplest use of this program
and can be run as an unprivileged command
to check the current time and error in the local clock.
.It Li "sntp -a ntpserver.somewhere"
With suitable privilege,
run as a command
or from a
.Xr cron 8
job,
.Ic "sntp -a"
will reset the local clock from a synchronized specified server,
like the (deprecated)
.Xr ntpdate 1ntpdatemdoc ,
or
.Xr rdate 8
commands.
.El
_END_MDOC_USAGE;
};
doc-section = {
ds-type = 'AUTHORS';
ds-format = 'mdoc';
ds-text = <<- _END_MDOC_AUTHORS
.An "Johannes Maximilian Kuehn"
.An "Harlan Stenn"
.An "Dave Hart"
_END_MDOC_AUTHORS;
};