1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2014 Kay Sievers, Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
29 #include <arpa/inet.h>
30 #include <netinet/in.h>
31 #include <netinet/ip.h>
32 #include <sys/timerfd.h>
33 #include <sys/timex.h>
34 #include <sys/socket.h>
36 #include <sys/prctl.h>
37 #include <sys/types.h>
42 #include "sparse-endian.h"
44 #include "socket-util.h"
46 #include "ratelimit.h"
48 #include "conf-parser.h"
50 #include "sd-resolve.h"
51 #include "sd-daemon.h"
52 #include "sd-network.h"
53 #include "event-util.h"
54 #include "network-util.h"
55 #include "capability.h"
57 #include "timesyncd.h"
59 #define TIME_T_MAX (time_t)((1UL << ((sizeof(time_t) << 3) - 1)) - 1)
62 #define ADJ_SETOFFSET 0x0100 /* add 'time' to current time */
65 /* expected accuracy of time synchronization; used to adjust the poll interval */
66 #define NTP_ACCURACY_SEC 0.2
69 * "A client MUST NOT under any conditions use a poll interval less
72 #define NTP_POLL_INTERVAL_MIN_SEC 32
73 #define NTP_POLL_INTERVAL_MAX_SEC 2048
76 * Maximum delta in seconds which the system clock is gradually adjusted
77 * (slew) to approach the network time. Deltas larger that this are set by
78 * letting the system time jump. The kernel's limit for adjtime is 0.5s.
80 #define NTP_MAX_ADJUST 0.4
82 /* NTP protocol, packet header */
83 #define NTP_LEAP_PLUSSEC 1
84 #define NTP_LEAP_MINUSSEC 2
85 #define NTP_LEAP_NOTINSYNC 3
86 #define NTP_MODE_CLIENT 3
87 #define NTP_MODE_SERVER 4
88 #define NTP_FIELD_LEAP(f) (((f) >> 6) & 3)
89 #define NTP_FIELD_VERSION(f) (((f) >> 3) & 7)
90 #define NTP_FIELD_MODE(f) ((f) & 7)
91 #define NTP_FIELD(l, v, m) (((l) << 6) | ((v) << 3) | (m))
94 * "NTP timestamps are represented as a 64-bit unsigned fixed-point number,
95 * in seconds relative to 0h on 1 January 1900."
97 #define OFFSET_1900_1970 2208988800UL
99 #define RETRY_USEC (30*USEC_PER_SEC)
100 #define RATELIMIT_INTERVAL_USEC (10*USEC_PER_SEC)
101 #define RATELIMIT_BURST 10
103 #define TIMEOUT_USEC (10*USEC_PER_SEC)
110 struct ntp_ts_short {
120 struct ntp_ts_short root_delay;
121 struct ntp_ts_short root_dispersion;
123 struct ntp_ts reference_time;
124 struct ntp_ts origin_time;
125 struct ntp_ts recv_time;
126 struct ntp_ts trans_time;
129 static void manager_free(Manager *m);
130 DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);
131 #define _cleanup_manager_free_ _cleanup_(manager_freep)
133 static int manager_arm_timer(Manager *m, usec_t next);
134 static int manager_clock_watch_setup(Manager *m);
135 static int manager_connect(Manager *m);
136 static void manager_disconnect(Manager *m);
138 static int load_clock(uid_t uid, gid_t gid) {
139 usec_t nt = TIME_EPOCH * USEC_PER_SEC, ct;
140 _cleanup_close_ int fd = -1;
142 /* Let's try to make sure that the clock is always
143 * monotonically increasing, by saving the clock whenever we
144 * have a new NTP time, or when we shut down, and restoring it
145 * when we start again. This is particularly helpful on
146 * systems lacking a battery backed RTC. We also will adjust
147 * the time to at least the build time of systemd. */
149 mkdir_p("/var/lib/systemd", 0755);
151 /* First, we try to create the clock file if it doesn't exist yet */
152 fd = open("/var/lib/systemd/clock", O_RDWR|O_CLOEXEC|O_EXCL, 0644);
155 fd = open("/var/lib/systemd/clock", O_RDWR|O_CLOEXEC|O_CREAT, 0644);
157 log_error("Failed to create /var/lib/systemd/clock: %m");
165 if (fstat(fd, &st) < 0) {
166 log_error("fstat() failed: %m");
170 ft = timespec_load(&st.st_mtim);
175 ct = now(CLOCK_REALTIME);
178 log_info("System clock time unset or jumed backwards, restoring.");
180 if (clock_settime(CLOCK_REALTIME, timespec_store(&ts, nt)) < 0)
181 log_error("Failed to restore system clock: %m");
184 /* Try to fix the access mode, so that we can still
185 touch the file after dropping priviliges */
187 fchown(fd, uid, gid);
192 static int save_clock(void) {
194 static const struct timespec ts[2] = {
195 { .tv_sec = 0, .tv_nsec = UTIME_NOW },
196 { .tv_sec = 0, .tv_nsec = UTIME_NOW },
201 r = utimensat(-1, "/var/lib/systemd/clock", ts, AT_SYMLINK_NOFOLLOW);
203 log_warning("Failed to touch /var/lib/systemd/clock: %m");
210 static double ntp_ts_to_d(const struct ntp_ts *ts) {
211 return be32toh(ts->sec) + ((double)be32toh(ts->frac) / UINT_MAX);
214 static double ts_to_d(const struct timespec *ts) {
215 return ts->tv_sec + (1.0e-9 * ts->tv_nsec);
218 static double tv_to_d(const struct timeval *tv) {
219 return tv->tv_sec + (1.0e-6 * tv->tv_usec);
222 static double square(double d) {
226 static int manager_timeout(sd_event_source *source, usec_t usec, void *userdata) {
227 _cleanup_free_ char *pretty = NULL;
228 Manager *m = userdata;
231 assert(m->current_server_name);
232 assert(m->current_server_address);
234 sockaddr_pretty(&m->current_server_address->sockaddr.sa, m->current_server_address->socklen, true, &pretty);
235 log_info("Timed out waiting for reply from %s (%s).", strna(pretty), m->current_server_name->string);
237 return manager_connect(m);
240 static int manager_send_request(Manager *m) {
241 _cleanup_free_ char *pretty = NULL;
242 struct ntp_msg ntpmsg = {
244 * "The client initializes the NTP message header, sends the request
245 * to the server, and strips the time of day from the Transmit
246 * Timestamp field of the reply. For this purpose, all the NTP
247 * header fields are set to 0, except the Mode, VN, and optional
248 * Transmit Timestamp fields."
250 .field = NTP_FIELD(0, 4, NTP_MODE_CLIENT),
256 assert(m->current_server_name);
257 assert(m->current_server_address);
259 m->event_timeout = sd_event_source_unref(m->event_timeout);
262 * Set transmit timestamp, remember it; the server will send that back
263 * as the origin timestamp and we have an indication that this is the
264 * matching answer to our request.
266 * The actual value does not matter, We do not care about the correct
267 * NTP UINT_MAX fraction; we just pass the plain nanosecond value.
269 assert_se(clock_gettime(CLOCK_MONOTONIC, &m->trans_time_mon) >= 0);
270 assert_se(clock_gettime(CLOCK_REALTIME, &m->trans_time) >= 0);
271 ntpmsg.trans_time.sec = htobe32(m->trans_time.tv_sec + OFFSET_1900_1970);
272 ntpmsg.trans_time.frac = htobe32(m->trans_time.tv_nsec);
274 sockaddr_pretty(&m->current_server_address->sockaddr.sa, m->current_server_address->socklen, true, &pretty);
276 len = sendto(m->server_socket, &ntpmsg, sizeof(ntpmsg), MSG_DONTWAIT, &m->current_server_address->sockaddr.sa, m->current_server_address->socklen);
277 if (len == sizeof(ntpmsg)) {
279 log_debug("Sent NTP request to %s (%s).", strna(pretty), m->current_server_name->string);
281 log_debug("Sending NTP request to %s (%s) failed: %m", strna(pretty), m->current_server_name->string);
282 return manager_connect(m);
285 /* re-arm timer with increasing timeout, in case the packets never arrive back */
286 if (m->retry_interval > 0) {
287 if (m->retry_interval < NTP_POLL_INTERVAL_MAX_SEC * USEC_PER_SEC)
288 m->retry_interval *= 2;
290 m->retry_interval = NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC;
292 r = manager_arm_timer(m, m->retry_interval);
294 log_error("Failed to rearm timer: %s", strerror(-r));
298 r = sd_event_add_time(
302 now(CLOCK_MONOTONIC) + TIMEOUT_USEC, 0,
305 log_error("Failed to arm timeout timer: %s", strerror(-r));
312 static int manager_timer(sd_event_source *source, usec_t usec, void *userdata) {
313 Manager *m = userdata;
317 return manager_send_request(m);
320 static int manager_arm_timer(Manager *m, usec_t next) {
324 assert(m->event_receive);
327 m->event_timer = sd_event_source_unref(m->event_timer);
331 if (m->event_timer) {
332 r = sd_event_source_set_time(m->event_timer, now(CLOCK_MONOTONIC) + next);
336 return sd_event_source_set_enabled(m->event_timer, SD_EVENT_ONESHOT);
339 return sd_event_add_time(
343 now(CLOCK_MONOTONIC) + next, 0,
347 static int manager_clock_watch(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
348 Manager *m = userdata;
353 manager_clock_watch_setup(m);
355 /* skip our own jumps */
362 log_info("System time changed. Resyncing.");
363 m->poll_resync = true;
364 return manager_send_request(m);
367 /* wake up when the system time changes underneath us */
368 static int manager_clock_watch_setup(Manager *m) {
370 struct itimerspec its = {
371 .it_value.tv_sec = TIME_T_MAX
378 m->event_clock_watch = sd_event_source_unref(m->event_clock_watch);
379 safe_close(m->clock_watch_fd);
381 m->clock_watch_fd = timerfd_create(CLOCK_REALTIME, TFD_NONBLOCK|TFD_CLOEXEC);
382 if (m->clock_watch_fd < 0) {
383 log_error("Failed to create timerfd: %m");
387 if (timerfd_settime(m->clock_watch_fd, TFD_TIMER_ABSTIME|TFD_TIMER_CANCEL_ON_SET, &its, NULL) < 0) {
388 log_error("Failed to set up timerfd: %m");
392 r = sd_event_add_io(m->event, &m->event_clock_watch, m->clock_watch_fd, EPOLLIN, manager_clock_watch, m);
394 log_error("Failed to create clock watch event source: %s", strerror(-r));
401 static int manager_adjust_clock(Manager *m, double offset, int leap_sec) {
402 struct timex tmx = {};
408 * For small deltas, tell the kernel to gradually adjust the system
409 * clock to the NTP time, larger deltas are just directly set.
411 * Clear STA_UNSYNC, it will enable the kernel's 11-minute mode, which
412 * syncs the system time periodically to the hardware clock.
414 if (fabs(offset) < NTP_MAX_ADJUST) {
415 tmx.modes = ADJ_STATUS | ADJ_NANO | ADJ_OFFSET | ADJ_TIMECONST | ADJ_MAXERROR | ADJ_ESTERROR;
416 tmx.status = STA_PLL;
417 tmx.offset = offset * NSEC_PER_SEC;
418 tmx.constant = log2i(m->poll_interval_usec / USEC_PER_SEC) - 4;
421 log_debug(" adjust (slew): %+.3f sec\n", offset);
423 tmx.modes = ADJ_SETOFFSET | ADJ_NANO;
425 /* ADJ_NANO uses nanoseconds in the microseconds field */
426 tmx.time.tv_sec = (long)offset;
427 tmx.time.tv_usec = (offset - tmx.time.tv_sec) * NSEC_PER_SEC;
429 /* the kernel expects -0.3s as {-1, 7000.000.000} */
430 if (tmx.time.tv_usec < 0) {
431 tmx.time.tv_sec -= 1;
432 tmx.time.tv_usec += NSEC_PER_SEC;
436 log_debug(" adjust (jump): %+.3f sec\n", offset);
441 tmx.status |= STA_INS;
444 tmx.status |= STA_DEL;
448 r = clock_adjtime(CLOCK_REALTIME, &tmx);
455 m->drift_ppm = tmx.freq / 65536;
457 log_debug(" status : %04i %s\n"
458 " time now : %li.%03lli\n"
460 " offset : %+.3f sec\n"
461 " freq offset : %+li (%i ppm)\n",
462 tmx.status, tmx.status & STA_UNSYNC ? "" : "sync",
463 tmx.time.tv_sec, tmx.time.tv_usec / NSEC_PER_MSEC,
465 (double)tmx.offset / NSEC_PER_SEC,
466 tmx.freq, m->drift_ppm);
471 static bool manager_sample_spike_detection(Manager *m, double offset, double delay) {
472 unsigned int i, idx_cur, idx_new, idx_min;
480 /* ignore initial sample */
481 if (m->packet_count == 1)
484 /* store the current data in our samples array */
485 idx_cur = m->samples_idx;
486 idx_new = (idx_cur + 1) % ELEMENTSOF(m->samples);
487 m->samples_idx = idx_new;
488 m->samples[idx_new].offset = offset;
489 m->samples[idx_new].delay = delay;
491 /* calculate new jitter value from the RMS differences relative to the lowest delay sample */
492 jitter = m->samples_jitter;
493 for (idx_min = idx_cur, i = 0; i < ELEMENTSOF(m->samples); i++)
494 if (m->samples[i].delay > 0 && m->samples[i].delay < m->samples[idx_min].delay)
498 for (i = 0; i < ELEMENTSOF(m->samples); i++)
499 j += square(m->samples[i].offset - m->samples[idx_min].offset);
500 m->samples_jitter = sqrt(j / (ELEMENTSOF(m->samples) - 1));
502 /* ignore samples when resyncing */
506 /* always accept offset if we are farther off than the round-trip delay */
507 if (fabs(offset) > delay)
510 /* we need a few samples before looking at them */
511 if (m->packet_count < 4)
514 /* do not accept anything worse than the maximum possible error of the best sample */
515 if (fabs(offset) > m->samples[idx_min].delay)
518 /* compare the difference between the current offset to the previous offset and jitter */
519 return fabs(offset - m->samples[idx_cur].offset) > 3 * jitter;
522 static void manager_adjust_poll(Manager *m, double offset, bool spike) {
525 if (m->poll_resync) {
526 m->poll_interval_usec = NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC;
527 m->poll_resync = false;
531 /* set to minimal poll interval */
532 if (!spike && fabs(offset) > NTP_ACCURACY_SEC) {
533 m->poll_interval_usec = NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC;
537 /* increase polling interval */
538 if (fabs(offset) < NTP_ACCURACY_SEC * 0.25) {
539 if (m->poll_interval_usec < NTP_POLL_INTERVAL_MAX_SEC * USEC_PER_SEC)
540 m->poll_interval_usec *= 2;
544 /* decrease polling interval */
545 if (spike || fabs(offset) > NTP_ACCURACY_SEC * 0.75) {
546 if (m->poll_interval_usec > NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC)
547 m->poll_interval_usec /= 2;
552 static bool sockaddr_equal(union sockaddr_union *a, union sockaddr_union *b) {
556 if (a->sa.sa_family != b->sa.sa_family)
559 if (a->sa.sa_family == AF_INET)
560 return a->in.sin_addr.s_addr == b->in.sin_addr.s_addr;
562 if (a->sa.sa_family == AF_INET6)
563 return memcmp(&a->in6.sin6_addr, &b->in6.sin6_addr, sizeof(a->in6.sin6_addr)) == 0;
568 static int manager_receive_response(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
569 Manager *m = userdata;
570 struct ntp_msg ntpmsg;
574 .iov_len = sizeof(ntpmsg),
577 struct cmsghdr cmsghdr;
578 uint8_t buf[CMSG_SPACE(sizeof(struct timeval))];
580 union sockaddr_union server_addr;
581 struct msghdr msghdr = {
584 .msg_control = &control,
585 .msg_controllen = sizeof(control),
586 .msg_name = &server_addr,
587 .msg_namelen = sizeof(server_addr),
589 struct cmsghdr *cmsg;
590 struct timespec now_ts;
591 struct timeval *recv_time;
593 double origin, receive, trans, dest;
594 double delay, offset;
602 if (revents & (EPOLLHUP|EPOLLERR)) {
603 log_warning("Server connection returned error.");
604 return manager_connect(m);
607 len = recvmsg(fd, &msghdr, MSG_DONTWAIT);
612 log_warning("Error receiving message. Disconnecting.");
613 return manager_connect(m);
616 if (iov.iov_len < sizeof(struct ntp_msg)) {
617 log_warning("Invalid response from server. Disconnecting.");
618 return manager_connect(m);
621 if (!m->current_server_name ||
622 !m->current_server_address ||
623 !sockaddr_equal(&server_addr, &m->current_server_address->sockaddr)) {
624 log_debug("Response from unknown server.");
629 for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
630 if (cmsg->cmsg_level != SOL_SOCKET)
633 switch (cmsg->cmsg_type) {
635 recv_time = (struct timeval *) CMSG_DATA(cmsg);
640 log_error("Invalid packet timestamp.");
645 log_debug("Unexpected reply. Ignoring.");
649 /* check our "time cookie" (we just stored nanoseconds in the fraction field) */
650 if (be32toh(ntpmsg.origin_time.sec) != m->trans_time.tv_sec + OFFSET_1900_1970 ||
651 be32toh(ntpmsg.origin_time.frac) != m->trans_time.tv_nsec) {
652 log_debug("Invalid reply; not our transmit time. Ignoring.");
656 m->event_timeout = sd_event_source_unref(m->event_timeout);
658 if (be32toh(ntpmsg.recv_time.sec) < TIME_EPOCH + OFFSET_1900_1970 ||
659 be32toh(ntpmsg.trans_time.sec) < TIME_EPOCH + OFFSET_1900_1970) {
660 log_debug("Invalid reply, returned times before epoch. Ignoring.");
661 return manager_connect(m);
664 if (NTP_FIELD_LEAP(ntpmsg.field) == NTP_LEAP_NOTINSYNC) {
665 log_debug("Server is not synchronized. Disconnecting.");
666 return manager_connect(m);
669 if (!IN_SET(NTP_FIELD_VERSION(ntpmsg.field), 3, 4)) {
670 log_debug("Response NTPv%d. Disconnecting.", NTP_FIELD_VERSION(ntpmsg.field));
671 return manager_connect(m);
674 if (NTP_FIELD_MODE(ntpmsg.field) != NTP_MODE_SERVER) {
675 log_debug("Unsupported mode %d. Disconnecting.", NTP_FIELD_MODE(ntpmsg.field));
676 return manager_connect(m);
681 m->retry_interval = 0;
683 /* announce leap seconds */
684 if (NTP_FIELD_LEAP(ntpmsg.field) & NTP_LEAP_PLUSSEC)
686 else if (NTP_FIELD_LEAP(ntpmsg.field) & NTP_LEAP_MINUSSEC)
692 * "Timestamp Name ID When Generated
693 * ------------------------------------------------------------
694 * Originate Timestamp T1 time request sent by client
695 * Receive Timestamp T2 time request received by server
696 * Transmit Timestamp T3 time reply sent by server
697 * Destination Timestamp T4 time reply received by client
699 * The round-trip delay, d, and system clock offset, t, are defined as:
700 * d = (T4 - T1) - (T3 - T2) t = ((T2 - T1) + (T3 - T4)) / 2"
702 assert_se(clock_gettime(CLOCK_MONOTONIC, &now_ts) >= 0);
703 origin = tv_to_d(recv_time) - (ts_to_d(&now_ts) - ts_to_d(&m->trans_time_mon)) + OFFSET_1900_1970;
704 receive = ntp_ts_to_d(&ntpmsg.recv_time);
705 trans = ntp_ts_to_d(&ntpmsg.trans_time);
706 dest = tv_to_d(recv_time) + OFFSET_1900_1970;
708 offset = ((receive - origin) + (trans - dest)) / 2;
709 delay = (dest - origin) - (trans - receive);
711 spike = manager_sample_spike_detection(m, offset, delay);
713 manager_adjust_poll(m, offset, spike);
715 log_debug("NTP response:\n"
720 " precision : %.6f sec (%d)\n"
721 " reference : %.4s\n"
726 " offset : %+.3f sec\n"
727 " delay : %+.3f sec\n"
728 " packet count : %"PRIu64"\n"
730 " poll interval: %llu\n",
731 NTP_FIELD_LEAP(ntpmsg.field),
732 NTP_FIELD_VERSION(ntpmsg.field),
733 NTP_FIELD_MODE(ntpmsg.field),
735 exp2(ntpmsg.precision), ntpmsg.precision,
736 ntpmsg.stratum == 1 ? ntpmsg.refid : "n/a",
737 origin - OFFSET_1900_1970,
738 receive - OFFSET_1900_1970,
739 trans - OFFSET_1900_1970,
740 dest - OFFSET_1900_1970,
743 m->samples_jitter, spike ? " spike" : "",
744 m->poll_interval_usec / USEC_PER_SEC);
747 r = manager_adjust_clock(m, offset, leap_sec);
749 log_error("Failed to call clock_adjtime(): %m");
752 log_info("interval/delta/delay/jitter/drift %llus/%+.3fs/%.3fs/%.3fs/%+ippm%s",
753 m->poll_interval_usec / USEC_PER_SEC, offset, delay, m->samples_jitter, m->drift_ppm,
754 spike ? " (ignored)" : "");
756 r = manager_arm_timer(m, m->poll_interval_usec);
758 log_error("Failed to rearm timer: %s", strerror(-r));
765 static int manager_listen_setup(Manager *m) {
766 union sockaddr_union addr = {};
767 static const int tos = IPTOS_LOWDELAY;
768 static const int on = 1;
773 assert(m->server_socket < 0);
774 assert(!m->event_receive);
775 assert(m->current_server_address);
777 addr.sa.sa_family = m->current_server_address->sockaddr.sa.sa_family;
779 m->server_socket = socket(addr.sa.sa_family, SOCK_DGRAM | SOCK_CLOEXEC, 0);
780 if (m->server_socket < 0)
783 r = bind(m->server_socket, &addr.sa, m->current_server_address->socklen);
787 r = setsockopt(m->server_socket, SOL_SOCKET, SO_TIMESTAMP, &on, sizeof(on));
791 setsockopt(m->server_socket, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
793 return sd_event_add_io(m->event, &m->event_receive, m->server_socket, EPOLLIN, manager_receive_response, m);
796 static int manager_begin(Manager *m) {
797 _cleanup_free_ char *pretty = NULL;
801 assert_return(m->current_server_name, -EHOSTUNREACH);
802 assert_return(m->current_server_address, -EHOSTUNREACH);
804 m->poll_interval_usec = NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC;
806 sockaddr_pretty(&m->current_server_address->sockaddr.sa, m->current_server_address->socklen, true, &pretty);
807 log_info("Using NTP server %s (%s).", strna(pretty), m->current_server_name->string);
808 sd_notifyf(false, "STATUS=Using Time Server %s (%s).", strna(pretty), m->current_server_name->string);
810 r = manager_listen_setup(m);
812 log_warning("Failed to setup connection socket: %s", strerror(-r));
816 r = manager_clock_watch_setup(m);
820 return manager_send_request(m);
823 static void server_name_flush_addresses(ServerName *n) {
828 while ((a = n->addresses)) {
829 LIST_REMOVE(addresses, n->addresses, a);
834 static void manager_flush_names(Manager *m) {
839 while ((n = m->servers)) {
840 LIST_REMOVE(names, m->servers, n);
842 server_name_flush_addresses(n);
847 static int manager_resolve_handler(sd_resolve_query *q, int ret, const struct addrinfo *ai, void *userdata) {
848 Manager *m = userdata;
849 ServerAddress *a, *last = NULL;
853 assert(m->current_server_name);
855 m->resolve_query = sd_resolve_query_unref(m->resolve_query);
858 log_info("Failed to resolve %s: %s", m->current_server_name->string, gai_strerror(ret));
861 return manager_connect(m);
864 server_name_flush_addresses(m->current_server_name);
866 for (; ai; ai = ai->ai_next) {
867 _cleanup_free_ char *pretty = NULL;
870 assert(ai->ai_addrlen >= offsetof(struct sockaddr, sa_data));
871 assert(ai->ai_addrlen <= sizeof(union sockaddr_union));
873 if (!IN_SET(ai->ai_addr->sa_family, AF_INET, AF_INET6)) {
874 log_warning("Unsuitable address protocol for %s", m->current_server_name->string);
878 a = new0(ServerAddress, 1);
882 memcpy(&a->sockaddr, ai->ai_addr, ai->ai_addrlen);
883 a->socklen = ai->ai_addrlen;
885 LIST_INSERT_AFTER(addresses, m->current_server_name->addresses, last, a);
888 sockaddr_pretty(&a->sockaddr.sa, a->socklen, true, &pretty);
889 log_debug("Resolved address %s for %s.", pretty, m->current_server_name->string);
892 if (!m->current_server_name->addresses) {
893 log_error("Failed to find suitable address for host %s.", m->current_server_name->string);
896 return manager_connect(m);
899 m->current_server_address = m->current_server_name->addresses;
901 return manager_begin(m);
904 static int manager_retry(sd_event_source *source, usec_t usec, void *userdata) {
905 Manager *m = userdata;
909 return manager_connect(m);
912 static int manager_connect(Manager *m) {
914 struct addrinfo hints = {
915 .ai_flags = AI_NUMERICSERV|AI_ADDRCONFIG,
916 .ai_socktype = SOCK_DGRAM,
922 manager_disconnect(m);
924 m->event_retry = sd_event_source_unref(m->event_retry);
925 if (!ratelimit_test(&m->ratelimit)) {
926 log_debug("Slowing down attempts to contact servers.");
928 r = sd_event_add_time(m->event, &m->event_retry, CLOCK_MONOTONIC, now(CLOCK_MONOTONIC) + RETRY_USEC, 0, manager_retry, m);
930 log_error("Failed to create retry timer: %s", strerror(-r));
937 /* If we already are operating on some address, switch to the
939 if (m->current_server_address && m->current_server_address->addresses_next)
940 m->current_server_address = m->current_server_address->addresses_next;
942 /* Hmm, we are through all addresses, let's look for the next host instead */
943 m->current_server_address = NULL;
945 if (m->current_server_name && m->current_server_name->names_next)
946 m->current_server_name = m->current_server_name->names_next;
949 m->current_server_name = NULL;
950 log_debug("No server found.");
954 m->current_server_name = m->servers;
957 /* Tell the resolver to reread /etc/resolv.conf, in
958 * case it changed. */
961 r = sd_resolve_getaddrinfo(m->resolve, &m->resolve_query, m->current_server_name->string, "123", &hints, manager_resolve_handler, m);
963 log_error("Failed to create resolver: %s", strerror(-r));
970 r = manager_begin(m);
977 static int manager_add_server(Manager *m, const char *server) {
978 ServerName *n, *tail;
983 n = new0(ServerName, 1);
987 n->string = strdup(server);
993 LIST_FIND_TAIL(names, m->servers, tail);
994 LIST_INSERT_AFTER(names, m->servers, tail, n);
999 static int manager_add_server_string(Manager *m, const char *string) {
1007 FOREACH_WORD_QUOTED(w, l, string, state) {
1013 r = manager_add_server(m, t);
1015 log_error("Failed to add server %s to configuration, ignoring: %s", t, strerror(-r));
1021 static void manager_disconnect(Manager *m) {
1024 m->resolve_query = sd_resolve_query_unref(m->resolve_query);
1026 m->event_timer = sd_event_source_unref(m->event_timer);
1028 m->event_receive = sd_event_source_unref(m->event_receive);
1029 m->server_socket = safe_close(m->server_socket);
1031 m->event_clock_watch = sd_event_source_unref(m->event_clock_watch);
1032 m->clock_watch_fd = safe_close(m->clock_watch_fd);
1034 m->event_timeout = sd_event_source_unref(m->event_timeout);
1036 sd_notifyf(false, "STATUS=Idle.");
1039 static int manager_new(Manager **ret) {
1040 _cleanup_manager_free_ Manager *m = NULL;
1043 m = new0(Manager, 1);
1047 m->server_socket = m->clock_watch_fd = -1;
1049 RATELIMIT_INIT(m->ratelimit, RATELIMIT_INTERVAL_USEC, RATELIMIT_BURST);
1051 r = sd_event_default(&m->event);
1055 sd_event_set_watchdog(m->event, true);
1057 sd_event_add_signal(m->event, NULL, SIGTERM, NULL, NULL);
1058 sd_event_add_signal(m->event, NULL, SIGINT, NULL, NULL);
1060 r = sd_resolve_default(&m->resolve);
1064 r = sd_resolve_attach_event(m->resolve, m->event, 0);
1068 r = manager_clock_watch_setup(m);
1078 static void manager_free(Manager *m) {
1082 manager_disconnect(m);
1083 manager_flush_names(m);
1085 sd_event_source_unref(m->event_retry);
1087 sd_event_source_unref(m->network_event_source);
1088 sd_network_monitor_unref(m->network_monitor);
1090 sd_resolve_unref(m->resolve);
1091 sd_event_unref(m->event);
1096 int config_parse_servers(
1098 const char *filename,
1100 const char *section,
1101 unsigned section_line,
1108 Manager *m = userdata;
1114 manager_flush_names(m);
1115 manager_add_server_string(m, rvalue);
1120 static int manager_parse_config_file(Manager *m) {
1121 static const char fn[] = "/etc/systemd/timesyncd.conf";
1122 _cleanup_fclose_ FILE *f = NULL;
1127 f = fopen(fn, "re");
1129 if (errno == ENOENT)
1132 log_warning("Failed to open configuration file %s: %m", fn);
1136 r = config_parse(NULL, fn, f, "Time\0", config_item_perf_lookup,
1137 (void*) timesyncd_gperf_lookup, false, false, m);
1139 log_warning("Failed to parse configuration file: %s", strerror(-r));
1144 static bool network_is_online(void) {
1145 _cleanup_free_ char *state = NULL;
1148 r = sd_network_get_operational_state(&state);
1149 if (r >= 0 && (streq("routable", state) || streq("degraded", state)))
1155 static int manager_network_event_handler(sd_event_source *s, int fd, uint32_t revents,
1157 Manager *m = userdata;
1158 bool connected, online;
1163 /* check if the machine is online */
1164 online = network_is_online();
1166 /* check if the client is currently connected */
1167 connected = (m->server_socket != -1);
1169 if (connected && !online) {
1170 log_info("No network connectivity. Suspending.");
1171 manager_disconnect(m);
1172 } else if (!connected && online) {
1173 log_info("Network connectivity detected. Resuming.");
1174 if (m->current_server_address) {
1175 r = manager_begin(m);
1179 r = manager_connect(m);
1185 sd_network_monitor_flush(m->network_monitor);
1190 static int manager_network_monitor_listen(Manager *m) {
1191 _cleanup_event_source_unref_ sd_event_source *event_source = NULL;
1192 _cleanup_network_monitor_unref_ sd_network_monitor *monitor = NULL;
1195 r = sd_network_monitor_new(NULL, &monitor);
1199 fd = sd_network_monitor_get_fd(monitor);
1203 events = sd_network_monitor_get_events(monitor);
1207 r = sd_event_add_io(m->event, &event_source, fd, events,
1208 &manager_network_event_handler, m);
1212 m->network_monitor = monitor;
1213 m->network_event_source = event_source;
1215 event_source = NULL;
1220 static int drop_privileges(uid_t uid, gid_t gid) {
1222 static const cap_value_t bits[] = {
1226 _cleanup_cap_free_ cap_t d = NULL;
1229 /* Unfortunately we cannot leave privilege dropping to PID 1
1230 * here, since we want to run as user but want to keep te
1231 * CAP_SYS_TIME capability. Since file capabilities have been
1232 * introduced this cannot be done across exec() anymore,
1233 * unless our binary has the capability configured in the file
1234 * system, which we want to avoid. */
1236 if (setresgid(gid, gid, gid) < 0) {
1237 log_error("Failed change group ID: %m");
1241 if (setgroups(0, NULL) < 0) {
1242 log_error("Failed to drop auxiliary groups list: %m");
1246 if (prctl(PR_SET_KEEPCAPS, 1) < 0) {
1247 log_error("Failed to enable keep capabilities flag: %m");
1251 r = setresuid(uid, uid, uid);
1253 log_error("Failed change user ID: %m");
1257 if (prctl(PR_SET_KEEPCAPS, 0) < 0) {
1258 log_error("Failed to disable keep capabilities flag: %m");
1262 r = capability_bounding_set_drop(~(1ULL << CAP_SYS_TIME), true);
1264 log_error("Failed to drop capabilities: %s", strerror(-r));
1272 if (cap_set_flag(d, CAP_EFFECTIVE, ELEMENTSOF(bits), bits, CAP_SET) < 0 ||
1273 cap_set_flag(d, CAP_PERMITTED, ELEMENTSOF(bits), bits, CAP_SET) < 0) {
1274 log_error("Failed to enable capabilities bits: %m");
1278 if (cap_set_proc(d) < 0) {
1279 log_error("Failed to increase capabilities: %m");
1286 int main(int argc, char *argv[]) {
1287 const char *user = "systemd-timesync";
1288 _cleanup_manager_free_ Manager *m = NULL;
1294 log_error("This program does not take arguments.");
1295 return EXIT_FAILURE;
1298 log_set_target(LOG_TARGET_AUTO);
1299 log_set_facility(LOG_CRON);
1300 log_parse_environment();
1305 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1307 log_error("Cannot resolve user name %s: %s", user, strerror(-r));
1311 r = load_clock(uid, gid);
1315 r = drop_privileges(uid, gid);
1319 assert_se(sigprocmask_many(SIG_BLOCK, SIGTERM, SIGINT, -1) == 0);
1321 r = manager_new(&m);
1323 log_error("Failed to allocate manager: %s", strerror(-r));
1327 manager_add_server_string(m, NTP_SERVERS);
1328 manager_parse_config_file(m);
1330 r = manager_network_monitor_listen(m);
1332 log_error("Failed to listen to networkd events: %s", strerror(-r));
1336 log_debug("systemd-timesyncd running as pid %lu", (unsigned long) getpid());
1337 sd_notify(false, "READY=1");
1339 if (network_is_online()) {
1340 r = manager_connect(m);
1345 r = sd_event_loop(m->event);
1347 log_error("Failed to run event loop: %s", strerror(-r));
1351 sd_event_get_exit_code(m->event, &r);
1355 sd_notify(false, "STATUS=Shutting down...");
1357 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;