| [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 2.1.1-49-ge5784c1 |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
This is an automated email from git. It was enerated because a ref
change was pushed to the repository "chrony/chrony.git".
The branch, master has been updated
via e5784c1ca8821bb65b2b59e8d9cbe6539b4c7221 (commit)
via 282a9c7d7c342cf54316429af76ed29078e2e6dd (commit)
via b11ca92ca690bd888ba873f33c1eb3ac1e2d9ce5 (commit)
via 49846b3e68f04c984018ecf5d86d4429f867d15b (commit)
via 0887824324f15a8fdd15c2bfe7d8aa2bf77fb838 (commit)
via fbe65f2c719a8f68d216cb5f5cf36c4dbd97be98 (commit)
via eb5a412bedca08fd8bfc806b1d3604e417cb67e3 (commit)
via 0cc8f68754cd42f3f54fa3539e8bedf700cd2200 (commit)
via 7079ca271881c065d4b8b6de78f1020359b3a295 (commit)
via 70ad0bc57393046d1b59f70890dd8933844c88a5 (commit)
via 22345c5ddf22924c4c4b7a644a3f1a2b1747f565 (commit)
via 28b0a23949cdbfb27464d610fd48977fb56b3861 (commit)
via 1b57a796b155a5960e8167569865147c8abb08c0 (commit)
via 0abb47002280f9e5f603208bbebcab11b8f79d04 (commit)
via b7a4b84f0afd147f5c1f69f86d28163bb75cb667 (commit)
via 794a1e6cfe90f862e442d96790fb6e5f32fcb364 (commit)
from 7c4db99d44c5fcaeb576e9067be4b0f1f9c2859d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e5784c1ca8821bb65b2b59e8d9cbe6539b4c7221
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Thu Aug 20 17:21:12 2015 +0200
cmdmon: update candm.h
Remove the auth fields in the command request/reply and replace the
token and utoken fields with padding.
commit 282a9c7d7c342cf54316429af76ed29078e2e6dd
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Thu Aug 20 16:43:12 2015 +0200
keys: remove support for command key
Without the cmdmon authentication, there is no need for command keys.
commit b11ca92ca690bd888ba873f33c1eb3ac1e2d9ce5
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Thu Aug 20 16:29:07 2015 +0200
client: remove authentication support
Follow the removal of the server authentication support and remove also
the client support. The -a and -f options are now silently ignored to
not break scripts. The authhash and password commands print a warning,
but they don't return an error.
commit 49846b3e68f04c984018ecf5d86d4429f867d15b
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Mon Apr 13 10:44:15 2015 +0200
cmdmon: remove authentication support
With the new support for cmdmon over Unix domain sockets, authentication
is no longer necessary to authorize a client running on localhost with
the permissions of the root or chrony user/group. Remove the cmdmon
authentication support to simplify the code and significantly reduce the
attack surface of the protocol.
Only monitoring commands are now allowed remotely. Users that need to
configure chronyd remotely or locally without root/chrony permissions
are advised to use ssh and/or sudo.
commit 0887824324f15a8fdd15c2bfe7d8aa2bf77fb838
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Wed Aug 19 18:33:18 2015 +0200
cmdmon: allow unauthenticated commands from Unix domain socket
Allow all commands received from the Unix domain command socket (which
is accessible only by the root and chrony user/group), even when they
are not authenticated with the command key.
commit fbe65f2c719a8f68d216cb5f5cf36c4dbd97be98
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Wed Aug 19 18:16:22 2015 +0200
client: connect to Unix domain socket by default
The default value of the -h option is now
/var/run/chrony/chronyd.sock,127.0.0.1,::1.
commit eb5a412bedca08fd8bfc806b1d3604e417cb67e3
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Wed Aug 19 17:55:42 2015 +0200
configure: add option to set default location of Unix domain sockets
commit 0cc8f68754cd42f3f54fa3539e8bedf700cd2200
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Wed Aug 19 10:19:13 2015 +0200
client: reconnect with multiple addresses
Allow multiple hostnames/addresses separated by comma to be specified
with the -h option. Hostnames are resolved to up to 16 addresses. When
connecting to an address fails or no reply is received, try the next
address in the list.
Set the default value for the -h option to 127.0.0.1,::1.
commit 7079ca271881c065d4b8b6de78f1020359b3a295
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Tue Aug 18 16:06:05 2015 +0200
client: allow connecting to Unix domain sockets
If the specified hostname starts with /, consider it to be the path of
the chronyd Unix domain command socket. Create the client socket in the
same directory as the server socket (which is not accessible by others)
and change its permission to 0666 to allow chronyd running without root
privileges to send a reply. Remove the socket on exit.
commit 70ad0bc57393046d1b59f70890dd8933844c88a5
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Tue Aug 18 13:35:18 2015 +0200
client: connect socket
Call connect() on the socket to set the remote address and switch from
sendto()/recvfrom() to send()/recv(). Setting the IP_RECVERR option no
longer seems to be necessary in order to get ECONNREFUSED errors.
commit 22345c5ddf22924c4c4b7a644a3f1a2b1747f565
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Tue Aug 18 13:04:09 2015 +0200
client: add -d option to print debug messages
commit 28b0a23949cdbfb27464d610fd48977fb56b3861
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Tue Aug 18 12:56:21 2015 +0200
client: convert disabled printf() calls to debug messages
commit 1b57a796b155a5960e8167569865147c8abb08c0
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Wed Aug 5 16:13:06 2015 +0200
client: use LOG macro for error messages
commit 0abb47002280f9e5f603208bbebcab11b8f79d04
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Wed Aug 19 16:14:19 2015 +0200
cmdmon: print path of Unix command socket in debug messages
commit b7a4b84f0afd147f5c1f69f86d28163bb75cb667
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Wed Aug 19 15:52:36 2015 +0200
cmdmon: fix handling of packets from unbound Unix sockets
When a packet is received from an unbound Unix domain socket, recvfrom()
may return with zero addrlen.
commit 794a1e6cfe90f862e442d96790fb6e5f32fcb364
Author: Bryan Christianson <bryan@xxxxxxxxxxxxx>
Date: Wed Aug 19 09:31:45 2015 +1200
contrib: add Mac OS X support files
launchd plist files for chronyd and logrotation.
shell script for logrotation
README file with detailed installation instructions
-----------------------------------------------------------------------
Summary of changes:
Makefile.in | 2 +-
candm.h | 26 +-
chrony.texi.in | 9 +-
chronyc.1.in | 6 +-
client.c | 628 +++++++------------
cmdmon.c | 646 ++------------------
conf.c | 47 +-
conf.h | 2 -
configure | 15 +-
contrib/bryan_christianson_1/README.txt | 103 ++++
contrib/bryan_christianson_1/chronylogrotate.sh | 45 ++
.../org.tuxfamily.chronyc.plist | 22 +
.../org.tuxfamily.chronyd.plist | 19 +
keys.c | 79 ---
keys.h | 2 -
logging.h | 1 +
util.c | 28 +
util.h | 1 +
18 files changed, 531 insertions(+), 1150 deletions(-)
create mode 100644 contrib/bryan_christianson_1/README.txt
create mode 100755 contrib/bryan_christianson_1/chronylogrotate.sh
create mode 100644 contrib/bryan_christianson_1/org.tuxfamily.chronyc.plist
create mode 100644 contrib/bryan_christianson_1/org.tuxfamily.chronyd.plist
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.