diff --git a/.ci/Jenkinsfile b/.ci/Jenkinsfile new file mode 100644 index 0000000..e283bab --- /dev/null +++ b/.ci/Jenkinsfile @@ -0,0 +1,42 @@ +properties( + [ + disableConcurrentBuilds() + ] +) + +node('linux && docker') { + try { + stage('Checkout') { + //branch name from Jenkins environment variables + echo "My branch is: ${env.BRANCH_NAME}" + + // this doesn't grab tags pointing to this branch + //checkout scm + // this hack does... https://issues.jenkins.io/browse/JENKINS-45164 + checkout([ + $class: 'GitSCM', + branches: [[name: 'refs/heads/'+env.BRANCH_NAME]], + extensions: [[$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: '']], + userRemoteConfigs: scm.userRemoteConfigs, + ]) + sh ''' + set -euxo pipefail + git checkout "$BRANCH_NAME" -- + git reset --hard "origin/$BRANCH_NAME" + ''' + } + + stage('Build + Deploy') { + sh 'curl --compressed -sL https://code.moparisthebest.com/moparisthebest/self-ci/raw/branch/master/build-ci.sh | bash' + } + + currentBuild.result = 'SUCCESS' + } catch (Exception err) { + currentBuild.result = 'FAILURE' + } finally { + stage('Email') { + step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'admin.jenkins@moparisthebest.com', sendToIndividuals: true]) + } + deleteDir() + } +} diff --git a/.ci/build.sh b/.ci/build.sh new file mode 100755 index 0000000..250178a --- /dev/null +++ b/.ci/build.sh @@ -0,0 +1,26 @@ +#!/bin/bash +set -exo pipefail + +echo "starting build for TARGET $TARGET" + +export CRATE_NAME=kiss-ntpd + +# cross doesn't actually support stdin/stdout pipes for some reason, skip it for now +DISABLE_TESTS=1 + +SUFFIX="" + +echo "$TARGET" | grep -E '^x86_64-pc-windows-gnu$' >/dev/null && SUFFIX=".exe" + +cross rustc --bin kiss-ntpd --target $TARGET --release + +# to check how they are built +file "target/$TARGET/release/kiss-ntpd$SUFFIX" + +# if this commit has a tag, upload artifact to release +strip "target/$TARGET/release/kiss-ntpd$SUFFIX" || true # if strip fails, it's fine +mkdir -p release +mv "target/$TARGET/release/kiss-ntpd$SUFFIX" "release/kiss-ntpd-$TARGET$SUFFIX" + +echo 'build success!' +exit 0 diff --git a/.gitignore b/.gitignore index 324c57f..5cd5b07 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ target/ **/*.rs.bk +.idea/ diff --git a/.rustfmt.toml b/.rustfmt.toml new file mode 100644 index 0000000..ffc467d --- /dev/null +++ b/.rustfmt.toml @@ -0,0 +1 @@ +max_width = 200 diff --git a/Cargo.lock b/Cargo.lock new file mode 100644 index 0000000..8bb12da --- /dev/null +++ b/Cargo.lock @@ -0,0 +1,5 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +[[package]] +name = "kiss-ntpd" +version = "1.0.0" diff --git a/Cargo.toml b/Cargo.toml index 2841527..8696bc0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,13 +1,18 @@ [package] -name = "rsntp" -version = "0.0.1" -authors = ["Miroslav Lichvar "] -description = "Multi-threaded NTP server" -license = "GPLv2+" +name = "kiss-ntpd" +version = "1.0.0" +authors = ["moparisthebest "] +edition = "2018" -[dependencies] -byteorder = "1.2.0" -getopts = "0.2.14" -net2 = "0.2.29" -privdrop = "= 0.2.0" -rand = "0.6" +description = "NTP server that Keeps It Simple, Stupid" +repository = "https://code.moparisthebest.com/moparisthebest/kiss-ntpd" +keywords = ["ntp", "time", "kiss"] + +license = "AGPL-3.0-or-later" +readme = "README.md" + +include = [ + "**/*.rs", + "Cargo.toml", + "*.md", +] diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 0000000..cba6f6a --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,660 @@ +### GNU AFFERO GENERAL PUBLIC LICENSE + +Version 3, 19 November 2007 + +Copyright (C) 2007 Free Software Foundation, Inc. + + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. + +### Preamble + +The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + +The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +our General Public Licenses are intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains +free software for all its users. + +When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + +Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + +A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + +The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + +An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing +under this license. + +The precise terms and conditions for copying, distribution and +modification follow. + +### TERMS AND CONDITIONS + +#### 0. Definitions. + +"This License" refers to version 3 of the GNU Affero General Public +License. + +"Copyright" also means copyright-like laws that apply to other kinds +of works, such as semiconductor masks. + +"The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + +To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of +an exact copy. The resulting work is called a "modified version" of +the earlier work or a work "based on" the earlier work. + +A "covered work" means either the unmodified Program or a work based +on the Program. + +To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + +To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user +through a computer network, with no transfer of a copy, is not +conveying. + +An interactive user interface displays "Appropriate Legal Notices" to +the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + +#### 1. Source Code. + +The "source code" for a work means the preferred form of the work for +making modifications to it. "Object code" means any non-source form of +a work. + +A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + +The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + +The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + +The Corresponding Source need not include anything that users can +regenerate automatically from other parts of the Corresponding Source. + +The Corresponding Source for a work in source code form is that same +work. + +#### 2. Basic Permissions. + +All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + +You may make, run and propagate covered works that you do not convey, +without conditions so long as your license otherwise remains in force. +You may convey covered works to others for the sole purpose of having +them make modifications exclusively for you, or provide you with +facilities for running those works, provided that you comply with the +terms of this License in conveying all material for which you do not +control copyright. Those thus making or running the covered works for +you must do so exclusively on your behalf, under your direction and +control, on terms that prohibit them from making any copies of your +copyrighted material outside their relationship with you. + +Conveying under any other circumstances is permitted solely under the +conditions stated below. Sublicensing is not allowed; section 10 makes +it unnecessary. + +#### 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + +No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + +When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such +circumvention is effected by exercising rights under this License with +respect to the covered work, and you disclaim any intention to limit +operation or modification of the work as a means of enforcing, against +the work's users, your or third parties' legal rights to forbid +circumvention of technological measures. + +#### 4. Conveying Verbatim Copies. + +You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + +You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + +#### 5. Conveying Modified Source Versions. + +You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these +conditions: + +- a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. +- b) The work must carry prominent notices stating that it is + released under this License and any conditions added under + section 7. This requirement modifies the requirement in section 4 + to "keep intact all notices". +- c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. +- d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + +A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + +#### 6. Conveying Non-Source Forms. + +You may convey a covered work in object code form under the terms of +sections 4 and 5, provided that you also convey the machine-readable +Corresponding Source under the terms of this License, in one of these +ways: + +- a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. +- b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the Corresponding + Source from a network server at no charge. +- c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. +- d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. +- e) Convey the object code using peer-to-peer transmission, + provided you inform other peers where the object code and + Corresponding Source of the work are being offered to the general + public at no charge under subsection 6d. + +A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + +A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, +family, or household purposes, or (2) anything designed or sold for +incorporation into a dwelling. In determining whether a product is a +consumer product, doubtful cases shall be resolved in favor of +coverage. For a particular product received by a particular user, +"normally used" refers to a typical or common use of that class of +product, regardless of the status of the particular user or of the way +in which the particular user actually uses, or expects or is expected +to use, the product. A product is a consumer product regardless of +whether the product has substantial commercial, industrial or +non-consumer uses, unless such uses represent the only significant +mode of use of the product. + +"Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to +install and execute modified versions of a covered work in that User +Product from a modified version of its Corresponding Source. The +information must suffice to ensure that the continued functioning of +the modified object code is in no case prevented or interfered with +solely because modification has been made. + +If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + +The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or +updates for a work that has been modified or installed by the +recipient, or for the User Product in which it has been modified or +installed. Access to a network may be denied when the modification +itself materially and adversely affects the operation of the network +or violates the rules and protocols for communication across the +network. + +Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + +#### 7. Additional Terms. + +"Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + +When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + +Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders +of that material) supplement the terms of this License with terms: + +- a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or +- b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or +- c) Prohibiting misrepresentation of the origin of that material, + or requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or +- d) Limiting the use for publicity purposes of names of licensors + or authors of the material; or +- e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or +- f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions + of it) with contractual assumptions of liability to the recipient, + for any liability that these contractual assumptions directly + impose on those licensors and authors. + +All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + +If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + +Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; the +above requirements apply either way. + +#### 8. Termination. + +You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + +However, if you cease all violation of this License, then your license +from a particular copyright holder is reinstated (a) provisionally, +unless and until the copyright holder explicitly and finally +terminates your license, and (b) permanently, if the copyright holder +fails to notify you of the violation by some reasonable means prior to +60 days after the cessation. + +Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + +Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + +#### 9. Acceptance Not Required for Having Copies. + +You are not required to accept this License in order to receive or run +a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + +#### 10. Automatic Licensing of Downstream Recipients. + +Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + +An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + +You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + +#### 11. Patents. + +A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + +A contributor's "essential patent claims" are all patent claims owned +or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + +Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + +In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + +If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + +If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + +A patent license is "discriminatory" if it does not include within the +scope of its coverage, prohibits the exercise of, or is conditioned on +the non-exercise of one or more of the rights that are specifically +granted under this License. You may not convey a covered work if you +are a party to an arrangement with a third party that is in the +business of distributing software, under which you make payment to the +third party based on the extent of your activity of conveying the +work, and under which the third party grants, to any of the parties +who would receive the covered work from you, a discriminatory patent +license (a) in connection with copies of the covered work conveyed by +you (or copies made from those copies), or (b) primarily for and in +connection with specific products or compilations that contain the +covered work, unless you entered into that arrangement, or that patent +license was granted, prior to 28 March 2007. + +Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + +#### 12. No Surrender of Others' Freedom. + +If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under +this License and any other pertinent obligations, then as a +consequence you may not convey it at all. For example, if you agree to +terms that obligate you to collect a royalty for further conveying +from those to whom you convey the Program, the only way you could +satisfy both those terms and this License would be to refrain entirely +from conveying the Program. + +#### 13. Remote Network Interaction; Use with the GNU General Public License. + +Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your +version supports such interaction) an opportunity to receive the +Corresponding Source of your version by providing access to the +Corresponding Source from a network server at no charge, through some +standard or customary means of facilitating copying of software. This +Corresponding Source shall include the Corresponding Source for any +work covered by version 3 of the GNU General Public License that is +incorporated pursuant to the following paragraph. + +Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. + +#### 14. Revised Versions of this License. + +The Free Software Foundation may publish revised and/or new versions +of the GNU Affero General Public License from time to time. Such new +versions will be similar in spirit to the present version, but may +differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies that a certain numbered version of the GNU Affero General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU Affero General Public License, you may choose any version ever +published by the Free Software Foundation. + +If the Program specifies that a proxy can decide which future versions +of the GNU Affero General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + +Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + +#### 15. Disclaimer of Warranty. + +THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT +WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND +PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE +DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR +CORRECTION. + +#### 16. Limitation of Liability. + +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR +CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES +ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT +NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR +LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM +TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER +PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +#### 17. Interpretation of Sections 15 and 16. + +If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + +END OF TERMS AND CONDITIONS + +### How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these +terms. + +To do so, attach the following notices to the program. It is safest to +attach them to the start of each source file to most effectively state +the exclusion of warranty; and each file should have at least the +"copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as + published by the Free Software Foundation, either version 3 of the + License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper +mail. + +If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a "Source" link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for +the specific requirements. + +You should also get your employer (if you work as a programmer) or +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. For more information on this, and how to apply and follow +the GNU AGPL, see . diff --git a/Makefile b/Makefile deleted file mode 100644 index 3858668..0000000 --- a/Makefile +++ /dev/null @@ -1,8 +0,0 @@ -debug: - cargo build - -release: - cargo build --release - -clean: - cargo clean diff --git a/README.adoc b/README.adoc deleted file mode 100644 index b292312..0000000 --- a/README.adoc +++ /dev/null @@ -1,33 +0,0 @@ -= rsntp - -+rsntp+ is an experimental high-performance NTP server written in Rust. It does -not implement a full NTP client and relies on another NTP client and server to -be running on the system instead. It periodically updates its state to mirror -the real NTP client/server and uses multiple threads to serve the current -system time. - -By default, +rsntp+ uses one thread for IPv4 and another for IPv6. In order to -get the best performance, it's necessary to increase the number of threads -using the +--ipv4-threads+ and +--ipv6-threads+ options to correspond to the -number of CPU cores available on the system. - -The real NTP client/server needs to be configured to listen on 127.0.0.1 on -port 11123 (or another port if specified with the +--server-addr+ option). For -instance, the following configuration should work with +chronyd+: - ----- -allow 127.0.0.1 -port 11123 -bindaddress 127.0.0.1 ----- - -The following table shows the maximum number of NTP requests handled per second -measured on a Linux (4.16) machine with an Intel E5-1220 CPU (4 cores) and an -Intel I350 network card (1 Gb/s). - -|========================================================== -| 1 thread | 430 kpps -| 2 threads | 750 kpps -| 3 threads | 1030 kpps -| 4 threads | 1100 kpps (maximum for 1 Gb/s) -|========================================================== diff --git a/README.md b/README.md new file mode 100644 index 0000000..e86825f --- /dev/null +++ b/README.md @@ -0,0 +1,34 @@ +kiss-ntpd +--------- + +[![Build Status](https://ci.moparisthe.best/job/moparisthebest/job/kiss-ntpd/job/master/badge/icon%3Fstyle=plastic)](https://ci.moparisthe.best/job/moparisthebest/job/kiss-ntpd/job/master/) +[![crates.io](https://img.shields.io/crates/v/kiss-ntpd.svg)](https://crates.io/crates/kiss-ntpd) + +An NTP server that Keeps It Simple, Stupid. + +It simply responds to NTP queries with the current system time, it doesn't fuss with +leap seconds or stratum or any of those other things we don't care about. It will +simply synchronize your clock to the server's clock rather closely and that's it. + +Host this on your router for all your LAN clients, and let systemd-timesyncd or another +ntp client keep that clock in sync. + +##### Usage + +``` +$ kiss-ntpd -h +usage: kiss-ntpd [options...] + -b, --bind address to bind to, default '0.0.0.0:123' + -h, --help print this usage text + -V, -v, --version Show version number then quit + -d, --debug Print packets sent and recieved, very verbose + + Environment variable support: + You if environmental variable KISS_NTPD_BIND is set, it is used in place of --bind + Also KISS_NTPD_DEBUG=true can be used in place of --debug +``` + +There is an example systemd unit in `systemd/kiss-ntpd.service` which runs it with minimal permissions +and as locked down as possible. + +Many thanks to [rsntp](https://github.com/mlichvar/rsntp) from which I forked this code. diff --git a/src/main.rs b/src/main.rs index 3b15bf5..4b746b1 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,40 +1,29 @@ -// Copyright (C) 2017 Miroslav Lichvar -// -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; either version 2 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see . +/* +kiss-ntpd: an NTP server that Keeps It Simple, Stupid +Copyright (C) 2017 Miroslav Lichvar +Copyright (C) 2021 Travis Burtrum -extern crate byteorder; -extern crate getopts; -extern crate net2; -extern crate rand; -extern crate privdrop; +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. -use std::thread; +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see . +*/ + +use std::convert::TryInto; use std::env; use std::io; use std::io::{Error, ErrorKind}; -use std::net::{UdpSocket, SocketAddr}; -use std::time::{SystemTime, Duration}; -use std::sync::{Arc, Mutex}; - -use byteorder::{BigEndian, ByteOrder}; - -use getopts::Options; - -use net2::UdpBuilder; -use net2::unix::UnixUdpBuilderExt; - -use rand::random; +use std::net::{SocketAddr, UdpSocket}; +use std::str::FromStr; +use std::time::SystemTime; #[derive(Debug, Copy, Clone)] struct NtpTimestamp { @@ -44,31 +33,28 @@ struct NtpTimestamp { impl NtpTimestamp { fn now() -> NtpTimestamp { let now = SystemTime::now(); - let dur = now.duration_since(std::time::UNIX_EPOCH).unwrap(); + let dur = now.duration_since(std::time::UNIX_EPOCH).unwrap(); // this should be unable to happen let secs = dur.as_secs() + 2208988800; // 1900 epoch let nanos = dur.subsec_nanos(); - NtpTimestamp{ts: (secs << 32) + (nanos as f64 * 4.294967296) as u64} + NtpTimestamp { + ts: (secs << 32) + (nanos as f64 * 4.294967296) as u64, + } } fn zero() -> NtpTimestamp { - NtpTimestamp{ts: 0} - } - - fn random() -> NtpTimestamp { - NtpTimestamp{ts: random()} - } - - fn diff_to_sec(&self, ts: &NtpTimestamp) -> f64 { - (self.ts - ts.ts) as i64 as f64 / 4294967296.0 + NtpTimestamp { ts: 0 } } fn read(buf: &[u8]) -> NtpTimestamp { - NtpTimestamp{ts: BigEndian::read_u64(buf)} + // this unwrap can never fail because we always send in exactly 8 bytes + NtpTimestamp { + ts: u64::from_be_bytes(buf.try_into().unwrap()), + } } fn write(&self, buf: &mut [u8]) { - BigEndian::write_u64(buf, self.ts); + buf.copy_from_slice(&self.ts.to_be_bytes()); } } @@ -85,19 +71,18 @@ struct NtpFracValue { impl NtpFracValue { fn read(buf: &[u8]) -> NtpFracValue { - NtpFracValue{val: BigEndian::read_u32(buf)} + // this unwrap can never fail because we always send in exactly 4 bytes + NtpFracValue { + val: u32::from_be_bytes(buf.try_into().unwrap()), + } } fn write(&self, buf: &mut [u8]) { - BigEndian::write_u32(buf, self.val); + buf.copy_from_slice(&self.val.to_be_bytes()); } fn zero() -> NtpFracValue { - NtpFracValue{val: 0} - } - - fn increment(&mut self) { - self.val += 1; + NtpFracValue { val: 0 } } } @@ -141,7 +126,7 @@ impl NtpPacket { return Err(Error::new(ErrorKind::Other, "Unsupported version")); } - Ok(NtpPacket{ + Ok(NtpPacket { remote_addr: addr, local_ts: local_ts, leap: leap, @@ -152,7 +137,8 @@ impl NtpPacket { precision: buf[3] as i8, delay: NtpFracValue::read(&buf[4..8]), dispersion: NtpFracValue::read(&buf[8..12]), - ref_id: BigEndian::read_u32(&buf[12..16]), + // this unwrap can never fail because we always send in exactly 4 bytes + ref_id: u32::from_be_bytes((&buf[12..16]).try_into().unwrap()), ref_ts: NtpTimestamp::read(&buf[16..24]), orig_ts: NtpTimestamp::read(&buf[24..32]), rx_ts: NtpTimestamp::read(&buf[32..40]), @@ -169,7 +155,7 @@ impl NtpPacket { buf[3] = self.precision as u8; self.delay.write(&mut buf[4..8]); self.dispersion.write(&mut buf[8..12]); - BigEndian::write_u32(&mut buf[12..16], self.ref_id); + &mut buf[12..16].copy_from_slice(&self.ref_id.to_be_bytes()); self.ref_ts.write(&mut buf[16..24]); self.orig_ts.write(&mut buf[24..32]); self.rx_ts.write(&mut buf[32..40]); @@ -179,319 +165,182 @@ impl NtpPacket { } fn is_request(&self) -> bool { - self.mode == 1 || self.mode == 3 || - (self.mode == 0 && self.version == 1 && self.remote_addr.port() != 123) + self.mode == 1 || self.mode == 3 || (self.mode == 0 && self.version == 1 && self.remote_addr.port() != 123) } - fn make_response(&self, state: &NtpServerState) -> Option { + fn make_response(&self) -> Option { if !self.is_request() { return None; } - Some(NtpPacket{ + Some(NtpPacket { remote_addr: self.remote_addr, local_ts: NtpTimestamp::zero(), - leap: state.leap, + leap: 0, version: self.version, mode: if self.mode == 1 { 2 } else { 4 }, - stratum: state.stratum, + stratum: 8, poll: self.poll, - precision: state.precision, - delay: state.delay, - dispersion: state.dispersion, - ref_id: state.ref_id, - ref_ts: state.ref_ts, + precision: 0, + delay: NtpFracValue::zero(), + dispersion: NtpFracValue::zero(), + ref_id: 0, + ref_ts: NtpTimestamp::now(), orig_ts: self.tx_ts, rx_ts: self.local_ts, tx_ts: NtpTimestamp::now(), }) } - - fn new_request(remote_addr: SocketAddr) -> NtpPacket { - NtpPacket{ - remote_addr: remote_addr, - local_ts: NtpTimestamp::now(), - leap: 0, - version: 4, - mode: 3, - stratum: 0, - poll: 0, - precision: 0, - delay: NtpFracValue::zero(), - dispersion: NtpFracValue::zero(), - ref_id: 0, - ref_ts: NtpTimestamp::zero(), - orig_ts: NtpTimestamp::zero(), - rx_ts: NtpTimestamp::zero(), - tx_ts: NtpTimestamp::random(), - } - } - - fn is_valid_response(&self, request: &NtpPacket) -> bool { - self.remote_addr == request.remote_addr && - self.mode == request.mode + 1 && - self.orig_ts == request.tx_ts - } - - fn get_server_state(&self) -> NtpServerState { - NtpServerState{ - leap: self.leap, - stratum: self.stratum, - precision: self.precision, - ref_id: self.ref_id, - ref_ts: self.ref_ts, - dispersion: self.dispersion, - delay: self.delay, - } - } -} - -#[derive(Copy, Clone)] -struct NtpServerState { - leap: u8, - stratum: u8, - precision: i8, - ref_id: u32, - ref_ts: NtpTimestamp, - dispersion: NtpFracValue, - delay: NtpFracValue, } struct NtpServer { - state: Arc>, - sockets: Vec, - server_addr: String, + socket: UdpSocket, debug: bool, } impl NtpServer { - fn new(local_addrs: Vec, server_addr: String, debug: bool) -> NtpServer { - let state = NtpServerState{ - leap: 0, - stratum: 0, - precision: 0, - ref_id: 0, - ref_ts: NtpTimestamp::zero(), - dispersion: NtpFracValue::zero(), - delay: NtpFracValue::zero(), - }; - - let mut sockets = vec![]; - - for addr in local_addrs { - let sockaddr = addr.parse().unwrap(); - - let udp_builder = match sockaddr { - SocketAddr::V4(_) => UdpBuilder::new_v4().unwrap(), - SocketAddr::V6(_) => UdpBuilder::new_v6().unwrap(), - }; - - let udp_builder_ref = match sockaddr { - SocketAddr::V4(_) => &udp_builder, - SocketAddr::V6(_) => udp_builder.only_v6(true).unwrap(), - }; - - let socket = match udp_builder_ref.reuse_port(true).unwrap().bind(sockaddr) { - Ok(s) => s, - Err(e) => panic!("Couldn't bind socket: {}", e) - }; - - sockets.push(socket); - } - - NtpServer{ - state: Arc::new(Mutex::new(state)), - sockets: sockets, - server_addr: server_addr, + fn new(local_addr: String, debug: bool) -> NtpServer { + NtpServer { + socket: UdpSocket::bind(local_addr).expect("could not bind to socket"), debug: debug, } } - fn process_requests(thread_id: u32, debug: bool, socket: UdpSocket, state: Arc>) { - let mut last_update = NtpTimestamp::now(); - let mut cached_state: NtpServerState; - cached_state = *state.lock().unwrap(); - - println!("Server thread #{} started", thread_id); + fn process_requests(debug: bool, socket: UdpSocket) { + println!("Server thread started"); loop { match NtpPacket::receive(&socket) { Ok(request) => { if debug { - println!("Thread #{} received {:?}", thread_id, request); + println!("received {:?}", request); } - if request.local_ts.diff_to_sec(&last_update).abs() > 0.1 { - cached_state = *state.lock().unwrap(); - last_update = request.local_ts; - if debug { - println!("Thread #{} updated its state", thread_id); - } - } - - match request.make_response(&cached_state) { - Some(response) => { - match response.send(&socket) { - Ok(_) => { - if debug { - println!("Thread #{} sent {:?}", thread_id, response); - } - }, - Err(e) => println!("Thread #{} failed to send packet to {}: {}", - thread_id, response.remote_addr, e) + match request.make_response() { + Some(response) => match response.send(&socket) { + Ok(_) => { + if debug { + println!("sent {:?}", response); + } } + Err(e) => println!("failed to send packet to {}: {}", response.remote_addr, e), }, None => {} } - }, + } Err(e) => { - println!("Thread #{} failed to receive packet: {}", thread_id, e); - }, + println!("failed to receive packet: {}", e); + } } } } - fn update_state(state: Arc>, addr: SocketAddr, debug: bool) { - let request = NtpPacket::new_request(addr); - let mut new_state: Option = None; - let socket = match addr { - SocketAddr::V4(_) => UdpBuilder::new_v4().unwrap().bind("0.0.0.0:0").unwrap(), - SocketAddr::V6(_) => UdpBuilder::new_v6().unwrap().bind("[::]:0").unwrap(), - }; - - socket.set_read_timeout(Some(Duration::new(1, 0))).unwrap(); - - match request.send(&socket) { - Ok(_) => { - if debug { - println!("Client sent {:?}", request); - } - }, - Err(e) => { - println!("Client failed to send packet: {}", e); - return; - } - } - - loop { - let response = match NtpPacket::receive(&socket) { - Ok(packet) => { - if debug { - println!("Client received {:?}", packet); - } - - if !packet.is_valid_response(&request) { - println!("Client received unexpected {:?}", packet); - continue; - } - - packet - }, - Err(e) => { - if debug { - println!("Client failed to receive packet: {}", e); - } - break; - } - }; - - new_state = Some(response.get_server_state()); - break; - } - - if let Ok(mut state) = state.lock() { - if let Some(new_state) = new_state { - *state = new_state; - } - - state.dispersion.increment(); - } - } - - fn run(&self) { - let mut threads = vec![]; - let mut id = 0; - let quit = false; - - for socket in &self.sockets { - id = id + 1; - let state = self.state.clone(); - let debug = self.debug; - let cloned_socket = socket.try_clone().unwrap(); - - threads.push(thread::spawn(move || {NtpServer::process_requests(id, debug, cloned_socket, state); })); - } - - while ! quit { - NtpServer::update_state(self.state.clone(), self.server_addr.parse().unwrap(), self.debug); - - thread::sleep(Duration::new(1, 0)); - } - - for thread in threads { - let _ = thread.join(); - } + fn run(self) { + NtpServer::process_requests(self.debug, self.socket); } } -fn print_usage(opts: Options) { - let brief = format!("Usage: rsntp [OPTIONS]"); - print!("{}", opts.usage(&brief)); +fn arg_to_env(arg: &str) -> Option { + if !arg.starts_with("--") { + return None; + } + let env = "KISS_NTPD_".to_owned(); + let mut env = env + &arg.trim_matches('-').replace("-", "_"); + env.make_ascii_uppercase(); + Some(env) +} + +fn env_for_arg(arg: &str) -> Option { + arg_to_env(arg).and_then(|key| std::env::var(key).ok()) +} + +pub struct Args<'a> { + args: &'a Vec, +} + +impl<'a> Args<'a> { + pub fn new(args: &'a Vec) -> Args { + Args { args } + } + pub fn flag(&self, flag: &'a str) -> bool { + if self.args.contains(&flag.to_owned()) { + return true; + } + // because env we want slightly special handling of empty/0/false + match env_for_arg(flag) { + Some(env) => &env != "" && &env != "0" && &env != "false", + None => false, + } + } + pub fn get_option(&self, flags: &[&'a str]) -> Option { + for flag in flags.iter() { + let mut found = false; + for arg in self.args.iter() { + if found { + return Some(arg.to_owned()); + } + if arg == flag { + found = true; + } + } + } + // no matching arguments are found, so check env variables as a fallback + for flag in flags.iter() { + let env = env_for_arg(flag); + if env.is_some() { + return env; + } + } + return None; + } + pub fn get_str(&self, flags: &[&'a str], def: &'a str) -> String { + match self.get_option(flags) { + Some(ret) => ret, + None => def.to_owned(), + } + } + pub fn get(&self, flags: &[&'a str], def: T) -> T { + match self.get_option(flags) { + Some(ret) => match ret.parse::() { + Ok(ret) => ret, + Err(_) => def, // or panic + }, + None => def, + } + } } fn main() { - let args: Vec = env::args().collect(); - let mut addrs = Vec::new(); - let mut opts = Options::new(); + let raw_args = env::args().collect(); + let args = Args::new(&raw_args); - opts.optopt("4", "ipv4-threads", "set number of IPv4 server threads (1)", "NUM"); - opts.optopt("6", "ipv6-threads", "set number of IPv6 server threads (1)", "NUM"); - opts.optopt("a", "ipv4-address", "set local address of IPv4 server sockets (0.0.0.0:123)", "ADDR:PORT"); - opts.optopt("b", "ipv6-address", "set local address of IPv6 server sockets ([::]:123)", "ADDR:PORT"); - opts.optopt("s", "server-address", "set server address (127.0.0.1:11123)", "ADDR:PORT"); - opts.optopt("u", "user", "run as USER", "USER"); - opts.optopt("r", "root", "change root directory", "DIR"); - opts.optflag("d", "debug", "Enable debug messages"); - opts.optflag("h", "help", "Print this help message"); - - let matches = match opts.parse(&args[1..]) { - Ok(m) => m, - Err(e) => { - println!("{}", e); - print_usage(opts); - return; - } - }; - - if matches.opt_present("h") { - print_usage(opts); + if args.flag("-V") || args.flag("-v") || args.flag("--version") { + println!("kiss-ntpd {} ", env!("CARGO_PKG_VERSION")); return; } - let server_addr = matches.opt_str("s").unwrap_or("127.0.0.1:11123".to_string()); - let n4 = matches.opt_str("4").unwrap_or("1".to_string()).parse().unwrap_or(1); - let n6 = matches.opt_str("6").unwrap_or("1".to_string()).parse().unwrap_or(1); - let local_address4 = matches.opt_str("a").unwrap_or("0.0.0.0:123".to_string()); - let local_address6 = matches.opt_str("b").unwrap_or("[::]:123".to_string()); + let default_udp_host = "0.0.0.0:123"; - for _ in 0..n4 { - addrs.push(local_address4.clone()); + let bind = args.get_str(&["-b", "--bind"], default_udp_host).to_owned(); + + if args.flag("-h") || args.flag("--help") { + println!( + r#"usage: kiss-ntpd [options...] + -b, --bind address to bind to, default '{}' + -h, --help print this usage text + -V, -v, --version Show version number then quit + -d, --debug Print packets sent and recieved, very verbose + + Environment variable support: + You if environmental variable KISS_NTPD_BIND is set, it is used in place of --bind + Also KISS_NTPD_DEBUG=true can be used in place of --debug + "#, + default_udp_host + ); + return; } - for _ in 0..n6 { - addrs.push(local_address6.clone()); - } - - let server = NtpServer::new(addrs, server_addr, matches.opt_present("d")); - - if matches.opts_present(&["r".to_string(), "u".to_string()]) { - privdrop::PrivDrop::default() - .chroot(matches.opt_str("r").unwrap_or("/".to_string())) - .user(&matches.opt_str("u").unwrap_or("root".to_string())) - .unwrap_or_else(|e| { panic!("Couldn't set user: {}", e) }) - .apply() - .unwrap_or_else(|e| { panic!("Couldn't drop privileges: {}", e) }); - } + let server = NtpServer::new(bind, args.flag("-d") || args.flag("--debug")); server.run(); } diff --git a/systemd/kiss-ntpd.service b/systemd/kiss-ntpd.service new file mode 100644 index 0000000..53c63e1 --- /dev/null +++ b/systemd/kiss-ntpd.service @@ -0,0 +1,40 @@ +[Unit] +Description=kiss-ntpd NTP daemon +After=network-online.target +Wants=network-online.target +StartLimitIntervalSec=0 +Documentation=https://code.moparisthebest.com/moparisthebest/kiss-ntpd +Documentation=https://github.com/moparisthebest/kiss-ntpd + +[Service] +ExecStart=/usr/bin/kiss-ntpd +Restart=always +RestartSec=1s +# anything under here isn't strictly needed, but probably good +# to lock this down with the minimal permissions necessary +# which are not many at all +User=kiss-ntpd +DynamicUser=yes +ProtectSystem=strict +ProtectHome=true +PrivateTmp=true +PrivateDevices=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictAddressFamilies=AF_INET AF_INET6 +RestrictNamespaces=net +LockPersonality=true +MemoryDenyWriteExecute=true +RestrictRealtime=true +RestrictSUIDSGID=true +RemoveIPC=true +SystemCallArchitectures=native +# these are just needed to bind to low ports +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE + +[Install] +WantedBy=multi-user.target