diff options
author | Maxim Cournoyer <maxim.cournoyer@gmail.com> | 2019-10-31 23:20:22 -0400 |
---|---|---|
committer | Maxim Cournoyer <maxim.cournoyer@gmail.com> | 2019-10-31 23:37:47 -0400 |
commit | f37ad658eada78384764c7d6db3a7f3ad8ad283e (patch) | |
tree | 136698f9f974e3ac4ed51bd4344b80eb22eda3a1 /gnu | |
parent | 28d46d9d4317180b348ad5baeddad8ef25ed430a (diff) | |
download | guix-f37ad658eada78384764c7d6db3a7f3ad8ad283e.tar.gz |
services: ntp: Fix a crash when using legacy configuration.
Fixes issue #37504 (see: https://bugs.gnu.org/37504). The bug was caused by the fact that destructuring an <ntp-configuration> record using match would bind the 'servers' field without using the compatibility accessor. * gnu/services/networking.scm (ntp-shepherd-service): Replace `match-lambda' by distinct `lambda' and `match' calls, so that the 'servers' field can be generated by applying the `ntp-configuration-servers' procedure to the configuration object.
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/services/networking.scm | 45 |
1 files changed, 23 insertions, 22 deletions
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 841fbd741e..a1c1aad9f6 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -394,15 +394,16 @@ deprecated. Please use <ntp-server> records instead.\n") ntp-servers)))) (define ntp-shepherd-service - (match-lambda - (($ <ntp-configuration> ntp servers allow-large-adjustment?) - (let () - ;; TODO: Add authentication support. - (define config - (string-append "driftfile /var/run/ntpd/ntp.drift\n" - (string-join (map ntp-server->string servers) - "\n") - " + (lambda (config) + (match config + (($ <ntp-configuration> ntp servers allow-large-adjustment?) + (let ((servers (ntp-configuration-servers config))) + ;; TODO: Add authentication support. + (define config + (string-append "driftfile /var/run/ntpd/ntp.drift\n" + (string-join (map ntp-server->string servers) + "\n") + " # Disable status queries as a workaround for CVE-2013-5211: # <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>. restrict default kod nomodify notrap nopeer noquery limited @@ -416,20 +417,20 @@ restrict -6 ::1 # option by default, as documented in the 'ntp.conf' manual. restrict source notrap nomodify noquery\n")) - (define ntpd.conf - (plain-file "ntpd.conf" config)) + (define ntpd.conf + (plain-file "ntpd.conf" config)) - (list (shepherd-service - (provision '(ntpd)) - (documentation "Run the Network Time Protocol (NTP) daemon.") - (requirement '(user-processes networking)) - (start #~(make-forkexec-constructor - (list (string-append #$ntp "/bin/ntpd") "-n" - "-c" #$ntpd.conf "-u" "ntpd" - #$@(if allow-large-adjustment? - '("-g") - '())))) - (stop #~(make-kill-destructor)))))))) + (list (shepherd-service + (provision '(ntpd)) + (documentation "Run the Network Time Protocol (NTP) daemon.") + (requirement '(user-processes networking)) + (start #~(make-forkexec-constructor + (list (string-append #$ntp "/bin/ntpd") "-n" + "-c" #$ntpd.conf "-u" "ntpd" + #$@(if allow-large-adjustment? + '("-g") + '())))) + (stop #~(make-kill-destructor))))))))) (define %ntp-accounts (list (user-account |