# HG changeset patch
# User Brian Utterback <brian.utterback@oracle.com>
# Date 1480388396 28800
# Node ID 2aa7c5a61a30a7007742ba58d02fa07ff211d5de
# Parent  d7ad80926fea3375005d231066a22dab54f8b1c7
24660275 adj_systime: too chatty on NGZ
17774349 ntp: adj_systime: Not owner in messages file after p2v migration
PSARC/2016/614 NTP SMF property ignore_sys_time_error

diff -r d7ad80926fea -r 2aa7c5a61a30 components/ntp/Solaris/ntp.sh
--- a/components/ntp/Solaris/ntp.sh	Mon Nov 28 18:54:29 2016 -0800
+++ b/components/ntp/Solaris/ntp.sh	Mon Nov 28 18:59:56 2016 -0800
@@ -21,7 +21,7 @@
 #
 
 #
-# Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2009, 2017, Oracle and/or its affiliates. All rights reserved.
 #
 
 # Standard prolog
@@ -44,8 +44,23 @@
 
 # Disable globbing to prevent privilege escalations by users authorized
 # to set property values for the NTP service.
-set -f 
+set -f
 
+# Do we want to run without setting the clock? If not and we don't have
+# the priv to set the clock, exit. If so, remove the priv and
+# continue on. Set env variable to tell ntpd to ignore EPERM errors.
+val=`svcprop -c -p config/disable_local_time_adjustment $SMF_FMRI`
+if [ "$val" = "true" ]; then
+       	export IGNORE_SYS_TIME_ERROR=1
+	ppriv -s EIP-sys_time $$
+else
+	ppriv -q sys_time
+	if (($? > 0)); then
+		echo "Error: Insufficient privilege to adjust the system clock." \
+	    	" Set the disable_local_time_adjustment property to run anyway."
+		exit $SMF_EXIT_ERR_CONFIG
+	fi
+fi
 #
 # Build the command line flags
 #
diff -r d7ad80926fea -r 2aa7c5a61a30 components/ntp/Solaris/ntp.xml
--- a/components/ntp/Solaris/ntp.xml	Mon Nov 28 18:54:29 2016 -0800
+++ b/components/ntp/Solaris/ntp.xml	Mon Nov 28 18:59:56 2016 -0800
@@ -20,7 +20,7 @@
 
  CDDL HEADER END
 
- Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2009, 2017, Oracle and/or its affiliates. All rights reserved.
 
  NOTE:  This service manifest is not editable; its contents will
  be overwritten by package or patch operations, including
@@ -144,6 +144,11 @@
 			    value='true' />
 
 			<propval
+			    name='disable_local_time_adjustment'
+			    type='boolean'
+			    value='false' />
+
+			<propval
 			    name='logfile'
 			    type='astring'
 			    value='/var/ntp/ntp.log' />
diff -r d7ad80926fea -r 2aa7c5a61a30 components/ntp/patches/80-eperm.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/ntp/patches/80-eperm.patch	Mon Nov 28 18:59:56 2016 -0800
@@ -0,0 +1,180 @@
+This patch is Solaris specific and will not be submitted to the community. It
+makes it possible to suppress the "Not owner" errors if NTP is run in a zone
+without the sys_time privilege needed to adjust the clock. It also adds a check
+for that same privilege so that the service will go into maintenance by default
+if the privilege is missing. 
+
+*** include/ntp_machine.h
+--- include/ntp_machine.h
+*************** extern char *strdup(const char *);
+*** 293,297 ****
+--- 293,298 ----
+  extern time_t	timegm		(struct tm *);
+  #endif
+  
++ extern int	eperm_count;
+  
+  #endif	/* NTP_MACHINE_H */
+*** ntpd/ntp_loopfilter.c
+--- ntpd/ntp_loopfilter.c
+***************
+*** 15,20 ****
+--- 15,21 ----
+  #include "ntp_io.h"
+  #include "ntp_unixtime.h"
+  #include "ntp_stdlib.h"
++ #include "ntp_machine.h"
+  
+  #include <limits.h>
+  #include <stdio.h>
+*************** ntp_adjtime_error_handler(
+*** 263,278 ****
+  			);
+  		    break;
+  		    case EPERM:
+! 			if (tai_call) {
+! 			    errno = saved_errno;
+! 			    msyslog(LOG_ERR,
+! 				"%s: ntp_adjtime(TAI) failed: %m",
+! 				caller);
+  			}
+! 			errno = saved_errno;
+! 			msyslog(LOG_ERR, "%s: %s line %d: ntp_adjtime: %m",
+! 			    caller, file_name(), line
+! 			);
+  		    break;
+  		    default:
+  			msyslog(LOG_NOTICE, "%s: %s line %d: unhandled errno value %d after failed ntp_adjtime call",
+--- 264,284 ----
+  			);
+  		    break;
+  		    case EPERM:
+! 		    	if (!eperm_count) {
+! 				if (tai_call) {
+! 				    errno = saved_errno;
+! 				    msyslog(LOG_ERR,
+! 					"%s: ntp_adjtime(TAI) failed: %m",
+! 					caller);
+! 				}
+! 				errno = saved_errno;
+! 				msyslog(LOG_ERR, "%s: %s line %d: ntp_adjtime: %m",
+! 				    caller, file_name(), line
+! 				);
+! 				msyslog(LOG_ERR, "Is the current zone missing"
+! 				    " the sys_time privilege?");
+  			}
+! 			eperm_count++;
+  		    break;
+  		    default:
+  			msyslog(LOG_NOTICE, "%s: %s line %d: unhandled errno value %d after failed ntp_adjtime call",
+*** libntp/systime.c
+--- libntp/systime.c
+***************
+*** 14,19 ****
+--- 14,20 ----
+  #include "timevalops.h"
+  #include "timespecops.h"
+  #include "ntp_calendar.h"
++ #include "ntp_machine.h"
+  
+  #ifdef HAVE_SYS_PARAM_H
+  # include <sys/param.h>
+***************
+*** 28,33 ****
+--- 29,40 ----
+  int	allow_panic = FALSE;		/* allow panic correction (-g) */
+  int	enable_panic_check = TRUE;	/* Can we check allow_panic's state? */
+  
++ /* Count how many EPERM error we have had. Only log an error on the first
++  * one. Don't even try after the first ten. To suppress the log, initialize
++  * the count to one.
++  */
++ int	eperm_count=0;
++ 
+  #ifndef USE_COMPILETIME_PIVOT
+  # define USE_COMPILETIME_PIVOT 1
+  #endif
+*************** adj_systime(
+*** 346,363 ****
+  		adjtv.tv_usec = -adjtv.tv_usec;
+  		sys_residual = -sys_residual;
+  	}
+  	if (adjtv.tv_sec != 0 || adjtv.tv_usec != 0) {
+! 		if (adjtime(&adjtv, &oadjtv) < 0) {
+! 			msyslog(LOG_ERR, "adj_systime: %m");
+! 			if (enable_panic_check && allow_panic) {
+! 				msyslog(LOG_ERR, "adj_systime: allow_panic is TRUE!");
+  			}
+  			return FALSE;
+  		}
+  	}
+- 	if (enable_panic_check && allow_panic) {
+- 		msyslog(LOG_ERR, "adj_systime: allow_panic is TRUE!");
+- 	}
+  	return TRUE;
+  }
+  #endif
+--- 353,380 ----
+  		adjtv.tv_usec = -adjtv.tv_usec;
+  		sys_residual = -sys_residual;
+  	}
++ 	if (enable_panic_check && allow_panic) {
++ 		msyslog(LOG_ERR, "adj_systime: allow_panic is TRUE!");
++ 	}
+  	if (adjtv.tv_sec != 0 || adjtv.tv_usec != 0) {
+! 		/* After a few tries, give up */
+! 		if (eperm_count < 10) {
+! 			if (adjtime(&adjtv, &oadjtv) < 0) {
+! 				if (errno == EPERM) {
+! 				       	if (!eperm_count) {
+! 						msyslog(LOG_ERR,
+! 						    "adj_systime: %m");
+! 					}
+! 					eperm_count++;
+! 				} else {
+! 					msyslog(LOG_ERR, "adj_systime: %m");
+! 				}
+! 				return FALSE;
+  			}
++ 		} else {
+  			return FALSE;
+  		}
+  	}
+  	return TRUE;
+  }
+  #endif
+*************** step_systime(
+*** 440,446 ****
+  
+  	/* now set new system time */
+  	if (ntp_set_tod(&timetv, NULL) != 0) {
+! 		msyslog(LOG_ERR, "step-systime: %m");
+  		if (enable_panic_check && allow_panic) {
+  			msyslog(LOG_ERR, "step_systime: allow_panic is TRUE!");
+  		}
+--- 457,466 ----
+  
+  	/* now set new system time */
+  	if (ntp_set_tod(&timetv, NULL) != 0) {
+! 		if (errno == EPERM && !eperm_count) {
+! 			msyslog(LOG_ERR, "step-systime: %m");
+! 			eperm_count++;
+! 		}
+  		if (enable_panic_check && allow_panic) {
+  			msyslog(LOG_ERR, "step_systime: allow_panic is TRUE!");
+  		}
+*** ntpd/ntpd.c
+--- ntpd/ntpd.c
+*************** ntpdmain(
+*** 641,646 ****
+--- 641,650 ----
+  	}
+  # endif
+  
++ 	if (getenv("IGNORE_SYS_TIME_ERROR")) {
++ 		eperm_count=1;
++ 	}
++ 
+  /*
+   * Enable the Multi-Media Timer for Windows?
+   */