# Barix configuration interface
# (c) 2012 Barix AG
#
# meta-file for automatic config-file generation

# destination file for the configuration (absolute path)
DST_FILE=/etc/ntp.conf

# template file located in /barix/config/templates/templates (no template)
TEMPLATE_FILE=

# comments are prefixed with this character
COMMENT_PREFIX="#"

# function to create the dynamic content
DYNAMIC_CONTENT_FN=create_dynamic_config

# function to create dynamic content
function create_dynamic_config()
{
	# the tinker command must be first
	echo "# Do not panic on big time differences and sync to NTP always" 
	echo "tinker panic 0"
	# servers
	owner=`cfg_print_param ntp.source.owner`
	srv4=`cfg_print_param ntp.source.server4`
	restricts="#Exchange to the configured servers, but do not allow configuration\n"
	if [ "system" = "$owner" ]; then
		if [ "$srv4" ] ; then 
			# for soundscape use portal as NTP server
			echo "server $srv4 iburst"
			restricts+="restrict $srv4 kod notrap nomodify nopeer\n"
		else
			# normal situation: populate the ntp.conf
			# with all the available entries
	    		for nr in 1 2 3 ; do
				server=`cfg_print_param ntp.source.server$nr`
				if [ $server ] ; then  
					echo "pool $server iburst"
				fi
	    		done
			echo "disable server"
			
	    	fi
    	elif [ "application" = "$owner" ]; then
    		# for Store & Play use the NTP server set in player.cfg
        	for nr in 1 2 3 ; do                                            
            	server=`cfg_print_param ntp.source.server_app$nr`           
            	if [ $server ] ; then  
            		echo "server $server iburst" 
            		restricts+="restrict $server kod notrap nomodify nopeer\n"
            	fi
        done                 
    fi
	
echo -e "

# disable misuse of NTP via DDoS attacks using the monitor command (reflection attack)
# http://support.ntp.org/bin/view/Main/SecurityNotice
# https://isc.sans.edu/forums/diary/NTP+reflection+attack/17300/
disable monitor
	"

}

