ChangeLog, ntp.h, ntp_crypto.c, ntp_proto.c:

  * ntpd/ntp_proto.c (transmit): AUTOKEY and tstamp fixes.
  (clock_update): Check oleap against LEAP_NOTINSYNC
  (peer_clear): Free pubkey when we're done
  Check peer's keynumber against the seq in MODE_BROADCAST.
  Reorder tstamp changes.
  * ntpd/ntp_crypto.c (crypto_recv): Check the packet if we get a
  CRYPTO_RESP and reorder the update of tstamp.
  (crypto_recv): Don't expire the peer until we're thru with it.
  * include/ntp.h: AUTOKEY and pkeyid changes
  From Dave Mills

bk: 390fc19drMPQsPPQ61PNHSGnakYLFA

diff --git a/ChangeLog b/ChangeLog
index 773d5fd6cb6f629e32cbc5a29597af4380771170..d1925063b4ec71515a1e32842d2233ef91f90e6f 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
 2000-05-03  Harlan Stenn  <stenn@whimsy.udel.edu>
 
+       * ntpd/ntp_proto.c (transmit): AUTOKEY and tstamp fixes.
+       (clock_update): Check oleap against LEAP_NOTINSYNC
+       (peer_clear): Free pubkey when we're done
+       Check peer's keynumber against the seq in MODE_BROADCAST.
+       Reorder tstamp changes.
+       * ntpd/ntp_crypto.c (crypto_recv): Check the packet if we get a
+       CRYPTO_RESP and reorder the update of tstamp.
+       (crypto_recv): Don't expire the peer until we're thru with it.
+       * include/ntp.h: AUTOKEY and pkeyid changes
+       From Dave Mills
+
        * ntpdate/ntpdate.c: Protect sys/ioctl.h
 
 2000-05-01  Harlan Stenn  <stenn@whimsy.udel.edu>

diff --git a/include/ntp.h b/include/ntp.h
index afd310e12f3df6f7c6787691f659416ecd5c311a..e8cbde12e930d48d658ed86eb4cda70c6f924427 100644 (file)
--- a/include/ntp.h
+++ b/include/ntp.h
@@ -277,21 +277,21 @@ struct peer {
        /*
         * Variables used by authenticated client
         */
+#ifdef AUTOKEY
+       u_short assoc;          /* association ID of peer */
+#endif /* AUTOKEY */
        keyid_t keyid;          /* current key ID */
        u_char  *keystr;        /* public key file name */
+       keyid_t pkeyid;         /* previous key ID */
+#define clear_to_zero pkeyid
+#ifdef AUTOKEY
 #ifdef PUBKEY
        u_char  *pubkey;        /* public key */
 #endif /* PUBKEY */
-       keyid_t pkeyid;         /* previous key ID */
-#ifdef AUTOKEY
-#define clear_to_zero pkeyid
-#define crypto_to_zero pkeyid
        keyid_t hcookie;        /* host cookie */
        struct cookie pcookie;  /* peer cookie */
        struct autokey recauto; /* autokey */
        u_int32 cmmd;           /* peer command */
-       u_short assoc;          /* association ID of peer */
-       u_int   tailcnt;        /* authentic packet watchdog */
        /*
         * Variables used by authenticated server
         */
@@ -304,11 +304,6 @@ struct peer {
         * Ephemeral state variables
         */
        u_int   valid;          /* valid update counter */
-#ifdef AUTOKEY
-#define end_crypto_to_zero valid
-#else
-#define clear_to_zero valid
-#endif /* AUTOKEY */
        u_char  status;         /* peer status */
        u_char  pollsw;         /* what it says */
        u_char  reach;          /* reachability register */

diff --git a/ntpd/ntp_crypto.c b/ntpd/ntp_crypto.c
index 7e07b6ec5c14c376cee058d5a1f3ce61cd1bd30e..202748e1213b91a158cdd9f2a5bb28f167c0b5cf 100644 (file)
--- a/ntpd/ntp_crypto.c
+++ b/ntpd/ntp_crypto.c
@@ -295,9 +295,9 @@ crypto_recv(
                i = authlen / 4;
                len = ntohl(pkt[i]) & 0xffff;
                code = (ntohl(pkt[i]) >> 16) & 0xffff;
-               tstamp = ntohl(pkt[i + 2]);
-               if (code & CRYPTO_RESP)
+               if (code & CRYPTO_RESP && ntohl(pkt[i + 1]) != 0)
                        peer->assoc = ntohl(pkt[i + 1]);
+               tstamp = ntohl(pkt[i + 2]);
 #ifdef DEBUG
                if (debug)
                        printf(
@@ -404,8 +404,8 @@ crypto_recv(
                        peer->flash &= ~TEST10;
                        peer->pcookie.tstamp = tstamp;
                        if (temp != peer->pcookie.key) {
-                               key_expire(peer);
                                peer->pcookie.key = temp;
+                               key_expire(peer);
                        }
                        break;
 
@@ -468,8 +468,8 @@ crypto_recv(
                        peer->flash &= ~TEST10;
                        peer->pcookie.tstamp = tstamp;
                        if (temp != peer->pcookie.key) {
-                               key_expire(peer);
                                peer->pcookie.key = temp;
+                               key_expire(peer);
                        }
                        break;
 

diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c
index 39b167e76b59251d58dde07c0583ccac573656d8..9821656bb33a6f494483cd6aee2e032a257cefa7 100644 (file)
--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -100,10 +100,6 @@ transmit(
                 * is not configured and not likely to stay around,
                 * we exhaust it.
                 */
-#ifdef AUTOKEY
-               if (peer->flags & FLAG_AUTHENABLE)
-                       peer->tailcnt++;
-#endif /* AUTOKEY */
                if (peer->hmode != MODE_BROADCAST)
                        peer->unreach++;
                oreach = peer->reach;
@@ -175,17 +171,6 @@ transmit(
                                hpoll++;
                        if (peer->flags & FLAG_BURST)
                                peer->burst = NTP_SHIFT;
-#ifdef AUTOKEY
-                       /*
-                        * If an authenticated packet has not been heard
-                        * for awhile, the server may have refreshed
-                        * keys. So, do a soft reset.
-                        */
-                       if (peer->tailcnt > NTP_TAILMAX) {
-                               key_expire(peer);
-                               peer->pcookie.tstamp = 0;
-                       }
-#endif /* AUTOKEY */
                }
        } else {
                peer->burst--;
@@ -202,6 +187,7 @@ transmit(
                                peer->flags &= ~FLAG_BURST;
                                peer->hmode = MODE_BCLIENT;
 #ifdef AUTOKEY
+                               peer->pcookie.tstamp = 0;
                                key_expire(peer);
 #endif /* AUTOKEY */
                        }
@@ -687,9 +673,6 @@ receive(
        peer->flash = 0;
        if (is_authentic) {
                peer->flags |= FLAG_AUTHENTIC;
-#ifdef AUTOKEY
-               peer->tailcnt = 0;
-#endif /* AUTOKEY */
        } else {
                peer->flags &= ~FLAG_AUTHENTIC;
        }
@@ -731,25 +714,28 @@ receive(
        if (peer->flags & FLAG_SKEY) {
                peer->flash |= TEST10;
                crypto_recv(peer, rbufp);
-               if (!peer->flash & TEST10) {
-                       peer->pkeyid = skeyid;
-               } else if (hismode == MODE_SERVER) {
+
+printf("xxxx %08x %08x %08x %08x\n", peer->keyid, skeyid, tkeyid,
+    peer->pkeyid);
+
+               if (hismode == MODE_SERVER) {
                        if (skeyid == peer->keyid)
                                peer->flash &= ~TEST10;
+               } else if (!peer->flash & TEST10) {
+                       peer->pkeyid = skeyid;
                } else {
-                       int i = 0;
+                       int i;
 
-                       for (i = 0;; i++) {
+                       for (i = 0; ; i++) {
                                if (tkeyid == peer->pkeyid ||
                                    tkeyid == peer->recauto.key) {
                                        peer->flash &= ~TEST10;
                                        peer->pkeyid = skeyid;
                                        break;
                                }
-                               if (i > peer->recauto.seq) {
-                                       peer->recauto.tstamp = 0;
+                               if (i > peer->recauto.seq)
                                        break;
-                               }
+
                                if (hismode == MODE_BROADCAST)
                                        tkeyid = session_key(
                                            &rbufp->recv_srcadr,
@@ -1048,9 +1034,11 @@ clock_update(void)
                    fabs(sys_peer->delay);
                sys_leap = leap_consensus;
        }
-       if (oleap != sys_leap) {
+       if (oleap == LEAP_NOTINSYNC) {
                report_event(EVNT_SYNCCHG, (struct peer *)0);
+/*
                expire_all();
+*/
        }
        if (ostratum != sys_stratum)
                report_event(EVNT_PEERSTCHG, (struct peer *)0);
@@ -1148,6 +1136,10 @@ peer_clear(
 #endif
 #ifdef AUTOKEY
        key_expire(peer);
+#ifdef PUBKEY
+       if (peer->pubkey != NULL)
+               free(peer->pubkey);
+#endif /* PUBKEY */
 #endif /* AUTOKEY */
 
        /*
@@ -1909,7 +1901,7 @@ peer_xmit(
                 * values at other times.
                 */
                case MODE_BROADCAST:
-                       if (peer->keynumber == peer->sndauto.tstamp)
+                       if (peer->keynumber == peer->sndauto.seq)
                                cmmd = CRYPTO_AUTO | CRYPTO_RESP;
                        else
                                cmmd = CRYPTO_ASSOC | CRYPTO_RESP;
@@ -2014,15 +2006,15 @@ peer_xmit(
                                    peer->assoc);
                        } else
 #endif /* PUBKEY */
-                       if (peer->pcookie.tstamp == 0) {
-                               sendlen += crypto_xmit((u_int32 *)&xpkt,
-                                   sendlen, CRYPTO_PRIV, peer->hcookie,
-                                   peer->assoc);
-                       } else if (peer->recauto.tstamp == 0 &&
+                       if (peer->recauto.tstamp == 0 &&
                            peer->flags & FLAG_MCAST2) {
                                sendlen += crypto_xmit((u_int32 *)&xpkt,
                                    sendlen, CRYPTO_AUTO, peer->hcookie,
                                    peer->assoc);
+                       } else if (peer->pcookie.tstamp == 0) {
+                               sendlen += crypto_xmit((u_int32 *)&xpkt,
+                                   sendlen, CRYPTO_PRIV, peer->hcookie,
+                                   peer->assoc);
                        }
                        break;
                }