+2000-03-18 Harlan Stenn <stenn@whimsy.udel.edu>
+
+ * configure.in: 4.0.99h1
+
+ * ntpd/ntp_resolver.c: Lose unneeded header.
+
2000-03-17 Harlan Stenn <stenn@whimsy.udel.edu>
* libntp/snprintf.c: #include <config.h>
PACKAGE=ntp
-VERSION=4.0.99h
+VERSION=4.0.99h1
if test "`CDPATH=: && cd $srcdir && pwd`" != "`pwd`" &&
test -f $srcdir/config.status; then
AC_DEFINE_UNQUOTED(STR_SYSTEM, "$target")
AM_CONFIG_HEADER(config.h)
AC_ARG_PROGRAM
-AM_INIT_AUTOMAKE(ntp, 4.0.99h)
+AM_INIT_AUTOMAKE(ntp, 4.0.99h1)
AC_PREREQ(2.14)
ac_cv_var_oncore_ok=no
* Cryptographic values
*/
extern int crypto_enable;
+extern int crypto_flags;
extern char * private_key_file;
extern char * public_key_file;
-extern char * dh_public_file;
+extern char * dh_params_file;
#endif /* PUBKEY */
#endif /* AUTOKEY */
ctl_putstr(sys_var[CS_PUBLIC].text,
public_key_file, strlen(public_key_file));
break;
+
+ case CS_DHPARAMS:
+ if (dh_params_file != NULL)
+ ctl_putstr(sys_var[CS_DHPARAMS].text,
+ dh_params_file, strlen(dh_params_file));
+ break;
#endif /* PUBKEY */
}
}
break;
case CP_AUTOSEQ:
- if (peer->keynumber == 0)
+ if (peer->keylist != NULL)
break;
ctl_putint(peer_var[CP_AUTOSEQ].text, peer->recseq);
ctl_puthex(peer_var[CP_INITKEY].text, peer->finlkey);
* Extension field message formats
*
* +-------+-------+ +-------+-------+ +-------+-------+
- * 0 | 3 | len | | 4 | len | | 1/5 | len |
+ * 0 | 3 | len | | 4 | len | | 5 | len |
* +-------+-------+ +-------+-------+ +-------+-------+
* 1 | assoc ID | | assoc ID | | assoc ID |
* +---------------+ +---------------+ +---------------+
* +---------------+ +---------------+ = value =
* 4 | final key | | | | |
* +---------------+ = signature = +---------------+
- * 5 | signature len | | | CRYPTO_PUBL rsp
- * +---------------+ +---------------+ CRYPTO_DH cmd
- * 6 | | CRYPTO_PRIV rsp CRYPTO_DH rsp
+ * 5 | signature len | | | CRYPTO_DH req/rsp
+ * +---------------+ +---------------+ CRYPTO_PUB rsp
+ * 6 | | CRYPTO_PRIV rsp
* = signature =
- * | | Other commands and responses have only the
- * +---------------+ first three words plus one word of padding.
+ * | | Other requests and responses have only the
+ * +---------------+ first two words.
* CRYPTO_AUTO rsp
*
* CRYPTO_PUBL 1 request/respond for public key
* CRYPTO_PRIV 4 request/respond cookie
* CRYPTO_DH 5 send public value/receive signature
*
- * Note: commands carry the association ID of the receiver; responses
+ * Note: requests carry the association ID of the receiver; responses
* carry the association ID of the sender.
*/
int crypto_enable; /* master switch */
int crypto_flags; /* flags that wave cryptically */
-char *private_key_file = "ntpkey"; /* private key file */
+char *private_key_file = NULL; /* private key file */
char *public_key_file = NULL; /* public key file */
-char *dh_params_file = "ntpkey_dh"; /* D-H parameters file */
+char *dh_params_file = NULL; /* D-H parameters file */
char *keysdir = "/usr/local/etc/"; /* crypto keys directory */
/*
peer->lastkey);
#endif
#ifdef PUBKEY
+ if(!crypto_enable)
+ return;
if (private_key.bits < MIN_RSA_MODULUS_BITS ||
private_key.bits > MAX_RSA_MODULUS_BITS) {
rval = -1;
* client and symmetric modes.
*/
case CRYPTO_AUTO | CRYPTO_RESP:
- peer->recseq = ntohl(pkt[i + 2]);
#ifdef PUBKEY
temp = ntohl(pkt[i + 5]);
- if (temp == 0 || peer->pubkey == NULL) {
+ if (!crypto_enable) {
+ rval = 0;
+ } else if (temp == 0 || peer->pubkey == NULL) {
rval = -1;
} else {
R_VerifyInit(&ctx, DA_MD5);
peer->flags |= FLAG_AUTOKEY;
#endif /* PUBKEY */
peer->flash &= ~TEST10;
+ peer->recseq = ntohl(pkt[i + 2]);
peer->finlseq = ntohl(pkt[i + 3]);
peer->finlkey = peer->pkeyid = ntohl(pkt[i +
4]);
case CRYPTO_PRIV | CRYPTO_RESP:
#ifdef PUBKEY
temp = ntohl(pkt[i + 3]);
- if (temp == 0 || peer->pubkey == NULL) {
+ if (!crypto_enable) {
+ rval = 0;
+ temp = ntohl(pkt[i + 2]);
+ } else if (temp == 0 || peer->pubkey == NULL) {
rval = -1;
temp = 0;
} else {
#endif /* PUBKEY */
/*
- * For other commands, save the command code for later;
+ * For other requests, save the request code for later;
* for unknown responses or errors, just ignore for now.
*/
default:
#endif /* PUBKEY */
/*
- * Generate the requested extension field command code, length
+ * Generate the requested extension field request code, length
* and association ID.
*/
i = start / 4;
#endif /* PUBKEY */
/*
- * Default - Fall through for commands; for unknown responses,
+ * Default - Fall through for requests; for unknown responses,
* flag as error.
*/
default:
/*
* Round up the field length to a multiple of 8 bytes and save
- * the command code and length.
+ * the request code and length.
*/
len = ((len + 7) / 8) * 8;
if (len >= 4) {
* constructed from public and private values.
* For broadcast packets and packets with
* extension fields, the cookie is public
- * (zero); for packets that match no
+ * (zero). For packets that match no
* association, the cookie is hashed from the
* addresses and private value. For server and
* symmetric packets, the cookie has been
break;
}
peer_config_manycast(peer2, peer);
+#ifdef PUBKEY
+ if (crypto_enable)
+ ntp_res_send(NULL, NULL,
+ peer->srcadr.sin_addr.s_addr,
+ peer->associd);
+#endif /* PUBKEY */
break;
case AM_ERR:
peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr,
MODE_PASSIVE, PKT_VERSION(pkt->li_vn_mode),
NTP_MINDPOLL, NTP_MAXDPOLL, 0, skeyid);
+#ifdef PUBKEY
+ if (crypto_enable)
+ ntp_res_send(NULL, NULL,
+ peer->srcadr.sin_addr.s_addr,
+ peer->associd);
+#endif /* PUBKEY */
break;
case AM_NEWBCL:
break;
peer->flags |= FLAG_MCAST1 | FLAG_MCAST2 | FLAG_BURST;
peer->hmode = MODE_CLIENT;
-
- /*
- * Crank up the resolver to fetch the canonical name and
- * hope it lands before the protocol gets wound up.
- */
-
-printf("bcst resolve %08x, %d\n", peer->srcadr.sin_addr.s_addr,
- peer->associd);
-
- ntp_res_send(NULL, NULL, peer->srcadr.sin_addr.s_addr,
- peer->associd);
+#ifdef PUBKEY
+ if (crypto_enable)
+ ntp_res_send(NULL, NULL,
+ peer->srcadr.sin_addr.s_addr,
+ peer->associd);
+#endif /* PUBKEY */
break;
case AM_POSSBCL:
/*
* Sort the samples in the register by distance. The winning
* sample will be in ord[0]. Sort the samples only if they
- * are younger than the Allen intercept.
+ * are younger than the Allen intercept; however, keep a minimum
+ * of two samples so that we can compute jitter.
*/
dtemp = min(allan_xpt, NTP_SHIFT * ULOGTOD(sys_poll));
for (n = 0; n < NTP_SHIFT; n++) {
- if (n > 0 && current_time - peer->filter_epoch[ord[n]] >
+ if (n > 1 && current_time - peer->filter_epoch[ord[n]] >
dtemp)
break;
for (j = 0; j < n; j++) {
*/
case MODE_ACTIVE:
case MODE_PASSIVE:
- if (peer->cmmd != 0 && peer->cmmd >> 16 !=
- CRYPTO_DH) {
+#ifdef PUBKEY
+ if (crypto_enable && peer->cmmd != 0 &&
+ peer->cmmd >> 16 != CRYPTO_DH) {
sendlen += crypto_xmit((u_int32 *)&xpkt,
sendlen, (peer->cmmd >> 16) |
CRYPTO_RESP, peer->hcookie,
peer->associd);
peer->cmmd = 0;
}
-#ifdef PUBKEY
- if (peer->pubkey == 0) {
+ if (crypto_enable && crypto_flags &
+ CRYPTO_FLAG_PUBL && peer->pubkey == 0) {
sendlen += crypto_xmit((u_int32 *)&xpkt,
sendlen, CRYPTO_PUBL, peer->hcookie,
peer->assoc);
- } else if (peer->pcookie == 0) {
+ } else if (crypto_enable && peer->pcookie == 0)
+ {
sendlen += crypto_xmit((u_int32 *)&xpkt,
sendlen, CRYPTO_DH, peer->hcookie,
peer->assoc);
peer->cmmd = 0;
}
#ifdef PUBKEY
- if (peer->pubkey == 0) {
+ if (crypto_enable && crypto_flags &
+ CRYPTO_FLAG_PUBL && peer->pubkey == 0) {
sendlen += crypto_xmit((u_int32 *)&xpkt,
sendlen, CRYPTO_PUBL, peer->hcookie,
peer->assoc);
#include <netdb.h>
#include <signal.h>
-/**/
#include <netinet/in.h>
#include <arpa/inet.h>
-/**/
-#ifdef HAVE_SYS_PARAM_H
-# include <sys/param.h> /* MAXHOSTNAMELEN (often) */
-#endif
#include "ntpd.h"
#include "ntp_io.h"
projects / thirdparty / ntp.git / commitdiff
