nts: add server support for NTP server negotiation

Add ntsntpserver directive to specify the hostname of the NTP server
provided in NTS-KE response to clients.

diff --git a/conf.c b/conf.c
index 442f83332225cc8c2f90d975ecda2cd0c99bb82b..3a360ef7195cdbf62a07595103dab56ab7b4c0c0 100644 (file)
--- a/conf.c
+++ b/conf.c
@@ -223,8 +223,9 @@ static char *leapsec_tz = NULL;
 /* Name of the user to which will be dropped root privileges. */
 static char *user;
 
-/* NTS dump dir, certificates, private key, and port */
+/* NTS server and client configuration */
 static char *nts_dump_dir = NULL;
+static char *nts_ntp_server = NULL;
 static char *nts_server_cert_file = NULL;
 static char *nts_server_key_file = NULL;
 static int nts_server_port = 11443;
@@ -405,6 +406,7 @@ CNF_Finalise(void)
   Free(tempcomp_sensor_file);
   Free(tempcomp_point_file);
   Free(nts_dump_dir);
+  Free(nts_ntp_server);
   Free(nts_server_cert_file);
   Free(nts_server_key_file);
   Free(nts_trusted_cert_file);
@@ -554,6 +556,8 @@ CNF_ParseLine(const char *filename, int number, char *line)
   } else if (!strcasecmp(command, "ntscachedir") ||
              !strcasecmp(command, "ntsdumpdir")) {
     parse_string(p, &nts_dump_dir);
+  } else if (!strcasecmp(command, "ntsntpserver")) {
+    parse_string(p, &nts_ntp_server);
   } else if (!strcasecmp(command, "ntsport")) {
     parse_int(p, &nts_server_port);
   } else if (!strcasecmp(command, "ntsprocesses")) {
@@ -2077,6 +2081,14 @@ CNF_GetNtsDumpDir(void)
 
 /* ================================================== */
 
+char *
+CNF_GetNtsNtpServer(void)
+{
+  return nts_ntp_server;
+}
+
+/* ================================================== */
+
 char *
 CNF_GetNtsServerCertFile(void)
 {

diff --git a/conf.h b/conf.h
index 6510fbd7cebf3f21c0a5db0d75e0ae6d82a2c6e5..7c9247088b72a577f1626c4a0b5e46406098b163 100644 (file)
--- a/conf.h
+++ b/conf.h
@@ -140,6 +140,7 @@ typedef struct {
 extern int CNF_GetHwTsInterface(unsigned int index, CNF_HwTsInterface **iface);
 
 extern char *CNF_GetNtsDumpDir(void);
+extern char *CNF_GetNtsNtpServer(void);
 extern char *CNF_GetNtsServerCertFile(void);
 extern char *CNF_GetNtsServerKeyFile(void);
 extern int CNF_GetNtsServerPort(void);

diff --git a/nts_ke_server.c b/nts_ke_server.c
index 4850696d2866d09d33e8c76c88b6e4fee0503d8f..4a76f15cf422217df7cd9d999296f5aa266e9c5d 100644 (file)
--- a/nts_ke_server.c
+++ b/nts_ke_server.c
@@ -299,6 +299,7 @@ prepare_response(NKSN_Instance session, int error, int next_protocol, int aead_a
 {
   NKE_Context context;
   NKE_Cookie cookie;
+  char *ntp_server;
   uint16_t datum;
   int i;
 
@@ -325,11 +326,10 @@ prepare_response(NKSN_Instance session, int error, int next_protocol, int aead_a
         return 0;
     }
 
-    /* This should be configurable */
-    if (0) {
-      const char server[] = "::1";
-      if (!NKSN_AddRecord(session, 1, NKE_RECORD_NTPV4_SERVER_NEGOTIATION, server,
-                          sizeof (server) - 1))
+    ntp_server = CNF_GetNtsNtpServer();
+    if (ntp_server) {
+      if (!NKSN_AddRecord(session, 1, NKE_RECORD_NTPV4_SERVER_NEGOTIATION,
+                          ntp_server, strlen(ntp_server)))
         return 0;
     }