ntp: don't accept packets with unexpected authentication

If authentication is not enabled in configuration, responses are not
expected to be authenticated. Handle such responses as having failed
authentication.

A case where this could happen is a misconfigured symmetric association
where only one peer has specified the other with a key. Before this
change synchronization would work in one direction and used packets
with an asymmetric length.

diff --git a/ntp_auth.c b/ntp_auth.c
index 56f05fc23e08942bb8ab2f6951c393e115af594d..43f4483a18277fa92e48d19ebeabb5ab902aee5f 100644 (file)
--- a/ntp_auth.c
+++ b/ntp_auth.c
@@ -401,11 +401,6 @@ NAU_GenerateResponseAuth(NTP_Packet *request, NTP_PacketInfo *request_info,
 int
 NAU_CheckResponseAuth(NAU_Instance instance, NTP_Packet *response, NTP_PacketInfo *info)
 {
-  /* If we don't expect the packet to be authenticated, ignore any
-     authentication data in the packet */
-  if (instance->mode == NTP_AUTH_NONE)
-    return 1;
-
   /* The authentication must match the expected mode */
   if (info->auth.mode != instance->mode)
     return 0;

diff --git a/test/unit/ntp_core.c b/test/unit/ntp_core.c
index 7a70245ad402cb5241ad2bfc7764d78b974f32b6..d3965cdd814cd724d1b00ab3aa227e3ec5ff441e 100644 (file)
--- a/test/unit/ntp_core.c
+++ b/test/unit/ntp_core.c
@@ -356,9 +356,9 @@ test_unit(void)
                                      inst1->tx_count < MAX_CLIENT_INTERLEAVED_TX);
       authenticated = random() % 2;
       valid = (!interleaved || (source.params.interleaved && has_updated)) &&
-              (!source.params.authkey || authenticated);
+              ((source.params.authkey == INACTIVE_AUTHKEY) == !authenticated);
       updated = (valid || inst1->mode == MODE_ACTIVE) &&
-                (!source.params.authkey || authenticated);
+                ((source.params.authkey == INACTIVE_AUTHKEY) == !authenticated);
       has_updated = has_updated || updated;
       if (inst1->mode == MODE_CLIENT)
         updated = 0;