cmdmon: save NTS cookies and server keys on dump command

Extend the dump command to save also the server NTS keys and client NTS
cookies. Remove the warning for unset dumpdir.

diff --git a/client.c b/client.c
index 6f0aad2d77f2192392bf29924318093641bab497..189937689151e74cb814d37bebf790a998566b0b 100644 (file)
--- a/client.c
+++ b/client.c
@@ -1267,7 +1267,7 @@ give_help(void)
     "\0\0"
     "Other daemon commands:\0\0"
     "cyclelogs\0Close and re-open log files\0"
-    "dump\0Dump all measurements to save files\0"
+    "dump\0Dump measurements and NTS keys/cookies\0"
     "rekey\0Re-read keys from key file\0"
     "reset\0Drop all measurements\0"
     "shutdown\0Stop daemon\0"

diff --git a/cmdmon.c b/cmdmon.c
index 60ae1ccb9dbc2814173736a3efccd6ffed15bea2..77378be8c953c031b923b7b2ffc1857e76b54da0 100644 (file)
--- a/cmdmon.c
+++ b/cmdmon.c
@@ -44,6 +44,7 @@
 #include "reference.h"
 #include "manual.h"
 #include "memory.h"
+#include "nts_ke_server.h"
 #include "local.h"
 #include "addrfilt.h"
 #include "conf.h"
@@ -309,6 +310,8 @@ static void
 handle_dump(CMD_Request *rx_message, CMD_Reply *tx_message)
 {
   SRC_DumpSources();
+  NSR_DumpAuthData();
+  NKS_DumpKeys();
 }
 
 /* ================================================== */

diff --git a/ntp_auth.c b/ntp_auth.c
index 9c1056d1704f710d59e18bea4b35a48fbb817fbd..1cf55dafb5cba11e8fcef42d10893f5030cb321c 100644 (file)
--- a/ntp_auth.c
+++ b/ntp_auth.c
@@ -484,3 +484,17 @@ NAU_ChangeAddress(NAU_Instance instance, IPAddr *address)
       assert(0);
   }
 }
+
+/* ================================================== */
+
+void
+NAU_DumpData(NAU_Instance instance)
+{
+  switch (instance->mode) {
+    case NTP_AUTH_NTS:
+      NNC_DumpData(instance->nts);
+      break;
+    default:
+      break;
+  }
+}

diff --git a/ntp_auth.h b/ntp_auth.h
index b1f06eb84df3b89d193a8d93c67c1a30a5dd1fef..3d8014e307b3ce9482d15ef7e477c06dba9dabb5 100644 (file)
--- a/ntp_auth.h
+++ b/ntp_auth.h
@@ -86,4 +86,7 @@ extern int NAU_CheckResponseAuth(NAU_Instance instance, NTP_Packet *response,
 /* Change an authentication-specific address (e.g. after replacing a source) */
 extern void NAU_ChangeAddress(NAU_Instance instance, IPAddr *address);
 
+/* Save authentication-specific data to speed up the next start */
+extern void NAU_DumpData(NAU_Instance instance);
+
 #endif

diff --git a/ntp_core.c b/ntp_core.c
index 3b262ea20e96adda6992f8cd0e7822c701800e8c..8c92175d0218888303dd414fc64b7a4ab648d590 100644 (file)
--- a/ntp_core.c
+++ b/ntp_core.c
@@ -2562,6 +2562,14 @@ int NCR_IsSyncPeer(NCR_Instance inst)
 
 /* ================================================== */
 
+void
+NCR_DumpAuthData(NCR_Instance inst)
+{
+  NAU_DumpData(inst->auth);
+}
+
+/* ================================================== */
+
 static void
 broadcast_timeout(void *arg)
 {

diff --git a/ntp_core.h b/ntp_core.h
index d675547a4c87b2c721b7c54830212b747ace87b4..32a9581ca6752aa936979705cfa0ac8ad3822039 100644 (file)
--- a/ntp_core.h
+++ b/ntp_core.h
@@ -136,6 +136,8 @@ extern uint32_t NCR_GetLocalRefid(NCR_Instance inst);
 
 extern int NCR_IsSyncPeer(NCR_Instance instance);
 
+extern void NCR_DumpAuthData(NCR_Instance inst);
+
 extern void NCR_AddBroadcastDestination(IPAddr *addr, unsigned short port, int interval);
 
 #endif /* GOT_NTP_CORE_H */

diff --git a/ntp_sources.c b/ntp_sources.c
index e38839fb4c2be24cdbbaf433bfeaf7b2c2857b2f..81e1fa311d220893e768c937adf71df1b791e53b 100644 (file)
--- a/ntp_sources.c
+++ b/ntp_sources.c
@@ -1297,6 +1297,18 @@ NSR_GetActivityReport(RPT_ActivityReport *report)
   }
 }
 
-
 /* ================================================== */
 
+void
+NSR_DumpAuthData(void)
+{
+  SourceRecord *record;
+  int i;
+
+  for (i = 0; i < ARR_GetSize(records); i++) {
+    record = get_record(i);
+    if (!record->remote_addr)
+      continue;
+    NCR_DumpAuthData(record->data);
+  }
+}

diff --git a/ntp_sources.h b/ntp_sources.h
index ce50a680143b2460d778ff2b309fcb57b1ea0c6c..77e8803ef991bb7671606ce00d774f928bf08604 100644 (file)
--- a/ntp_sources.h
+++ b/ntp_sources.h
@@ -140,4 +140,6 @@ extern int NSR_GetNTPReport(RPT_NTPReport *report);
 
 extern void NSR_GetActivityReport(RPT_ActivityReport *report);
 
+extern void NSR_DumpAuthData(void);
+
 #endif /* GOT_NTP_SOURCES_H */

diff --git a/nts_ke_server.c b/nts_ke_server.c
index 08fd85efc0dc0a9b314178db2aa591c72ba11c75..f92bfc6a2c0a02dc72446bd07274b404d756ba64 100644 (file)
--- a/nts_ke_server.c
+++ b/nts_ke_server.c
@@ -707,6 +707,14 @@ NKS_Finalise(void)
 
 /* ================================================== */
 
+void
+NKS_DumpKeys(void)
+{
+  save_keys();
+}
+
+/* ================================================== */
+
 /* A server cookie consists of key ID, nonce, and encrypted C2S+S2C keys */
 
 int

diff --git a/nts_ke_server.h b/nts_ke_server.h
index 77b00c3454ba2a015eedfd9b8f6cf99bcc0ee0ce..edf62c595d30697721716bebac3ff9d5812c54e6 100644 (file)
--- a/nts_ke_server.h
+++ b/nts_ke_server.h
@@ -33,6 +33,9 @@
 extern void NKS_Initialise(int scfilter_level);
 extern void NKS_Finalise(void);
 
+/* Save the current server keys */
+extern void NKS_DumpKeys(void);
+
 /* Generate an NTS cookie with a given context */
 extern int NKS_GenerateCookie(NKE_Context *context, NKE_Cookie *cookie);
 

diff --git a/nts_ntp_client.c b/nts_ntp_client.c
index 4b2cf3183b7ad4bd5fbb4122a425279ad793643a..4eeef98a156e0d1e3ac32301d2fb3608bab75c72 100644 (file)
--- a/nts_ntp_client.c
+++ b/nts_ntp_client.c
@@ -619,3 +619,11 @@ error:
   memset(&inst->context, 0, sizeof (inst->context));
   inst->num_cookies = 0;
 }
+
+/* ================================================== */
+
+void
+NNC_DumpData(NNC_Instance inst)
+{
+  save_cookies(inst);
+}

diff --git a/nts_ntp_client.h b/nts_ntp_client.h
index 23e772136e442886de29042111020a48d8608e5b..4c410da8c36d68722ac419378d08c4da27c379f3 100644 (file)
--- a/nts_ntp_client.h
+++ b/nts_ntp_client.h
@@ -43,4 +43,6 @@ extern int NNC_CheckResponseAuth(NNC_Instance inst, NTP_Packet *packet,
 
 extern void NNC_ChangeAddress(NNC_Instance inst, IPAddr *address);
 
+extern void NNC_DumpData(NNC_Instance inst);
+
 #endif

diff --git a/sources.c b/sources.c
index 9865908652a5f2e529c59cda2f05fa0d6d4c8fae..d06f9ca17cdc9b1bc1d33912ef411f82fa7948d6 100644 (file)
--- a/sources.c
+++ b/sources.c
@@ -1197,7 +1197,6 @@ FILE *open_dumpfile(SRC_Instance inst, char mode)
 
   dumpdir = CNF_GetDumpDir();
   if (dumpdir[0] == '\0') {
-    LOG(LOGS_WARN, "dumpdir not specified");
     return NULL;
   }
 

diff --git a/stubs.c b/stubs.c
index 63aea148e01c5c7f0d273c422fe8e98b61a672f1..49a6a4efb10da82961ef95b3add3d1d50a830464 100644 (file)
--- a/stubs.c
+++ b/stubs.c
@@ -331,6 +331,11 @@ NSR_GetActivityReport(RPT_ActivityReport *report)
   memset(report, 0, sizeof (*report));
 }
 
+void
+NSR_DumpAuthData(void)
+{
+}
+
 #ifndef FEAT_CMDMON
 
 void
@@ -515,6 +520,11 @@ NNC_ChangeAddress(NNC_Instance inst, IPAddr *address)
 {
 }
 
+void
+NNC_DumpData(NNC_Instance inst)
+{
+}
+
 void
 NKC_Initialise(void)
 {
@@ -535,4 +545,9 @@ NKS_Finalise(void)
 {
 }
 
+void
+NKS_DumpKeys(void)
+{
+}
+
 #endif /* !FEAT_NTS */