@example
10 tulip
11 hyacinth
-20 MD5 crocus
-25 SHA1 iris
+20 MD5 ASCII:crocus
+25 SHA1 HEX:1dc764e0791b11fa67efc7ecbc4b0d73f68a070c
...
@end example
2**32-1. The hash function is MD5 by default, depending on how was
@code{chronyd} compiled other allowed hash functions may be SHA1, SHA256,
SHA384, SHA512, RMD128, RMD160, RMD256, RMD320, TIGER and WHIRLPOOL. The
-password can be any string of characters not containing a space.
+password can be encoded as a string of characters not containing a space with
+optional @code{ASCII:} prefix or as a hexadecimal number with @code{HEX:}
+prefix.
The ID for the chronyc authentication key is specified with the
commandkey command (see earlier).
@example
password xyzzy
+password ASCII:xyzzy
+password HEX:78797a7a79
@end example
To enter the password without it being echoed, enter
is limited to 8 characters on SunOS 4.1 due to limitations in the system
library. Other systems do not have this restriction.)
-The password is any string of characters not containing whitespace. It
-has to match @code{chronyd's} currently defined command key (@pxref{commandkey
-directive}).
+The password can be encoded as a string of characters not containing a space
+with optional @code{ASCII:} prefix or as a hexadecimal number with @code{HEX:}
+prefix. It has to match @code{chronyd's} currently defined command key
+(@pxref{commandkey directive}).
@c }}}
@c {{{ polltarget
@node polltarget command
static char *password;
static int password_seen = 0;
+static int password_length;
static int auth_hash_id;
/* ================================================== */
if (!*password) {
password_seen = 0;
} else {
- password_seen = 1;
+ password_length = UTI_DecodePasswordFromText(password);
+ if (password_length > 0) {
+ password_seen = 1;
+ } else {
+ password_seen = 0;
+ fprintf(stderr, "Could not decode password\n");
+ }
}
if (gettimeofday(&now, NULL) < 0) {
assert(auth_hash_id >= 0);
- return UTI_GenerateNTPAuth(auth_hash_id, (unsigned char *)password, strlen(password),
+ return UTI_GenerateNTPAuth(auth_hash_id, (unsigned char *)password, password_length,
(unsigned char *)msg, data_len, ((unsigned char *)msg) + data_len, sizeof (msg->auth));
}
assert(auth_hash_id >= 0);
- return UTI_CheckNTPAuth(auth_hash_id, (unsigned char *)password, strlen(password),
+ return UTI_CheckNTPAuth(auth_hash_id, (unsigned char *)password, password_length,
(unsigned char *)msg, data_len,
((unsigned char *)msg) + data_len, len - data_len);
}
continue;
}
+ keys[n_keys].len = UTI_DecodePasswordFromText(keyval);
+ if (!keys[n_keys].len) {
+ LOG(LOGS_WARN, LOGF_Keys, "Could not decode password in key %d", key_id);
+ continue;
+ }
+
keys[n_keys].id = key_id;
- keys[n_keys].len = strlen(keyval);
- keys[n_keys].val = MallocArray(char, 1 + keys[n_keys].len);
- strcpy(keys[n_keys].val, keyval);
+ keys[n_keys].val = MallocArray(char, keys[n_keys].len);
+ memcpy(keys[n_keys].val, keyval, keys[n_keys].len);
n_keys++;
}
}
more careful! */
qsort((void *) keys, n_keys, sizeof(Key), compare_keys_by_id);
+ /* Erase the passwords from stack */
+ memset(line, 0, sizeof (line));
+ memset(buf1, 0, sizeof (buf1));
+ memset(buf2, 0, sizeof (buf2));
}
}
return UTI_GenerateNTPAuth(hash_id, key, key_len, data, data_len,
buf, sizeof (buf)) == auth_len && !memcmp(buf, auth, auth_len);
}
+
+/* ================================================== */
+
+int
+UTI_DecodePasswordFromText(char *key)
+{
+ int i, j, len = strlen(key);
+ char buf[3], *p;
+
+ if (!strncmp(key, "ASCII:", 6)) {
+ memmove(key, key + 6, len - 6);
+ return len - 6;
+ } else if (!strncmp(key, "HEX:", 4)) {
+ if ((len - 4) % 2)
+ return 0;
+
+ for (i = 0, j = 4; j + 1 < len; i++, j += 2) {
+ buf[0] = key[j], buf[1] = key[j + 1], buf[2] = '\0';
+ key[i] = strtol(buf, &p, 16);
+
+ if (p != buf + 2)
+ return 0;
+ }
+
+ return i;
+ } else {
+ /* assume ASCII */
+ return len;
+ }
+}
extern int UTI_CheckNTPAuth(int hash_id, const unsigned char *key, int key_len,
const unsigned char *data, int data_len, const unsigned char *auth, int auth_len);
+/* Decode password encoded in ASCII or HEX */
+extern int UTI_DecodePasswordFromText(char *key);
+
#if defined (INLINE_UTILITIES)
#define INLINE_STATIC inline static
#include "util.c"
projects / thirdparty / chrony.git / commitdiff
