#include "sysincl.h"
#include "addressing.h"
-#include "hash.h"
/* This is the default port to use for CANDM, if no alternative is
defined */
Version 6 : added padding to requests to prevent amplification attack,
changed maximum number of samples in manual list to 16, new commands: modify
makestep, smoothing report, smoothtime command
+
+ Authentication was removed later in version 6.
*/
#define PROTO_VERSION_NUMBER 6
(count up from zero for same sequence
number) */
uint32_t sequence; /* Client's sequence number */
- uint32_t utoken; /* Unique token per incarnation of daemon */
- uint32_t token; /* Command token (to prevent replay attack) */
+ uint32_t pad1;
+ uint32_t pad2;
union {
REQ_Null null;
REQ_SmoothTime smoothtime;
} data; /* Command specific parameters */
- /* The following fields only set the maximum size of the packet.
- There are no holes between them and the actual data. */
-
- /* Padding used to prevent traffic amplification */
+ /* Padding used to prevent traffic amplification. It only defines the
+ maximum size of the packet, there is no hole after the data field. */
uint8_t padding[MAX_PADDING_LENGTH];
- /* Authentication data */
- uint8_t auth[MAX_HASH_LENGTH];
-
} CMD_Request;
/* ================================================== */
uint16_t pad2;
uint16_t pad3;
uint32_t sequence; /* Echo of client's sequence number */
- uint32_t utoken; /* Unique token per incarnation of daemon */
- uint32_t token; /* New command token (only if command was successfully
- authenticated) */
+ uint32_t pad4;
+ uint32_t pad5;
+
union {
RPY_Null null;
RPY_N_Sources n_sources;
RPY_Smoothing smoothing;
} data; /* Reply specific parameters */
- /* authentication of the packet, there is no hole after the actual data
- from the data union, this field only sets the maximum auth size */
- uint8_t auth[MAX_HASH_LENGTH];
-
} CMD_Reply;
/* ================================================== */
tx_sequence = sequence++;
request->sequence = htonl(tx_sequence);
request->attempt = 0;
- request->utoken = 0;
- request->token = 0;
+ request->pad1 = 0;
+ request->pad2 = 0;
timeout = initial_timeout;
#endif
/* Good packet received, print out results */
- DEBUG_LOG(LOGF_Client, "Reply cmd=%d reply=%d stat=%d seq=%d utok=%08x tok=%d",
+ DEBUG_LOG(LOGF_Client, "Reply cmd=%d reply=%d stat=%d seq=%d",
ntohs(reply->command), ntohs(reply->reply), ntohs(reply->status),
- ntohl(reply->sequence), ntohl(reply->utoken), ntohl(reply->token));
+ ntohl(reply->sequence));
break;
}
}
tx_message.res1 = 0;
tx_message.res2 = 0;
tx_message.command = rx_message.command;
- tx_message.sequence = rx_message.sequence;
tx_message.reply = htons(RPY_NULL);
tx_message.status = htons(STT_SUCCESS);
tx_message.pad1 = 0;
tx_message.pad2 = 0;
tx_message.pad3 = 0;
- tx_message.utoken = 0;
- /* Set this to a default (invalid) value. This protects against the
- token field being set to an arbitrary value if we reject the
- message, e.g. due to the host failing the access check. */
- tx_message.token = htonl(0xffffffffUL);
- memset(&tx_message.auth, 0, sizeof(tx_message.auth));
+ tx_message.sequence = rx_message.sequence;
+ tx_message.pad4 = 0;
+ tx_message.pad5 = 0;
if (rx_message.version != PROTO_VERSION_NUMBER) {
DEBUG_LOG(LOGF_CmdMon, "Read command packet with protocol version %d (expected %d) from %s",
projects / thirdparty / chrony.git / commitdiff
