From: Harlan Stenn Date: Sat, 18 Mar 2000 05:37:41 +0000 (-0000) Subject: Many files: X-Git-Tag: NTP_4_0_99_J~64 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=13ae0d6f85cc7488d17e8adfdcd473e208a49ecc;p=thirdparty%2Fntp.git Many files: * configure.in: 4.0.99h1 * ntpd/ntp_resolver.c: Lose unneeded header. Dave changed some stuff. bk: 38d3162583cybP-nyz_esKWhDw36Mw --- diff --git a/ChangeLog b/ChangeLog index 3e5d08770b..18a417ff31 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2000-03-18 Harlan Stenn + + * configure.in: 4.0.99h1 + + * ntpd/ntp_resolver.c: Lose unneeded header. + 2000-03-17 Harlan Stenn * libntp/snprintf.c: #include diff --git a/configure b/configure index 34c6051acd..b742dbc841 100755 --- a/configure +++ b/configure @@ -1090,7 +1090,7 @@ fi PACKAGE=ntp -VERSION=4.0.99h +VERSION=4.0.99h1 if test "`CDPATH=: && cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then diff --git a/configure.in b/configure.in index c3a8ef616c..ff7e96a212 100644 --- a/configure.in +++ b/configure.in @@ -5,7 +5,7 @@ AC_CANONICAL_SYSTEM AC_DEFINE_UNQUOTED(STR_SYSTEM, "$target") AM_CONFIG_HEADER(config.h) AC_ARG_PROGRAM -AM_INIT_AUTOMAKE(ntp, 4.0.99h) +AM_INIT_AUTOMAKE(ntp, 4.0.99h1) AC_PREREQ(2.14) ac_cv_var_oncore_ok=no diff --git a/include/ntp_crypto.h b/include/ntp_crypto.h index f85097d4d9..86dc3a3319 100644 --- a/include/ntp_crypto.h +++ b/include/ntp_crypto.h @@ -61,8 +61,9 @@ extern void crypto_agree P((void)); * Cryptographic values */ extern int crypto_enable; +extern int crypto_flags; extern char * private_key_file; extern char * public_key_file; -extern char * dh_public_file; +extern char * dh_params_file; #endif /* PUBKEY */ #endif /* AUTOKEY */ diff --git a/ntpd/ntp_control.c b/ntpd/ntp_control.c index 908f005d34..d29eb7778c 100644 --- a/ntpd/ntp_control.c +++ b/ntpd/ntp_control.c @@ -1312,6 +1312,12 @@ ctl_putsys( ctl_putstr(sys_var[CS_PUBLIC].text, public_key_file, strlen(public_key_file)); break; + + case CS_DHPARAMS: + if (dh_params_file != NULL) + ctl_putstr(sys_var[CS_DHPARAMS].text, + dh_params_file, strlen(dh_params_file)); + break; #endif /* PUBKEY */ } } @@ -1557,7 +1563,7 @@ ctl_putpeer( break; case CP_AUTOSEQ: - if (peer->keynumber == 0) + if (peer->keylist != NULL) break; ctl_putint(peer_var[CP_AUTOSEQ].text, peer->recseq); ctl_puthex(peer_var[CP_INITKEY].text, peer->finlkey); diff --git a/ntpd/ntp_crypto.c b/ntpd/ntp_crypto.c index 301deed2e3..ee3f8a9939 100644 --- a/ntpd/ntp_crypto.c +++ b/ntpd/ntp_crypto.c @@ -20,7 +20,7 @@ * Extension field message formats * * +-------+-------+ +-------+-------+ +-------+-------+ - * 0 | 3 | len | | 4 | len | | 1/5 | len | + * 0 | 3 | len | | 4 | len | | 5 | len | * +-------+-------+ +-------+-------+ +-------+-------+ * 1 | assoc ID | | assoc ID | | assoc ID | * +---------------+ +---------------+ +---------------+ @@ -30,12 +30,12 @@ * +---------------+ +---------------+ = value = * 4 | final key | | | | | * +---------------+ = signature = +---------------+ - * 5 | signature len | | | CRYPTO_PUBL rsp - * +---------------+ +---------------+ CRYPTO_DH cmd - * 6 | | CRYPTO_PRIV rsp CRYPTO_DH rsp + * 5 | signature len | | | CRYPTO_DH req/rsp + * +---------------+ +---------------+ CRYPTO_PUB rsp + * 6 | | CRYPTO_PRIV rsp * = signature = - * | | Other commands and responses have only the - * +---------------+ first three words plus one word of padding. + * | | Other requests and responses have only the + * +---------------+ first two words. * CRYPTO_AUTO rsp * * CRYPTO_PUBL 1 request/respond for public key @@ -44,7 +44,7 @@ * CRYPTO_PRIV 4 request/respond cookie * CRYPTO_DH 5 send public value/receive signature * - * Note: commands carry the association ID of the receiver; responses + * Note: requests carry the association ID of the receiver; responses * carry the association ID of the sender. */ @@ -66,9 +66,9 @@ static R_RSA_PUBLIC_KEY public_key; /* RSA public key */ int crypto_enable; /* master switch */ int crypto_flags; /* flags that wave cryptically */ -char *private_key_file = "ntpkey"; /* private key file */ +char *private_key_file = NULL; /* private key file */ char *public_key_file = NULL; /* public key file */ -char *dh_params_file = "ntpkey_dh"; /* D-H parameters file */ +char *dh_params_file = NULL; /* D-H parameters file */ char *keysdir = "/usr/local/etc/"; /* crypto keys directory */ /* @@ -216,6 +216,8 @@ make_keylist( peer->lastkey); #endif #ifdef PUBKEY + if(!crypto_enable) + return; if (private_key.bits < MIN_RSA_MODULUS_BITS || private_key.bits > MAX_RSA_MODULUS_BITS) { rval = -1; @@ -296,10 +298,11 @@ crypto_recv( * client and symmetric modes. */ case CRYPTO_AUTO | CRYPTO_RESP: - peer->recseq = ntohl(pkt[i + 2]); #ifdef PUBKEY temp = ntohl(pkt[i + 5]); - if (temp == 0 || peer->pubkey == NULL) { + if (!crypto_enable) { + rval = 0; + } else if (temp == 0 || peer->pubkey == NULL) { rval = -1; } else { R_VerifyInit(&ctx, DA_MD5); @@ -323,6 +326,7 @@ crypto_recv( peer->flags |= FLAG_AUTOKEY; #endif /* PUBKEY */ peer->flash &= ~TEST10; + peer->recseq = ntohl(pkt[i + 2]); peer->finlseq = ntohl(pkt[i + 3]); peer->finlkey = peer->pkeyid = ntohl(pkt[i + 4]); @@ -336,7 +340,10 @@ crypto_recv( case CRYPTO_PRIV | CRYPTO_RESP: #ifdef PUBKEY temp = ntohl(pkt[i + 3]); - if (temp == 0 || peer->pubkey == NULL) { + if (!crypto_enable) { + rval = 0; + temp = ntohl(pkt[i + 2]); + } else if (temp == 0 || peer->pubkey == NULL) { rval = -1; temp = 0; } else { @@ -487,7 +494,7 @@ crypto_recv( #endif /* PUBKEY */ /* - * For other commands, save the command code for later; + * For other requests, save the request code for later; * for unknown responses or errors, just ignore for now. */ default: @@ -531,7 +538,7 @@ crypto_xmit( #endif /* PUBKEY */ /* - * Generate the requested extension field command code, length + * Generate the requested extension field request code, length * and association ID. */ i = start / 4; @@ -675,7 +682,7 @@ crypto_xmit( #endif /* PUBKEY */ /* - * Default - Fall through for commands; for unknown responses, + * Default - Fall through for requests; for unknown responses, * flag as error. */ default: @@ -686,7 +693,7 @@ crypto_xmit( /* * Round up the field length to a multiple of 8 bytes and save - * the command code and length. + * the request code and length. */ len = ((len + 7) / 8) * 8; if (len >= 4) { diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c index fa0f517810..aa92c21ab7 100644 --- a/ntpd/ntp_proto.c +++ b/ntpd/ntp_proto.c @@ -400,7 +400,7 @@ receive( * constructed from public and private values. * For broadcast packets and packets with * extension fields, the cookie is public - * (zero); for packets that match no + * (zero). For packets that match no * association, the cookie is hashed from the * addresses and private value. For server and * symmetric packets, the cookie has been @@ -533,6 +533,12 @@ receive( break; } peer_config_manycast(peer2, peer); +#ifdef PUBKEY + if (crypto_enable) + ntp_res_send(NULL, NULL, + peer->srcadr.sin_addr.s_addr, + peer->associd); +#endif /* PUBKEY */ break; case AM_ERR: @@ -558,6 +564,12 @@ receive( peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr, MODE_PASSIVE, PKT_VERSION(pkt->li_vn_mode), NTP_MINDPOLL, NTP_MAXDPOLL, 0, skeyid); +#ifdef PUBKEY + if (crypto_enable) + ntp_res_send(NULL, NULL, + peer->srcadr.sin_addr.s_addr, + peer->associd); +#endif /* PUBKEY */ break; case AM_NEWBCL: @@ -578,17 +590,12 @@ receive( break; peer->flags |= FLAG_MCAST1 | FLAG_MCAST2 | FLAG_BURST; peer->hmode = MODE_CLIENT; - - /* - * Crank up the resolver to fetch the canonical name and - * hope it lands before the protocol gets wound up. - */ - -printf("bcst resolve %08x, %d\n", peer->srcadr.sin_addr.s_addr, - peer->associd); - - ntp_res_send(NULL, NULL, peer->srcadr.sin_addr.s_addr, - peer->associd); +#ifdef PUBKEY + if (crypto_enable) + ntp_res_send(NULL, NULL, + peer->srcadr.sin_addr.s_addr, + peer->associd); +#endif /* PUBKEY */ break; case AM_POSSBCL: @@ -1231,11 +1238,12 @@ clock_filter( /* * Sort the samples in the register by distance. The winning * sample will be in ord[0]. Sort the samples only if they - * are younger than the Allen intercept. + * are younger than the Allen intercept; however, keep a minimum + * of two samples so that we can compute jitter. */ dtemp = min(allan_xpt, NTP_SHIFT * ULOGTOD(sys_poll)); for (n = 0; n < NTP_SHIFT; n++) { - if (n > 0 && current_time - peer->filter_epoch[ord[n]] > + if (n > 1 && current_time - peer->filter_epoch[ord[n]] > dtemp) break; for (j = 0; j < n; j++) { @@ -1934,20 +1942,22 @@ peer_xmit( */ case MODE_ACTIVE: case MODE_PASSIVE: - if (peer->cmmd != 0 && peer->cmmd >> 16 != - CRYPTO_DH) { +#ifdef PUBKEY + if (crypto_enable && peer->cmmd != 0 && + peer->cmmd >> 16 != CRYPTO_DH) { sendlen += crypto_xmit((u_int32 *)&xpkt, sendlen, (peer->cmmd >> 16) | CRYPTO_RESP, peer->hcookie, peer->associd); peer->cmmd = 0; } -#ifdef PUBKEY - if (peer->pubkey == 0) { + if (crypto_enable && crypto_flags & + CRYPTO_FLAG_PUBL && peer->pubkey == 0) { sendlen += crypto_xmit((u_int32 *)&xpkt, sendlen, CRYPTO_PUBL, peer->hcookie, peer->assoc); - } else if (peer->pcookie == 0) { + } else if (crypto_enable && peer->pcookie == 0) + { sendlen += crypto_xmit((u_int32 *)&xpkt, sendlen, CRYPTO_DH, peer->hcookie, peer->assoc); @@ -1989,7 +1999,8 @@ peer_xmit( peer->cmmd = 0; } #ifdef PUBKEY - if (peer->pubkey == 0) { + if (crypto_enable && crypto_flags & + CRYPTO_FLAG_PUBL && peer->pubkey == 0) { sendlen += crypto_xmit((u_int32 *)&xpkt, sendlen, CRYPTO_PUBL, peer->hcookie, peer->assoc); diff --git a/ntpd/ntp_resolver.c b/ntpd/ntp_resolver.c index dd85070f7d..7ba17296c5 100644 --- a/ntpd/ntp_resolver.c +++ b/ntpd/ntp_resolver.c @@ -15,13 +15,8 @@ #include #include -/**/ #include #include -/**/ -#ifdef HAVE_SYS_PARAM_H -# include /* MAXHOSTNAMELEN (often) */ -#endif #include "ntpd.h" #include "ntp_io.h"