From: Dave Hart Date: Sun, 2 Oct 2011 08:47:56 +0000 (+0000) Subject: ntp-keygen -M is intended to ignore all other defaults and X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f3af1888a6ed89b5468f1255c7bc04bc8def96f2;p=thirdparty%2Fntp.git ntp-keygen -M is intended to ignore all other defaults and options, so do not attempt to open existing Autokey host certificate before generating symmetric keys and terminating. Restore IFF, MV, and GQ identity parameter filename convention to ntpkey_par_ in ntpd, matching ntp-keygen. Change some error logging to syslog to ignore logconfig mask, such as reporting PPSAPI failure in NMEA and WWVB refclocks. Conditionalize NMEA serial open message under clockevent. Send all peer variables to trappers in report_event(). bk: 4e88253cruon987H9d0WFe_xkaLp6Q --- diff --git a/ChangeLog b/ChangeLog index 9c0c4f4e17..0c0c9f7de1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +* ntp-keygen -M is intended to ignore all other defaults and + options, so do not attempt to open existing Autokey host certificate + before generating symmetric keys and terminating. +* Restore IFF, MV, and GQ identity parameter filename convention to + ntpkey_par_ in ntpd, matching ntp-keygen. +* Change some error logging to syslog to ignore logconfig mask, such + as reporting PPSAPI failure in NMEA and WWVB refclocks. +* Conditionalize NMEA serial open message under clockevent. +* Send all peer variables to trappers in report_event(). (4.2.7p217) 2011/09/29 Released by Harlan Stenn * [Bug 2020] ntp-keygen -s no longer sets host in cert file name. * [Backward Incompatible] ntp-keygen -i option long name changed from diff --git a/include/ntp_syslog.h b/include/ntp_syslog.h index 58c3044604..a0152b53d9 100644 --- a/include/ntp_syslog.h +++ b/include/ntp_syslog.h @@ -73,6 +73,13 @@ extern char * syslog_abs_fname; #define NLOG_SYNCSTATIST 0x00008000 /* sync statistics output */ extern u_int32 ntp_syslogmask; -#define NLOG(_X_) if (ntp_syslogmask & (_X_)) + +#define NLOG(bits) if (ntp_syslogmask & (bits)) + +#define LOGIF(nlog_suffix, msl_args) \ +do { \ + NLOG(NLOG_##nlog_suffix) /* like "if (...) */ \ + msyslog msl_args; \ +} while (FALSE) #endif /* NTP_SYSLOG_H */ diff --git a/ntpd/ntp_control.c b/ntpd/ntp_control.c index 2deb91ac5f..7ace0675be 100644 --- a/ntpd/ntp_control.c +++ b/ntpd/ntp_control.c @@ -4330,7 +4330,7 @@ report_event( " %s", str); } NLOG(NLOG_SYSEVENT) - msyslog(LOG_INFO, "%s", statstr); + msyslog(LOG_INFO, "%s", statstr); } else { /* @@ -4362,7 +4362,7 @@ report_event( " %s", str); } NLOG(NLOG_PEEREVENT) - msyslog(LOG_INFO, "%s", statstr); + msyslog(LOG_INFO, "%s", statstr); } record_proto_stats(statstr); #if DEBUG @@ -4389,32 +4389,17 @@ report_event( rpkt.associd = 0; rpkt.status = htons(ctlsysstatus()); - /* - * For now, put everything we know about system - * variables. Don't send crypto strings. - */ - for (i = 1; i <= CS_MAXCODE; i++) { -#ifdef AUTOKEY - if (i > CS_VARLIST) - continue; -#endif /* AUTOKEY */ + /* Include the core system variables and the list. */ + for (i = 1; i <= CS_VARLIST; i++) ctl_putsys(i); - } } else { NTP_INSIST(peer != NULL); rpkt.associd = htons(peer->associd); rpkt.status = htons(ctlpeerstatus(peer)); - /* - * Dump it all. Later, maybe less. - */ - for (i = 1; i <= CP_MAXCODE; i++) { -#ifdef AUTOKEY - if (i > CP_VARLIST) - continue; -#endif /* AUTOKEY */ + /* Dump it all. Later, maybe less. */ + for (i = 1; i <= CP_MAX_NOAUTOKEY; i++) ctl_putpeer(i, peer); - } #ifdef REFCLOCK /* * for clock exception events: add clock variables to diff --git a/ntpd/ntp_crypto.c b/ntpd/ntp_crypto.c index cc1dfe0fc0..8e2334c309 100644 --- a/ntpd/ntp_crypto.c +++ b/ntpd/ntp_crypto.c @@ -1613,30 +1613,42 @@ crypto_ident( struct peer *peer /* peer structure pointer */ ) { - - /* - * We come here after the trusted host has been found. The name - * of the parameters file is in peer->ident and must be present. - * Search the key cache for all keys matching this name. Use the - * first one available. The identity scheme is supplied by the - * server. - */ - peer->ident_pkey = crypto_key(peer->ident, NULL, &peer->srcadr); - if (peer->ident_pkey == NULL) { - report_event(XEVNT_ID, peer, NULL); - return (CRYPTO_NULL); - } - if (peer->crypto & CRYPTO_FLAG_IFF) - return (CRYPTO_IFF); - - else if (peer->crypto & CRYPTO_FLAG_GQ) - return (CRYPTO_GQ); - - else if (peer->crypto & CRYPTO_FLAG_MV) - return (CRYPTO_MV); - - report_event(XEVNT_ID, peer, NULL); - return (CRYPTO_NULL); + char filename[MAXFILENAME]; + const char * scheme_name; + u_int scheme_id; + + /* + * We come here after the group trusted host has been found; its + * name defines the group name. Search the key cache for all + * keys matching the same group name in order IFF, GQ and MV. + * Use the first one available. + */ + scheme_name = NULL; + if (peer->crypto & CRYPTO_FLAG_IFF) { + scheme_name = "iff"; + scheme_id = CRYPTO_IFF; + } else if (peer->crypto & CRYPTO_FLAG_GQ) { + scheme_name = "gq"; + scheme_id = CRYPTO_GQ; + } else if (peer->crypto & CRYPTO_FLAG_MV) { + scheme_name = "mv"; + scheme_id = CRYPTO_MV; + } + + if (scheme_name != NULL) { + snprintf(filename, sizeof(filename), "ntpkey_%spar_%s", + scheme_name, peer->ident); + peer->ident_pkey = crypto_key(filename, NULL, + &peer->srcadr); + if (peer->ident_pkey != NULL) + return scheme_id; + } + + msyslog(LOG_NOTICE, + "crypto_ident: no identity parameters found for group %s", + peer->ident); + + return CRYPTO_NULL; } @@ -1666,8 +1678,7 @@ crypto_args( len = sizeof(struct exten); if (str != NULL) len += strlen(str); - ep = emalloc(len); - memset(ep, 0, len); + ep = emalloc_zero(len); if (opcode == 0) return (ep); @@ -3231,8 +3242,7 @@ cert_parse( /* * Extract version, subject name and public key. */ - ret = emalloc(sizeof(*ret)); - memset(ret, 0, sizeof(*ret)); + ret = emalloc_zero(sizeof(*ret)); if ((ret->pkey = X509_get_pubkey(cert)) == NULL) { msyslog(LOG_ERR, "cert_parse: %s", ERR_error_string(ERR_get_error(), NULL)); diff --git a/ntpd/ntp_loopfilter.c b/ntpd/ntp_loopfilter.c index 715f2c3e41..9237b5e175 100644 --- a/ntpd/ntp_loopfilter.c +++ b/ntpd/ntp_loopfilter.c @@ -251,7 +251,7 @@ local_clock( /* * This section simulates ntpdate. If the offset exceeds the * step threshold (128 ms), step the clock to that time and - * exit. Othewise, slew the clock to that time and exit. Note + * exit. Otherwise, slew the clock to that time and exit. Note * that the slew will persist and eventually complete beyond the * life of this program. Note that while ntpdate is active, the * terminal does not detach, so the termination message prints diff --git a/ntpd/refclock_nmea.c b/ntpd/refclock_nmea.c index 9c7cb192e7..ac7cfa721f 100644 --- a/ntpd/refclock_nmea.c +++ b/ntpd/refclock_nmea.c @@ -41,8 +41,6 @@ # include "refclock_atom.h" #endif /* HAVE_PPSAPI */ -#define MSYSLOG(args) do { NLOG(NLOG_CLOCKINFO) msyslog args; } while (0) - /* * This driver supports NMEA-compatible GPS receivers @@ -338,21 +336,23 @@ struct refclock refclock_nmea = { */ static int nmea_start( - int unit, - struct peer * peer + int unit, + struct peer * peer ) { - struct refclockproc * const pp = peer->procptr; - nmea_unit * const up = emalloc_zero(sizeof(*up)); + struct refclockproc * const pp = peer->procptr; + nmea_unit * const up = emalloc_zero(sizeof(*up)); + char device[20]; + size_t devlen; + u_int32 rate; + int baudrate; + char * baudtext; - char device[20]; - size_t devlen; - int baudrate; - char * baudtext; + /* Get baudrate choice from mode byte bits 4/5/6 */ + rate = (peer->ttl & NMEA_BAUDRATE_MASK) >> NMEA_BAUDRATE_SHIFT; - /* Get baudrate value and text from mode byte bit 4/5/6 */ - switch ((peer->ttl & NMEA_BAUDRATE_MASK) >> NMEA_BAUDRATE_SHIFT) { + switch (rate) { case 0: baudrate = SPEED232; baudtext = "4800"; @@ -406,13 +406,11 @@ nmea_start( pp->clockdesc = DESCRIPTION; memcpy(&pp->refid, REFID, 4); - /* Open serial port. Use CLK line discipline, if available. Use - * baudrate based on the value of bit 4/5/6 - */ + /* Open serial port. Use CLK line discipline, if available. */ devlen = snprintf(device, sizeof(device), DEVICE, unit); if (devlen >= sizeof(device)) { - MSYSLOG((LOG_ERR, "%s clock device name too long", - refnumtoa(&peer->srcadr))); + msyslog(LOG_ERR, "%s clock device name too long", + refnumtoa(&peer->srcadr)); return FALSE; /* buffer overflow */ } pp->io.fd = refclock_open(device, baudrate, LDISC_CLK); @@ -421,8 +419,8 @@ nmea_start( if (-1 == pp->io.fd) return FALSE; } - msyslog(LOG_NOTICE, "%s serial %s open at %s bps", - refnumtoa(&peer->srcadr), device, baudtext); + LOGIF(CLOCKINFO, (LOG_NOTICE, "%s serial %s open at %s bps", + refnumtoa(&peer->srcadr), device, baudtext)); /* succeed if this clock can be added */ return io_addclock(&pp->io) != 0; @@ -504,8 +502,8 @@ nmea_control( S_IRUSR | S_IWUSR); } else { up->ppsapi_fd = -1; - MSYSLOG((LOG_ERR, "%s PPS device name too long", - refnumtoa(&peer->srcadr))); + msyslog(LOG_ERR, "%s PPS device name too long", + refnumtoa(&peer->srcadr)); } if (-1 == up->ppsapi_fd) up->ppsapi_fd = pp->io.fd; @@ -514,9 +512,9 @@ nmea_control( /* use the PPS API for our own purposes now. */ refclock_params(pp->sloppyclockflag, &up->atom); } else { - MSYSLOG((LOG_WARNING, - "%s flag1 1 but PPSAPI fails", - refnumtoa(&peer->srcadr))); + msyslog(LOG_WARNING, + "%s flag1 1 but PPSAPI fails", + refnumtoa(&peer->srcadr)); } } @@ -727,13 +725,12 @@ nmea_receive( struct calendar date; /* to keep & convert the time stamp */ struct timespec tofs; /* offset to full-second reftime */ gps_weektm gpsw; /* week time storage */ - /* results of sentence/date/time parsing */ - u_char sentence; /* sentence tag */ - int checkres; - char * cp; - u_char rc_date; - u_char rc_time; + u_char sentence; /* sentence tag */ + int checkres; + char * cp; + int rc_date; + int rc_time; /* make sure data has defined pristine state */ ZERO(tofs); @@ -926,8 +923,8 @@ nmea_receive( /* Check if we must enter GPS time mode; log so if we do */ if (!up->gps_time && (sentence == NMEA_GPZDG)) { - MSYSLOG((LOG_INFO, "%s using GPS time scale", - refnumtoa(&peer->srcadr))); + msyslog(LOG_INFO, "%s using GPS time as if it were UTC", + refnumtoa(&peer->srcadr)); up->gps_time = 1; } @@ -1555,9 +1552,10 @@ unfold_century( ntpcal_ntp_to_date(&rec, rec_ui, NULL); baseyear = (rec.year > 2000) ? (rec.year - 20) : 1980; - jd->year = ntpcal_periodic_extend(baseyear, jd->year, 100); + jd->year = (u_short)ntpcal_periodic_extend(baseyear, jd->year, + 100); - return (baseyear <= jd->year) && (baseyear + 100 > jd->year); + return ((baseyear <= jd->year) && (baseyear + 100 > jd->year)); } /* diff --git a/ntpd/refclock_wwvb.c b/ntpd/refclock_wwvb.c index f2856b0303..8472f86971 100644 --- a/ntpd/refclock_wwvb.c +++ b/ntpd/refclock_wwvb.c @@ -229,8 +229,8 @@ wwvb_shutdown( struct peer *peer ) { - register struct wwvbunit *up; - struct refclockproc *pp; + struct refclockproc * pp; + struct wwvbunit * up; pp = peer->procptr; up = pp->unitptr; @@ -395,28 +395,28 @@ wwvb_receive( */ switch (qualchar) { - case ' ': + case ' ': pp->disp = .001; pp->lastref = pp->lastrec; break; - case 'A': + case 'A': pp->disp = .01; break; - case 'B': + case 'B': pp->disp = .1; break; - case 'C': + case 'C': pp->disp = .5; break; - case 'D': + case 'D': pp->disp = MAXDISPERSE; break; - default: + default: pp->disp = MAXDISPERSE; refclock_report(peer, CEVNT_BADREPLY); break; @@ -591,9 +591,8 @@ wwvb_control( return; } - NLOG(NLOG_CLOCKINFO) - msyslog(LOG_WARNING, "%s flag1 1 but PPSAPI fails", - refnumtoa(&peer->srcadr)); + msyslog(LOG_WARNING, "%s flag1 1 but PPSAPI fails", + refnumtoa(&peer->srcadr)); } #endif /* HAVE_PPSAPI */ diff --git a/util/ntp-keygen.c b/util/ntp-keygen.c index ad041f2906..a518bf1cb9 100644 --- a/util/ntp-keygen.c +++ b/util/ntp-keygen.c @@ -423,7 +423,18 @@ main( "Random seed file %s %u bytes\n", pathbuf, temp); RAND_add(&epoch, sizeof(epoch), 4.0); } +#endif /* AUTOKEY */ + /* + * Create new unencrypted MD5 keys file if requested. If this + * option is selected, ignore all other options. + */ + if (md5key) { + gen_md5("md5"); + exit (0); + } + +#ifdef AUTOKEY /* * Load previous certificate if available. */ @@ -480,18 +491,7 @@ main( scheme = "RSA-MD5"; fprintf(stderr, "Using host %s group %s\n", hostname, groupname); -#endif /* AUTOKEY */ - /* - * Create new unencrypted MD5 keys file if requested. If this - * option is selected, ignore all other options. - */ - if (md5key) { - gen_md5("md5"); - exit (0); - } - -#ifdef AUTOKEY /* * Create a new encrypted RSA host key file if requested; * otherwise, look for an existing host key file. If not found,