From: Harlan Stenn Date: Sun, 11 Dec 2005 23:54:45 +0000 (-0500) Subject: [Bug 531]: ntpdc limitations on addserver & addpeer (Ray Van Tassle) X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f3d186fee24016908eaec4a139ce6b53f884e3ea;p=thirdparty%2Fntp.git [Bug 531]: ntpdc limitations on addserver & addpeer (Ray Van Tassle) bk: 439cbc45nj_6ufBVyv3KxLxUQ47JQQ --- diff --git a/html/ntpdc.html b/html/ntpdc.html index e82d0584d7..800127eefe 100644 --- a/html/ntpdc.html +++ b/html/ntpdc.html @@ -115,11 +115,33 @@

Authenticated requests always include a timestamp in the packet data, which is included in the computation of the authentication code. This timestamp is compared by the server to its receive time stamp. If they differ by more than a small amount the request is rejected. This is done for two reasons. First, it makes simple replay attacks on the server, by someone who might be able to overhear traffic on your LAN, much more difficult. Second, it makes it more difficult to request configuration changes to your server from topologically remote hosts. While the reconfiguration facility will work well with a server on the local host, and may work adequately between time-synchronized hosts on the same LAN, it will work very poorly for more distant hosts. As such, if reasonable passwords are chosen, care is taken in the distribution and protection of keys and appropriate source address restrictions are applied, the run time reconfiguration facility should provide an adequate level of security.

The following commands all make authenticated requests.

-
addpeer peer_address [ keyid ] [ version ] [ prefer ] -
Add a configured peer association at the given address and operating in symmetric active mode. Note that an existing association with the same peer may be deleted when this command is executed, or may simply be converted to conform to the new configuration, as appropriate. If the optional keyid is a nonzero integer, all outgoing packets to the remote server will have an authentication field attached encrypted with this key. If the value is 0 (or not given) no authentication will be done. The version# can be 1, 2 or 3 and defaults to 3. The prefer keyword indicates a preferred peer (and thus will be used primarily for clock synchronisation if possible). The preferred peer also determines the validity of the PPS signal - if the preferred peer is suitable for synchronisation so is the PPS signal. -
addserver peer_address [ keyid ] [ version ] [ prefer ] +
addpeer peer_address [ + keyid ] [ version ] [ + minpoll|prefer|iburst|burst [...] ] +
Add a configured peer association at the + given address and operating in symmetric + active mode. Note that an existing association + with the same peer may be deleted when this + command is executed, or may simply be + converted to conform to the new configuration, + as appropriate. If the optional keyid + is a nonzero integer, all outgoing packets to + the remote server will have an authentication + field attached encrypted with this key. If the + value is 0 (or not given) no authentication + will be done. The version# can be 1, + 2 or 3 and defaults to 3. The remaining + options are either a numeric value for minpoll or + a literal string prefer, iburst, or + burst, and have the action as specified in the + peer configuration file command of + ntpd. See the Server Options page for further information. + Each flag (or its absence) replaces the + previous setting. The prefer keyword indicates a preferred peer (and thus will be used primarily for clock synchronisation if possible). The preferred peer also determines the validity of the PPS signal - if the preferred peer is suitable for synchronisation so is the PPS signal. +
addserver peer_address [ keyid ] [ version ] [ [ minpoll|prefer|iburst|burst [...] ]
Identical to the addpeer command, except that the operating mode is client. -
broadcast peer_address [ keyid ] [ version ] [ prefer ] +
broadcast peer_address [ + keyid ] [ version ] [ prefer ]
Identical to the addpeer command, except that the operating mode is broadcast. In this case a valid key identifier and key are required. The peer_address parameter can be the broadcast address of the local network or a multicast group address assigned to NTP. If a multicast address, a multicast-capable kernel is required.
unconfig peer_address [...]
This command causes the configured bit to be removed from the specified peer(s). In many cases this will cause the peer association to be deleted. When appropriate, however, the association may persist in an unconfigured mode if the remote peer is willing to continue on in this fashion. @@ -156,4 +178,4 @@ - \ No newline at end of file + diff --git a/ntpd/ntp_request.c b/ntpd/ntp_request.c index b067b9a788..17dcef5fb1 100644 --- a/ntpd/ntp_request.c +++ b/ntpd/ntp_request.c @@ -495,17 +495,21 @@ process_private( !(inpkt->implementation == IMPL_XNTPD && inpkt->request == REQ_CONFIG && temp_size == sizeof(struct old_conf_peer))) { +#ifdef DEBUG if (debug > 2) printf("process_private: wrong item size, received %d, should be %d or %d\n", temp_size, proc->sizeofitem, proc->v6_sizeofitem); +#endif req_ack(srcadr, inter, inpkt, INFO_ERR_FMT); return; } if ((proc->sizeofitem != 0) && ((temp_size * INFO_NITEMS(inpkt->err_nitems)) > (rbufp->recv_length - REQ_LEN_HDR))) { +#ifdef DEBUG if (debug > 2) printf("process_private: not enough data\n"); +#endif req_ack(srcadr, inter, inpkt, INFO_ERR_FMT); return; } @@ -928,7 +932,10 @@ peer_stats ( struct sockaddr_storage addr; extern struct peer *sys_peer; - printf("peer_stats: called\n"); +#ifdef DEBUG + if (debug) + printf("peer_stats: called\n"); +#endif items = INFO_NITEMS(inpkt->err_nitems); ipl = (struct info_peer_list *) inpkt->data; ip = (struct info_peer_stats *)prepare_pkt(srcadr, inter, inpkt, @@ -946,14 +953,20 @@ peer_stats ( #ifdef HAVE_SA_LEN_IN_STRUCT_SOCKADDR addr.ss_len = SOCKLEN(&addr); #endif - printf("peer_stats: looking for %s, %d, %d\n", stoa(&addr), +#ifdef DEBUG + if (debug) + printf("peer_stats: looking for %s, %d, %d\n", stoa(&addr), ipl->port, ((struct sockaddr_in6 *)&addr)->sin6_port); +#endif ipl = (struct info_peer_list *)((char *)ipl + INFO_ITEMSIZE(inpkt->mbz_itemsize)); if ((pp = findexistingpeer(&addr, (struct peer *)0, -1)) == 0) continue; - printf("peer_stats: found %s\n", stoa(&addr)); +#ifdef DEBUG + if (debug) + printf("peer_stats: found %s\n", stoa(&addr)); +#endif if (pp->srcadr.ss_family == AF_INET) { ip->dstadr = (pp->processed) ? pp->cast_flags == MDF_BCAST ? @@ -1301,7 +1314,7 @@ do_conf( && temp_cp.hmode != MODE_BROADCAST) fl = 1; if (temp_cp.flags & ~(CONF_FLAG_AUTHENABLE | CONF_FLAG_PREFER - | CONF_FLAG_BURST | CONF_FLAG_SKEY)) + | CONF_FLAG_BURST | CONF_FLAG_IBURST | CONF_FLAG_SKEY)) fl = 1; cp = (struct conf_peer *) ((char *)cp + INFO_ITEMSIZE(inpkt->mbz_itemsize)); @@ -1330,6 +1343,8 @@ do_conf( fl |= FLAG_PREFER; if (temp_cp.flags & CONF_FLAG_BURST) fl |= FLAG_BURST; + if (temp_cp.flags & CONF_FLAG_IBURST) + fl |= FLAG_IBURST; if (temp_cp.flags & CONF_FLAG_SKEY) fl |= FLAG_SKEY; if (client_v6_capable && temp_cp.v6_flag != 0) { @@ -1513,7 +1528,10 @@ do_unconf( #endif found = 0; peer = (struct peer *)0; - printf("searching for %s\n", stoa(&peeraddr)); +#ifdef DEBUG + if (debug) + printf("searching for %s\n", stoa(&peeraddr)); +#endif while (!found) { peer = findexistingpeer(&peeraddr, peer, -1); if (peer == (struct peer *)0) diff --git a/ntpdc/ntpdc.c b/ntpdc/ntpdc.c index b037a85818..4c73b001b3 100644 --- a/ntpdc/ntpdc.c +++ b/ntpdc/ntpdc.c @@ -1163,6 +1163,21 @@ docmd( i++; } + /* Any extra args are assumed to be "OPT|NTP_STR". */ + for ( ; i < MAXARGS + MOREARGS;) { + if ((i+ti) >= ntok) + break; + rval = getarg(tokens[i+ti], (int)(OPT|NTP_STR), &pcmd.argval[i]); + if (rval == -1) { + ti++; + continue; + } + if (rval == 0) + return; + pcmd.nargs++; + i++; + } + i += ti; if (i < ntok && *tokens[i] == '>') { char *fname; diff --git a/ntpdc/ntpdc.h b/ntpdc/ntpdc.h index d56d2b617b..ff935ae242 100644 --- a/ntpdc/ntpdc.h +++ b/ntpdc/ntpdc.h @@ -11,7 +11,7 @@ * Maximum number of arguments */ #define MAXARGS 4 - +#define MOREARGS 4 /* * Flags for forming descriptors. */ @@ -39,7 +39,7 @@ typedef union { */ struct parse { char *keyword; - arg_v argval[MAXARGS]; + arg_v argval[MAXARGS + MOREARGS]; int nargs; }; diff --git a/ntpdc/ntpdc_ops.c b/ntpdc/ntpdc_ops.c index 4ae7f1c226..8663588d5c 100644 --- a/ntpdc/ntpdc_ops.c +++ b/ntpdc/ntpdc_ops.c @@ -117,10 +117,10 @@ struct xcmd opcmds[] = { { "", "", "", "" }, "display event timer subsystem statistics" }, { "addpeer", addpeer, { NTP_ADD, OPT|NTP_UINT, OPT|NTP_UINT, OPT|NTP_STR }, - { "addr", "keyid", "version", "minpoll|prefer" }, + { "addr", "keyid", "version", "minpoll|prefer|burst ..." }, "configure a new peer association" }, { "addserver", addserver, { NTP_ADD, OPT|NTP_UINT, OPT|NTP_UINT, OPT|NTP_STR }, - { "addr", "keyid", "version", "minpoll|prefer" }, + { "addr", "keyid", "version", "minpoll|prefer|burst|iburst ..." }, "configure a new server" }, { "addrefclock",addrefclock, { NTP_ADD, OPT|NTP_UINT, OPT|NTP_STR, OPT|NTP_STR }, { "addr", "mode", "minpoll|prefer", "minpoll|prefer" }, @@ -1330,6 +1330,8 @@ again: flags |= CONF_FLAG_PREFER; else if (STREQ(pcmd->argval[items].string, "burst")) flags |= CONF_FLAG_BURST; + else if (STREQ(pcmd->argval[items].string, "iburst")) + flags |= CONF_FLAG_IBURST; else { long val; if (!atoint(pcmd->argval[items].string, &val)) {