From: Dave Hart <hart@ntp.org>
Date: Sat, 19 Sep 2009 02:18:44 +0000 (+0000)
Subject: [Bug 1312] ntpq/ntpdc MD5 passwords truncated to 8 chars on Suns.
X-Git-Tag: NTP_4_2_5P216~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f4a419b6ee7382bf591fc130b011c8fefb1464b6;p=thirdparty%2Fntp.git

[Bug 1312] ntpq/ntpdc MD5 passwords truncated to 8 chars on Suns.

bk: 4ab43f845GgLY3-C0Ml1_GalnolHkA
---

diff --git a/ChangeLog b/ChangeLog
index 8275b4e59..da392feb6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,4 @@
+* [Bug 1312] ntpq/ntpdc MD5 passwords truncated to 8 chars on Suns.
 (4.2.5p215) 2009/09/18 Released by Harlan Stenn <stenn@ntp.org>
 * [Bug 1292] Workaround last VC6 unsigned __int64 kink.
 (4.2.5p214) 2009/09/17 Released by Harlan Stenn <stenn@ntp.org>
diff --git a/configure.ac b/configure.ac
index 1891b7806..562efac8a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -472,6 +472,7 @@ AC_CHECK_HEADERS(md5.h, [], [],
 AC_CHECK_HEADERS(memory.h netdb.h poll.h)
 AC_CHECK_HEADERS(sched.h sgtty.h stdlib.h string.h termio.h)
 AC_CHECK_HEADERS(termios.h timepps.h timex.h unistd.h)
+
 case "$host" in
  *-*-aix*)
     AC_CHECK_HEADERS(utmpx.h)
@@ -482,6 +483,21 @@ case "$host" in
     ;;
  *) AC_CHECK_HEADERS(utmp.h utmpx.h) ;;
 esac
+
+#
+# On Suns only (so far) getpass() truncates the typed password to 8
+# characters, but getpassphrase() allows up to 257.  Most systems'
+# getpass() does not truncate, at least not so as to affect ntpq and
+# ntpdc password prompts.
+#
+# So check for getpassphrase(), but only on Sun operating systems.
+#
+
+case "$host" in
+ *-*-sunos*|*-*-solaris*)
+    AC_CHECK_FUNCS(getpassphrase)
+esac
+
 AC_CHECK_HEADERS(arpa/nameser.h)
 AC_CHECK_HEADERS(sys/socket.h)
 AC_CHECK_HEADERS(net/if.h, [], [],
diff --git a/include/ntp_stdlib.h b/include/ntp_stdlib.h
index 0b9d15f7d..35912286c 100644
--- a/include/ntp_stdlib.h
+++ b/include/ntp_stdlib.h
@@ -3,12 +3,14 @@
  */
 #include <sys/types.h>
 #include <sys/socket.h>
-#include "ntp_rfc2553.h"
 
+#include "l_stdlib.h"
+#include "ntp_rfc2553.h"
 #include "ntp_types.h"
 #include "ntp_string.h"
 #include "ntp_net.h"
-#include "l_stdlib.h"
+#include "ntp_syslog.h"
+
 
 /*
  * Handle gcc __attribute__ if available.
@@ -26,7 +28,6 @@
 # endif
 #endif
 
-# include <stdarg.h>
 extern	void	msyslog		(int, const char *, ...)
 				__attribute__((__format__(__printf__, 2, 3)));
 
diff --git a/ntpdc/ntpdc.c b/ntpdc/ntpdc.c
index 4411a3a9b..d8f56c651 100644
--- a/ntpdc/ntpdc.c
+++ b/ntpdc/ntpdc.c
@@ -64,6 +64,14 @@ u_long	current_time;		/* needed by authkeys; not used */
  */
 s_char	sys_precision;		/* local clock precision (log2 s) */
 
+/*
+ * Use getpassphrase() if configure.ac detected it, as Suns that
+ * have it truncate the password in getpass() to 8 characters.
+ */
+#ifdef HAVE_GETPASSPHRASE
+# define	getpass(str)	getpassphrase(str)
+#endif
+
 int		ntpdcmain	(int,	char **);
 /*
  * Built in command handler declarations
@@ -930,7 +938,7 @@ sendrequest(
 	} else {
 		l_fp ts;
 		int maclen = 0;
-		const char *pass = "\0";
+		char *pass = "\0";
 		struct req_pkt_tail *qpktail;
 
 		qpktail = (struct req_pkt_tail *)((char *)&qpkt + req_pkt_size
@@ -956,11 +964,11 @@ sendrequest(
 				    "Invalid password\n");
 				return (1);
 			}
+			authusekey(info_auth_keyid, info_auth_keytype,
+				   (const u_char *)pass);
+			authtrust(info_auth_keyid, 1);
 		}
-		authusekey(info_auth_keyid, info_auth_keytype, (const u_char *)pass);
-		authtrust(info_auth_keyid, 1);
 		qpkt.auth_seq = AUTH_SEQ(1, 0);
-		qpktail->keyid = htonl(info_auth_keyid);
 		get_systime(&ts);
 		L_ADD(&ts, &delay_time);
 		HTONL_FP(&ts, &qpktail->tstamp);
diff --git a/ntpq/ntpq.c b/ntpq/ntpq.c
index 73170ade7..7bc555664 100644
--- a/ntpq/ntpq.c
+++ b/ntpq/ntpq.c
@@ -232,6 +232,14 @@ static const char *tstflagnames[] = {
 };
 
 
+/*
+ * Use getpassphrase() if configure.ac detected it, as Suns that
+ * have it truncate the password in getpass() to 8 characters.
+ */
+#ifdef HAVE_GETPASSPHRASE
+# define	getpass(str)	getpassphrase(str)
+#endif
+
 int		ntpqmain	(int,	char **);
 /*
  * Built in command handler declarations
@@ -400,13 +408,6 @@ int havehost = 0;				/* set to 1 when host open */
 int s_port = 0;
 struct servent *server_entry = NULL;		/* server entry for ntp */
 
-#ifdef SYS_WINNT
-DWORD NumberOfBytesWritten;
-
-HANDLE	TimerThreadHandle = NULL;	/* 1998/06/03 - Used in ntplib/machines.c */
-void timer(void)	{  ; };	/* 1998/06/03 - Used in ntplib/machines.c */
-
-#endif /* SYS_WINNT */
 
 /*
  * Sequence number used for requests.  It is incremented before
@@ -1269,9 +1270,8 @@ sendrequest(
 	if (!auth && !always_auth) {
 		return sendpkt((char *)&qpkt, pktsize);
 	} else {
-		const char *pass = "\0";
-		int maclen = 0;
-		u_long my_keyid;
+		char *	pass = "\0";
+		int	maclen = 0;
 
 		/*
 		 * Pad out packet to a multiple of 8 octets to be sure
@@ -1301,17 +1301,13 @@ sendrequest(
 				  "Invalid password\n");
 				return (1);
 			}
+			authusekey(info_auth_keyid, info_auth_keytype, (const u_char *)pass);
+			authtrust(info_auth_keyid, 1);
 		}
-		authusekey(info_auth_keyid, info_auth_keytype, (const u_char *)pass);
-		authtrust(info_auth_keyid, 1);
 
 		/*
-		 * Stick the keyid in the packet where
-		 * cp currently points.  Cp should be aligned
-		 * properly.  Then do the encryptions.
+		 * Do the encryption.
 		 */
-		my_keyid = htonl(info_auth_keyid);
-		memcpy(&qpkt.data[qsize], &my_keyid, sizeof my_keyid);
 		maclen = authencrypt(info_auth_keyid, (u_int32 *)&qpkt,
 		    pktsize);
 		if (maclen == 0) {