From: Harlan Stenn Date: Thu, 16 Mar 2000 04:08:55 +0000 (-0000) Subject: ChangeLog, ntp_proto.c, ntp_resolver.c: X-Git-Tag: NTP_4_0_99_J~74 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3e6c9effecc6b7fd980fd299bb80ab15d298ca38;p=thirdparty%2Fntp.git ChangeLog, ntp_proto.c, ntp_resolver.c: * ntpd/ntp_resolver.c (ntp_res): Authenticate the keyid. bk: 38d05e57pqu_Ck4h_DGFOQr7JcejsQ --- diff --git a/ChangeLog b/ChangeLog index 34499f6dfa..106acebc33 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2000-03-15 Harlan Stenn + * ntpd/ntp_resolver.c (ntp_res): Authenticate the keyid. + * ntpd/ntp_crypto.c (crypto_line): Fix definition (crypto_read): Ditto. diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c index 7c1142a660..fa0f517810 100644 --- a/ntpd/ntp_proto.c +++ b/ntpd/ntp_proto.c @@ -524,7 +524,7 @@ receive( * to it. If something goes wrong, carefully pry the new * association away and return its marbles to the candy * store. - */ + */ peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr, MODE_CLIENT, PKT_VERSION(pkt->li_vn_mode), NTP_MINDPOLL, NTP_MAXDPOLL, 0, skeyid); @@ -578,6 +578,17 @@ receive( break; peer->flags |= FLAG_MCAST1 | FLAG_MCAST2 | FLAG_BURST; peer->hmode = MODE_CLIENT; + + /* + * Crank up the resolver to fetch the canonical name and + * hope it lands before the protocol gets wound up. + */ + +printf("bcst resolve %08x, %d\n", peer->srcadr.sin_addr.s_addr, + peer->associd); + + ntp_res_send(NULL, NULL, peer->srcadr.sin_addr.s_addr, + peer->associd); break; case AM_POSSBCL: @@ -1243,7 +1254,8 @@ clock_filter( * Compute the offset, delay, variance (squares) and error * bound. The offset, delay and variance are weighted by the * reciprocal of distance and normalized. The error bound is - * weighted exponentially. + * weighted exponentially. When no acceptable samples remain in + * the shift register, quietly tiptoe home. */ off = dly = var = dsp = dtemp = 0; for (i = NTP_SHIFT - 1; i >= 0; i--) { @@ -1259,6 +1271,8 @@ clock_filter( SQUARE(distance[i]); } } + if (dtemp == 0) + return; peer->delay = dly / dtemp; peer->variance = min(var / SQUARE(dtemp), MAXDISPERSE); peer->disp = min(dsp, MAXDISPERSE); diff --git a/ntpd/ntp_resolver.c b/ntpd/ntp_resolver.c index 601cc6bca6..114ef78e61 100644 --- a/ntpd/ntp_resolver.c +++ b/ntpd/ntp_resolver.c @@ -217,6 +217,15 @@ ntp_res(void) } #endif + /* check out auth stuff */ + if (sys_authenticate) { + if (!authistrusted(req_keyid)) { + msyslog(LOG_ERR, "invalid request keyid %08x", + req_keyid ); + exit(1); + } + } + /* * Make a first cut at resolving the bunch */