From: Harlan Stenn Date: Mon, 19 Feb 2001 09:29:27 +0000 (-0000) Subject: ChangeLog, ntp.h, ntp_crypto.c, ntp_peer.c, ntp_proto.c: X-Git-Tag: NTP_4_0_99_M~120 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4ea9763dfe0a90f5fad445c699fd1ee2a16844f6;p=thirdparty%2Fntp.git ChangeLog, ntp.h, ntp_crypto.c, ntp_peer.c, ntp_proto.c: * ntpd/ntp_proto.c (transmit): Don't peer_clear() and reset minpoll unconditionally; make sure the peer is configured. (poll_update): When updating peer->ppoll, check on BCAST and MCAST, not ACAST (peer_clear): PUBKEY cleanup. Zero out the peer structure earlier. Initialization cleanup/fixes. (peer_xmit): CRYPTO_FLAG_AUTO is in peer->flags now. (key_expire): Debug output. * ntpd/ntp_peer.c (unpeer): PUBKEY cleanup. (newpeer): peer variable setup cleanup. * ntpd/ntp_crypto.c (make_keylist): Keep CRYPTO_FLAG_AUTO in peer->flags, not crypto_flags. (crypto_xmit): Ditto. (crypto_recv): Fix up RV_TSP logic (several places). * include/ntp.h (clear_to_zero): Moved... From: Dave Mills. bk: 3a90e777AGWzgZEXYwr6Lgi2GdxDaw --- diff --git a/ChangeLog b/ChangeLog index 22297eb526..b4c6ead02a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,22 @@ +2001-02-19 Harlan Stenn + + * ntpd/ntp_proto.c (transmit): Don't peer_clear() and reset + minpoll unconditionally; make sure the peer is configured. + (poll_update): When updating peer->ppoll, check on BCAST and + MCAST, not ACAST + (peer_clear): PUBKEY cleanup. Zero out the peer structure + earlier. Initialization cleanup/fixes. + (peer_xmit): CRYPTO_FLAG_AUTO is in peer->flags now. + (key_expire): Debug output. + * ntpd/ntp_peer.c (unpeer): PUBKEY cleanup. + (newpeer): peer variable setup cleanup. + * ntpd/ntp_crypto.c (make_keylist): Keep CRYPTO_FLAG_AUTO in + peer->flags, not crypto_flags. + (crypto_xmit): Ditto. + (crypto_recv): Fix up RV_TSP logic (several places). + * include/ntp.h (clear_to_zero): Moved... + From: Dave Mills. + 2001-02-14 Harlan Stenn * ntpd/ntp_proto.c (peer_xmit): Crypto-related fixes diff --git a/include/ntp.h b/include/ntp.h index 7914e558b3..4386e742ec 100644 --- a/include/ntp.h +++ b/include/ntp.h @@ -281,6 +281,7 @@ struct peer { /* * Variables used by authenticated client */ +#define clear_to_zero pkeyid #ifdef AUTOKEY associd_t assoc; /* peer association ID */ u_int32 crypto; /* peer status word */ @@ -291,7 +292,6 @@ struct peer { #endif /* AUTOKEY */ keyid_t keyid; /* current key ID */ keyid_t pkeyid; /* previous key ID */ -#define clear_to_zero pkeyid #ifdef AUTOKEY keyid_t hcookie; /* host cookie */ struct cookie pcookie; /* peer cookie */ diff --git a/ntpd/ntp_crypto.c b/ntpd/ntp_crypto.c index f325cb5348..8b7361f905 100644 --- a/ntpd/ntp_crypto.c +++ b/ntpd/ntp_crypto.c @@ -276,7 +276,7 @@ make_keylist( rval); else ap->siglen = htonl(len); - crypto_flags |= CRYPTO_FLAG_AUTO; + peer->flags |= CRYPTO_FLAG_AUTO; #endif /* PUBKEY */ } @@ -378,7 +378,8 @@ crypto_recv( #ifdef PUBKEY temp = ntohl(ap->siglen); kp = (R_RSA_PUBLIC_KEY *)peer->pubkey.ptr; - if (tstamp < peer->recauto.tstamp || (tstamp == + if (tstamp == 0 || tstamp < + peer->recauto.tstamp || (tstamp == peer->recauto.tstamp && (peer->flags & FLAG_AUTOKEY))) { rval = RV_TSP; @@ -443,7 +444,8 @@ crypto_recv( #ifdef PUBKEY temp = ntohl(cp->siglen); kp = (R_RSA_PUBLIC_KEY *)peer->pubkey.ptr; - if (tstamp < peer->pcookie.tstamp || (tstamp == + if (tstamp == 0 || tstamp < + peer->pcookie.tstamp || (tstamp == peer->pcookie.tstamp && (peer->flags & FLAG_AUTOKEY))) { rval = RV_TSP; @@ -527,6 +529,8 @@ crypto_recv( rval = RV_PUB; } else if (ntohl(pkt[j]) != kp->bits / 8) { rval = RV_SIG; + } else if (tstamp == 0) { + rval = RV_TSP; } else if (tstamp < ntohl(dhparam.fstamp) || fstamp < ntohl(dhparam.fstamp)) { rval = RV_FSP; @@ -634,9 +638,10 @@ crypto_recv( rval = RV_PUB; } else if (ntohl(pkt[j]) != kp->bits / 8) { rval = RV_SIG; - } else if (tstamp < peer->pcookie.tstamp || - (tstamp == peer->pcookie.tstamp && - (peer->flags & FLAG_AUTOKEY))) { + } else if (tstamp == 0 || tstamp < + peer->pcookie.tstamp || (tstamp == + peer->pcookie.tstamp && (peer->flags & + FLAG_AUTOKEY))) { rval = RV_TSP; } else { R_VerifyInit(&ctx, DA_MD5); @@ -709,9 +714,10 @@ crypto_recv( rval = RV_KEY; } else if (ntohl(pkt[j]) != bits / 8) { rval = RV_SIG; - } else if (tstamp < peer->pubkey.tstamp || - (tstamp == peer->pubkey.tstamp && - (peer->flags & FLAG_AUTOKEY))) { + } else if (tstamp == 0 || tstamp < + peer->pubkey.tstamp || (tstamp == + peer->pubkey.tstamp && (peer->flags & + FLAG_AUTOKEY))) { rval = RV_TSP; } else if (tstamp < peer->pubkey.fstamp || fstamp < peer->pubkey.fstamp) { @@ -735,8 +741,9 @@ crypto_recv( } else { j = i + 5 + rsalen / 4; peer->pubkey.ptr = (u_char *)kp; - temp = 1+ strlen((char *)&pkt[j]); - peer->keystr = emalloc(temp); + temp = strlen((char *)&pkt[j]); + peer->keystr = emalloc(temp + + 1); strcpy(peer->keystr, (char *)&pkt[j]); peer->pubkey.tstamp = tstamp; @@ -776,6 +783,8 @@ crypto_recv( rval = RV_PUB; } else if (ntohl(pkt[j]) != kp->bits / 8) { rval = RV_SIG; + } else if (tstamp == 0) { + rval = RV_TSP; } else if (tstamp < ntohl(tai_leap.fstamp) || fstamp < ntohl(tai_leap.fstamp)) { rval = RV_FSP; @@ -918,12 +927,12 @@ crypto_xmit( * perp has replayed an old message. */ case CRYPTO_AUTO | CRYPTO_RESP: - crypto_flags &= ~CRYPTO_FLAG_AUTO; peer = findpeerbyassoc(associd); if (peer == NULL) { opcode |= CRYPTO_ERROR; break; } + peer->flags &= ~CRYPTO_FLAG_AUTO; ap = (struct autokey *)&xpkt[i + 2]; ap->tstamp = peer->sndauto.tstamp; ap->seq = peer->sndauto.seq; diff --git a/ntpd/ntp_peer.c b/ntpd/ntp_peer.c index 465e058ac8..df164c9fa0 100644 --- a/ntpd/ntp_peer.c +++ b/ntpd/ntp_peer.c @@ -339,12 +339,6 @@ unpeer( peer_associations); #endif peer_clear(peer_to_remove); -#ifdef PUBKEY - if (peer_to_remove->keystr != NULL) - free(peer_to_remove->keystr); - if (peer_to_remove->pubkey.ptr != NULL) - free(peer_to_remove->pubkey.ptr); -#endif /* PUBKEY */ hash = HASH_ADDR(&peer_to_remove->srcadr); peer_hash_count[hash]--; peer_demobilizations++; @@ -543,25 +537,16 @@ newpeer( else peer->dstadr = findinterface(srcadr); peer->srcadr = *srcadr; - peer->cast_flags = cast_flags; peer->hmode = (u_char)hmode; - peer->keyid = key; peer->version = (u_char)version; peer->minpoll = (u_char)minpoll; peer->maxpoll = (u_char)maxpoll; peer->flags = flags | (key > NTP_MAXKEY ? FLAG_SKEY : 0); - peer->hpoll = peer->minpoll; - peer->ppoll = peer->minpoll; + peer->cast_flags = cast_flags; peer->ttlmax = ttl; - peer->leap = LEAP_NOTINSYNC; + peer->keyid = key; peer->precision = sys_precision; - peer->jitter = MAXDISPERSE; - peer->epoch = current_time; - peer->stratum = STRATUM_UNSPEC; peer_clear(peer); - peer->update = peer->outdate = current_time; - peer->nextdate = peer->outdate + (RANDOM & ((1 << NTP_MINPOLL) - - 1)); /* * Assign an association ID and increment the system variable. diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c index 0f88b959f0..296b5a388a 100644 --- a/ntpd/ntp_proto.c +++ b/ntpd/ntp_proto.c @@ -176,14 +176,14 @@ transmit( if (oreach != 0) { report_event(EVNT_UNREACH, peer); peer->timereachable = current_time; - peer_clear(peer); if (!(peer->flags & FLAG_CONFIG)) { unpeer(peer); clock_select(); return; - + } else { + peer_clear(peer); + hpoll = peer->minpoll; } - hpoll = peer->minpoll; } if (peer->flags & FLAG_IBURST) peer->burst = NTP_SHIFT; @@ -1138,7 +1138,7 @@ poll_update( peer->hpoll = peer->maxpoll; else if (peer->hpoll < peer->minpoll) peer->hpoll = peer->minpoll; - if (peer->cast_flags & (MDF_BCAST | MDF_MCAST | MDF_ACAST)) + if (peer->cast_flags & (MDF_BCAST | MDF_MCAST)) peer->ppoll = peer->hpoll; /* @@ -1211,7 +1211,14 @@ peer_clear( #endif #ifdef AUTOKEY key_expire(peer); +#ifdef PUBKEY + if (peer->keystr != NULL) + free(peer->keystr); + if (peer->pubkey.ptr != NULL) + free(peer->pubkey.ptr); +#endif /* PUBKEY */ #endif /* AUTOKEY */ + memset(CLEAR_TO_ZERO(peer), 0, LEN_CLEAR_TO_ZERO); /* * If he dies as a broadcast client, he comes back to life as @@ -1225,18 +1232,21 @@ peer_clear( peer->flags |= FLAG_MCAST; peer->hmode = MODE_CLIENT; } - memset(CLEAR_TO_ZERO(peer), 0, LEN_CLEAR_TO_ZERO); peer->estbdelay = sys_bdelay; - peer->hpoll = peer->minpoll; + peer->hpoll = peer->ppoll = peer->kpoll = peer->minpoll; peer->pollsw = FALSE; peer->jitter = MAXDISPERSE; + peer->leap = LEAP_NOTINSYNC; + peer->stratum = STRATUM_UNSPEC; peer->epoch = current_time; for (i = 0; i < NTP_SHIFT; i++) { peer->filter_order[i] = i; peer->filter_disp[i] = MAXDISPERSE; peer->filter_epoch[i] = current_time; } - poll_update(peer, peer->minpoll); + peer->update = peer->outdate = current_time; + peer->nextdate = peer->outdate + (RANDOM & ((1 << NTP_MINPOLL) - + 1)); } @@ -2036,7 +2046,7 @@ peer_xmit( * them at other times. */ case MODE_BROADCAST: - if (crypto_flags & CRYPTO_FLAG_AUTO) + if (peer->flags & CRYPTO_FLAG_AUTO) cmmd = CRYPTO_AUTO | CRYPTO_RESP; else cmmd = CRYPTO_ASSOC | CRYPTO_RESP; @@ -2115,7 +2125,7 @@ peer_xmit( sendlen += crypto_xmit((u_int32 *)&xpkt, sendlen, CRYPTO_AUTO, peer->hcookie, peer->assoc); - else if ((crypto_flags & CRYPTO_FLAG_AUTO) && + else if ((peer->flags & CRYPTO_FLAG_AUTO) && (peer->cmmd >> 16) != CRYPTO_AUTO) sendlen += crypto_xmit((u_int32 *)&xpkt, sendlen, CRYPTO_AUTO | CRYPTO_RESP, @@ -2394,6 +2404,10 @@ key_expire( peer->keylist = NULL; } peer->keynumber = peer->sndauto.seq = 0; +#ifdef DEBUG + if (debug) + printf("key_expire: at %lu\n", current_time); +#endif } #endif /* AUTOKEY */