From: Harlan Stenn Date: Fri, 31 Mar 2000 04:55:42 +0000 (-0000) Subject: ntp_crypto.h, ntp_crypto.c, ntp_proto.c: X-Git-Tag: NTP_4_0_99_J~47 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=794e0eb05d943384aee669be2b1899017a559bb6;p=thirdparty%2Fntp.git ntp_crypto.h, ntp_crypto.c, ntp_proto.c: More crypto cleanup from Dave. bk: 38e42fce26wmT0TsRNbLbK2TkBCHHw --- diff --git a/include/ntp_crypto.h b/include/ntp_crypto.h index 401c3e4c25..604b286b28 100644 --- a/include/ntp_crypto.h +++ b/include/ntp_crypto.h @@ -55,7 +55,7 @@ extern void key_expire P((struct peer *)); extern void crypto_init P((void)); extern void crypto_config P((int, char *)); extern void crypto_setup P((void)); -extern void crypto_public P((struct peer *, u_char *)); +extern int crypto_public P((struct peer *, u_char *)); extern void crypto_agree P((void)); /* diff --git a/ntpd/ntp_crypto.c b/ntpd/ntp_crypto.c index 29a76e5776..2d39340b52 100644 --- a/ntpd/ntp_crypto.c +++ b/ntpd/ntp_crypto.c @@ -508,20 +508,20 @@ crypto_recv( ((R_RSA_PUBLIC_KEY *)peer->pubkey)->modulus, (u_char *)&(pkt[i + 4]), temp); break; -#endif /* PUBKEY */ /* * Receive remote host name and install public key from * file. */ case CRYPTO_NAME | CRYPTO_RESP: - crypto_public(peer, (char *)&pkt[i + 3]); + temp = crypto_public(peer, (char *)&pkt[i + 3]); #ifdef DEBUG if (debug) - printf("crypto_recv: host %s\n", - (char *)&pkt[i + 3]); + printf("crypto_recv: host %d %s\n", + temp, (char *)&pkt[i + 3]); #endif break; +#endif /* PUBKEY */ /* * For other requests, save the request code for later; @@ -714,7 +714,6 @@ crypto_xmit( (u_char *)&public_key.modulus, temp); len += temp + 4; break; -#endif /* PUBKEY */ /* * Send host name. @@ -725,6 +724,7 @@ crypto_xmit( xpkt[i + 2] = htonl(temp); len += temp + 4; break; +#endif /* PUBKEY */ /* * Default - Fall through for requests; for unknown responses, @@ -863,7 +863,7 @@ crypto_read( * has errors, we just keep going and expect the host to fetch the * public key from the peer via the extension field. */ -void +int crypto_public( struct peer *peer, /* peer structure pointer */ u_char *cp /* canonical host name */ @@ -875,7 +875,7 @@ crypto_public( snprintf(filename, sizeof filename, "ntpkey_%s", cp); if (!crypto_read(filename, (u_char *)&keybuf, keylen)) - return; + return (0); if (peer->keystr != NULL) free(peer->keystr); peer->keystr = emalloc(strlen(filename) + 1); @@ -883,6 +883,7 @@ crypto_public( if (peer->pubkey == NULL) peer->pubkey = emalloc(keylen); memcpy(peer->pubkey, (char *)&keybuf, keylen); + return (1); } diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c index 476184492e..31f88029b3 100644 --- a/ntpd/ntp_proto.c +++ b/ntpd/ntp_proto.c @@ -736,7 +736,7 @@ receive( break; } if (i > peer->recauto.seq) { - peer->recauto.seq = 0; + peer->recauto.tstamp = 0; break; } if (hismode == MODE_BROADCAST) @@ -1042,6 +1042,13 @@ clock_update(void) sys_rootdelay = sys_peer->rootdelay + fabs(sys_peer->delay); sys_leap = leap_consensus; + + /* + * This is cute. If the leap changes, we gotta reroll + * the keys. + */ + if (sys_leap != oleap) + key_expire_all(); } if (oleap != sys_leap) report_event(EVNT_SYNCCHG, (struct peer *)0); @@ -1910,7 +1917,7 @@ peer_xmit( * values at other times. */ case MODE_BROADCAST: - if (peer->keynumber == peer->sndauto.seq) + if (peer->keynumber == peer->sndauto.tstamp) cmmd = CRYPTO_AUTO | CRYPTO_RESP; else cmmd = CRYPTO_ASSOC | CRYPTO_RESP; @@ -1963,7 +1970,7 @@ peer_xmit( peer->assoc); } else #endif /* PUBKEY */ - if (peer->recauto.seq == 0) { + if (peer->recauto.tstamp == 0) { sendlen += crypto_xmit((u_int32 *)&xpkt, sendlen, CRYPTO_AUTO, peer->hcookie, peer->assoc); @@ -2022,7 +2029,7 @@ peer_xmit( sendlen += crypto_xmit((u_int32 *)&xpkt, sendlen, CRYPTO_PRIV, peer->hcookie, peer->assoc); - } else if (peer->recauto.seq == 0 && + } else if (peer->recauto.tstamp == 0 && peer->flags & FLAG_MCAST2) { sendlen += crypto_xmit((u_int32 *)&xpkt, sendlen, CRYPTO_AUTO, peer->hcookie, @@ -2237,7 +2244,6 @@ key_expire( peer->keylist = NULL; } peer->keynumber = peer->sndauto.seq = 0; - peer->recauto.key = 0; } #endif /* AUTOKEY */