mssntp option breaking time service: tester(s) wanted
James Browning
jamesb192 at jamesb192.com
Wed Oct 4 23:11:13 UTC 2023
> On 10/04/2023 3:41 PM PDT Hal Murray <halmurray at sonic.net> wrote:
>
>
> Does anybody have details on how MSSNTP signing works?
>
> If we can find that, we can write some POSIX code to test things.
I have test tools that should push the right buttons IF I can get
the correct magic number in the key ID. After running it with a
rainbow table, it did not work.
Roughly...
1) The client does client things I should not have to care about
2) The client sends an NTP request with a magic key ID
and 16-byte NUL MAC
3) after correctness checks, the server forms a reply and then
sends it like this.
a) ntpsec connects to Samba (works)
b) ntpsec sends a length (tested/seems to work)
c) ntpsec sends serialized struct samb_key_in.
d) samba responds with a length (always 12 IIRC)
e) samba continues with serialized struct samba_key_out
4) ntpsec reads that and concludes that the packet is not
correctly signed and tries to throw a couple of new error
messages.
> There is a link in ntpd/ntp_signd.c
> http://msdn.microsoft.com/en-us/library/cc212930.aspx
> But I didn't find anything interesting there. (Maybe my browser was filtering
> something.)
I see walls of text that I do not want to read.
> We still need to test with real Windows at least once to make sure our test
> code does the right thing.
Yes, I probably should.
-30-
More information about the devel
mailing list