[Git][NTPsec/ntpsec][master] packet auth: remove undocumented DEFFAULT_NTPKEYS.

Gary E. Miller gitlab at mg.gitlab.com
Sat May 6 20:15:18 UTC 2017 

Gary E. Miller pushed to branch master at NTPsec / ntpsec


Commits:
c0b9c454 by Gary E. Miller at 2017-05-06T13:08:08-07:00
packet auth: remove undocumented DEFFAULT_NTPKEYS.

No way to disable, undocumented, and bad security.

- - - - -


1 changed file:

- pylib/packet.py


Changes:

=====================================
pylib/packet.py
=====================================
--- a/pylib/packet.py
+++ b/pylib/packet.py
@@ -1060,8 +1060,8 @@ class ControlSession:
             except struct.error:
                 raise ControlException(SERR_UNSPEC)
 
-            if ((rpkt.version() > ntp.magic.NTP_VERSION
-                 or rpkt.version() < ntp.magic.NTP_OLDVERSION)):
+            if ((rpkt.version() > ntp.magic.NTP_VERSION or
+                    rpkt.version() < ntp.magic.NTP_OLDVERSION)):
                 if self.debug:
                     warn("Fragment received with version %d\n"
                          % rpkt.version())
@@ -1576,8 +1576,8 @@ Receive a nonce that can be replayed - combats source address spoofing
                 for i in range(len(span.entries)):
                     e = span.entries[len(span.entries) - i - 1]
                     incr = ", addr.%d=%s, last.%d=%s" % (i, e.addr, i, e.last)
-                    if ((len(req_buf) + len(incr)
-                         >= ntp.control.CTL_MAX_DATA_LEN)):
+                    if ((len(req_buf) + len(incr) >=
+                            ntp.control.CTL_MAX_DATA_LEN)):
                         break
                     else:
                         req_buf += incr
@@ -1637,8 +1637,6 @@ Receive a nonce that can be replayed - combats source address spoofing
         "Retrieve ifstats data."
         return self.__ordlist("ifstats")
 
-DEFAULT_KEYFILE = "/usr/local/etc/ntp.keys"
-
 
 class Authenticator:
     "MAC authentication manager for NTP packets."
@@ -1646,16 +1644,15 @@ class Authenticator:
     def __init__(self, keyfile=None):
         # We allow I/O and permission errors upward deliberately
         self.passwords = {}
-        if keyfile is None:
-            keyfile = DEFAULT_KEYFILE
-        for line in open(keyfile):
-            if '#' in line:
-                line = line[:line.index("#")]
-            line = line.strip()
-            if not line:
-                continue
-            (keyid, keytype, passwd) = line.split()
-            self.passwords[int(keyid)] = (keytype, passwd)
+        if keyfile is not None:
+            for line in open(keyfile):
+                if '#' in line:
+                    line = line[:line.index("#")]
+                line = line.strip()
+                if not line:
+                    continue
+                (keyid, keytype, passwd) = line.split()
+                self.passwords[int(keyid)] = (keytype, passwd)
 
     def __len__(self):
         return len(self.passwords)



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/c0b9c4546e42e68bb385a2e7f27809ad46f1bcd2

---
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/c0b9c4546e42e68bb385a2e7f27809ad46f1bcd2
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20170506/0deff5c6/attachment.html>

More information about the vc mailing list