[Git][NTPsec/ntpsec][master] 3 commits: Minor DNS cleanup - should have been part of previous batch.
Hal Murray
gitlab at mg.gitlab.com
Tue Feb 13 21:07:23 UTC 2018
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
5fc093e8 by Hal Murray at 2018-02-13T02:30:40-08:00
Minor DNS cleanup - should have been part of previous batch.
- - - - -
a36f31eb by Hal Murray at 2018-02-13T02:39:37-08:00
Trustedkey cleanup, Issue #453, no doc
- - - - -
c1f15848 by Hal Murray at 2018-02-13T03:06:57-08:00
Doc update for Issue #453
- - - - -
6 changed files:
- docs/includes/auth-commands.txt
- include/ntp_config.h
- ntpd/ntp_config.c
- ntpd/ntp_parser.y
- ntpd/ntp_proto.c
- ntpd/ntpd.c
Changes:
=====================================
docs/includes/auth-commands.txt
=====================================
--- a/docs/includes/auth-commands.txt
+++ b/docs/includes/auth-commands.txt
@@ -18,11 +18,16 @@
+trustedkey+ _key..._ ::
Specifies the key identifiers which are trusted for the purposes of
authenticating peers with symmetric key cryptography, as well as keys
- used by the {ntpqman} program. The
- authentication procedures require that both the local and remote
- servers share the same key and key identifier for this purpose,
- although different keys can be used with different servers.
- The _key_ arguments are 32-bit unsigned integers with values from 1 to
- 65,534.
+ used by the {ntpqman} program.
+ Multiple keys on the same line should be separated by spaces.
+ Key ranges can be specified as (first ... last). The spaces around
+ the ... are necessary. Multiple +trustedkey+ lines are supported
+ and trusted keys can also be specified on the command line.
+
+The authentication procedures require that both the local and remote
+servers share the same key and key identifier for this purpose,
+although different keys can be used with different servers.
+The _key_ arguments are 32-bit unsigned integers with values from 1 to
+65,534.
// end
=====================================
include/ntp_config.h
=====================================
--- a/include/ntp_config.h
+++ b/include/ntp_config.h
@@ -211,6 +211,9 @@ struct config_tree_tag {
sim_fifo * sim_details;
int mdnstries;
};
+extern void init_readconfig(void);
+extern void set_keys_file(char*);
+extern void set_trustedkey(keyid_t);
extern int mdnstries;
=====================================
ntpd/ntp_config.c
=====================================
--- a/ntpd/ntp_config.c
+++ b/ntpd/ntp_config.c
@@ -1147,6 +1147,8 @@ config_auth(
}
}
}
+ if (0 < count)
+ msyslog(LOG_INFO, "Found %d trusted keys.", count);
auth_prealloc_symkeys(count);
/* Keys Command */
@@ -3030,6 +3032,14 @@ getconfig(const char *explicit_config)
}
/*
+ * init_readconfig() - init for readconfig
+ */
+void init_readconfig(void)
+{
+ init_syntax_tree(&cfgt);
+}
+
+/*
* readconfig() - process startup configuration file
*/
void readconfig(const char *config_file)
@@ -3053,7 +3063,9 @@ void readconfig(const char *config_file)
yydebug = !!(debug >= 5);
#endif
- init_syntax_tree(&cfgt);
+ /* Moved to init_readconfig so command lines can contribute info
+ * init_syntax_tree(&cfgt);
+ */
srccount = 0;
/* parse the plain config file if it exists */
@@ -3097,6 +3109,23 @@ void readconfig(const char *config_file)
}
+/* hooks for ntpd.c */
+
+void set_keys_file(char* keys)
+{
+ cfgt.auth.keys = estrdup(keys);
+};
+
+void set_trustedkey(keyid_t tkey)
+{
+ attr_val *val = create_attr_ival('i', tkey);
+ attr_val *val2 = NULL;
+ APPEND_G_FIFO(val2, val);
+ CONCAT_G_FIFOS(cfgt.auth.trusted_key_list, val2);
+};
+
+
+
void
save_and_apply_config_tree(bool input_from_file)
{
=====================================
ntpd/ntp_parser.y
=====================================
--- a/ntpd/ntp_parser.y
+++ b/ntpd/ntp_parser.y
@@ -534,14 +534,7 @@ authentication_command
"ntpdc has been removed.");
}
| T_Trustedkey integer_list_range
- {
- cfgt.auth.trusted_key_list = $2;
-
- // if (!cfgt.auth.trusted_key_list)
- // cfgt.auth.trusted_key_list = $2;
- // else
- // LINK_SLIST(cfgt.auth.trusted_key_list, $2, link);
- }
+ { CONCAT_G_FIFOS(cfgt.auth.trusted_key_list, $2); }
| T_NtpSignDsocket T_String
{ cfgt.auth.ntp_signd_socket = $2; }
;
=====================================
ntpd/ntp_proto.c
=====================================
--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -935,8 +935,7 @@ transmit(
if ((peer_associations <= 2 * sys_maxclock) &&
(peer_associations < sys_maxclock ||
sys_survivors < sys_minclock))
- dns_probe(peer);
- /* FIXME-DNS - need proper backoff */
+ if (!dns_probe(peer)) return;
poll_update(peer, hpoll);
return;
}
@@ -944,8 +943,7 @@ transmit(
/* Does server need DNS lookup? */
if (peer->cfg.flags & FLAG_DNS) {
peer->outdate = current_time;
- dns_probe(peer);
- /* FIXME-DNS - need proper backoff */
+ if (!dns_probe(peer)) return;
poll_update(peer, hpoll);
return;
}
=====================================
ntpd/ntpd.c
=====================================
--- a/ntpd/ntpd.c
+++ b/ntpd/ntpd.c
@@ -678,6 +678,7 @@ ntpdmain(
init_proto(!dumpopts); /* Call at high priority */
init_io();
init_loopfilter();
+ init_readconfig(); /* see readconfig() */
mon_start(MON_ON); /* monitor on by default now */
/* turn off in config if unwanted */
@@ -725,7 +726,7 @@ ntpdmain(
break;
case 'k':
if (ntp_optarg != NULL)
- getauthkeys(ntp_optarg);
+ set_keys_file(ntp_optarg);
break;
case 'l':
case 'L':
@@ -763,7 +764,7 @@ ntpdmain(
ntp_optarg);
exit(1);
} else {
- authtrust((keyid_t)tkey, true);
+ set_trustedkey((keyid_t)tkey);
}
}
break;
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/f3870e271a33ffd16ac4bec222602b67a1ad570e...c1f15848adf7393f7df0761b46a70ad6d4d5a052
---
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/f3870e271a33ffd16ac4bec222602b67a1ad570e...c1f15848adf7393f7df0761b46a70ad6d4d5a052
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20180213/55d428a9/attachment.html>
More information about the vc
mailing list