[Git][NTPsec/ntpsec][master] 3 commits: Minor DNS cleanup - should have been part of previous batch.

Hal Murray gitlab at mg.gitlab.com
Tue Feb 13 21:07:23 UTC 2018


Hal Murray pushed to branch master at NTPsec / ntpsec


Commits:
5fc093e8 by Hal Murray at 2018-02-13T02:30:40-08:00
Minor DNS cleanup - should have been part of previous batch.

- - - - -
a36f31eb by Hal Murray at 2018-02-13T02:39:37-08:00
Trustedkey cleanup, Issue #453, no doc

- - - - -
c1f15848 by Hal Murray at 2018-02-13T03:06:57-08:00
Doc update for Issue #453

- - - - -


6 changed files:

- docs/includes/auth-commands.txt
- include/ntp_config.h
- ntpd/ntp_config.c
- ntpd/ntp_parser.y
- ntpd/ntp_proto.c
- ntpd/ntpd.c


Changes:

=====================================
docs/includes/auth-commands.txt
=====================================
--- a/docs/includes/auth-commands.txt
+++ b/docs/includes/auth-commands.txt
@@ -18,11 +18,16 @@
 +trustedkey+ _key..._ ::
   Specifies the key identifiers which are trusted for the purposes of
   authenticating peers with symmetric key cryptography, as well as keys
-  used by the {ntpqman} program. The
-  authentication procedures require that both the local and remote
-  servers share the same key and key identifier for this purpose,
-  although different keys can be used with different servers.
-  The _key_ arguments are 32-bit unsigned integers with values from 1 to
-  65,534.
+  used by the {ntpqman} program.
+  Multiple keys on the same line should be separated by spaces.
+  Key ranges can be specified as (first ... last).  The spaces around
+  the ... are necessary.  Multiple +trustedkey+ lines are supported
+  and trusted keys can also be specified on the command line.
+
+The authentication procedures require that both the local and remote
+servers share the same key and key identifier for this purpose,
+although different keys can be used with different servers.
+The _key_ arguments are 32-bit unsigned integers with values from 1 to
+65,534.
 
 // end


=====================================
include/ntp_config.h
=====================================
--- a/include/ntp_config.h
+++ b/include/ntp_config.h
@@ -211,6 +211,9 @@ struct config_tree_tag {
 	sim_fifo *	sim_details;
 	int		mdnstries;
 };
+extern void init_readconfig(void);
+extern void set_keys_file(char*);
+extern void set_trustedkey(keyid_t);
 extern int mdnstries;
 
 


=====================================
ntpd/ntp_config.c
=====================================
--- a/ntpd/ntp_config.c
+++ b/ntpd/ntp_config.c
@@ -1147,6 +1147,8 @@ config_auth(
 			}
 		}
 	}
+	if (0 < count)
+		msyslog(LOG_INFO, "Found %d trusted keys.", count);
 	auth_prealloc_symkeys(count);
 
 	/* Keys Command */
@@ -3030,6 +3032,14 @@ getconfig(const char *explicit_config)
 }
 
 /*
+ * init_readconfig() - init for readconfig
+ */
+void init_readconfig(void)
+{
+	init_syntax_tree(&cfgt);
+}
+
+/*
  * readconfig() - process startup configuration file
  */
 void readconfig(const char *config_file)
@@ -3053,7 +3063,9 @@ void readconfig(const char *config_file)
 	yydebug = !!(debug >= 5);
 #endif
 
-	init_syntax_tree(&cfgt);
+	/* Moved to init_readconfig so command lines can contribute info
+	 * init_syntax_tree(&cfgt);
+	 */
 	srccount = 0;
 	
 	/* parse the plain config file if it exists */
@@ -3097,6 +3109,23 @@ void readconfig(const char *config_file)
 }
 
 
+/* hooks for ntpd.c */
+
+void set_keys_file(char* keys)
+{
+	cfgt.auth.keys = estrdup(keys);
+};
+
+void set_trustedkey(keyid_t tkey)
+{
+	attr_val *val = create_attr_ival('i', tkey);
+	attr_val *val2 = NULL;
+	APPEND_G_FIFO(val2, val);
+	CONCAT_G_FIFOS(cfgt.auth.trusted_key_list, val2);
+};
+
+
+
 void
 save_and_apply_config_tree(bool input_from_file)
 {


=====================================
ntpd/ntp_parser.y
=====================================
--- a/ntpd/ntp_parser.y
+++ b/ntpd/ntp_parser.y
@@ -534,14 +534,7 @@ authentication_command
 				    "ntpdc has been removed.");
 			}
 	|	T_Trustedkey integer_list_range
-		{
-			cfgt.auth.trusted_key_list = $2;
-
-			// if (!cfgt.auth.trusted_key_list)
-			// 	cfgt.auth.trusted_key_list = $2;
-			// else
-			// 	LINK_SLIST(cfgt.auth.trusted_key_list, $2, link);
-		}
+		{ CONCAT_G_FIFOS(cfgt.auth.trusted_key_list, $2); }
 	|	T_NtpSignDsocket T_String
 			{ cfgt.auth.ntp_signd_socket = $2; }
 	;


=====================================
ntpd/ntp_proto.c
=====================================
--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -935,8 +935,7 @@ transmit(
 		if ((peer_associations <= 2 * sys_maxclock) &&
 		    (peer_associations < sys_maxclock ||
 		     sys_survivors < sys_minclock))
-			dns_probe(peer);
-		/* FIXME-DNS - need proper backoff */
+			if (!dns_probe(peer)) return;
 		poll_update(peer, hpoll);
 		return;
 	}
@@ -944,8 +943,7 @@ transmit(
 	/* Does server need DNS lookup? */
 	if (peer->cfg.flags & FLAG_DNS) {
 		peer->outdate = current_time;
-		dns_probe(peer);
-		/* FIXME-DNS - need proper backoff */
+		if (!dns_probe(peer)) return;
 		poll_update(peer, hpoll);
 		return;
         }


=====================================
ntpd/ntpd.c
=====================================
--- a/ntpd/ntpd.c
+++ b/ntpd/ntpd.c
@@ -678,6 +678,7 @@ ntpdmain(
 	init_proto(!dumpopts);		/* Call at high priority */
 	init_io();
 	init_loopfilter();
+	init_readconfig();	/* see readconfig() */
 	mon_start(MON_ON);	/* monitor on by default now	  */
 				/* turn off in config if unwanted */
 
@@ -725,7 +726,7 @@ ntpdmain(
 		break;
 	    case 'k':
 		if (ntp_optarg != NULL)
-			getauthkeys(ntp_optarg);
+			set_keys_file(ntp_optarg);
 		break;
             case 'l':
             case 'L':
@@ -763,7 +764,7 @@ ntpdmain(
 				ntp_optarg);
 			exit(1);
 		    } else {
-			authtrust((keyid_t)tkey, true);
+			set_trustedkey((keyid_t)tkey);
 		    }
 	        }
 		break;



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/f3870e271a33ffd16ac4bec222602b67a1ad570e...c1f15848adf7393f7df0761b46a70ad6d4d5a052

---
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/f3870e271a33ffd16ac4bec222602b67a1ad570e...c1f15848adf7393f7df0761b46a70ad6d4d5a052
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20180213/55d428a9/attachment.html>


More information about the vc mailing list