[Git][NTPsec/ntpsec][master] 2 commits: Change a few more "ntp" to "123"
Hal Murray
gitlab at mg.gitlab.com
Mon Mar 25 06:03:59 UTC 2019
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
77031170 by Hal Murray at 2019-03-25T01:20:57Z
Change a few more "ntp" to "123"
Removes dependency on /etc/services (or equiv)
- - - - -
48314488 by Hal Murray at 2019-03-25T03:23:24Z
NTS: add support for server negotiation
- - - - -
3 changed files:
- libntp/decodenetnum.c
- ntpd/ntp_dns.c
- ntpd/nts_client.c
Changes:
=====================================
libntp/decodenetnum.c
=====================================
@@ -131,7 +131,7 @@ decodenetnum(
either the IP address or the port is well-formed, but at
least they're unambiguously delimited from each other.
Let getaddrinfo() perform all further validation. */
- retcode = getaddrinfo(ip, port_start == NULL ? "ntp" : port_start,
+ retcode = getaddrinfo(ip, port_start == NULL ? "123" : port_start,
&hints, &ai);
if(retcode) {
return retcode;
=====================================
ntpd/ntp_dns.c
=====================================
@@ -170,7 +170,7 @@ static void* dns_lookup(void* arg)
hints.ai_protocol = IPPROTO_UDP;
hints.ai_socktype = SOCK_DGRAM;
hints.ai_family = AF(&pp->srcadr);
- gai_rc = getaddrinfo(pp->hostname, "ntp", &hints, &answer);
+ gai_rc = getaddrinfo(pp->hostname, "123", &hints, &answer);
}
kill(getpid(), SIGDNS);
=====================================
ntpd/nts_client.c
=====================================
@@ -32,6 +32,7 @@ bool nts_set_cert_search(SSL_CTX *ctx);
bool check_certificate(struct peer* peer, SSL *ssl);
bool nts_client_send_request(struct peer* peer, SSL *ssl);
bool nts_client_process_response(struct peer* peer, SSL *ssl);
+bool nts_server_lookup(char *server, sockaddr_u *addr);
static SSL_CTX *client_ctx = NULL;
static sockaddr_u sockaddr;
@@ -405,9 +406,11 @@ bool nts_client_process_response(struct peer* peer, SSL *ssl) {
buf.next = buff;
buf.left = transferred;
while (buf.left > 0) {
- uint16_t type, data;
+ uint16_t type, data, port;
bool critical = false;
int length, keylength;
+#define MAX_SERVER 100
+ char server[MAX_SERVER];
type = ke_next_record(&buf, &length);
if (NTS_CRITICAL & type) {
@@ -466,10 +469,24 @@ bool nts_client_process_response(struct peer* peer, SSL *ssl) {
peer->nts_state.writeIdx = peer->nts_state.writeIdx % NTS_MAX_COOKIES;
peer->nts_state.count++;
break;
+ case nts_server_negotiation:
+ if (MAX_SERVER < length) {
+ msyslog(LOG_ERR, "NTSc: server string too long %d.", length);
+ return false;
+ }
+ next_bytes(&buf, (uint8_t *)server, length);
+ /* save port in case port specified before server */
+ port = SRCPORT(&sockaddr);
+ if (!nts_server_lookup(server, &sockaddr))
+ return false;
+ SET_PORT(&sockaddr, port);
+ msyslog(LOG_ERR, "NTSc: Using server %s=>%s", server, socktoa(&sockaddr));
+ break;
case nts_port_negotiation:
- data = next_uint16(&buf);
- SET_PORT(&sockaddr, data);
- msyslog(LOG_ERR, "NTSc: Using port %d", data);
+ // FIXME check length
+ port = next_uint16(&buf);
+ SET_PORT(&sockaddr, port);
+ msyslog(LOG_ERR, "NTSc: Using port %d", port);
break;
case nts_end_of_message:
if ((0 != length) || !critical) {
@@ -533,4 +550,33 @@ bool nts_set_cert_search(SSL_CTX *ctx) {
return false;
}
+bool nts_server_lookup(char *server, sockaddr_u *addr) {
+ struct addrinfo hints;
+ struct addrinfo *answer;
+ int gai_rc;
+
+ ZERO(hints);
+ hints.ai_protocol = IPPROTO_UDP;
+ hints.ai_socktype = SOCK_DGRAM;
+ hints.ai_family = AF_UNSPEC;
+
+ gai_rc = getaddrinfo(server, "123", &hints, &answer);
+ if (0 != gai_rc) {
+ msyslog(LOG_INFO, "NTSc: nts_probe: DNS error trying to lookup %s: %d, %s",
+ server, gai_rc, gai_strerror(gai_rc));
+ return false;
+ }
+
+ if (NULL == answer)
+ return false;
+
+ if (sizeof(sockaddr_u) >= answer->ai_addrlen)
+ memcpy(addr, answer->ai_addr, answer->ai_addrlen);
+
+ freeaddrinfo(answer);
+
+ return true;
+
+}
+
/* end */
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/c22aefa6de046a600354834376d865a344cf1d4d...483144889cee6f80cae5e4409b3f848a6a508f10
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/c22aefa6de046a600354834376d865a344cf1d4d...483144889cee6f80cae5e4409b3f848a6a508f10
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190325/23c08250/attachment-0001.html>
More information about the vc
mailing list