keys: remove support for command key
Without the cmdmon authentication, there is no need for command keys.
This commit is contained in:
Miroslav Lichvar
parent
b11ca92ca6
commit
282a9c7d7c
4 changed files with 5 additions and 123 deletions
45
conf.c
45
conf.c
|
|
@ -47,7 +47,6 @@
|
|||
|
||||
static int parse_string(char *line, char **result);
|
||||
static int parse_int(char *line, int *result);
|
||||
static int parse_uint32(char *, uint32_t *result);
|
||||
static int parse_double(char *line, double *result);
|
||||
static int parse_null(char *line);
|
||||
|
||||
|
|
@ -80,14 +79,12 @@ static void parse_tempcomp(char *);
|
|||
/* Configuration variables */
|
||||
|
||||
static int restarted = 0;
|
||||
static int generate_command_key = 0;
|
||||
static char *rtc_device;
|
||||
static int acquisition_port = -1;
|
||||
static int ntp_port = 123;
|
||||
static char *keys_file = NULL;
|
||||
static char *drift_file = NULL;
|
||||
static char *rtc_file = NULL;
|
||||
static uint32_t command_key_id;
|
||||
static double max_update_skew = 1000.0;
|
||||
static double correction_time_ratio = 3.0;
|
||||
static double max_clock_error = 1.0; /* in ppm */
|
||||
|
|
@ -431,8 +428,6 @@ CNF_ParseLine(const char *filename, int number, char *line)
|
|||
parse_int(p, &cmd_port);
|
||||
} else if (!strcasecmp(command, "combinelimit")) {
|
||||
parse_double(p, &combine_limit);
|
||||
} else if (!strcasecmp(command, "commandkey")) {
|
||||
parse_uint32(p, &command_key_id);
|
||||
} else if (!strcasecmp(command, "corrtimeratio")) {
|
||||
parse_double(p, &correction_time_ratio);
|
||||
} else if (!strcasecmp(command, "deny")) {
|
||||
|
|
@ -445,8 +440,6 @@ CNF_ParseLine(const char *filename, int number, char *line)
|
|||
do_dump_on_exit = parse_null(p);
|
||||
} else if (!strcasecmp(command, "fallbackdrift")) {
|
||||
parse_fallbackdrift(p);
|
||||
} else if (!strcasecmp(command, "generatecommandkey")) {
|
||||
generate_command_key = parse_null(p);
|
||||
} else if (!strcasecmp(command, "hwclockfile")) {
|
||||
parse_string(p, &hwclock_file);
|
||||
} else if (!strcasecmp(command, "include")) {
|
||||
|
|
@ -459,10 +452,6 @@ CNF_ParseLine(const char *filename, int number, char *line)
|
|||
parse_leapsecmode(p);
|
||||
} else if (!strcasecmp(command, "leapsectz")) {
|
||||
parse_string(p, &leapsec_tz);
|
||||
} else if (!strcasecmp(command, "linux_freq_scale")) {
|
||||
LOG(LOGS_WARN, LOGF_Configure, "%s directive is no longer supported", command);
|
||||
} else if (!strcasecmp(command, "linux_hz")) {
|
||||
LOG(LOGS_WARN, LOGF_Configure, "%s directive is no longer supported", command);
|
||||
} else if (!strcasecmp(command, "local")) {
|
||||
parse_local(p);
|
||||
} else if (!strcasecmp(command, "lock_all")) {
|
||||
|
|
@ -531,6 +520,11 @@ CNF_ParseLine(const char *filename, int number, char *line)
|
|||
parse_tempcomp(p);
|
||||
} else if (!strcasecmp(command, "user")) {
|
||||
parse_string(p, &user);
|
||||
} else if (!strcasecmp(command, "commandkey") ||
|
||||
!strcasecmp(command, "generatecommandkey") ||
|
||||
!strcasecmp(command, "linux_freq_scale") ||
|
||||
!strcasecmp(command, "linux_hz")) {
|
||||
LOG(LOGS_WARN, LOGF_Configure, "%s directive is no longer supported", command);
|
||||
} else {
|
||||
other_parse_error("Invalid command");
|
||||
}
|
||||
|
|
@ -562,19 +556,6 @@ parse_int(char *line, int *result)
|
|||
|
||||
/* ================================================== */
|
||||
|
||||
static int
|
||||
parse_uint32(char *line, uint32_t *result)
|
||||
{
|
||||
check_number_of_args(line, 1);
|
||||
if (sscanf(line, "%"SCNu32, result) != 1) {
|
||||
command_parse_error();
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* ================================================== */
|
||||
|
||||
static int
|
||||
parse_double(char *line, double *result)
|
||||
{
|
||||
|
|
@ -1488,22 +1469,6 @@ CNF_GetRtcDevice(void)
|
|||
|
||||
/* ================================================== */
|
||||
|
||||
uint32_t
|
||||
CNF_GetCommandKey(void)
|
||||
{
|
||||
return command_key_id;
|
||||
}
|
||||
|
||||
/* ================================================== */
|
||||
|
||||
int
|
||||
CNF_GetGenerateCommandKey(void)
|
||||
{
|
||||
return generate_command_key;
|
||||
}
|
||||
|
||||
/* ================================================== */
|
||||
|
||||
int
|
||||
CNF_GetDumpOnExit(void)
|
||||
{
|
||||
|
|
|
|||
2
conf.h
2
conf.h
|
|
@ -60,8 +60,6 @@ extern int CNF_GetLogRefclocks(void);
|
|||
extern int CNF_GetLogTempComp(void);
|
||||
extern char *CNF_GetKeysFile(void);
|
||||
extern char *CNF_GetRtcFile(void);
|
||||
extern uint32_t CNF_GetCommandKey(void);
|
||||
extern int CNF_GetGenerateCommandKey(void);
|
||||
extern int CNF_GetDumpOnExit(void);
|
||||
extern int CNF_GetManualEnabled(void);
|
||||
extern int CNF_GetCommandPort(void);
|
||||
|
|
|
|||
79
keys.c
79
keys.c
|
|
@ -50,72 +50,12 @@ typedef struct {
|
|||
|
||||
static ARR_Instance keys;
|
||||
|
||||
static int command_key_valid;
|
||||
static uint32_t command_key_id;
|
||||
static int cache_valid;
|
||||
static uint32_t cache_key_id;
|
||||
static int cache_key_pos;
|
||||
|
||||
/* ================================================== */
|
||||
|
||||
static int
|
||||
generate_key(uint32_t key_id)
|
||||
{
|
||||
#ifdef FEAT_SECHASH
|
||||
unsigned char key[20];
|
||||
const char *hashname = "SHA1";
|
||||
#else
|
||||
unsigned char key[16];
|
||||
const char *hashname = "MD5";
|
||||
#endif
|
||||
const char *key_file, *rand_dev = "/dev/urandom";
|
||||
FILE *f;
|
||||
struct stat st;
|
||||
int i;
|
||||
|
||||
key_file = CNF_GetKeysFile();
|
||||
|
||||
if (!key_file)
|
||||
return 0;
|
||||
|
||||
f = fopen(rand_dev, "r");
|
||||
if (!f || fread(key, sizeof (key), 1, f) != 1) {
|
||||
if (f)
|
||||
fclose(f);
|
||||
LOG_FATAL(LOGF_Keys, "Could not read %s", rand_dev);
|
||||
return 0;
|
||||
}
|
||||
fclose(f);
|
||||
|
||||
f = fopen(key_file, "a");
|
||||
if (!f) {
|
||||
LOG_FATAL(LOGF_Keys, "Could not open keyfile %s for writing", key_file);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Make sure the keyfile is not world-readable */
|
||||
if (stat(key_file, &st) || chmod(key_file, st.st_mode & 0770)) {
|
||||
fclose(f);
|
||||
LOG_FATAL(LOGF_Keys, "Could not change permissions of keyfile %s", key_file);
|
||||
return 0;
|
||||
}
|
||||
|
||||
fprintf(f, "\n%"PRIu32" %s HEX:", key_id, hashname);
|
||||
for (i = 0; i < sizeof (key); i++)
|
||||
fprintf(f, "%02hhX", key[i]);
|
||||
fprintf(f, "\n");
|
||||
fclose(f);
|
||||
|
||||
/* Erase the key from stack */
|
||||
memset(key, 0, sizeof (key));
|
||||
|
||||
LOG(LOGS_INFO, LOGF_Keys, "Generated key %"PRIu32, key_id);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* ================================================== */
|
||||
|
||||
static void
|
||||
free_keys(void)
|
||||
{
|
||||
|
|
@ -125,7 +65,6 @@ free_keys(void)
|
|||
Free(((Key *)ARR_GetElement(keys, i))->val);
|
||||
|
||||
ARR_SetSize(keys, 0);
|
||||
command_key_valid = 0;
|
||||
cache_valid = 0;
|
||||
}
|
||||
|
||||
|
|
@ -135,14 +74,8 @@ void
|
|||
KEY_Initialise(void)
|
||||
{
|
||||
keys = ARR_CreateInstance(sizeof (Key));
|
||||
command_key_valid = 0;
|
||||
cache_valid = 0;
|
||||
KEY_Reload();
|
||||
|
||||
if (CNF_GetGenerateCommandKey() && !KEY_KeyKnown(KEY_GetCommandKey())) {
|
||||
if (generate_key(KEY_GetCommandKey()))
|
||||
KEY_Reload();
|
||||
}
|
||||
}
|
||||
|
||||
/* ================================================== */
|
||||
|
|
@ -334,18 +267,6 @@ get_key_by_id(uint32_t key_id)
|
|||
|
||||
/* ================================================== */
|
||||
|
||||
uint32_t
|
||||
KEY_GetCommandKey(void)
|
||||
{
|
||||
if (!command_key_valid) {
|
||||
command_key_id = CNF_GetCommandKey();
|
||||
}
|
||||
|
||||
return command_key_id;
|
||||
}
|
||||
|
||||
/* ================================================== */
|
||||
|
||||
int
|
||||
KEY_KeyKnown(uint32_t key_id)
|
||||
{
|
||||
|
|
|
|||
2
keys.h
2
keys.h
|
|
@ -34,8 +34,6 @@ extern void KEY_Finalise(void);
|
|||
|
||||
extern void KEY_Reload(void);
|
||||
|
||||
extern uint32_t KEY_GetCommandKey(void);
|
||||
|
||||
extern int KEY_GetKey(uint32_t key_id, char **key, int *len);
|
||||
extern int KEY_KeyKnown(uint32_t key_id);
|
||||
extern int KEY_GetAuthDelay(uint32_t key_id);
|
||||
|
|
|
|||
Loading…
Reference in a new issue