ntp: prefix NTP_AuthMode enums
This commit is contained in:
Miroslav Lichvar
parent
56a102ed4d
commit
46cac4e22f
3 changed files with 28 additions and 28 deletions
8
ntp.h
8
ntp.h
|
|
@ -112,10 +112,10 @@ typedef struct {
|
||||||
|
|
||||||
/* Enumeration for authentication modes of NTP packets */
|
/* Enumeration for authentication modes of NTP packets */
|
||||||
typedef enum {
|
typedef enum {
|
||||||
AUTH_NONE = 0, /* No authentication */
|
NTP_AUTH_NONE = 0, /* No authentication */
|
||||||
AUTH_SYMMETRIC, /* MAC using symmetric key (RFC 1305, RFC 5905) */
|
NTP_AUTH_SYMMETRIC, /* MAC using symmetric key (RFC 1305, RFC 5905) */
|
||||||
AUTH_MSSNTP, /* MS-SNTP authenticator field */
|
NTP_AUTH_MSSNTP, /* MS-SNTP authenticator field */
|
||||||
AUTH_MSSNTP_EXT, /* MS-SNTP extended authenticator field */
|
NTP_AUTH_MSSNTP_EXT, /* MS-SNTP extended authenticator field */
|
||||||
} NTP_AuthMode;
|
} NTP_AuthMode;
|
||||||
|
|
||||||
/* Structure describing an NTP packet */
|
/* Structure describing an NTP packet */
|
||||||
|
|
|
||||||
44
ntp_auth.c
44
ntp_auth.c
|
|
@ -96,11 +96,11 @@ static void
|
||||||
adjust_timestamp(NTP_AuthMode mode, uint32_t key_id, struct timespec *ts)
|
adjust_timestamp(NTP_AuthMode mode, uint32_t key_id, struct timespec *ts)
|
||||||
{
|
{
|
||||||
switch (mode) {
|
switch (mode) {
|
||||||
case AUTH_SYMMETRIC:
|
case NTP_AUTH_SYMMETRIC:
|
||||||
ts->tv_nsec += KEY_GetAuthDelay(key_id);
|
ts->tv_nsec += KEY_GetAuthDelay(key_id);
|
||||||
UTI_NormaliseTimespec(ts);
|
UTI_NormaliseTimespec(ts);
|
||||||
break;
|
break;
|
||||||
case AUTH_MSSNTP:
|
case NTP_AUTH_MSSNTP:
|
||||||
ts->tv_nsec += NSD_GetAuthDelay(key_id);
|
ts->tv_nsec += NSD_GetAuthDelay(key_id);
|
||||||
UTI_NormaliseTimespec(ts);
|
UTI_NormaliseTimespec(ts);
|
||||||
default:
|
default:
|
||||||
|
|
@ -142,7 +142,7 @@ create_instance(NTP_AuthMode mode)
|
||||||
NAU_Instance
|
NAU_Instance
|
||||||
NAU_CreateNoneInstance(void)
|
NAU_CreateNoneInstance(void)
|
||||||
{
|
{
|
||||||
return create_instance(AUTH_NONE);
|
return create_instance(NTP_AUTH_NONE);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ================================================== */
|
/* ================================================== */
|
||||||
|
|
@ -150,7 +150,7 @@ NAU_CreateNoneInstance(void)
|
||||||
NAU_Instance
|
NAU_Instance
|
||||||
NAU_CreateSymmetricInstance(uint32_t key_id)
|
NAU_CreateSymmetricInstance(uint32_t key_id)
|
||||||
{
|
{
|
||||||
NAU_Instance instance = create_instance(AUTH_SYMMETRIC);
|
NAU_Instance instance = create_instance(NTP_AUTH_SYMMETRIC);
|
||||||
|
|
||||||
instance->key_id = key_id;
|
instance->key_id = key_id;
|
||||||
|
|
||||||
|
|
@ -175,7 +175,7 @@ NAU_DestroyInstance(NAU_Instance instance)
|
||||||
int
|
int
|
||||||
NAU_IsAuthEnabled(NAU_Instance instance)
|
NAU_IsAuthEnabled(NAU_Instance instance)
|
||||||
{
|
{
|
||||||
return instance->mode != AUTH_NONE;
|
return instance->mode != NTP_AUTH_NONE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ================================================== */
|
/* ================================================== */
|
||||||
|
|
@ -185,7 +185,7 @@ NAU_GetSuggestedNtpVersion(NAU_Instance instance)
|
||||||
{
|
{
|
||||||
/* If the MAC in NTPv4 packets would be truncated, prefer NTPv3 for
|
/* If the MAC in NTPv4 packets would be truncated, prefer NTPv3 for
|
||||||
compatibility with older chronyd servers */
|
compatibility with older chronyd servers */
|
||||||
if (instance->mode == AUTH_SYMMETRIC &&
|
if (instance->mode == NTP_AUTH_SYMMETRIC &&
|
||||||
KEY_GetAuthLength(instance->key_id) + sizeof (instance->key_id) > NTP_MAX_V4_MAC_LENGTH)
|
KEY_GetAuthLength(instance->key_id) + sizeof (instance->key_id) > NTP_MAX_V4_MAC_LENGTH)
|
||||||
return 3;
|
return 3;
|
||||||
|
|
||||||
|
|
@ -219,9 +219,9 @@ int
|
||||||
NAU_GenerateRequestAuth(NAU_Instance instance, NTP_Packet *request, NTP_PacketInfo *info)
|
NAU_GenerateRequestAuth(NAU_Instance instance, NTP_Packet *request, NTP_PacketInfo *info)
|
||||||
{
|
{
|
||||||
switch (instance->mode) {
|
switch (instance->mode) {
|
||||||
case AUTH_NONE:
|
case NTP_AUTH_NONE:
|
||||||
break;
|
break;
|
||||||
case AUTH_SYMMETRIC:
|
case NTP_AUTH_SYMMETRIC:
|
||||||
if (!generate_symmetric_auth(instance->key_id, request, info))
|
if (!generate_symmetric_auth(instance->key_id, request, info))
|
||||||
return 0;
|
return 0;
|
||||||
break;
|
break;
|
||||||
|
|
@ -253,7 +253,7 @@ NAU_ParsePacket(NTP_Packet *packet, NTP_PacketInfo *info)
|
||||||
/* In NTPv3 and older packets don't have extension fields. Anything after
|
/* In NTPv3 and older packets don't have extension fields. Anything after
|
||||||
the header is assumed to be a MAC. */
|
the header is assumed to be a MAC. */
|
||||||
if (info->version <= 3) {
|
if (info->version <= 3) {
|
||||||
info->auth.mode = AUTH_SYMMETRIC;
|
info->auth.mode = NTP_AUTH_SYMMETRIC;
|
||||||
info->auth.mac.start = parsed;
|
info->auth.mac.start = parsed;
|
||||||
info->auth.mac.length = remainder;
|
info->auth.mac.length = remainder;
|
||||||
info->auth.mac.key_id = ntohl(*(uint32_t *)(data + parsed));
|
info->auth.mac.key_id = ntohl(*(uint32_t *)(data + parsed));
|
||||||
|
|
@ -262,9 +262,9 @@ NAU_ParsePacket(NTP_Packet *packet, NTP_PacketInfo *info)
|
||||||
field with zeroes as digest */
|
field with zeroes as digest */
|
||||||
if (info->version == 3 && info->auth.mac.key_id) {
|
if (info->version == 3 && info->auth.mac.key_id) {
|
||||||
if (remainder == 20 && is_zero_data(data + parsed + 4, remainder - 4))
|
if (remainder == 20 && is_zero_data(data + parsed + 4, remainder - 4))
|
||||||
info->auth.mode = AUTH_MSSNTP;
|
info->auth.mode = NTP_AUTH_MSSNTP;
|
||||||
else if (remainder == 72 && is_zero_data(data + parsed + 8, remainder - 8))
|
else if (remainder == 72 && is_zero_data(data + parsed + 8, remainder - 8))
|
||||||
info->auth.mode = AUTH_MSSNTP_EXT;
|
info->auth.mode = NTP_AUTH_MSSNTP_EXT;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
|
|
@ -272,7 +272,7 @@ NAU_ParsePacket(NTP_Packet *packet, NTP_PacketInfo *info)
|
||||||
|
|
||||||
/* Check for a crypto NAK */
|
/* Check for a crypto NAK */
|
||||||
if (remainder == 4 && ntohl(*(uint32_t *)(data + parsed)) == 0) {
|
if (remainder == 4 && ntohl(*(uint32_t *)(data + parsed)) == 0) {
|
||||||
info->auth.mode = AUTH_SYMMETRIC;
|
info->auth.mode = NTP_AUTH_SYMMETRIC;
|
||||||
info->auth.mac.start = parsed;
|
info->auth.mac.start = parsed;
|
||||||
info->auth.mac.length = remainder;
|
info->auth.mac.length = remainder;
|
||||||
info->auth.mac.key_id = 0;
|
info->auth.mac.key_id = 0;
|
||||||
|
|
@ -322,7 +322,7 @@ NAU_ParsePacket(NTP_Packet *packet, NTP_PacketInfo *info)
|
||||||
/* This is not 100% reliable as a MAC could fail to authenticate and could
|
/* This is not 100% reliable as a MAC could fail to authenticate and could
|
||||||
pass as an extension field, leaving reminder smaller than the minimum MAC
|
pass as an extension field, leaving reminder smaller than the minimum MAC
|
||||||
length */
|
length */
|
||||||
info->auth.mode = AUTH_SYMMETRIC;
|
info->auth.mode = NTP_AUTH_SYMMETRIC;
|
||||||
info->auth.mac.start = parsed;
|
info->auth.mac.start = parsed;
|
||||||
info->auth.mac.length = remainder;
|
info->auth.mac.length = remainder;
|
||||||
info->auth.mac.key_id = ntohl(*(uint32_t *)(data + parsed));
|
info->auth.mac.key_id = ntohl(*(uint32_t *)(data + parsed));
|
||||||
|
|
@ -339,13 +339,13 @@ int
|
||||||
NAU_CheckRequestAuth(NTP_Packet *request, NTP_PacketInfo *info)
|
NAU_CheckRequestAuth(NTP_Packet *request, NTP_PacketInfo *info)
|
||||||
{
|
{
|
||||||
switch (info->auth.mode) {
|
switch (info->auth.mode) {
|
||||||
case AUTH_NONE:
|
case NTP_AUTH_NONE:
|
||||||
break;
|
break;
|
||||||
case AUTH_SYMMETRIC:
|
case NTP_AUTH_SYMMETRIC:
|
||||||
if (!check_symmetric_auth(request, info))
|
if (!check_symmetric_auth(request, info))
|
||||||
return 0;
|
return 0;
|
||||||
break;
|
break;
|
||||||
case AUTH_MSSNTP:
|
case NTP_AUTH_MSSNTP:
|
||||||
/* MS-SNTP requests are not authenticated */
|
/* MS-SNTP requests are not authenticated */
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
|
@ -371,13 +371,13 @@ NAU_GenerateResponseAuth(NTP_Packet *request, NTP_PacketInfo *request_info,
|
||||||
NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr)
|
NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr)
|
||||||
{
|
{
|
||||||
switch (request_info->auth.mode) {
|
switch (request_info->auth.mode) {
|
||||||
case AUTH_NONE:
|
case NTP_AUTH_NONE:
|
||||||
break;
|
break;
|
||||||
case AUTH_SYMMETRIC:
|
case NTP_AUTH_SYMMETRIC:
|
||||||
if (!generate_symmetric_auth(request_info->auth.mac.key_id, response, response_info))
|
if (!generate_symmetric_auth(request_info->auth.mac.key_id, response, response_info))
|
||||||
return 0;
|
return 0;
|
||||||
break;
|
break;
|
||||||
case AUTH_MSSNTP:
|
case NTP_AUTH_MSSNTP:
|
||||||
/* Sign the packet asynchronously by ntp_signd */
|
/* Sign the packet asynchronously by ntp_signd */
|
||||||
if (!NSD_SignAndSendPacket(request_info->auth.mac.key_id, response, response_info,
|
if (!NSD_SignAndSendPacket(request_info->auth.mac.key_id, response, response_info,
|
||||||
remote_addr, local_addr))
|
remote_addr, local_addr))
|
||||||
|
|
@ -399,7 +399,7 @@ NAU_CheckResponseAuth(NAU_Instance instance, NTP_Packet *response, NTP_PacketInf
|
||||||
{
|
{
|
||||||
/* If we don't expect the packet to be authenticated, ignore any
|
/* If we don't expect the packet to be authenticated, ignore any
|
||||||
authentication data in the packet */
|
authentication data in the packet */
|
||||||
if (instance->mode == AUTH_NONE)
|
if (instance->mode == NTP_AUTH_NONE)
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
/* The authentication must match the expected mode */
|
/* The authentication must match the expected mode */
|
||||||
|
|
@ -407,9 +407,9 @@ NAU_CheckResponseAuth(NAU_Instance instance, NTP_Packet *response, NTP_PacketInf
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
switch (info->auth.mode) {
|
switch (info->auth.mode) {
|
||||||
case AUTH_NONE:
|
case NTP_AUTH_NONE:
|
||||||
break;
|
break;
|
||||||
case AUTH_SYMMETRIC:
|
case NTP_AUTH_SYMMETRIC:
|
||||||
/* Check if it is authenticated with the specified key */
|
/* Check if it is authenticated with the specified key */
|
||||||
if (info->auth.mac.key_id != instance->key_id)
|
if (info->auth.mac.key_id != instance->key_id)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
||||||
|
|
@ -1278,7 +1278,7 @@ parse_packet(NTP_Packet *packet, int length, NTP_PacketInfo *info)
|
||||||
info->version = NTP_LVM_TO_VERSION(packet->lvm);
|
info->version = NTP_LVM_TO_VERSION(packet->lvm);
|
||||||
info->mode = NTP_LVM_TO_MODE(packet->lvm);
|
info->mode = NTP_LVM_TO_MODE(packet->lvm);
|
||||||
info->ext_fields = 0;
|
info->ext_fields = 0;
|
||||||
info->auth.mode = AUTH_NONE;
|
info->auth.mode = NTP_AUTH_NONE;
|
||||||
|
|
||||||
if (info->version < NTP_MIN_COMPAT_VERSION || info->version > NTP_MAX_COMPAT_VERSION) {
|
if (info->version < NTP_MIN_COMPAT_VERSION || info->version > NTP_MAX_COMPAT_VERSION) {
|
||||||
DEBUG_LOG("NTP packet has invalid version %d", info->version);
|
DEBUG_LOG("NTP packet has invalid version %d", info->version);
|
||||||
|
|
@ -2075,7 +2075,7 @@ NCR_ProcessRxUnknown(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_a
|
||||||
/* If it is an NTPv4 packet with a long MAC and no extension fields,
|
/* If it is an NTPv4 packet with a long MAC and no extension fields,
|
||||||
respond with a NTPv3 packet to avoid breaking RFC 7822 and keep
|
respond with a NTPv3 packet to avoid breaking RFC 7822 and keep
|
||||||
the length symmetric. Otherwise, respond with the same version. */
|
the length symmetric. Otherwise, respond with the same version. */
|
||||||
if (info.version == 4 && info.ext_fields == 0 && info.auth.mode == AUTH_SYMMETRIC &&
|
if (info.version == 4 && info.ext_fields == 0 && info.auth.mode == NTP_AUTH_SYMMETRIC &&
|
||||||
info.auth.mac.length > NTP_MAX_V4_MAC_LENGTH)
|
info.auth.mac.length > NTP_MAX_V4_MAC_LENGTH)
|
||||||
version = 3;
|
version = 3;
|
||||||
else
|
else
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue