faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ntp: prefix NTP_AuthMode enums

Browse source
This commit is contained in:
Miroslav Lichvar 2019-08-15 11:23:44 +02:00
parent 56a102ed4d
commit 46cac4e22f
3 changed files with 28 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
ntp.h
View file

@ -112,10 +112,10 @@ typedef struct {
/* Enumeration for authentication modes of NTP packets */
typedef enum {
AUTH_NONE = 0, /* No authentication */
AUTH_SYMMETRIC, /* MAC using symmetric key (RFC 1305, RFC 5905) */
AUTH_MSSNTP, /* MS-SNTP authenticator field */
AUTH_MSSNTP_EXT, /* MS-SNTP extended authenticator field */
NTP_AUTH_NONE = 0, /* No authentication */
NTP_AUTH_SYMMETRIC, /* MAC using symmetric key (RFC 1305, RFC 5905) */
NTP_AUTH_MSSNTP, /* MS-SNTP authenticator field */
NTP_AUTH_MSSNTP_EXT, /* MS-SNTP extended authenticator field */
} NTP_AuthMode;
/* Structure describing an NTP packet */

44
ntp_auth.c
View file

@ -96,11 +96,11 @@ static void
adjust_timestamp(NTP_AuthMode mode, uint32_t key_id, struct timespec *ts)
{
switch (mode) {
case AUTH_SYMMETRIC:
case NTP_AUTH_SYMMETRIC:
ts->tv_nsec += KEY_GetAuthDelay(key_id);
UTI_NormaliseTimespec(ts);
break;
case AUTH_MSSNTP:
case NTP_AUTH_MSSNTP:
ts->tv_nsec += NSD_GetAuthDelay(key_id);
UTI_NormaliseTimespec(ts);
default:
@ -142,7 +142,7 @@ create_instance(NTP_AuthMode mode)
NAU_Instance
NAU_CreateNoneInstance(void)
{
return create_instance(AUTH_NONE);
return create_instance(NTP_AUTH_NONE);
}
/* ================================================== */
@ -150,7 +150,7 @@ NAU_CreateNoneInstance(void)
NAU_Instance
NAU_CreateSymmetricInstance(uint32_t key_id)
{
NAU_Instance instance = create_instance(AUTH_SYMMETRIC);
NAU_Instance instance = create_instance(NTP_AUTH_SYMMETRIC);
instance->key_id = key_id;
@ -175,7 +175,7 @@ NAU_DestroyInstance(NAU_Instance instance)
int
NAU_IsAuthEnabled(NAU_Instance instance)
{
return instance->mode != AUTH_NONE;
return instance->mode != NTP_AUTH_NONE;
}
/* ================================================== */
@ -185,7 +185,7 @@ NAU_GetSuggestedNtpVersion(NAU_Instance instance)
{
/* If the MAC in NTPv4 packets would be truncated, prefer NTPv3 for
compatibility with older chronyd servers */
if (instance->mode == AUTH_SYMMETRIC &&
if (instance->mode == NTP_AUTH_SYMMETRIC &&
KEY_GetAuthLength(instance->key_id) + sizeof (instance->key_id) > NTP_MAX_V4_MAC_LENGTH)
return 3;
@ -219,9 +219,9 @@ int
NAU_GenerateRequestAuth(NAU_Instance instance, NTP_Packet *request, NTP_PacketInfo *info)
{
switch (instance->mode) {
case AUTH_NONE:
case NTP_AUTH_NONE:
break;
case AUTH_SYMMETRIC:
case NTP_AUTH_SYMMETRIC:
if (!generate_symmetric_auth(instance->key_id, request, info))
return 0;
break;
@ -253,7 +253,7 @@ NAU_ParsePacket(NTP_Packet *packet, NTP_PacketInfo *info)
/* In NTPv3 and older packets don't have extension fields. Anything after
the header is assumed to be a MAC. */
if (info->version <= 3) {
info->auth.mode = AUTH_SYMMETRIC;
info->auth.mode = NTP_AUTH_SYMMETRIC;
info->auth.mac.start = parsed;
info->auth.mac.length = remainder;
info->auth.mac.key_id = ntohl(*(uint32_t *)(data + parsed));
@ -262,9 +262,9 @@ NAU_ParsePacket(NTP_Packet *packet, NTP_PacketInfo *info)
field with zeroes as digest */
if (info->version == 3 && info->auth.mac.key_id) {
if (remainder == 20 && is_zero_data(data + parsed + 4, remainder - 4))
info->auth.mode = AUTH_MSSNTP;
info->auth.mode = NTP_AUTH_MSSNTP;
else if (remainder == 72 && is_zero_data(data + parsed + 8, remainder - 8))
info->auth.mode = AUTH_MSSNTP_EXT;
info->auth.mode = NTP_AUTH_MSSNTP_EXT;
}
return 1;
@ -272,7 +272,7 @@ NAU_ParsePacket(NTP_Packet *packet, NTP_PacketInfo *info)
/* Check for a crypto NAK */
if (remainder == 4 && ntohl(*(uint32_t *)(data + parsed)) == 0) {
info->auth.mode = AUTH_SYMMETRIC;
info->auth.mode = NTP_AUTH_SYMMETRIC;
info->auth.mac.start = parsed;
info->auth.mac.length = remainder;
info->auth.mac.key_id = 0;
@ -322,7 +322,7 @@ NAU_ParsePacket(NTP_Packet *packet, NTP_PacketInfo *info)
/* This is not 100% reliable as a MAC could fail to authenticate and could
pass as an extension field, leaving reminder smaller than the minimum MAC
length */
info->auth.mode = AUTH_SYMMETRIC;
info->auth.mode = NTP_AUTH_SYMMETRIC;
info->auth.mac.start = parsed;
info->auth.mac.length = remainder;
info->auth.mac.key_id = ntohl(*(uint32_t *)(data + parsed));
@ -339,13 +339,13 @@ int
NAU_CheckRequestAuth(NTP_Packet *request, NTP_PacketInfo *info)
{
switch (info->auth.mode) {
case AUTH_NONE:
case NTP_AUTH_NONE:
break;
case AUTH_SYMMETRIC:
case NTP_AUTH_SYMMETRIC:
if (!check_symmetric_auth(request, info))
return 0;
break;
case AUTH_MSSNTP:
case NTP_AUTH_MSSNTP:
/* MS-SNTP requests are not authenticated */
break;
default:
@ -371,13 +371,13 @@ NAU_GenerateResponseAuth(NTP_Packet *request, NTP_PacketInfo *request_info,
NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr)
{
switch (request_info->auth.mode) {
case AUTH_NONE:
case NTP_AUTH_NONE:
break;
case AUTH_SYMMETRIC:
case NTP_AUTH_SYMMETRIC:
if (!generate_symmetric_auth(request_info->auth.mac.key_id, response, response_info))
return 0;
break;
case AUTH_MSSNTP:
case NTP_AUTH_MSSNTP:
/* Sign the packet asynchronously by ntp_signd */
if (!NSD_SignAndSendPacket(request_info->auth.mac.key_id, response, response_info,
remote_addr, local_addr))
@ -399,7 +399,7 @@ NAU_CheckResponseAuth(NAU_Instance instance, NTP_Packet *response, NTP_PacketInf
{
/* If we don't expect the packet to be authenticated, ignore any
authentication data in the packet */
if (instance->mode == AUTH_NONE)
if (instance->mode == NTP_AUTH_NONE)
return 1;
/* The authentication must match the expected mode */
@ -407,9 +407,9 @@ NAU_CheckResponseAuth(NAU_Instance instance, NTP_Packet *response, NTP_PacketInf
return 0;
switch (info->auth.mode) {
case AUTH_NONE:
case NTP_AUTH_NONE:
break;
case AUTH_SYMMETRIC:
case NTP_AUTH_SYMMETRIC:
/* Check if it is authenticated with the specified key */
if (info->auth.mac.key_id != instance->key_id)
return 0;

4
ntp_core.c
View file

@ -1278,7 +1278,7 @@ parse_packet(NTP_Packet *packet, int length, NTP_PacketInfo *info)
info->version = NTP_LVM_TO_VERSION(packet->lvm);
info->mode = NTP_LVM_TO_MODE(packet->lvm);
info->ext_fields = 0;
info->auth.mode = AUTH_NONE;
info->auth.mode = NTP_AUTH_NONE;
if (info->version < NTP_MIN_COMPAT_VERSION || info->version > NTP_MAX_COMPAT_VERSION) {
DEBUG_LOG("NTP packet has invalid version %d", info->version);
@ -2075,7 +2075,7 @@ NCR_ProcessRxUnknown(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_a
/* If it is an NTPv4 packet with a long MAC and no extension fields,
respond with a NTPv3 packet to avoid breaking RFC 7822 and keep
the length symmetric. Otherwise, respond with the same version. */
if (info.version == 4 && info.ext_fields == 0 && info.auth.mode == AUTH_SYMMETRIC &&
if (info.version == 4 && info.ext_fields == 0 && info.auth.mode == NTP_AUTH_SYMMETRIC &&
info.auth.mac.length > NTP_MAX_V4_MAC_LENGTH)
version = 3;
else