faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nts: add server support for NTP server negotiation

Browse source 
Add ntsntpserver directive to specify the hostname of the NTP server
provided in NTS-KE response to clients.
This commit is contained in:
Miroslav Lichvar 2020-04-15 15:41:22 +02:00
parent 958d66f8a7
commit 4aff08e95d
3 changed files with 19 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
conf.c
View file

@ -223,8 +223,9 @@ static char *leapsec_tz = NULL;
/* Name of the user to which will be dropped root privileges. */ /* Name of the user to which will be dropped root privileges. */
static char *user; static char *user;
/* NTS dump dir, certificates, private key, and port */ /* NTS server and client configuration */
static char *nts_dump_dir = NULL; static char *nts_dump_dir = NULL;
static char *nts_ntp_server = NULL;
static char *nts_server_cert_file = NULL; static char *nts_server_cert_file = NULL;
static char *nts_server_key_file = NULL; static char *nts_server_key_file = NULL;
static int nts_server_port = 11443; static int nts_server_port = 11443;
@ -405,6 +406,7 @@ CNF_Finalise(void)
Free(tempcomp_sensor_file); Free(tempcomp_sensor_file);
Free(tempcomp_point_file); Free(tempcomp_point_file);
Free(nts_dump_dir); Free(nts_dump_dir);
Free(nts_ntp_server);
Free(nts_server_cert_file); Free(nts_server_cert_file);
Free(nts_server_key_file); Free(nts_server_key_file);
Free(nts_trusted_cert_file); Free(nts_trusted_cert_file);
@ -554,6 +556,8 @@ CNF_ParseLine(const char *filename, int number, char *line)
} else if (!strcasecmp(command, "ntscachedir") || } else if (!strcasecmp(command, "ntscachedir") ||
!strcasecmp(command, "ntsdumpdir")) { !strcasecmp(command, "ntsdumpdir")) {
parse_string(p, &nts_dump_dir); parse_string(p, &nts_dump_dir);
} else if (!strcasecmp(command, "ntsntpserver")) {
parse_string(p, &nts_ntp_server);
} else if (!strcasecmp(command, "ntsport")) { } else if (!strcasecmp(command, "ntsport")) {
parse_int(p, &nts_server_port); parse_int(p, &nts_server_port);
} else if (!strcasecmp(command, "ntsprocesses")) { } else if (!strcasecmp(command, "ntsprocesses")) {
@ -2077,6 +2081,14 @@ CNF_GetNtsDumpDir(void)
/* ================================================== */ /* ================================================== */
char *
CNF_GetNtsNtpServer(void)
{
return nts_ntp_server;
}
/* ================================================== */
char * char *
CNF_GetNtsServerCertFile(void) CNF_GetNtsServerCertFile(void)
{ {

1
conf.h
View file

@ -140,6 +140,7 @@ typedef struct {
extern int CNF_GetHwTsInterface(unsigned int index, CNF_HwTsInterface **iface); extern int CNF_GetHwTsInterface(unsigned int index, CNF_HwTsInterface **iface);
extern char *CNF_GetNtsDumpDir(void); extern char *CNF_GetNtsDumpDir(void);
extern char *CNF_GetNtsNtpServer(void);
extern char *CNF_GetNtsServerCertFile(void); extern char *CNF_GetNtsServerCertFile(void);
extern char *CNF_GetNtsServerKeyFile(void); extern char *CNF_GetNtsServerKeyFile(void);
extern int CNF_GetNtsServerPort(void); extern int CNF_GetNtsServerPort(void);

10
nts_ke_server.c
View file

@ -299,6 +299,7 @@ prepare_response(NKSN_Instance session, int error, int next_protocol, int aead_a
{ {
NKE_Context context; NKE_Context context;
NKE_Cookie cookie; NKE_Cookie cookie;
char *ntp_server;
uint16_t datum; uint16_t datum;
int i; int i;
@ -325,11 +326,10 @@ prepare_response(NKSN_Instance session, int error, int next_protocol, int aead_a
return 0; return 0;
} }
/* This should be configurable */ ntp_server = CNF_GetNtsNtpServer();
if (0) { if (ntp_server) {
const char server[] = "::1"; if (!NKSN_AddRecord(session, 1, NKE_RECORD_NTPV4_SERVER_NEGOTIATION,
if (!NKSN_AddRecord(session, 1, NKE_RECORD_NTPV4_SERVER_NEGOTIATION, server, ntp_server, strlen(ntp_server)))
sizeof (server) - 1))
return 0; return 0;
} }