nts: handle negotiated server as FQDN

The NTS RFC requires the recipient of the Server Negotiation NTS-KE
record to handle the name as a fully qualified domain name. Add a
trailing dot if not present to force the name to be resolved as one.

doc/chrony.conf.adoc

@@ -1651,7 +1651,8 @@ ntsdumpdir @CHRONYVARDIR@
 This directory is used also by the <<ntsdumpdir1,NTS client>> to save NTS cookies.
 
 [[ntsntpserver]]*ntsntpserver* _hostname_::
-This directive specifies the hostname or address of the NTP server(s) which is
+This directive specifies the hostname (as a fully qualified domain name) or
+address of the NTP server(s) which is
 provided in the NTS-KE response to the clients. It allows the NTS-KE server to
 be separated from the NTP server. However, the servers need to share the keys,
 i.e. external key management needs to be enabled by setting

nts_ke_client.c

@@ -53,7 +53,7 @@ struct NKC_Instance_Record {
   NKE_Context context;
   NKE_Cookie cookies[NKE_MAX_COOKIES];
   int num_cookies;
-  char server_name[NKE_MAX_RECORD_BODY_LENGTH + 1];
+  char server_name[NKE_MAX_RECORD_BODY_LENGTH + 2];
   IPSockAddr ntp_address;
 };
 
@@ -254,6 +254,17 @@ handle_message(void *arg)
     if (inst->resolving_name)
       return 0;
     if (!UTI_StringToIP(inst->server_name, &inst->ntp_address.ip_addr)) {
+      int length = strlen(inst->server_name);
+
+      /* Add a trailing dot if not present to force the name to be
+         resolved as a fully qualified domain name */
+      if (length < 1 || length + 1 >= sizeof (inst->server_name))
+        return 0;
+      if (inst->server_name[length - 1] != '.') {
+        inst->server_name[length] = '.';
+        inst->server_name[length + 1] = '\0';
+      }
+
       DNS_Name2IPAddressAsync(inst->server_name, name_resolve_handler, inst);
       inst->resolving_name = 1;
     }