faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ntp: don't reply to known source if missing key or invalid auth

Browse source 
This is now similar to replying to unknown sources.
This commit is contained in:
Miroslav Lichvar 2014-03-20 19:00:08 +01:00
parent eecec8fffa
commit 8b362ba3e7
1 changed files with 13 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
ntp_core.c
View file

@ -1297,10 +1297,12 @@ NCR_ProcessKnown
is required in the secondaries to make this possible. */
if (ADF_IsAllowed(access_auth_table, &inst->remote_addr.ip_addr)) {
int do_auth;
CLG_LogNTPClientAccess(&inst->remote_addr.ip_addr, (time_t) now->tv_sec);
if (auth_len > 0) {
do_auth = 1;
auth_key_id = ntohl(message->auth_keyid);
valid_auth = check_packet_auth(message, auth_key_id, auth_len);
@ -1312,18 +1314,21 @@ NCR_ProcessKnown
reply_auth_key_id = 0UL;
}
} else {
do_auth = 0;
authenticate_reply = 0;
reply_auth_key_id = 0UL;
}
transmit_packet(MODE_SERVER, inst->local_poll,
version,
authenticate_reply, reply_auth_key_id,
&message->transmit_ts,
now,
&inst->local_tx,
&inst->local_ntp_tx,
&inst->remote_addr);
if (!do_auth || valid_auth) {
transmit_packet(MODE_SERVER, inst->local_poll,
version,
authenticate_reply, reply_auth_key_id,
&message->transmit_ts,
now,
&inst->local_tx,
&inst->local_ntp_tx,
&inst->remote_addr);
}
} else if (!LOG_RateLimited()) {
LOG(LOGS_WARN, LOGF_NtpCore, "NTP packet received from unauthorised host %s port %d",