[ntp:bk-ntp-dev-send] BitKeeper diffs
Harlan Stenn
stenn at deacon.udel.edu
Sun Oct 2 23:07:49 UTC 2011
#### ChangeSet ####
2011-10-02 22:12:47+00:00, davehart at shiny.ad.hartbrothers.com
[Bug 2019] Allow selection of cipher for private key files.
ntp-keygen private key cipher default now triple-key triple DES CBC.
ntp-keygen on Windows XP and later systems will now create links
expected by ntpd. They are hardlinks on Windows, soft on POSIX.
==== ChangeLog ====
2011-10-02 22:12:45+00:00, davehart at shiny.ad.hartbrothers.com +4 -0
[Bug 2019] Allow selection of cipher for private key files.
ntp-keygen private key cipher default now triple-key triple DES CBC.
ntp-keygen on Windows XP and later systems will now create links
expected by ntpd. They are hardlinks on Windows, soft on POSIX.
--- 1.1046/ChangeLog 2011-10-02 04:47:54 -04:00
+++ 1.1047/ChangeLog 2011-10-02 18:12:45 -04:00
@@ -1,3 +1,5 @@
+* [Bug 2019] Allow selection of cipher for private key files.
+* ntp-keygen private key cipher default now triple-key triple DES CBC.
* ntp-keygen -M is intended to ignore all other defaults and
options, so do not attempt to open existing Autokey host certificate
before generating symmetric keys and terminating.
@@ -5,6 +7,8 @@
ntpkey_<scheme>par_<group/host> in ntpd, matching ntp-keygen.
* Change some error logging to syslog to ignore logconfig mask, such
as reporting PPSAPI failure in NMEA and WWVB refclocks.
+* ntp-keygen on Windows XP and later systems will now create links
+ expected by ntpd. They are hardlinks on Windows, soft on POSIX.
* Conditionalize NMEA serial open message under clockevent.
* Send all peer variables to trappers in report_event().
(4.2.7p217) 2011/09/29 Released by Harlan Stenn <stenn at ntp.org>
==== util/ntp-keygen-opts.c ====
2011-10-02 22:12:45+00:00, davehart at shiny.ad.hartbrothers.com +68 -38
[Bug 2019] add -c/--cipher
--- 1.218/util/ntp-keygen-opts.c 2011-09-29 04:06:52 -04:00
+++ 1.219/util/ntp-keygen-opts.c 2011-10-02 18:12:45 -04:00
@@ -1,7 +1,7 @@
/*
* EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.c)
*
- * It has been AutoGen-ed September 29, 2011 at 08:06:17 AM by AutoGen 5.12
+ * It has been AutoGen-ed October 2, 2011 at 07:26:43 PM by AutoGen 5.12
* From the definitions ntp-keygen-opts.def
* and the template file options
*
@@ -106,6 +106,24 @@ static char const zCertificate_Name[]
#endif /* AUTOKEY */
/*
+ * Cipher option description:
+ */
+#ifdef AUTOKEY
+static char const zCipherText[] =
+ "privatekey cipher";
+static char const zCipher_NAME[] = "CIPHER";
+static char const zCipher_Name[] = "cipher";
+#define CIPHER_FLAGS (OPTST_DISABLED \
+ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
+
+#else /* disable Cipher */
+#define CIPHER_FLAGS (OPTST_OMITTED | OPTST_NO_INIT)
+#define zCipher_NAME NULL
+#define zCipherText NULL
+#define zCipher_Name NULL
+#endif /* AUTOKEY */
+
+/*
* Debug_Level option description:
*/
static char const zDebug_LevelText[] =
@@ -491,8 +509,20 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ zCertificateText, zCertificate_NAME, zCertificate_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 1, VALUE_OPT_DEBUG_LEVEL,
- /* equiv idx, value */ 1, VALUE_OPT_DEBUG_LEVEL,
+ { /* entry idx, value */ 1, VALUE_OPT_CIPHER,
+ /* equiv idx, value */ 1, VALUE_OPT_CIPHER,
+ /* equivalenced to */ NO_EQUIVALENT,
+ /* min, max, act ct */ 0, 1, 0,
+ /* opt state flags */ CIPHER_FLAGS, 0,
+ /* last opt argumnt */ { NULL },
+ /* arg list/cookie */ NULL,
+ /* must/cannot opts */ NULL, NULL,
+ /* option proc */ NULL,
+ /* desc, NAME, name */ zCipherText, zCipher_NAME, zCipher_Name,
+ /* disablement strs */ NULL, NULL },
+
+ { /* entry idx, value */ 2, VALUE_OPT_DEBUG_LEVEL,
+ /* equiv idx, value */ 2, VALUE_OPT_DEBUG_LEVEL,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, NOLIMIT, 0,
/* opt state flags */ DEBUG_LEVEL_FLAGS, 0,
@@ -503,8 +533,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ zDebug_LevelText, zDebug_Level_NAME, zDebug_Level_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 2, VALUE_OPT_SET_DEBUG_LEVEL,
- /* equiv idx, value */ 2, VALUE_OPT_SET_DEBUG_LEVEL,
+ { /* entry idx, value */ 3, VALUE_OPT_SET_DEBUG_LEVEL,
+ /* equiv idx, value */ 3, VALUE_OPT_SET_DEBUG_LEVEL,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, NOLIMIT, 0,
/* opt state flags */ SET_DEBUG_LEVEL_FLAGS, 0,
@@ -515,8 +545,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ zSet_Debug_LevelText, zSet_Debug_Level_NAME, zSet_Debug_Level_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 3, VALUE_OPT_ID_KEY,
- /* equiv idx, value */ 3, VALUE_OPT_ID_KEY,
+ { /* entry idx, value */ 4, VALUE_OPT_ID_KEY,
+ /* equiv idx, value */ 4, VALUE_OPT_ID_KEY,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ ID_KEY_FLAGS, 0,
@@ -527,8 +557,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ zId_KeyText, zId_Key_NAME, zId_Key_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 4, VALUE_OPT_GQ_PARAMS,
- /* equiv idx, value */ 4, VALUE_OPT_GQ_PARAMS,
+ { /* entry idx, value */ 5, VALUE_OPT_GQ_PARAMS,
+ /* equiv idx, value */ 5, VALUE_OPT_GQ_PARAMS,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ GQ_PARAMS_FLAGS, 0,
@@ -539,8 +569,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ zGq_ParamsText, zGq_Params_NAME, zGq_Params_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 5, VALUE_OPT_HOST_KEY,
- /* equiv idx, value */ 5, VALUE_OPT_HOST_KEY,
+ { /* entry idx, value */ 6, VALUE_OPT_HOST_KEY,
+ /* equiv idx, value */ 6, VALUE_OPT_HOST_KEY,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ HOST_KEY_FLAGS, 0,
@@ -551,8 +581,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ zHost_KeyText, zHost_Key_NAME, zHost_Key_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 6, VALUE_OPT_IFFKEY,
- /* equiv idx, value */ 6, VALUE_OPT_IFFKEY,
+ { /* entry idx, value */ 7, VALUE_OPT_IFFKEY,
+ /* equiv idx, value */ 7, VALUE_OPT_IFFKEY,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ IFFKEY_FLAGS, 0,
@@ -563,8 +593,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ zIffkeyText, zIffkey_NAME, zIffkey_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 7, VALUE_OPT_IDENT,
- /* equiv idx, value */ 7, VALUE_OPT_IDENT,
+ { /* entry idx, value */ 8, VALUE_OPT_IDENT,
+ /* equiv idx, value */ 8, VALUE_OPT_IDENT,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ IDENT_FLAGS, 0,
@@ -575,8 +605,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ zIdentText, zIdent_NAME, zIdent_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 8, VALUE_OPT_LIFETIME,
- /* equiv idx, value */ 8, VALUE_OPT_LIFETIME,
+ { /* entry idx, value */ 9, VALUE_OPT_LIFETIME,
+ /* equiv idx, value */ 9, VALUE_OPT_LIFETIME,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ LIFETIME_FLAGS, 0,
@@ -587,8 +617,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ zLifetimeText, zLifetime_NAME, zLifetime_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 9, VALUE_OPT_MD5KEY,
- /* equiv idx, value */ 9, VALUE_OPT_MD5KEY,
+ { /* entry idx, value */ 10, VALUE_OPT_MD5KEY,
+ /* equiv idx, value */ 10, VALUE_OPT_MD5KEY,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ MD5KEY_FLAGS, 0,
@@ -599,8 +629,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ zMd5keyText, zMd5key_NAME, zMd5key_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 10, VALUE_OPT_MODULUS,
- /* equiv idx, value */ 10, VALUE_OPT_MODULUS,
+ { /* entry idx, value */ 11, VALUE_OPT_MODULUS,
+ /* equiv idx, value */ 11, VALUE_OPT_MODULUS,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ MODULUS_FLAGS, 0,
@@ -611,8 +641,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ zModulusText, zModulus_NAME, zModulus_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 11, VALUE_OPT_PVT_CERT,
- /* equiv idx, value */ 11, VALUE_OPT_PVT_CERT,
+ { /* entry idx, value */ 12, VALUE_OPT_PVT_CERT,
+ /* equiv idx, value */ 12, VALUE_OPT_PVT_CERT,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PVT_CERT_FLAGS, 0,
@@ -623,8 +653,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ zPvt_CertText, zPvt_Cert_NAME, zPvt_Cert_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 12, VALUE_OPT_PVT_PASSWD,
- /* equiv idx, value */ 12, VALUE_OPT_PVT_PASSWD,
+ { /* entry idx, value */ 13, VALUE_OPT_PVT_PASSWD,
+ /* equiv idx, value */ 13, VALUE_OPT_PVT_PASSWD,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PVT_PASSWD_FLAGS, 0,
@@ -635,8 +665,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ zPvt_PasswdText, zPvt_Passwd_NAME, zPvt_Passwd_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 13, VALUE_OPT_GET_PVT_PASSWD,
- /* equiv idx, value */ 13, VALUE_OPT_GET_PVT_PASSWD,
+ { /* entry idx, value */ 14, VALUE_OPT_GET_PVT_PASSWD,
+ /* equiv idx, value */ 14, VALUE_OPT_GET_PVT_PASSWD,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ GET_PVT_PASSWD_FLAGS, 0,
@@ -647,8 +677,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ zGet_Pvt_PasswdText, zGet_Pvt_Passwd_NAME, zGet_Pvt_Passwd_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 14, VALUE_OPT_SIGN_KEY,
- /* equiv idx, value */ 14, VALUE_OPT_SIGN_KEY,
+ { /* entry idx, value */ 15, VALUE_OPT_SIGN_KEY,
+ /* equiv idx, value */ 15, VALUE_OPT_SIGN_KEY,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ SIGN_KEY_FLAGS, 0,
@@ -659,8 +689,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ zSign_KeyText, zSign_Key_NAME, zSign_Key_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 15, VALUE_OPT_SUBJECT_NAME,
- /* equiv idx, value */ 15, VALUE_OPT_SUBJECT_NAME,
+ { /* entry idx, value */ 16, VALUE_OPT_SUBJECT_NAME,
+ /* equiv idx, value */ 16, VALUE_OPT_SUBJECT_NAME,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ SUBJECT_NAME_FLAGS, 0,
@@ -671,8 +701,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ zSubject_NameText, zSubject_Name_NAME, zSubject_Name_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 16, VALUE_OPT_TRUSTED_CERT,
- /* equiv idx, value */ 16, VALUE_OPT_TRUSTED_CERT,
+ { /* entry idx, value */ 17, VALUE_OPT_TRUSTED_CERT,
+ /* equiv idx, value */ 17, VALUE_OPT_TRUSTED_CERT,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ TRUSTED_CERT_FLAGS, 0,
@@ -683,8 +713,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ zTrusted_CertText, zTrusted_Cert_NAME, zTrusted_Cert_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 17, VALUE_OPT_MV_PARAMS,
- /* equiv idx, value */ 17, VALUE_OPT_MV_PARAMS,
+ { /* entry idx, value */ 18, VALUE_OPT_MV_PARAMS,
+ /* equiv idx, value */ 18, VALUE_OPT_MV_PARAMS,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ MV_PARAMS_FLAGS, 0,
@@ -695,8 +725,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ zMv_ParamsText, zMv_Params_NAME, zMv_Params_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 18, VALUE_OPT_MV_KEYS,
- /* equiv idx, value */ 18, VALUE_OPT_MV_KEYS,
+ { /* entry idx, value */ 19, VALUE_OPT_MV_KEYS,
+ /* equiv idx, value */ 19, VALUE_OPT_MV_KEYS,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ MV_KEYS_FLAGS, 0,
@@ -851,7 +881,7 @@ tOptions ntp_keygenOptions = {
NO_EQUIVALENT, /* '-#' option index */
NO_EQUIVALENT /* index of default opt */
},
- 24 /* full option count */, 19 /* user option count */,
+ 25 /* full option count */, 20 /* user option count */,
ntp_keygen_full_usage, ntp_keygen_short_usage,
NULL, NULL,
PKGDATADIR, ntp_keygen_packager_info
==== util/ntp-keygen-opts.def ====
2011-10-02 22:12:45+00:00, davehart at shiny.ad.hartbrothers.com +1 -1
Minor correction.
--- 1.17/util/ntp-keygen-opts.def 2011-10-02 15:14:21 -04:00
+++ 1.18/util/ntp-keygen-opts.def 2011-10-02 18:12:45 -04:00
@@ -167,7 +167,7 @@ flag = {
descrip = "output private password";
doc = <<- _EndOfDoc_
Encrypt generated files containing private data with the specified
- password and the DES-CBC algorithm.
+ password and the cipher selected with -C/--cipher.
_EndOfDoc_;
};
==== util/ntp-keygen-opts.h ====
2011-10-02 22:12:45+00:00, davehart at shiny.ad.hartbrothers.com +32 -25
[Bug 2019] add -c/--cipher
--- 1.218/util/ntp-keygen-opts.h 2011-09-29 04:06:52 -04:00
+++ 1.219/util/ntp-keygen-opts.h 2011-10-02 18:12:45 -04:00
@@ -1,7 +1,7 @@
/*
* EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.h)
*
- * It has been AutoGen-ed September 29, 2011 at 08:06:17 AM by AutoGen 5.12
+ * It has been AutoGen-ed October 2, 2011 at 07:26:43 PM by AutoGen 5.12
* From the definitions ntp-keygen-opts.def
* and the template file options
*
@@ -64,32 +64,33 @@ PFX>Permission to use, copy, modify, and
*/
typedef enum {
INDEX_OPT_CERTIFICATE = 0,
- INDEX_OPT_DEBUG_LEVEL = 1,
- INDEX_OPT_SET_DEBUG_LEVEL = 2,
- INDEX_OPT_ID_KEY = 3,
- INDEX_OPT_GQ_PARAMS = 4,
- INDEX_OPT_HOST_KEY = 5,
- INDEX_OPT_IFFKEY = 6,
- INDEX_OPT_IDENT = 7,
- INDEX_OPT_LIFETIME = 8,
- INDEX_OPT_MD5KEY = 9,
- INDEX_OPT_MODULUS = 10,
- INDEX_OPT_PVT_CERT = 11,
- INDEX_OPT_PVT_PASSWD = 12,
- INDEX_OPT_GET_PVT_PASSWD = 13,
- INDEX_OPT_SIGN_KEY = 14,
- INDEX_OPT_SUBJECT_NAME = 15,
- INDEX_OPT_TRUSTED_CERT = 16,
- INDEX_OPT_MV_PARAMS = 17,
- INDEX_OPT_MV_KEYS = 18,
- INDEX_OPT_VERSION = 19,
- INDEX_OPT_HELP = 20,
- INDEX_OPT_MORE_HELP = 21,
- INDEX_OPT_SAVE_OPTS = 22,
- INDEX_OPT_LOAD_OPTS = 23
+ INDEX_OPT_CIPHER = 1,
+ INDEX_OPT_DEBUG_LEVEL = 2,
+ INDEX_OPT_SET_DEBUG_LEVEL = 3,
+ INDEX_OPT_ID_KEY = 4,
+ INDEX_OPT_GQ_PARAMS = 5,
+ INDEX_OPT_HOST_KEY = 6,
+ INDEX_OPT_IFFKEY = 7,
+ INDEX_OPT_IDENT = 8,
+ INDEX_OPT_LIFETIME = 9,
+ INDEX_OPT_MD5KEY = 10,
+ INDEX_OPT_MODULUS = 11,
+ INDEX_OPT_PVT_CERT = 12,
+ INDEX_OPT_PVT_PASSWD = 13,
+ INDEX_OPT_GET_PVT_PASSWD = 14,
+ INDEX_OPT_SIGN_KEY = 15,
+ INDEX_OPT_SUBJECT_NAME = 16,
+ INDEX_OPT_TRUSTED_CERT = 17,
+ INDEX_OPT_MV_PARAMS = 18,
+ INDEX_OPT_MV_KEYS = 19,
+ INDEX_OPT_VERSION = 20,
+ INDEX_OPT_HELP = 21,
+ INDEX_OPT_MORE_HELP = 22,
+ INDEX_OPT_SAVE_OPTS = 23,
+ INDEX_OPT_LOAD_OPTS = 24
} teOptIndex;
-#define OPTION_CT 24
+#define OPTION_CT 25
#define NTP_KEYGEN_VERSION "4.2.7p217"
#define NTP_KEYGEN_FULL_VERSION "ntp-keygen (ntp) 4.2.7p217"
@@ -130,6 +131,10 @@ typedef enum {
# warning undefining CERTIFICATE due to option name conflict
# undef CERTIFICATE
# endif
+# ifdef CIPHER
+# warning undefining CIPHER due to option name conflict
+# undef CIPHER
+# endif
# ifdef DEBUG_LEVEL
# warning undefining DEBUG_LEVEL due to option name conflict
# undef DEBUG_LEVEL
@@ -204,6 +209,7 @@ typedef enum {
# endif
#else /* NO_OPTION_NAME_WARNINGS */
# undef CERTIFICATE
+# undef CIPHER
# undef DEBUG_LEVEL
# undef SET_DEBUG_LEVEL
# undef ID_KEY
@@ -229,6 +235,7 @@ typedef enum {
* Interface defines for specific options.
*/
#define VALUE_OPT_CERTIFICATE 'c'
+#define VALUE_OPT_CIPHER 'C'
#define VALUE_OPT_DEBUG_LEVEL 'd'
#define VALUE_OPT_SET_DEBUG_LEVEL 'D'
#define VALUE_OPT_ID_KEY 'e'
==== util/ntp-keygen.c ====
2011-10-02 22:12:46+00:00, davehart at shiny.ad.hartbrothers.com +81 -38
Change multiple fclose(stdout) to fflush(stdout).
Generate ntp-keygen (hard) links correctly on Windows XP and later.
Use PEM_write_PKCS8PrivateKey() in place of deprecated predecessor.
Existing clients going back to at least 2002 can use the new format
with no changes to deployed code.
--- 1.85/util/ntp-keygen.c 2011-10-02 15:14:21 -04:00
+++ 1.86/util/ntp-keygen.c 2011-10-02 18:12:46 -04:00
@@ -180,23 +180,66 @@ const EVP_CIPHER * cipher = NULL;
BOOL init_randfile();
/*
- * Don't try to follow symbolic links. Assumes link == file.
+ * Don't try to follow symbolic links on Windows. Assume link == file.
*/
int
-readlink(char *link, char *file, int len)
+readlink(
+ char * link,
+ char * file,
+ int len
+ )
{
return strlen(file);
}
/*
- * Don't try to create a symbolic link for now.
- * Just move the file to the name you need.
+ * Don't try to create symbolic links on Windows, that is supported on
+ * Vista and later only. Instead, if CreateHardLink is available (XP
+ * and later), hardlink the linkname to the original filename. On
+ * earlier systems, user must rename file to match expected link for
+ * ntpd to find it. To allow building a ntp-keygen.exe which loads on
+ * Windows pre-XP, runtime link to CreateHardLinkA().
*/
int
-symlink(char *filename, char *linkname) {
- DeleteFile(linkname);
- MoveFile(filename, linkname);
- return (0);
+symlink(
+ char * filename,
+ char* linkname
+ )
+{
+ typedef BOOL (WINAPI *PCREATEHARDLINKA)(
+ __in LPCSTR lpFileName,
+ __in LPCSTR lpExistingFileName,
+ __reserved LPSECURITY_ATTRIBUTES lpSA
+ );
+ static PCREATEHARDLINKA pCreateHardLinkA;
+ static int tried;
+ HMODULE hDll;
+ FARPROC pfn;
+ int link_created;
+ int saved_errno;
+
+ if (!tried) {
+ tried = TRUE;
+ hDll = LoadLibrary("kernel32.dll");
+ pfn = GetProcAddress(hDll, "CreateHardLinkA");
+ pCreateHardLinkA = (PCREATEHARDLINKA)pfn;
+ }
+
+ if (NULL == pCreateHardLinkA) {
+ errno = ENOSYS;
+ return -1;
+ }
+
+ link_created = (*pCreateHardLinkA)(linkname, filename, NULL);
+
+ if (link_created)
+ return 0;
+
+ saved_errno = GetLastError(); /* yes we play loose */
+ mfprintf(stderr, "Create hard link %s to %s failed: %m\n",
+ linkname, filename);
+ errno = saved_errno;
+ return -1;
}
void
@@ -588,9 +631,9 @@ main(
BN_copy(rsa->q, BN_value_one());
pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey, rsa);
- PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL,
- NULL);
- fclose(stdout);
+ PEM_write_PKCS8PrivateKey(stdout, pkey, NULL, NULL, 0,
+ NULL, NULL);
+ fflush(stdout);
if (debug)
RSA_print_fp(stderr, rsa, 0);
}
@@ -610,9 +653,9 @@ main(
rsa = pkey_gqkey->pkey.rsa;
pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey, rsa);
- PEM_write_PrivateKey(stdout, pkey,
- cipher, NULL, 0, NULL, passwd2);
- fclose(stdout);
+ PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0,
+ NULL, passwd2);
+ fflush(stdout);
if (debug)
RSA_print_fp(stderr, rsa, 0);
}
@@ -652,9 +695,9 @@ main(
BN_copy(dsa->priv_key, BN_value_one());
pkey = EVP_PKEY_new();
EVP_PKEY_assign_DSA(pkey, dsa);
- PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL,
- NULL);
- fclose(stdout);
+ PEM_write_PKCS8PrivateKey(stdout, pkey, NULL, NULL, 0,
+ NULL, NULL);
+ fflush(stdout);
if (debug)
DSA_print_fp(stderr, dsa, 0);
}
@@ -674,9 +717,9 @@ main(
dsa = pkey_iffkey->pkey.dsa;
pkey = EVP_PKEY_new();
EVP_PKEY_assign_DSA(pkey, dsa);
- PEM_write_PrivateKey(stdout, pkey, cipher, NULL,
- 0, NULL, passwd2);
- fclose(stdout);
+ PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0,
+ NULL, passwd2);
+ fflush(stdout);
if (debug)
DSA_print_fp(stderr, dsa, 0);
}
@@ -712,9 +755,9 @@ main(
fprintf(stdout, "# %s\n# %s\n", filename,
ctime(&epoch));
pkey = pkey_mvpar[2];
- PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL,
- NULL);
- fclose(stdout);
+ PEM_write_PKCS8PrivateKey(stdout, pkey, NULL, NULL, 0,
+ NULL, NULL);
+ fflush(stdout);
if (debug)
DSA_print_fp(stderr, pkey->pkey.dsa, 0);
}
@@ -730,9 +773,9 @@ main(
fprintf(stdout, "# %s\n# %s\n", filename,
ctime(&epoch));
pkey = pkey_mvpar[1];
- PEM_write_PrivateKey(stdout, pkey, cipher, NULL,
- 0, NULL, passwd2);
- fclose(stdout);
+ PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0,
+ NULL, passwd2);
+ fflush(stdout);
if (debug)
DSA_print_fp(stderr, pkey->pkey.dsa, 0);
}
@@ -941,7 +984,7 @@ gen_rsa(
str = fheader("RSAhost", id, hostname);
pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey, rsa);
- PEM_write_PrivateKey(str, pkey, cipher, NULL, 0, NULL,
+ PEM_write_PKCS8PrivateKey(str, pkey, cipher, NULL, 0, NULL,
passwd1);
fclose(str);
if (debug)
@@ -996,7 +1039,7 @@ gen_dsa(
str = fheader("DSAsign", id, hostname);
pkey = EVP_PKEY_new();
EVP_PKEY_assign_DSA(pkey, dsa);
- PEM_write_PrivateKey(str, pkey, cipher, NULL, 0, NULL,
+ PEM_write_PKCS8PrivateKey(str, pkey, cipher, NULL, 0, NULL,
passwd1);
fclose(str);
if (debug)
@@ -1163,7 +1206,7 @@ gen_iffkey(
str = fheader("IFFkey", id, groupname);
pkey = EVP_PKEY_new();
EVP_PKEY_assign_DSA(pkey, dsa);
- PEM_write_PrivateKey(str, pkey, cipher, NULL, 0, NULL,
+ PEM_write_PKCS8PrivateKey(str, pkey, cipher, NULL, 0, NULL,
passwd1);
fclose(str);
if (debug)
@@ -1360,7 +1403,7 @@ gen_gqkey(
str = fheader("GQkey", id, groupname);
pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey, rsa);
- PEM_write_PrivateKey(str, pkey, EVP_des_cbc(), NULL, 0, NULL,
+ PEM_write_PKCS8PrivateKey(str, pkey, cipher, NULL, 0, NULL,
passwd1);
fclose(str);
if (debug)
@@ -1762,7 +1805,7 @@ gen_mvkey(
BN_copy(dsa->pub_key, b);
pkey = EVP_PKEY_new();
EVP_PKEY_assign_DSA(pkey, dsa);
- PEM_write_PrivateKey(str, pkey, EVP_des_cbc(), NULL, 0, NULL,
+ PEM_write_PKCS8PrivateKey(str, pkey, cipher, NULL, 0, NULL,
passwd1);
evpars[i++] = pkey;
if (debug)
@@ -1788,7 +1831,7 @@ gen_mvkey(
dsa2->pub_key = BN_dup(ghat);
pkey1 = EVP_PKEY_new();
EVP_PKEY_assign_DSA(pkey1, dsa2);
- PEM_write_PrivateKey(str, pkey1, EVP_des_cbc(), NULL, 0, NULL,
+ PEM_write_PKCS8PrivateKey(str, pkey1, cipher, NULL, 0, NULL,
passwd1);
evpars[i++] = pkey1;
if (debug)
@@ -1813,7 +1856,7 @@ gen_mvkey(
sdsa->pub_key = BN_dup(xhat[j]);
pkey1 = EVP_PKEY_new();
EVP_PKEY_set1_DSA(pkey1, sdsa);
- PEM_write_PrivateKey(str, pkey1, EVP_des_cbc(), NULL, 0,
+ PEM_write_PKCS8PrivateKey(str, pkey1, cipher, NULL, 0,
NULL, passwd1);
evpars[i++] = pkey1;
if (debug)
@@ -1866,8 +1909,8 @@ gen_mvkey(
*/
int
x509 (
- EVP_PKEY *pkey, /* generic signature algorithm */
- const EVP_MD *md, /* generic digest algorithm */
+ EVP_PKEY *pkey, /* signing key */
+ const EVP_MD *md, /* signature/digest scheme */
char *gqpub, /* identity extension (hex string) */
char *exten, /* private cert extension */
char *name /* subject/issuer name */
@@ -1900,12 +1943,12 @@ x509 (
X509_time_adj(X509_get_notAfter(cert), lifetime * DAY, &epoch);
subj = X509_get_subject_name(cert);
X509_NAME_add_entry_by_txt(subj, "commonName", MBSTRING_ASC,
- (unsigned char *) name, strlen(name), -1, 0);
+ (u_char *)name, strlen(name), -1, 0);
subj = X509_get_issuer_name(cert);
X509_NAME_add_entry_by_txt(subj, "commonName", MBSTRING_ASC,
- (unsigned char *) name, strlen(name), -1, 0);
+ (u_char *)name, strlen(name), -1, 0);
if (!X509_set_pubkey(cert, pkey)) {
- fprintf(stderr, "Assign key fails\n%s\n",
+ fprintf(stderr, "Assign certificate signing key fails\n%s\n",
ERR_error_string(ERR_get_error(), NULL));
X509_free(cert);
return (0);
#### ChangeSet ####
2011-10-02 19:14:22+00:00, davehart at shiny.ad.hartbrothers.com
[Bug 2019] Allow selection of cipher for private key files.
Change default cipher from DES CBC to triple-key triple DES CBC.
==== util/ntp-keygen-opts.def ====
2011-10-02 19:14:21+00:00, davehart at shiny.ad.hartbrothers.com +15 -0
Add -C/--cipher option to ntp-keygen for [Bug 2019]
--- 1.16/util/ntp-keygen-opts.def 2011-09-29 01:16:01 -04:00
+++ 1.17/util/ntp-keygen-opts.def 2011-10-02 15:14:21 -04:00
@@ -34,6 +34,21 @@ flag = {
_EndOfDoc_;
};
+flag = {
+ value = C;
+ name = cipher;
+ arg-type = string;
+ arg-name = cipher;
+ ifdef = AUTOKEY;
+ descrip = "privatekey cipher";
+ doc = <<- _EndOfDoc_
+ Select the cipher which is used to encrypt the files containing
+ private keys. The default is three-key triple DES in CBC mode,
+ equivalent to "-c des-ede3-cbc". The openssl tool lists ciphers
+ available in "openssl -h" output.
+ _EndOfDoc_;
+};
+
#include debug-opt.def
flag = {
==== util/ntp-keygen.c ====
2011-10-02 19:14:21+00:00, davehart at shiny.ad.hartbrothers.com +20 -8
[Bug 2019] Allow selection of cipher for private key files.
Change default cipher from DES CBC to triple-key triple DES CBC.
--- 1.84/util/ntp-keygen.c 2011-10-02 04:47:55 -04:00
+++ 1.85/util/ntp-keygen.c 2011-10-02 15:14:21 -04:00
@@ -173,6 +173,7 @@ char filename[MAXFILENAME + 1]; /* file
u_int modulus = PLEN; /* prime modulus size (bits) */
u_int modulus2 = ILEN; /* identity modulus size (bits) */
long d0, d1, d2, d3; /* callback counters */
+const EVP_CIPHER * cipher = NULL;
#endif /* AUTOKEY */
#ifdef SYS_WINNT
@@ -265,6 +266,7 @@ main(
const EVP_MD *ectx; /* EVP digest */
char pathbuf[MAXFILENAME + 1];
const char *scheme = NULL; /* digest/signature scheme */
+ const char *ciphername = NULL; /* to encrypt priv. key */
char *exten = NULL; /* private extension */
char *grpkey = NULL; /* identity extension */
int nid; /* X509 digest/signature scheme */
@@ -355,6 +357,9 @@ main(
if (HAVE_OPT( CERTIFICATE ))
scheme = OPT_ARG( CERTIFICATE );
+ if (HAVE_OPT( CIPHER ))
+ ciphername = OPT_ARG( CIPHER );
+
if (HAVE_OPT( SUBJECT_NAME ))
hostname = estrdup(OPT_ARG( SUBJECT_NAME ));
@@ -489,6 +494,13 @@ main(
}
if (scheme == NULL)
scheme = "RSA-MD5";
+ if (ciphername == NULL)
+ ciphername = "des-ede3-cbc";
+ cipher = EVP_get_cipherbyname(ciphername);
+ if (cipher == NULL) {
+ fprintf(stderr, "Unknown cipher %s\n", ciphername);
+ exit(-1);
+ }
fprintf(stderr, "Using host %s group %s\n", hostname,
groupname);
@@ -513,7 +525,7 @@ main(
}
if (pkey_host == NULL) {
fprintf(stderr, "Generating host key fails\n");
- exit (-1);
+ exit(-1);
}
/*
@@ -599,7 +611,7 @@ main(
pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey, rsa);
PEM_write_PrivateKey(stdout, pkey,
- EVP_des_cbc(), NULL, 0, NULL, passwd2);
+ cipher, NULL, 0, NULL, passwd2);
fclose(stdout);
if (debug)
RSA_print_fp(stderr, rsa, 0);
@@ -662,7 +674,7 @@ main(
dsa = pkey_iffkey->pkey.dsa;
pkey = EVP_PKEY_new();
EVP_PKEY_assign_DSA(pkey, dsa);
- PEM_write_PrivateKey(stdout, pkey, EVP_des_cbc(), NULL,
+ PEM_write_PrivateKey(stdout, pkey, cipher, NULL,
0, NULL, passwd2);
fclose(stdout);
if (debug)
@@ -718,7 +730,7 @@ main(
fprintf(stdout, "# %s\n# %s\n", filename,
ctime(&epoch));
pkey = pkey_mvpar[1];
- PEM_write_PrivateKey(stdout, pkey, EVP_des_cbc(), NULL,
+ PEM_write_PrivateKey(stdout, pkey, cipher, NULL,
0, NULL, passwd2);
fclose(stdout);
if (debug)
@@ -738,7 +750,7 @@ main(
}
x509(pkey_sign, ectx, grpkey, exten, certname);
#endif /* AUTOKEY */
- exit (0);
+ exit(0);
}
@@ -929,7 +941,7 @@ gen_rsa(
str = fheader("RSAhost", id, hostname);
pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey, rsa);
- PEM_write_PrivateKey(str, pkey, EVP_des_cbc(), NULL, 0, NULL,
+ PEM_write_PrivateKey(str, pkey, cipher, NULL, 0, NULL,
passwd1);
fclose(str);
if (debug)
@@ -984,7 +996,7 @@ gen_dsa(
str = fheader("DSAsign", id, hostname);
pkey = EVP_PKEY_new();
EVP_PKEY_assign_DSA(pkey, dsa);
- PEM_write_PrivateKey(str, pkey, EVP_des_cbc(), NULL, 0, NULL,
+ PEM_write_PrivateKey(str, pkey, cipher, NULL, 0, NULL,
passwd1);
fclose(str);
if (debug)
@@ -1151,7 +1163,7 @@ gen_iffkey(
str = fheader("IFFkey", id, groupname);
pkey = EVP_PKEY_new();
EVP_PKEY_assign_DSA(pkey, dsa);
- PEM_write_PrivateKey(str, pkey, EVP_des_cbc(), NULL, 0, NULL,
+ PEM_write_PrivateKey(str, pkey, cipher, NULL, 0, NULL,
passwd1);
fclose(str);
if (debug)
#### ChangeSet ####
2011-10-02 08:47:56+00:00, davehart at shiny.ad.hartbrothers.com
ntp-keygen -M is intended to ignore all other defaults and
options, so do not attempt to open existing Autokey host certificate
before generating symmetric keys and terminating.
Restore IFF, MV, and GQ identity parameter filename convention to
ntpkey_<scheme>par_<group/host> in ntpd, matching ntp-keygen.
Change some error logging to syslog to ignore logconfig mask, such
as reporting PPSAPI failure in NMEA and WWVB refclocks.
Conditionalize NMEA serial open message under clockevent.
Send all peer variables to trappers in report_event().
==== ChangeLog ====
2011-10-02 08:47:54+00:00, davehart at shiny.ad.hartbrothers.com +9 -0
ntp-keygen -M is intended to ignore all other defaults and
options, so do not attempt to open existing Autokey host certificate
before generating symmetric keys and terminating.
Restore IFF, MV, and GQ identity parameter filename convention to
ntpkey_<scheme>par_<group/host> in ntpd, matching ntp-keygen.
Change some error logging to syslog to ignore logconfig mask, such
as reporting PPSAPI failure in NMEA and WWVB refclocks.
Conditionalize NMEA serial open message under clockevent.
Send all peer variables to trappers in report_event().
--- 1.1045/ChangeLog 2011-09-29 04:06:51 -04:00
+++ 1.1046/ChangeLog 2011-10-02 04:47:54 -04:00
@@ -1,3 +1,12 @@
+* ntp-keygen -M is intended to ignore all other defaults and
+ options, so do not attempt to open existing Autokey host certificate
+ before generating symmetric keys and terminating.
+* Restore IFF, MV, and GQ identity parameter filename convention to
+ ntpkey_<scheme>par_<group/host> in ntpd, matching ntp-keygen.
+* Change some error logging to syslog to ignore logconfig mask, such
+ as reporting PPSAPI failure in NMEA and WWVB refclocks.
+* Conditionalize NMEA serial open message under clockevent.
+* Send all peer variables to trappers in report_event().
(4.2.7p217) 2011/09/29 Released by Harlan Stenn <stenn at ntp.org>
* [Bug 2020] ntp-keygen -s no longer sets host in cert file name.
* [Backward Incompatible] ntp-keygen -i option long name changed from
==== include/ntp_syslog.h ====
2011-10-02 08:47:55+00:00, davehart at shiny.ad.hartbrothers.com +8 -1
Provide LOGIF(CLOCKINFO, (LOG_INFO, "msyslog %s", "args"))
as alternative to
NLOG(NLOG_CLOCKINFO)
msyslog(LOG_INFO, "msyslog %s", args);
--- 1.7/include/ntp_syslog.h 2011-08-14 19:08:48 -04:00
+++ 1.8/include/ntp_syslog.h 2011-10-02 04:47:55 -04:00
@@ -73,6 +73,13 @@ extern char * syslog_abs_fname;
#define NLOG_SYNCSTATIST 0x00008000 /* sync statistics output */
extern u_int32 ntp_syslogmask;
-#define NLOG(_X_) if (ntp_syslogmask & (_X_))
+
+#define NLOG(bits) if (ntp_syslogmask & (bits))
+
+#define LOGIF(nlog_suffix, msl_args) \
+do { \
+ NLOG(NLOG_##nlog_suffix) /* like "if (...) */ \
+ msyslog msl_args; \
+} while (FALSE)
#endif /* NTP_SYSLOG_H */
==== ntpd/ntp_control.c ====
2011-10-02 08:47:55+00:00, davehart at shiny.ad.hartbrothers.com +6 -21
Send all peer variables to trappers, as intended.
--- 1.170/ntpd/ntp_control.c 2011-08-27 00:19:03 -04:00
+++ 1.171/ntpd/ntp_control.c 2011-10-02 04:47:55 -04:00
@@ -4330,7 +4330,7 @@ report_event(
" %s", str);
}
NLOG(NLOG_SYSEVENT)
- msyslog(LOG_INFO, "%s", statstr);
+ msyslog(LOG_INFO, "%s", statstr);
} else {
/*
@@ -4362,7 +4362,7 @@ report_event(
" %s", str);
}
NLOG(NLOG_PEEREVENT)
- msyslog(LOG_INFO, "%s", statstr);
+ msyslog(LOG_INFO, "%s", statstr);
}
record_proto_stats(statstr);
#if DEBUG
@@ -4389,32 +4389,17 @@ report_event(
rpkt.associd = 0;
rpkt.status = htons(ctlsysstatus());
- /*
- * For now, put everything we know about system
- * variables. Don't send crypto strings.
- */
- for (i = 1; i <= CS_MAXCODE; i++) {
-#ifdef AUTOKEY
- if (i > CS_VARLIST)
- continue;
-#endif /* AUTOKEY */
+ /* Include the core system variables and the list. */
+ for (i = 1; i <= CS_VARLIST; i++)
ctl_putsys(i);
- }
} else {
NTP_INSIST(peer != NULL);
rpkt.associd = htons(peer->associd);
rpkt.status = htons(ctlpeerstatus(peer));
- /*
- * Dump it all. Later, maybe less.
- */
- for (i = 1; i <= CP_MAXCODE; i++) {
-#ifdef AUTOKEY
- if (i > CP_VARLIST)
- continue;
-#endif /* AUTOKEY */
+ /* Dump it all. Later, maybe less. */
+ for (i = 1; i <= CP_MAX_NOAUTOKEY; i++)
ctl_putpeer(i, peer);
- }
#ifdef REFCLOCK
/*
* for clock exception events: add clock variables to
==== ntpd/ntp_crypto.c ====
2011-10-02 08:47:55+00:00, davehart at shiny.ad.hartbrothers.com +37 -27
Restore IFF, MV, and GQ identity parameter filename convention to
ntpkey_<scheme>par_<group/host> in ntpd, matching ntp-keygen.
--- 1.158/ntpd/ntp_crypto.c 2011-04-07 22:03:33 -04:00
+++ 1.159/ntpd/ntp_crypto.c 2011-10-02 04:47:55 -04:00
@@ -1613,30 +1613,42 @@ crypto_ident(
struct peer *peer /* peer structure pointer */
)
{
+ char filename[MAXFILENAME];
+ const char * scheme_name;
+ u_int scheme_id;
+
+ /*
+ * We come here after the group trusted host has been found; its
+ * name defines the group name. Search the key cache for all
+ * keys matching the same group name in order IFF, GQ and MV.
+ * Use the first one available.
+ */
+ scheme_name = NULL;
+ if (peer->crypto & CRYPTO_FLAG_IFF) {
+ scheme_name = "iff";
+ scheme_id = CRYPTO_IFF;
+ } else if (peer->crypto & CRYPTO_FLAG_GQ) {
+ scheme_name = "gq";
+ scheme_id = CRYPTO_GQ;
+ } else if (peer->crypto & CRYPTO_FLAG_MV) {
+ scheme_name = "mv";
+ scheme_id = CRYPTO_MV;
+ }
+
+ if (scheme_name != NULL) {
+ snprintf(filename, sizeof(filename), "ntpkey_%spar_%s",
+ scheme_name, peer->ident);
+ peer->ident_pkey = crypto_key(filename, NULL,
+ &peer->srcadr);
+ if (peer->ident_pkey != NULL)
+ return scheme_id;
+ }
+
+ msyslog(LOG_NOTICE,
+ "crypto_ident: no identity parameters found for group %s",
+ peer->ident);
- /*
- * We come here after the trusted host has been found. The name
- * of the parameters file is in peer->ident and must be present.
- * Search the key cache for all keys matching this name. Use the
- * first one available. The identity scheme is supplied by the
- * server.
- */
- peer->ident_pkey = crypto_key(peer->ident, NULL, &peer->srcadr);
- if (peer->ident_pkey == NULL) {
- report_event(XEVNT_ID, peer, NULL);
- return (CRYPTO_NULL);
- }
- if (peer->crypto & CRYPTO_FLAG_IFF)
- return (CRYPTO_IFF);
-
- else if (peer->crypto & CRYPTO_FLAG_GQ)
- return (CRYPTO_GQ);
-
- else if (peer->crypto & CRYPTO_FLAG_MV)
- return (CRYPTO_MV);
-
- report_event(XEVNT_ID, peer, NULL);
- return (CRYPTO_NULL);
+ return CRYPTO_NULL;
}
@@ -1666,8 +1678,7 @@ crypto_args(
len = sizeof(struct exten);
if (str != NULL)
len += strlen(str);
- ep = emalloc(len);
- memset(ep, 0, len);
+ ep = emalloc_zero(len);
if (opcode == 0)
return (ep);
@@ -3231,8 +3242,7 @@ cert_parse(
/*
* Extract version, subject name and public key.
*/
- ret = emalloc(sizeof(*ret));
- memset(ret, 0, sizeof(*ret));
+ ret = emalloc_zero(sizeof(*ret));
if ((ret->pkey = X509_get_pubkey(cert)) == NULL) {
msyslog(LOG_ERR, "cert_parse: %s",
ERR_error_string(ERR_get_error(), NULL));
==== ntpd/ntp_loopfilter.c ====
2011-10-02 08:47:55+00:00, davehart at shiny.ad.hartbrothers.com +1 -1
Fix spelling in comment.
--- 1.165/ntpd/ntp_loopfilter.c 2011-09-19 14:09:12 -04:00
+++ 1.166/ntpd/ntp_loopfilter.c 2011-10-02 04:47:55 -04:00
@@ -251,7 +251,7 @@ local_clock(
/*
* This section simulates ntpdate. If the offset exceeds the
* step threshold (128 ms), step the clock to that time and
- * exit. Othewise, slew the clock to that time and exit. Note
+ * exit. Otherwise, slew the clock to that time and exit. Note
* that the slew will persist and eventually complete beyond the
* life of this program. Note that while ntpdate is active, the
* terminal does not detach, so the termination message prints
==== ntpd/refclock_nmea.c ====
2011-10-02 08:47:55+00:00, davehart at shiny.ad.hartbrothers.com +32 -34
Make failure and GPS time syslog output ignore logconfig.
Conditionalize serial output syslog under clockevent.
--- 1.62/ntpd/refclock_nmea.c 2011-09-07 14:08:07 -04:00
+++ 1.63/ntpd/refclock_nmea.c 2011-10-02 04:47:55 -04:00
@@ -41,8 +41,6 @@
# include "refclock_atom.h"
#endif /* HAVE_PPSAPI */
-#define MSYSLOG(args) do { NLOG(NLOG_CLOCKINFO) msyslog args; } while (0)
-
/*
* This driver supports NMEA-compatible GPS receivers
@@ -338,21 +336,23 @@ struct refclock refclock_nmea = {
*/
static int
nmea_start(
- int unit,
- struct peer * peer
+ int unit,
+ struct peer * peer
)
{
- struct refclockproc * const pp = peer->procptr;
- nmea_unit * const up = emalloc_zero(sizeof(*up));
+ struct refclockproc * const pp = peer->procptr;
+ nmea_unit * const up = emalloc_zero(sizeof(*up));
+ char device[20];
+ size_t devlen;
+ u_int32 rate;
+ int baudrate;
+ char * baudtext;
- char device[20];
- size_t devlen;
- int baudrate;
- char * baudtext;
+ /* Get baudrate choice from mode byte bits 4/5/6 */
+ rate = (peer->ttl & NMEA_BAUDRATE_MASK) >> NMEA_BAUDRATE_SHIFT;
- /* Get baudrate value and text from mode byte bit 4/5/6 */
- switch ((peer->ttl & NMEA_BAUDRATE_MASK) >> NMEA_BAUDRATE_SHIFT) {
+ switch (rate) {
case 0:
baudrate = SPEED232;
baudtext = "4800";
@@ -406,13 +406,11 @@ nmea_start(
pp->clockdesc = DESCRIPTION;
memcpy(&pp->refid, REFID, 4);
- /* Open serial port. Use CLK line discipline, if available. Use
- * baudrate based on the value of bit 4/5/6
- */
+ /* Open serial port. Use CLK line discipline, if available. */
devlen = snprintf(device, sizeof(device), DEVICE, unit);
if (devlen >= sizeof(device)) {
- MSYSLOG((LOG_ERR, "%s clock device name too long",
- refnumtoa(&peer->srcadr)));
+ msyslog(LOG_ERR, "%s clock device name too long",
+ refnumtoa(&peer->srcadr));
return FALSE; /* buffer overflow */
}
pp->io.fd = refclock_open(device, baudrate, LDISC_CLK);
@@ -421,8 +419,8 @@ nmea_start(
if (-1 == pp->io.fd)
return FALSE;
}
- msyslog(LOG_NOTICE, "%s serial %s open at %s bps",
- refnumtoa(&peer->srcadr), device, baudtext);
+ LOGIF(CLOCKINFO, (LOG_NOTICE, "%s serial %s open at %s bps",
+ refnumtoa(&peer->srcadr), device, baudtext));
/* succeed if this clock can be added */
return io_addclock(&pp->io) != 0;
@@ -504,8 +502,8 @@ nmea_control(
S_IRUSR | S_IWUSR);
} else {
up->ppsapi_fd = -1;
- MSYSLOG((LOG_ERR, "%s PPS device name too long",
- refnumtoa(&peer->srcadr)));
+ msyslog(LOG_ERR, "%s PPS device name too long",
+ refnumtoa(&peer->srcadr));
}
if (-1 == up->ppsapi_fd)
up->ppsapi_fd = pp->io.fd;
@@ -514,9 +512,9 @@ nmea_control(
/* use the PPS API for our own purposes now. */
refclock_params(pp->sloppyclockflag, &up->atom);
} else {
- MSYSLOG((LOG_WARNING,
- "%s flag1 1 but PPSAPI fails",
- refnumtoa(&peer->srcadr)));
+ msyslog(LOG_WARNING,
+ "%s flag1 1 but PPSAPI fails",
+ refnumtoa(&peer->srcadr));
}
}
@@ -727,13 +725,12 @@ nmea_receive(
struct calendar date; /* to keep & convert the time stamp */
struct timespec tofs; /* offset to full-second reftime */
gps_weektm gpsw; /* week time storage */
-
/* results of sentence/date/time parsing */
- u_char sentence; /* sentence tag */
- int checkres;
- char * cp;
- u_char rc_date;
- u_char rc_time;
+ u_char sentence; /* sentence tag */
+ int checkres;
+ char * cp;
+ int rc_date;
+ int rc_time;
/* make sure data has defined pristine state */
ZERO(tofs);
@@ -926,8 +923,8 @@ nmea_receive(
/* Check if we must enter GPS time mode; log so if we do */
if (!up->gps_time && (sentence == NMEA_GPZDG)) {
- MSYSLOG((LOG_INFO, "%s using GPS time scale",
- refnumtoa(&peer->srcadr)));
+ msyslog(LOG_INFO, "%s using GPS time as if it were UTC",
+ refnumtoa(&peer->srcadr));
up->gps_time = 1;
}
@@ -1555,9 +1552,10 @@ unfold_century(
ntpcal_ntp_to_date(&rec, rec_ui, NULL);
baseyear = (rec.year > 2000) ? (rec.year - 20) : 1980;
- jd->year = ntpcal_periodic_extend(baseyear, jd->year, 100);
+ jd->year = (u_short)ntpcal_periodic_extend(baseyear, jd->year,
+ 100);
- return (baseyear <= jd->year) && (baseyear + 100 > jd->year);
+ return ((baseyear <= jd->year) && (baseyear + 100 > jd->year));
}
/*
==== ntpd/refclock_wwvb.c ====
2011-10-02 08:47:55+00:00, davehart at shiny.ad.hartbrothers.com +10 -11
Report PPSAPI failure to log regardless of logconfig.
--- 1.31/ntpd/refclock_wwvb.c 2011-05-24 23:56:34 -04:00
+++ 1.32/ntpd/refclock_wwvb.c 2011-10-02 04:47:55 -04:00
@@ -229,8 +229,8 @@ wwvb_shutdown(
struct peer *peer
)
{
- register struct wwvbunit *up;
- struct refclockproc *pp;
+ struct refclockproc * pp;
+ struct wwvbunit * up;
pp = peer->procptr;
up = pp->unitptr;
@@ -395,28 +395,28 @@ wwvb_receive(
*/
switch (qualchar) {
- case ' ':
+ case ' ':
pp->disp = .001;
pp->lastref = pp->lastrec;
break;
- case 'A':
+ case 'A':
pp->disp = .01;
break;
- case 'B':
+ case 'B':
pp->disp = .1;
break;
- case 'C':
+ case 'C':
pp->disp = .5;
break;
- case 'D':
+ case 'D':
pp->disp = MAXDISPERSE;
break;
- default:
+ default:
pp->disp = MAXDISPERSE;
refclock_report(peer, CEVNT_BADREPLY);
break;
@@ -591,9 +591,8 @@ wwvb_control(
return;
}
- NLOG(NLOG_CLOCKINFO)
- msyslog(LOG_WARNING, "%s flag1 1 but PPSAPI fails",
- refnumtoa(&peer->srcadr));
+ msyslog(LOG_WARNING, "%s flag1 1 but PPSAPI fails",
+ refnumtoa(&peer->srcadr));
}
#endif /* HAVE_PPSAPI */
==== util/ntp-keygen.c ====
2011-10-02 08:47:55+00:00, davehart at shiny.ad.hartbrothers.com +11 -11
ntp-keygen -M is intended to ignore all other defaults and
options, so do not attempt to open existing Autokey host certificate
before generating symmetric keys and terminating.
--- 1.83/util/ntp-keygen.c 2011-09-29 03:17:55 -04:00
+++ 1.84/util/ntp-keygen.c 2011-10-02 04:47:55 -04:00
@@ -423,8 +423,19 @@ main(
"Random seed file %s %u bytes\n", pathbuf, temp);
RAND_add(&epoch, sizeof(epoch), 4.0);
}
+#endif /* AUTOKEY */
/*
+ * Create new unencrypted MD5 keys file if requested. If this
+ * option is selected, ignore all other options.
+ */
+ if (md5key) {
+ gen_md5("md5");
+ exit (0);
+ }
+
+#ifdef AUTOKEY
+ /*
* Load previous certificate if available.
*/
snprintf(filename, sizeof(filename), "ntpkey_cert_%s", hostname);
@@ -480,18 +491,7 @@ main(
scheme = "RSA-MD5";
fprintf(stderr, "Using host %s group %s\n", hostname,
groupname);
-#endif /* AUTOKEY */
- /*
- * Create new unencrypted MD5 keys file if requested. If this
- * option is selected, ignore all other options.
- */
- if (md5key) {
- gen_md5("md5");
- exit (0);
- }
-
-#ifdef AUTOKEY
/*
* Create a new encrypted RSA host key file if requested;
* otherwise, look for an existing host key file. If not found,
More information about the bk-ntp-dev-send
mailing list