[ntp:bugs] [Bug 1242] --enable-wintime should be enabled by default on all target systems

Danny Mayer mayer at ntp.org
Mon Jul 6 12:12:58 UTC 2009 

Andrew Bartlett via the NTP Bugzilla wrote:
> http://bugs.ntp.org/1242
> 
> 
> 
> ----------------------------------------------------------------------------
> Additional Comments From abartlet at samba.org (Andrew Bartlett)
> Submitted on 2009-07-06 08:40
> 
> I've reviewed the code, and while the block:
> #ifdef WINTIME
> 		/* If the signature is 20 bytes long, the last 16 of
> 		 * which are zero, then this is a Microsoft client
> 		 * wanting AD-style authentication of the server's
> 		 * reply.  
> 		 *
> 		 * This is described in Microsoft's WSPP docs, in MS-SNTP:
> 		 * http://msdn.microsoft.com/en-us/library/cc212930.aspx
> 		 */
> 	} else if (has_mac == MAX_MAC_LEN
> 		   && (retcode == AM_FXMIT || retcode == AM_NEWPASS)
> 		   && (memcmp(zero_key, (char *)pkt + authlen + 4, MAX_MAC_LEN - 4) == 0)) {
> 		
> 		/* Don't try to verify the zeros, just set a
> 		 * flag and otherwise pretend we never saw the signature */
> 		is_authentic = AUTH_NONE;
> 		
> 		flags = FLAG_ADKEY;
> #endif /* WINTIME */
> 
> looks like it is mixing WINTIME and the authentication changes, it really should
> be included unconditionally.  At worst, it simply saves CPU cycles.
> 

As long as you are using HAVE_NTP_SIGND for this the code should be
ifdef'd using that macro. Whether or not MS-NTP should be implemented
unconditionally is a separate question. BTW why is this macro
HAVE_NTP_SIGND and not WANT_MS_NTP_AUTH which would be much more
expressive of what it is?

This discussion either belongs in hackers or in a separate bug item.

> It should never be the case that the signature is all-zero.  We should avoid
> doing lookups or any further authentication calculation if that is the case,
> unless of course we are compiled with HAVE_NTP_SIGND are a Samba4 DC.   
> 
> BTW, if anybody has any way to pressure Microsoft over NTP, please get them to
> put the all-zero signature in the specification, and guarantee it for future
> versions.  This implementation oddity is the saving grace that makes their
> choice of auth protocol sane to support. 

Create a NTP WG draft for this authentication option and specify this.
If you have an RFC there is a greater chance that Microsoft will keep it
that way.

Danny


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the bugs mailing list