[ntp:hackers] ntp-dev ntp_proto.c receive AM_NEWPASS

Ronan Flood ronan at nosc.ja.net
Wed Jul 1 13:01:44 UTC 2009


I've just noticed a code change in ntp-dev ntp_proto.c which I think
has slightly wider applicability than is stated.  In receive(), case
AM_NEWPASS, there is now a conditional around the code to respond to
a symmetric active request from an unauthenticated/unpeered client:


#ifdef WINTIME
                         /*
                          * If authenticated but cannot mobilize an
                          * association, send a summetric passive
                          * response without mobilizing an association.
                          * This is for drat broken Windows clients. See
                          * Microsoft KB 875424 for preferred workaround.
                          */
                         fast_xmit(rbufp, MODE_PASSIVE, skeyid, NULL, flags);
#else /* WINTIME */
                         sys_restricted++;
#endif /* WINTIME */


I think that also affects ntpd clients which use "peer xxx" instead
of "server xxx" in ntp.conf, as the server does not respond to the
queries, so will likely break some existing client configs if the
server is upgraded.  Is that the intent?  Is WINTIME on or off by
default?

I have just experienced this when restoring ntp2.usno.navy.mil
to a config I had pared down during the false leap second situation.
With "peer ..." I get no response, changing to "server ..." works.
I suspect the code above is responsible.



More information about the hackers mailing list