[ntp:hackers] Samba's MS-NTP implementation

Andrew Bartlett abartlet at samba.org
Mon Jul 13 02:18:00 UTC 2009


On Mon, 2009-07-13 at 01:46 +0000, Harlan Stenn wrote:
> > I have been reviewing the code that the Samba team introduced into the
> > NTP dev code base and I am seeing a lot of problems that disturb me
> > about this contribution. So let me enumerate the problems with the
> > implementation:
> > 
> > 1) The code uses a TCP socket to call another server. This is even
> > though NTP only uses UDP
> 
> So what?  This is the code the Samba team says makes for the easiest
> integration with samba.
> 
> That is the entire point of this whack of code.

I chose a stream socket deliberately.  (It's not TCP, but a connected
stream over a unix domain socket).  This ensures that NTPd knows when
Samba goes away (should it crash, for example), and is not left hanging
waiting for a reply, as it would if a datagram socket were used. 

> > 2) The code only seems to try to contact a Samba server but it should
> > equally be able to connect to an Active Directory Domain Controller or a
> > Kerberos server.
> 
> Why do you say this?  The samba folks know what they need, and sent us
> code to do what they need.

Indeed.  Part of what I have tried to do here is to put the minimum
possible logic in NTPd, to solve the real problem my users have.  

> > 6) The requirement that it waits for another server makes it easy to
> > mount a DOS attack on such an NTP server.
> 
> Yes, and since this service should only be set up to support local
> users, there is less risk.  And we document this.
> 
> > 7) The reliance on another server increases the likelihood that the
> > jitter and delay will increase enormously in unexpected and unreliable
> > ways and that is something that NTP cannot afford.
> 
> Says who?  And if indeed this interaction is between T2 and T3, where is
> this problem you speak of?  And if this really does turn out to be ab ig
> deal, we'll hear about it, see if we can fix it, and either way folks
> can decide to use it or not.

I hope the extra text I just sent will provide the appropriate level of
warning.  

Talking to another process on the same host isn't free, but it isn't
*that* expensive that consenting adults should not be permitted to
enable it for their own networks. 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ntp.org/pipermail/hackers/attachments/20090713/dde17923/attachment.bin 


More information about the hackers mailing list