[ntp:questions] Re: Crypto iffpar

Serge Bets serge.bets at NOSPAM.laposte.invalid
Tue Dec 27 19:15:03 UTC 2005


 On Tuesday, December 27, 2005 at 4:27:28 +0000, Steve Kostecke wrote:

> I don't see anything in the code _requiring_ the existence of a client
> sym-link to activate an Identity Scheme.

Thanks for Luking at the source. I downloaded ntp-dev-4.2.0b-20051225
to exactly follow you. And took Debian ntp_4.2.0a+stable-2sarge1 source
package as comparision. I believe your analysis is mostly OK, but you
stopped too early. 3 steps, 2 variants:

1) In crypto_setup() loading a ntpkey_iff_hostname at startup does set a
CRYPTO_FLAG_IFF in crypto_flags, which is the global var for host's
default flags.

2) In crypto_recv() for the CRYPTO_ASSOC response (2nd step of the
dance), peer->crypto which is the assoc flags is initialised with:

 - Stable: The server default flags.
 - Dev: Host default flags AND server default flags. Binary AND. This
means assoc flags has only common schemes loaded at startup on both.

3) Later in the dance, in crypto_ident(), ntpkey_iff_issuer is loaded
only if (peer->crypto & CRYPTO_FLAG_IFF).


With stable, a client symlink is not necessary. With dev, it is. I don't
understand why your experience failed?


> I won't be pulled in to that Tiergrube.

What's that? Anyway my trick question's only interest was the embedded
hint.


Serge.
-- 
Serge point Bets arobase laposte point net




More information about the questions mailing list