[ntp:questions] why does my unauthenticated peer still sync?

Danny Mayer mayer at ntp.isc.org
Wed Mar 8 13:57:06 UTC 2006


mlawdawg at yahoo.com wrote:
> I'm a developer porting NTP to vxWorks. I'm running NTP 4.2.0. I'm
> seeing my unauthenticated peer (Host B) sync as a symmetric active peer
> with Host A when I thought authentication failures would prevent it.
> 
> In my setup, Host A requires authentication (ie. sys_authenticate is
> set to 1). Host A has no configuration for host B (ie. host A will
> become symmetric passive with host B). Host B is configured to peer
> with Host A (ie. host B will become symmetric active with host A). Host
> B is configured to NOT use authentication (no key id specified).
> 
> Each packet sent by Host B results in Host A executing the "bad auth"
> line in the code snippet below from ntp_proto.c's receive() rtn.
> According to cmts, the code should send a "crypto-NAK".
> 
> 	case AM_NEWPASS:
> 
> 		/*
> 		 * This is the first packet received from a symmetric
> 		 * active peer. First, make sure it is authentic and not
> 		 * restricted. If so, mobilize a passive association.
> 		 * If authentication fails send a crypto-NAK; otherwise,
> 		 * kiss the frog.
> 		 */
> 		if (restrict_mask & RES_DONTTRUST) {
> 		        sys_restricted++;
> 		        return;			/* no trust */
> 		}
> 		if (sys_authenticate && !is_authentic) {
> HOST A CALLS
> THIS LINE ==========> fast_xmit(rbufp, MODE_PASSIVE, 0,
> 			    restrict_mask);
> 		        return;			/* bad auth */
> 		}
> 		if ((peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr,
> 		    MODE_PASSIVE, PKT_VERSION(pkt->li_vn_mode),
> 		    NTP_MINDPOLL, NTP_MAXDPOLL, 0, MDF_UCAST, 0,
> 		    skeyid)) == NULL)
> 			return;			/* system error */
> 
> 		break;
> 
> 
> 
> I thought the "crypto-NAK" would result in Host B never sync'ing with
> Host A. However, after 9 to 10 polls, Host B syncs with Host A.
> 
> Taking a look at fast_xmit(), I'm wondering if crypto-NAK's are really
> being sent. My restrict_maks will NOT have either RES_DONTTRUST or
> RES_LIMITED set, so fast_xmit() will create a non-authenticated (Host
> A's pkt wasn't authenticated) response and send it.
> 

You told host B not to authenticate host A's packets so it will synch
with A. It's the client that decides on whether or not to authenticate
packets and not the server.

Danny



More information about the questions mailing list