|
 |
473877 |
diff -up ntp-4.2.6p5/include/ntp_stdlib.h.hexpw ntp-4.2.6p5/include/ntp_stdlib.h
|
|
|
473877 |
--- ntp-4.2.6p5/include/ntp_stdlib.h.hexpw 2012-11-20 14:43:14.001139737 +0100
|
|
|
473877 |
+++ ntp-4.2.6p5/include/ntp_stdlib.h 2012-11-20 14:43:14.047139771 +0100
|
|
|
473877 |
@@ -66,7 +66,8 @@ extern int authhavekey (keyid_t);
|
|
|
473877 |
extern int authistrusted (keyid_t);
|
|
|
473877 |
extern int authreadkeys (const char *);
|
|
|
473877 |
extern void authtrust (keyid_t, u_long);
|
|
|
473877 |
-extern int authusekey (keyid_t, int, const u_char *);
|
|
|
473877 |
+extern int authusekey (keyid_t, int, const char *);
|
|
|
473877 |
+extern int authdecodekey (const char *, u_char *, int);
|
|
|
473877 |
|
|
|
473877 |
extern u_long calyearstart (u_long);
|
|
|
473877 |
extern const char *clockname (int);
|
|
|
473877 |
diff -up ntp-4.2.6p5/libntp/authreadkeys.c.hexpw ntp-4.2.6p5/libntp/authreadkeys.c
|
|
|
473877 |
--- ntp-4.2.6p5/libntp/authreadkeys.c.hexpw 2009-12-09 08:36:36.000000000 +0100
|
|
|
473877 |
+++ ntp-4.2.6p5/libntp/authreadkeys.c 2012-11-20 14:43:14.047139771 +0100
|
|
|
473877 |
@@ -3,7 +3,6 @@
|
|
|
473877 |
*/
|
|
|
473877 |
#include <config.h>
|
|
|
473877 |
#include <stdio.h>
|
|
|
473877 |
-#include <ctype.h>
|
|
|
473877 |
|
|
|
473877 |
#include "ntp_fp.h"
|
|
|
473877 |
#include "ntp.h"
|
|
|
473877 |
@@ -77,7 +76,6 @@ authreadkeys(
|
|
|
473877 |
char buf[512]; /* lots of room for line */
|
|
|
473877 |
u_char keystr[20];
|
|
|
473877 |
int len;
|
|
|
473877 |
- int j;
|
|
|
473877 |
|
|
|
473877 |
/*
|
|
|
473877 |
* Open file. Complain and return if it can't be opened.
|
|
|
473877 |
@@ -162,10 +160,7 @@ authreadkeys(
|
|
|
473877 |
#endif /* OPENSSL */
|
|
|
473877 |
|
|
|
473877 |
/*
|
|
|
473877 |
- * Finally, get key and insert it. If it is longer than 20
|
|
|
473877 |
- * characters, it is a binary string encoded in hex;
|
|
|
473877 |
- * otherwise, it is a text string of printable ASCII
|
|
|
473877 |
- * characters.
|
|
|
473877 |
+ * Finally, get key and insert it.
|
|
|
473877 |
*/
|
|
|
473877 |
token = nexttok(&line);
|
|
|
473877 |
if (token == NULL) {
|
|
|
473877 |
@@ -173,31 +168,15 @@ authreadkeys(
|
|
|
473877 |
"authreadkeys: no key for key %d", keyno);
|
|
|
473877 |
continue;
|
|
|
473877 |
}
|
|
|
473877 |
- len = strlen(token);
|
|
|
473877 |
- if (len <= 20) {
|
|
|
473877 |
- MD5auth_setkey(keyno, keytype, (u_char *)token, len);
|
|
|
473877 |
- } else {
|
|
|
473877 |
- char hex[] = "0123456789abcdef";
|
|
|
473877 |
- u_char temp;
|
|
|
473877 |
- char *ptr;
|
|
|
473877 |
- int jlim;
|
|
|
473877 |
-
|
|
|
473877 |
- jlim = min(len, 2 * sizeof(keystr));
|
|
|
473877 |
- for (j = 0; j < jlim; j++) {
|
|
|
473877 |
- ptr = strchr(hex, tolower(token[j]));
|
|
|
473877 |
- if (ptr == NULL) {
|
|
|
473877 |
- msyslog(LOG_ERR,
|
|
|
473877 |
- "authreadkeys: invalid hex digit for key %d", keyno);
|
|
|
473877 |
- continue;
|
|
|
473877 |
- }
|
|
|
473877 |
- temp = (u_char)(ptr - hex);
|
|
|
473877 |
- if (j & 1)
|
|
|
473877 |
- keystr[j / 2] |= temp;
|
|
|
473877 |
- else
|
|
|
473877 |
- keystr[j / 2] = temp << 4;
|
|
|
473877 |
- }
|
|
|
473877 |
- MD5auth_setkey(keyno, keytype, keystr, jlim / 2);
|
|
|
473877 |
+
|
|
|
473877 |
+ len = authdecodekey(token, keystr, sizeof (keystr));
|
|
|
473877 |
+ if (!len) {
|
|
|
473877 |
+ msyslog(LOG_ERR,
|
|
|
473877 |
+ "authreadkeys: could not decode key %d", keyno);
|
|
|
473877 |
+ continue;
|
|
|
473877 |
}
|
|
|
473877 |
+
|
|
|
473877 |
+ MD5auth_setkey(keyno, keytype, keystr, len);
|
|
|
473877 |
}
|
|
|
473877 |
fclose(fp);
|
|
|
473877 |
return (1);
|
|
|
473877 |
diff -up ntp-4.2.6p5/libntp/authusekey.c.hexpw ntp-4.2.6p5/libntp/authusekey.c
|
|
|
473877 |
--- ntp-4.2.6p5/libntp/authusekey.c.hexpw 2009-12-09 08:36:37.000000000 +0100
|
|
|
473877 |
+++ ntp-4.2.6p5/libntp/authusekey.c 2012-11-20 14:43:14.048139771 +0100
|
|
|
473877 |
@@ -7,6 +7,7 @@
|
|
|
473877 |
#include "ntp_types.h"
|
|
|
473877 |
#include "ntp_string.h"
|
|
|
473877 |
#include "ntp_stdlib.h"
|
|
|
473877 |
+#include "ntp.h"
|
|
|
473877 |
|
|
|
473877 |
/*
|
|
|
473877 |
* Types of ascii representations for keys. "Standard" means a 64 bit
|
|
|
473877 |
@@ -19,17 +20,62 @@ int
|
|
|
473877 |
authusekey(
|
|
|
473877 |
keyid_t keyno,
|
|
|
473877 |
int keytype,
|
|
|
473877 |
- const u_char *str
|
|
|
473877 |
+ const char *str
|
|
|
473877 |
)
|
|
|
473877 |
{
|
|
|
473877 |
- const u_char *cp;
|
|
|
473877 |
int len;
|
|
|
473877 |
+ u_char key[20];
|
|
|
473877 |
|
|
|
473877 |
- cp = str;
|
|
|
473877 |
- len = strlen((const char *)cp);
|
|
|
473877 |
- if (len == 0)
|
|
|
473877 |
+ len = authdecodekey(str, key, sizeof(key));
|
|
|
473877 |
+ if (!len)
|
|
|
473877 |
return 0;
|
|
|
473877 |
|
|
|
473877 |
- MD5auth_setkey(keyno, keytype, str, (int)strlen((const char *)str));
|
|
|
473877 |
+ MD5auth_setkey(keyno, keytype, key, len);
|
|
|
473877 |
return 1;
|
|
|
473877 |
}
|
|
|
473877 |
+
|
|
|
473877 |
+/*
|
|
|
473877 |
+ * authdecodekey - decode binary or ASCII key from string
|
|
|
473877 |
+ *
|
|
|
473877 |
+ * Returns the length of the parsed key, zero if invalid.
|
|
|
473877 |
+ */
|
|
|
473877 |
+int
|
|
|
473877 |
+authdecodekey(
|
|
|
473877 |
+ const char *str,
|
|
|
473877 |
+ u_char *key,
|
|
|
473877 |
+ int max_length
|
|
|
473877 |
+ )
|
|
|
473877 |
+{
|
|
|
473877 |
+ int len;
|
|
|
473877 |
+
|
|
|
473877 |
+ /*
|
|
|
473877 |
+ * If the string is longer than 20 characters, it is
|
|
|
473877 |
+ * a binary string encoded in hex; otherwise, it is
|
|
|
473877 |
+ * a text string of printable ASCII characters.
|
|
|
473877 |
+ */
|
|
|
473877 |
+ len = strlen(str);
|
|
|
473877 |
+
|
|
|
473877 |
+ if (len <= 20) {
|
|
|
473877 |
+ len = min(len, max_length);
|
|
|
473877 |
+ memcpy(key, str, len);
|
|
|
473877 |
+ } else {
|
|
|
473877 |
+ char hex[] = "0123456789abcdef";
|
|
|
473877 |
+ u_char temp;
|
|
|
473877 |
+ char *ptr;
|
|
|
473877 |
+ int j;
|
|
|
473877 |
+
|
|
|
473877 |
+ len = min(len / 2, max_length);
|
|
|
473877 |
+ for (j = 0; j < len * 2; j++) {
|
|
|
473877 |
+ ptr = strchr(hex, tolower(str[j]));
|
|
|
473877 |
+ if (ptr == NULL)
|
|
|
473877 |
+ return 0;
|
|
|
473877 |
+ temp = (u_char)(ptr - hex);
|
|
|
473877 |
+ if (j & 1)
|
|
|
473877 |
+ key[j / 2] |= temp;
|
|
|
473877 |
+ else
|
|
|
473877 |
+ key[j / 2] = temp << 4;
|
|
|
473877 |
+ }
|
|
|
473877 |
+ }
|
|
|
473877 |
+
|
|
|
473877 |
+ return len;
|
|
|
473877 |
+}
|
|
|
473877 |
diff -up ntp-4.2.6p5/ntpdc/ntpdc.c.hexpw ntp-4.2.6p5/ntpdc/ntpdc.c
|
|
|
473877 |
--- ntp-4.2.6p5/ntpdc/ntpdc.c.hexpw 2011-12-25 00:27:15.000000000 +0100
|
|
|
473877 |
+++ ntp-4.2.6p5/ntpdc/ntpdc.c 2012-11-20 14:43:14.048139771 +0100
|
|
|
473877 |
@@ -942,12 +942,10 @@ sendrequest(
|
|
|
473877 |
}
|
|
|
473877 |
if (!authistrusted(info_auth_keyid)) {
|
|
|
473877 |
pass = getpass_keytype(info_auth_keytype);
|
|
|
473877 |
- if ('\0' == pass[0]) {
|
|
|
473877 |
+ if (!authusekey(info_auth_keyid, info_auth_keytype, pass)) {
|
|
|
473877 |
fprintf(stderr, "Invalid password\n");
|
|
|
473877 |
return 1;
|
|
|
473877 |
}
|
|
|
473877 |
- authusekey(info_auth_keyid, info_auth_keytype,
|
|
|
473877 |
- (u_char *)pass);
|
|
|
473877 |
authtrust(info_auth_keyid, 1);
|
|
|
473877 |
}
|
|
|
473877 |
qpkt.auth_seq = AUTH_SEQ(1, 0);
|
|
|
473877 |
@@ -1825,16 +1823,21 @@ passwd(
|
|
|
473877 |
}
|
|
|
473877 |
}
|
|
|
473877 |
if (!interactive) {
|
|
|
473877 |
- authusekey(info_auth_keyid, info_auth_keytype,
|
|
|
473877 |
- (u_char *)pcmd->argval[0].string);
|
|
|
473877 |
+ if (!authusekey(info_auth_keyid, info_auth_keytype,
|
|
|
473877 |
+ pcmd->argval[0].string)) {
|
|
|
473877 |
+ fprintf(fp, "Invalid password\n");
|
|
|
473877 |
+ return;
|
|
|
473877 |
+ }
|
|
|
473877 |
authtrust(info_auth_keyid, 1);
|
|
|
473877 |
} else {
|
|
|
473877 |
pass = getpass_keytype(info_auth_keytype);
|
|
|
473877 |
if (*pass == '\0')
|
|
|
473877 |
(void) fprintf(fp, "Password unchanged\n");
|
|
|
473877 |
else {
|
|
|
473877 |
- authusekey(info_auth_keyid, info_auth_keytype,
|
|
|
473877 |
- (u_char *)pass);
|
|
|
473877 |
+ if (!authusekey(info_auth_keyid, info_auth_keytype, pass)) {
|
|
|
473877 |
+ fprintf(fp, "Invalid password\n");
|
|
|
473877 |
+ return;
|
|
|
473877 |
+ }
|
|
|
473877 |
authtrust(info_auth_keyid, 1);
|
|
|
473877 |
}
|
|
|
473877 |
}
|
|
|
473877 |
diff -up ntp-4.2.6p5/ntpq/ntpq.c.hexpw ntp-4.2.6p5/ntpq/ntpq.c
|
|
|
473877 |
--- ntp-4.2.6p5/ntpq/ntpq.c.hexpw 2011-12-25 00:27:15.000000000 +0100
|
|
|
473877 |
+++ ntp-4.2.6p5/ntpq/ntpq.c 2012-11-20 14:43:14.049139771 +0100
|
|
|
473877 |
@@ -1276,12 +1276,10 @@ sendrequest(
|
|
|
473877 |
}
|
|
|
473877 |
if (!authistrusted(info_auth_keyid)) {
|
|
|
473877 |
pass = getpass_keytype(info_auth_keytype);
|
|
|
473877 |
- if ('\0' == pass[0]) {
|
|
|
473877 |
+ if (!authusekey(info_auth_keyid, info_auth_keytype, pass)) {
|
|
|
473877 |
fprintf(stderr, "Invalid password\n");
|
|
|
473877 |
return 1;
|
|
|
473877 |
}
|
|
|
473877 |
- authusekey(info_auth_keyid, info_auth_keytype,
|
|
|
473877 |
- (u_char *)pass);
|
|
|
473877 |
authtrust(info_auth_keyid, 1);
|
|
|
473877 |
}
|
|
|
473877 |
|
|
|
473877 |
@@ -2498,7 +2496,10 @@ passwd(
|
|
|
473877 |
return;
|
|
|
473877 |
}
|
|
|
473877 |
}
|
|
|
473877 |
- authusekey(info_auth_keyid, info_auth_keytype, (u_char *)pass);
|
|
|
473877 |
+ if (!authusekey(info_auth_keyid, info_auth_keytype, pass)) {
|
|
|
473877 |
+ fprintf(fp, "Invalid password\n");
|
|
|
473877 |
+ return;
|
|
|
473877 |
+ }
|
|
|
473877 |
authtrust(info_auth_keyid, 1);
|
|
|
473877 |
}
|
|
|
473877 |
|