s3-spnego: fix memleak in spnego_parse_auth().
[Samba.git] / source4 / ntp_signd / ntp-dev-4.2.5p125.diff
blob40669fb3ccc53a6c385456a02b8dff8f1078cecf
1 Only in ntp-samba: autom4te.cache
2 Only in ntp-samba: config.h
3 Only in ntp-samba: config.log
4 Only in ntp-samba: config.status
5 Only in ntp-samba/ElectricFence: .deps
6 Only in ntp-samba/ElectricFence: Makefile
7 Only in ntp-samba: .gcc-warning
8 Only in ntp-samba/include/isc: Makefile
9 Only in ntp-samba/include: Makefile
10 diff -ur ntp-dev-4.2.5p125/include/ntp_config.h ntp-samba/include/ntp_config.h
11 --- ntp-dev-4.2.5p125/include/ntp_config.h 2008-07-17 07:20:58.000000000 +1000
12 +++ ntp-samba/include/ntp_config.h 2008-08-28 21:59:06.000000000 +1000
13 @@ -92,6 +92,7 @@
14 int requested_key;
15 int revoke;
16 queue *trusted_key_list;
17 + char *ntp_signd_socket;
20 struct filegen_node {
21 diff -ur ntp-dev-4.2.5p125/include/ntpd.h ntp-samba/include/ntpd.h
22 --- ntp-dev-4.2.5p125/include/ntpd.h 2008-05-18 21:11:28.000000000 +1000
23 +++ ntp-samba/include/ntpd.h 2008-08-28 21:59:06.000000000 +1000
24 @@ -259,6 +259,8 @@
25 extern int config_priority;
26 #endif
28 +extern char const *ntp_signd_socket;
30 /* ntp_control.c */
31 extern int num_ctl_traps;
32 extern keyid_t ctl_auth_keyid; /* keyid used for authenticating write requests */
33 @@ -471,3 +473,15 @@
34 extern struct refclock *refclock_conf[]; /* refclock configuration table */
35 extern u_char num_refclock_conf;
36 #endif
38 +/* ntp_signd.c */
39 +#ifdef HAVE_NTP_SIGND
40 +extern void
41 +send_via_ntp_signd(
42 + struct recvbuf *rbufp, /* receive packet pointer */
43 + int xmode,
44 + keyid_t xkeyid,
45 + int flags,
46 + struct pkt *xpkt
47 + );
48 +#endif
49 diff -ur ntp-dev-4.2.5p125/include/ntp.h ntp-samba/include/ntp.h
50 --- ntp-dev-4.2.5p125/include/ntp.h 2008-08-10 22:37:56.000000000 +1000
51 +++ ntp-samba/include/ntp.h 2008-08-28 21:59:06.000000000 +1000
52 @@ -447,6 +447,7 @@
53 #ifdef OPENSSL
54 #define FLAG_ASSOC 0x4000 /* autokey request */
55 #endif /* OPENSSL */
56 +#define FLAG_ADKEY 0x00010000 /* Authenticated (or wants reply to be authenticated) using AD authentication */
59 * Definitions for the clear() routine. We use memset() to clear
60 Only in ntp-samba/include: ntp.h.orig
61 Only in ntp-samba: libtool
62 Only in ntp-samba: Makefile
63 diff -ur ntp-dev-4.2.5p125/ntpd/Makefile.am ntp-samba/ntpd/Makefile.am
64 --- ntp-dev-4.2.5p125/ntpd/Makefile.am 2008-05-18 21:11:29.000000000 +1000
65 +++ ntp-samba/ntpd/Makefile.am 2008-08-28 21:59:06.000000000 +1000
66 @@ -65,7 +65,7 @@
67 ntp_crypto.c ntp_filegen.c \
68 ntp_intres.c ntp_loopfilter.c ntp_monitor.c ntp_peer.c \
69 ntp_proto.c ntp_refclock.c ntp_request.c \
70 - ntp_restrict.c ntp_timer.c ntp_util.c \
71 + ntp_restrict.c ntp_timer.c ntp_util.c ntp_signd.c \
72 ppsapi_timepps.h \
73 refclock_acts.c refclock_arbiter.c refclock_arc.c refclock_as2201.c \
74 refclock_atom.c refclock_bancomm.c refclock_chronolog.c \
75 diff -ur ntp-dev-4.2.5p125/ntpd/ntp_config.c ntp-samba/ntpd/ntp_config.c
76 --- ntp-dev-4.2.5p125/ntpd/ntp_config.c 2008-08-10 22:37:54.000000000 +1000
77 +++ ntp-samba/ntpd/ntp_config.c 2008-08-28 22:03:52.000000000 +1000
78 @@ -148,6 +148,7 @@
79 #endif
81 const char *config_file;
82 +const char *ntp_signd_socket;
83 #ifdef HAVE_NETINFO
84 struct netinfo_config_state *config_netinfo = NULL;
85 int check_netinfo = 1;
86 @@ -276,6 +277,11 @@
87 my_config.auth.crypto_cmd_list = NULL;
88 my_config.auth.keys = NULL;
89 my_config.auth.keysdir = NULL;
90 +#ifdef NTP_SIGND_PATH
91 + my_config.auth.ntp_signd_socket = NTP_SIGND_PATH;
92 +#else
93 + my_config.auth.ntp_signd_socket = NULL;
94 +#endif
95 my_config.auth.requested_key = 0;
96 my_config.auth.revoke = 0;
97 my_config.auth.trusted_key_list = NULL;
98 @@ -795,6 +801,7 @@
99 { "crypto", T_Crypto, NO_ARG },
100 { "keys", T_Keys, SINGLE_ARG },
101 { "keysdir", T_Keysdir, SINGLE_ARG },
102 + { "ntpsigndsocket", T_NtpSignDsocket, SINGLE_ARG },
103 { "requestkey", T_Requestkey, NO_ARG },
104 { "revoke", T_Revoke, NO_ARG },
105 { "trustedkey", T_Trustedkey, NO_ARG },
106 @@ -1000,6 +1007,10 @@
107 if (my_config.auth.keysdir)
108 keysdir = my_config.auth.keysdir;
110 + /* ntp_signd_socket Command */
111 + if (my_config.auth.ntp_signd_socket)
112 + ntp_signd_socket = my_config.auth.ntp_signd_socket;
114 #ifdef OPENSSL
115 if (cryptosw) {
116 crypto_setup();
117 Only in ntp-samba/ntpd: ntp_config.c~
118 Only in ntp-samba/ntpd: ntp_config.c.orig
119 diff -ur ntp-dev-4.2.5p125/ntpd/ntp_parser.y ntp-samba/ntpd/ntp_parser.y
120 --- ntp-dev-4.2.5p125/ntpd/ntp_parser.y 2008-07-17 07:21:06.000000000 +1000
121 +++ ntp-samba/ntpd/ntp_parser.y 2008-08-28 21:59:06.000000000 +1000
122 @@ -155,6 +155,7 @@
123 %token T_Novolley
124 %token T_Ntp
125 %token T_Ntpport
126 +%token T_NtpSignDsocket
127 %token T_Orphan
128 %token T_Panic
129 %token T_Peer
130 @@ -432,6 +433,8 @@
131 { my_config.auth.requested_key = $2; }
132 | T_Trustedkey integer_list
133 { my_config.auth.trusted_key_list = $2; }
134 + | T_NtpSignDsocket T_String
135 + { my_config.auth.ntp_signd_socket = $2; }
138 crypto_command_line
139 diff -ur ntp-dev-4.2.5p125/ntpd/ntp_proto.c ntp-samba/ntpd/ntp_proto.c
140 --- ntp-dev-4.2.5p125/ntpd/ntp_proto.c 2008-07-17 07:21:02.000000000 +1000
141 +++ ntp-samba/ntpd/ntp_proto.c 2008-08-28 21:59:06.000000000 +1000
142 @@ -128,7 +128,7 @@
143 static void clock_combine (struct peer **, int);
144 static void peer_xmit (struct peer *);
145 static void fast_xmit (struct recvbuf *, int, keyid_t,
146 - char *);
147 + char *, int);
148 static void clock_update (struct peer *);
149 static int default_get_precision (void);
150 static int peer_unfit (struct peer *);
151 @@ -311,6 +311,7 @@
152 int authlen; /* offset of MAC field */
153 int is_authentic = 0; /* cryptosum ok */
154 int retcode = AM_NOMATCH; /* match code */
155 + int flags = 0; /* flags with details about the authentication */
156 keyid_t skeyid = 0; /* key IDs */
157 u_int32 opcode = 0; /* extension field opcode */
158 struct sockaddr_storage *dstadr_sin; /* active runway */
159 @@ -324,6 +325,8 @@
160 keyid_t pkeyid = 0, tkeyid = 0; /* key IDs */
161 #endif /* OPENSSL */
163 + static unsigned char zero_key[16];
166 * Monitor the packet and get restrictions. Note that the packet
167 * length for control and private mode packets must be checked
168 @@ -480,9 +483,9 @@
169 return; /* rate exceeded */
171 if (hismode == MODE_CLIENT)
172 - fast_xmit(rbufp, MODE_SERVER, skeyid, "RATE");
173 + fast_xmit(rbufp, MODE_SERVER, skeyid, "RATE", 0);
174 else
175 - fast_xmit(rbufp, MODE_ACTIVE, skeyid, "RATE");
176 + fast_xmit(rbufp, MODE_ACTIVE, skeyid, "RATE", 0);
177 return; /* rate exceeded */
180 @@ -535,6 +538,7 @@
181 * is zero, acceptable outcomes of y are NONE and OK. If x is
182 * one, the only acceptable outcome of y is OK.
185 if (has_mac == 0) {
186 is_authentic = AUTH_NONE; /* not required */
187 #ifdef DEBUG
188 @@ -555,6 +559,25 @@
189 stoa(&rbufp->recv_srcadr), hismode, skeyid,
190 authlen + has_mac, is_authentic);
191 #endif
193 + /* If the signature is 20 bytes long, the last 16 of
194 + * which are zero, then this is a Microsoft client
195 + * wanting AD-style authentication of the server's
196 + * reply.
198 + * This is described in Microsoft's WSPP docs, in MS-SNTP:
199 + * http://msdn.microsoft.com/en-us/library/cc212930.aspx
200 + */
201 + } else if (has_mac == MAX_MAC_LEN
202 + && (retcode == AM_FXMIT || retcode == AM_NEWPASS)
203 + && (memcmp(zero_key, (char *)pkt + authlen + 4, MAX_MAC_LEN - 4) == 0)) {
205 + /* Don't try to verify the zeros, just set a
206 + * flag and otherwise pretend we never saw the signature */
207 + is_authentic = AUTH_NONE;
209 + flags = FLAG_ADKEY;
211 } else {
212 #ifdef OPENSSL
214 @@ -696,9 +719,9 @@
215 if (AUTH(restrict_mask & RES_DONTTRUST,
216 is_authentic)) {
217 fast_xmit(rbufp, MODE_SERVER, skeyid,
218 - NULL);
219 + NULL, flags);
220 } else if (is_authentic == AUTH_ERROR) {
221 - fast_xmit(rbufp, MODE_SERVER, 0, NULL);
222 + fast_xmit(rbufp, MODE_SERVER, 0, NULL, 0);
223 sys_badauth++;
224 } else {
225 sys_restricted++;
226 @@ -733,7 +756,7 @@
227 * crypto-NAK, as that would not be useful.
229 if (AUTH(restrict_mask & RES_DONTTRUST, is_authentic))
230 - fast_xmit(rbufp, MODE_SERVER, skeyid, NULL);
231 + fast_xmit(rbufp, MODE_SERVER, skeyid, NULL, 0);
232 return; /* hooray */
235 @@ -888,7 +911,7 @@
236 is_authentic)) {
237 #ifdef OPENSSL
238 if (crypto_flags && skeyid > NTP_MAXKEY)
239 - fast_xmit(rbufp, MODE_ACTIVE, 0, NULL);
240 + fast_xmit(rbufp, MODE_ACTIVE, 0, NULL, 0);
241 #endif /* OPENSSL */
242 sys_restricted++;
243 return; /* access denied */
244 @@ -904,7 +927,7 @@
245 * This is for drat broken Windows clients. See
246 * Microsoft KB 875424 for preferred workaround.
248 - fast_xmit(rbufp, MODE_PASSIVE, skeyid, NULL);
249 + fast_xmit(rbufp, MODE_PASSIVE, skeyid, NULL, flags);
250 #else /* WINTIME */
251 sys_restricted++;
252 #endif /* WINTIME */
253 @@ -938,6 +961,7 @@
255 break;
259 * Process regular packet. Nothing special.
261 @@ -1090,7 +1114,7 @@
262 peer->flash |= TEST5; /* bad auth */
263 peer->badauth++;
264 if (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE)
265 - fast_xmit(rbufp, MODE_ACTIVE, 0, NULL);
266 + fast_xmit(rbufp, MODE_ACTIVE, 0, NULL, 0);
267 if (peer->flags & FLAG_PREEMPT) {
268 unpeer(peer);
269 return;
270 @@ -3159,7 +3183,8 @@
271 struct recvbuf *rbufp, /* receive packet pointer */
272 int xmode, /* receive mode */
273 keyid_t xkeyid, /* transmit key ID */
274 - char *mask /* kiss code */
275 + char *mask, /* kiss code */
276 + int flags /* Flags to indicate signing behaviour */
279 struct pkt xpkt; /* transmit packet structure */
280 @@ -3220,6 +3245,19 @@
281 HTONL_FP(&rbufp->recv_time, &xpkt.rec);
284 + if (flags & FLAG_ADKEY) {
285 +#ifdef HAVE_NTP_SIGND
286 + get_systime(&xmt_tx);
287 + if (mask == NULL) {
288 + HTONL_FP(&xmt_tx, &xpkt.xmt);
290 + send_via_ntp_signd(rbufp, xmode, xkeyid, flags, &xpkt);
291 +#endif
292 + /* If we don't have the support, drop the packet on the floor.
293 + An all zero sig is compleatly bogus anyway */
294 + return;
298 * If the received packet contains a MAC, the transmitted packet
299 * is authenticated and contains a MAC. If not, the transmitted
300 @@ -3252,7 +3290,7 @@
301 * source-destination-key ID combination.
303 #ifdef OPENSSL
304 - if (xkeyid > NTP_MAXKEY) {
305 + if (!(flags & FLAG_ADKEY) && (xkeyid > NTP_MAXKEY)) {
306 keyid_t cookie;
309 @@ -3284,8 +3322,10 @@
310 if (mask == NULL) {
311 HTONL_FP(&xmt_tx, &xpkt.xmt);
314 authlen = authencrypt(xkeyid, (u_int32 *)&xpkt, sendlen);
315 sendlen += authlen;
317 #ifdef OPENSSL
318 if (xkeyid > NTP_MAXKEY)
319 authtrust(xkeyid, 0);
320 Only in ntp-samba/ntpd: ntp_signd.c
321 Only in ntp-dev-4.2.5p125/ntpdc: nl.pl
322 Only in ntp-samba/scripts: calc_tickadj
323 Only in ntp-samba/scripts: checktime
324 Only in ntp-samba/scripts: freq_adj
325 Only in ntp-samba/scripts: html2man
326 Only in ntp-samba/scripts: Makefile
327 Only in ntp-samba/scripts: mkver
328 Only in ntp-samba/scripts: ntpsweep
329 Only in ntp-samba/scripts: ntptrace
330 Only in ntp-samba/scripts: ntpver
331 Only in ntp-samba/scripts: ntp-wait
332 Only in ntp-samba/scripts: plot_summary
333 Only in ntp-samba/scripts: summary
334 Only in ntp-samba: stamp-h1
335 --- /dev/null 2008-08-25 07:28:22.036002925 +1000
336 +++ ntp-samba/ntpd/ntp_signd.c 2008-08-28 21:59:06.000000000 +1000
337 @@ -0,0 +1,242 @@
338 +/* Copyright 2008, Red Hat, Inc.
339 + Copyright 2008, Andrew Tridgell.
340 + Licenced under the same terms as NTP itself.
341 + */
342 +#ifdef HAVE_CONFIG_H
343 +#include <config.h>
344 +#endif
346 +#ifdef HAVE_NTP_SIGND
348 +#include "ntpd.h"
349 +#include "ntp_io.h"
350 +#include "ntp_stdlib.h"
351 +#include "ntp_unixtime.h"
352 +#include "ntp_control.h"
353 +#include "ntp_string.h"
355 +#include <stdio.h>
356 +#include <stddef.h>
357 +#ifdef HAVE_LIBSCF_H
358 +#include <libscf.h>
359 +#include <unistd.h>
360 +#endif /* HAVE_LIBSCF_H */
362 +#include <sys/un.h>
364 +/* socket routines by tridge - from junkcode.samba.org */
367 + connect to a unix domain socket
369 +static int
370 +ux_socket_connect(const char *name)
372 + int fd;
373 + struct sockaddr_un addr;
374 + if (!name) {
375 + return -1;
378 + memset(&addr, 0, sizeof(addr));
379 + addr.sun_family = AF_UNIX;
380 + strncpy(addr.sun_path, name, sizeof(addr.sun_path));
382 + fd = socket(AF_UNIX, SOCK_STREAM, 0);
383 + if (fd == -1) {
384 + return -1;
387 + if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
388 + close(fd);
389 + return -1;
392 + return fd;
397 + keep writing until its all sent
399 +static int
400 +write_all(int fd, const void *buf, size_t len)
402 + size_t total = 0;
403 + while (len) {
404 + int n = write(fd, buf, len);
405 + if (n <= 0) return total;
406 + buf = n + (char *)buf;
407 + len -= n;
408 + total += n;
410 + return total;
414 + keep reading until its all read
416 +static int
417 +read_all(int fd, void *buf, size_t len)
419 + size_t total = 0;
420 + while (len) {
421 + int n = read(fd, buf, len);
422 + if (n <= 0) return total;
423 + buf = n + (char *)buf;
424 + len -= n;
425 + total += n;
427 + return total;
431 + send a packet in length prefix format
433 +static int
434 +send_packet(int fd, const char *buf, uint32_t len)
436 + uint32_t net_len = htonl(len);
437 + if (write_all(fd, &net_len, sizeof(net_len)) != sizeof(net_len)) return -1;
438 + if (write_all(fd, buf, len) != len) return -1;
439 + return 0;
443 + receive a packet in length prefix format
445 +static int
446 +recv_packet(int fd, char **buf, uint32_t *len)
448 + if (read_all(fd, len, sizeof(*len)) != sizeof(*len)) return -1;
449 + *len = ntohl(*len);
450 + (*buf) = malloc(*len);
451 + if (!*buf) {
452 + return -1;
454 + if (read_all(fd, *buf, *len) != *len) {
455 + free(*buf);
456 + return -1;
458 + return 0;
461 +void
462 +send_via_ntp_signd(
463 + struct recvbuf *rbufp, /* receive packet pointer */
464 + int xmode,
465 + keyid_t xkeyid,
466 + int flags,
467 + struct pkt *xpkt
471 + /* We are here because it was detected that the client
472 + * sent an all-zero signature, and we therefore know
473 + * it's windows trying to talk to an AD server
475 + * Because we don't want to dive into Samba's secrets
476 + * database just to find the long-term kerberos key
477 + * that is re-used as the NTP key, we instead hand the
478 + * packet over to Samba to sign, and return to us.
480 + * The signing method Samba will use is described by
481 + * Microsoft in MS-SNTP, found here:
482 + * http://msdn.microsoft.com/en-us/library/cc212930.aspx
483 + */
485 + int fd, sendlen;
486 + struct samba_key_in {
487 + uint32_t version;
488 + uint32_t op;
489 + uint32_t packet_id;
490 + uint32_t key_id_le;
491 + struct pkt pkt;
492 + } samba_pkt;
494 + struct samba_key_out {
495 + uint32_t version;
496 + uint32_t op;
497 + uint32_t packet_id;
498 + struct pkt pkt;
499 + } samba_reply;
501 + char full_socket[256];
503 + char *reply = NULL;
504 + uint32_t reply_len;
506 + memset(&samba_pkt, 0, sizeof(samba_pkt));
507 + samba_pkt.op = 0; /* Sign message */
508 + /* This will be echoed into the reply - a different
509 + * impelementation might want multiple packets
510 + * awaiting signing */
512 + samba_pkt.packet_id = 1;
514 + /* Swap the byte order back - it's actually little
515 + * endian on the wire, but it was read above as
516 + * network byte order */
517 + samba_pkt.key_id_le = htonl(xkeyid);
518 + samba_pkt.pkt = *xpkt;
520 + snprintf(full_socket, sizeof(full_socket), "%s/socket", ntp_signd_socket);
522 + fd = ux_socket_connect(full_socket);
523 + /* Only continue with this if we can talk to Samba */
524 + if (fd != -1) {
525 + /* Send old packet to Samba, expect response */
526 + /* Packet to Samba is quite simple:
527 + All values BIG endian except key ID as noted
528 + [packet size as BE] - 4 bytes
529 + [protocol version (0)] - 4 bytes
530 + [packet ID] - 4 bytes
531 + [operation (sign message=0)] - 4 bytes
532 + [key id] - LITTLE endian (as on wire) - 4 bytes
533 + [message to sign] - as marshalled, without signature
534 + */
536 + if (send_packet(fd, (char *)&samba_pkt, offsetof(struct samba_key_in, pkt) + LEN_PKT_NOMAC) != 0) {
537 + /* Huh? could not talk to Samba... */
538 + close(fd);
539 + return;
542 + if (recv_packet(fd, &reply, &reply_len) != 0) {
543 + if (reply) {
544 + free(reply);
546 + close(fd);
547 + return;
549 + /* Return packet is also simple:
550 + [packet size] - network byte order - 4 bytes
551 + [protocol version (0)] network byte order - - 4 bytes
552 + [operation (signed success=3, failure=4)] network byte order - - 4 byte
553 + (optional) [signed message] - as provided before, with signature appended
554 + */
556 + if (reply_len <= sizeof(samba_reply)) {
557 + memcpy(&samba_reply, reply, reply_len);
558 + if (ntohl(samba_reply.op) == 3 && reply_len > offsetof(struct samba_key_out, pkt)) {
559 + sendlen = reply_len - offsetof(struct samba_key_out, pkt);
560 + xpkt = &samba_reply.pkt;
561 + sendpkt(&rbufp->recv_srcadr, rbufp->dstadr, 0, xpkt, sendlen);
562 +#ifdef DEBUG
563 + if (debug)
564 + printf(
565 + "transmit ntp_signd packet: at %ld %s->%s mode %d keyid %08x len %d\n",
566 + current_time, ntoa(&rbufp->dstadr->sin),
567 + ntoa(&rbufp->recv_srcadr), xmode, xkeyid, sendlen);
568 +#endif
572 + if (reply) {
573 + free(reply);
575 + close(fd);
579 +#endif