diff -Nur ntp-stable-4.2.0a-20040617/html/authopt.html ntp-stable-4.2.0a-20040617-hostname/html/authopt.html --- ntp-stable-4.2.0a-20040617/html/authopt.html 2004-05-25 11:02:21.000000000 +0000 +++ ntp-stable-4.2.0a-20040617-hostname/html/authopt.html 2005-05-06 15:17:14.273461874 +0000 @@ -89,6 +89,8 @@
sign file
Specifies the location of the optional sign key file. This overrides the link ntpkey_sign_hostname in the keys directory. If this file is not found, the host key is also the sign key. +
hostname hostname +
This command specifies a hostname to use instead of the hostname returned by gethostname(). Setting this affects all the filenames for cryptographic data as well as the hostname transmitted to other systems. Single filenames can still be overridden by options to the crypto command. The hostname has to be between 4 and 128 characters long.
keys keyfile
Specifies the complete path and location of the MD5 key file containing the keys and key identifiers used by ntpd, ntpq and ntpdc when operating with symmetric key cryptography. This is the same operation as the -k command line option.
keysdir path diff -Nur ntp-stable-4.2.0a-20040617/html/keygen.html ntp-stable-4.2.0a-20040617-hostname/html/keygen.html --- ntp-stable-4.2.0a-20040617/html/keygen.html 2004-02-25 05:57:40.000000000 +0000 +++ ntp-stable-4.2.0a-20040617-hostname/html/keygen.html 2005-05-06 15:18:57.423173962 +0000 @@ -36,6 +36,7 @@

This program generates cryptographic data files used by the NTPv4 authentication and identification schemes. It generates MD5 key files used in symmetric key cryptography. In addition, if the OpenSSL software library has been installed, it generates keys, certificate and identity files used in public key cryptography. These files are used for cookie encryption, digital signature and challenge/response identification algorithms compatible with the Internet standard security infrastructure.

All files are in PEM-encoded printable ASCII format, so they can be embedded as MIME attachments in mail to other sites and certificate authorities. By default, files are not encrypted. The -p password option specifies the write password and -q password option the read password for previously encrypted files. The ntp-keygen program prompts for the password if it reads an encrypted file and the password is missing or incorrect. If an encrypted file is read successfully and no write password is specified, the read password is used as the write password by default.

The ntpd configuration command crypto pw password specifies the read password for previously encrypted files. The daemon expires on the spot if the password is missing or incorrect. For convenience, if a file has been previously encrypted, the default read password is the name of the host running the program. If the previous write password is specified as the host name, these files can be read by that host with no explicit password.

+

The ntpd daemon requires hostnames to be between 4 and 128 chars in length. If you do not have set your hostname to a fully qualified domain name, and your hostname is shorter than 4 characters, you need to specify a hostname in the config file that is long enough. This can be done via the hostname command. This command is also useful, if the name you want to give your time server (e.g. time.domain.org) is different from the machines hostname. If you specifiy an alternate hostname, the keys and certificates need to have matching names in the subject and issuer fields. This can be done with the -s and -i options of ntp-keygen.

File names begin with the prefix ntpkey_ and end with the postfix _hostname.filestamp, where hostname is the owner name, usually the string returned by the Unix gethostname() routine, and filestamp is the NTP seconds when the file was generated, in decimal digits. This both guarantees uniqueness and simplifies maintenance procedures, since all files can be quickly removed by a rm ntpkey* command or all files generated at a specific time can be removed by a rm *filestamp command. To further reduce the risk of misconfiguration, the first two lines of a file contain the file name and generation date and time as comments.

All files are installed by default in the keys directory /usr/local/etc, which is normally in a shared filesystem in NFS-mounted networks. The actual location of the keys directory and each file can be overridden by configuration commands, but this is not recommended. Normally, the files for each host are generated by that host and used only by that host, although exceptions exist as noted later on this page.

Normally, files containing private values, including the host key, sign key and identification parameters, are permitted root read/write-only; while others containing public values are permitted world readable. Alternatively, files containing private values can be encrypted and these files permitted world readable, which simplifies maintenance in shared file systems. Since uniqueness is insured by the hostname and file name extensions, the files for a NFS server and dependent clients can all be installed in the same shared directory.

diff -Nur ntp-stable-4.2.0a-20040617/include/ntp_config.h ntp-stable-4.2.0a-20040617-hostname/include/ntp_config.h --- ntp-stable-4.2.0a-20040617/include/ntp_config.h 2004-02-25 05:57:55.000000000 +0000 +++ ntp-stable-4.2.0a-20040617-hostname/include/ntp_config.h 2005-05-06 15:29:27.108952247 +0000 @@ -59,6 +59,7 @@ #define CONFIG_CDELAY 38 #ifdef OPENSSL #define CONFIG_CRYPTO 39 +#define CONFIG_HOSTNAME 40 #endif /* OPENSSL */ /* diff -Nur ntp-stable-4.2.0a-20040617/ntpd/ntp_config.c ntp-stable-4.2.0a-20040617-hostname/ntpd/ntp_config.c --- ntp-stable-4.2.0a-20040617/ntpd/ntp_config.c 2004-05-25 11:02:24.000000000 +0000 +++ ntp-stable-4.2.0a-20040617-hostname/ntpd/ntp_config.c 2005-05-06 15:32:56.319973120 +0000 @@ -75,6 +75,9 @@ { "enable", CONFIG_ENABLE }, { "filegen", CONFIG_FILEGEN }, { "fudge", CONFIG_FUDGE }, +#ifdef OPENSSL + { "hostname", CONFIG_HOSTNAME }, +#endif /* OPENSSL */ { "includefile", CONFIG_INCLUDEFILE }, { "keys", CONFIG_KEYS }, { "keysdir", CONFIG_KEYSDIR }, @@ -1760,6 +1763,18 @@ } break; +#ifdef OPENSSL + case CONFIG_HOSTNAME: + if (ntokens != 2) { + syslog(LOG_ERR, "Invalid value for hostname command in config"); + continue; + } + int namlen = min(strlen(tokens[1]) + 1, MAXFILENAME); + sys_hostname = emalloc(namlen); + strncpy(sys_hostname, tokens[1], namlen); + break; +#endif /* OPENSSL */ + } } if (fp[0]) diff -Nur ntp-stable-4.2.0a-20040617/ntpd/ntp_crypto.c ntp-stable-4.2.0a-20040617-hostname/ntpd/ntp_crypto.c --- ntp-stable-4.2.0a-20040617/ntpd/ntp_crypto.c 2004-05-25 11:02:24.000000000 +0000 +++ ntp-stable-4.2.0a-20040617-hostname/ntpd/ntp_crypto.c 2005-05-06 15:31:37.729859128 +0000 @@ -3752,10 +3752,12 @@ if (!crypto_flags) return; - gethostname(filename, MAXFILENAME); - bytes = strlen(filename) + 1; - sys_hostname = emalloc(bytes); - memcpy(sys_hostname, filename, bytes); + if (sys_hostname == NULL) { + gethostname(filename, MAXFILENAME); + bytes = strlen(filename) + 1; + sys_hostname = emalloc(bytes); + memcpy(sys_hostname, filename, bytes); + } if (passwd == NULL) passwd = sys_hostname; memset(&hostval, 0, sizeof(hostval)); diff -Nur ntp-stable-4.2.0a-20040617/ntpd/ntp_proto.c ntp-stable-4.2.0a-20040617-hostname/ntpd/ntp_proto.c --- ntp-stable-4.2.0a-20040617/ntpd/ntp_proto.c 2004-05-25 11:02:24.000000000 +0000 +++ ntp-stable-4.2.0a-20040617-hostname/ntpd/ntp_proto.c 2005-05-06 15:30:40.095842376 +0000 @@ -63,7 +63,7 @@ int peer_ntpdate; /* active peers in ntpdate mode */ int sys_survivors; /* truest of the truechimers */ #ifdef OPENSSL -char *sys_hostname; /* gethostname() name */ +char *sys_hostname = NULL; /* gethostname() name */ #endif /* OPENSSL */ /*