diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2009-08-22 11:09:30 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2009-08-22 11:14:22 +1000 |
| commit | 497234c1cbded9855b817114a6517c58daa25805 (patch) | |
| tree | 692d1660ff077d4a6dee4c4c40e8c12d4a9692a1 | |
| parent | f9c0f889624681c9244140c263b4ed072980dbcc (diff) | |
| download | samba-497234c1cbded9855b817114a6517c58daa25805.tar.gz samba-497234c1cbded9855b817114a6517c58daa25805.tar.bz2 samba-497234c1cbded9855b817114a6517c58daa25805.zip | |
s4:ntp_signd Fix bug 6656 - Set protocol version to 0, as used by ntpd
The change to protocol version 1 was not intentional, and broke the
protocol established with the ntp.org project.
Andrew Bartlett
| -rw-r--r-- | source4/librpc/idl/ntp_signd.idl | 6 | ||||
| -rw-r--r-- | source4/ntp_signd/ntp_signd.c | 4 | ||||
| -rw-r--r-- | source4/torture/ntp/ntp_signd.c | 3 |
3 files changed, 6 insertions, 7 deletions
diff --git a/source4/librpc/idl/ntp_signd.idl b/source4/librpc/idl/ntp_signd.idl index 2b2fbc7662..b784205698 100644 --- a/source4/librpc/idl/ntp_signd.idl +++ b/source4/librpc/idl/ntp_signd.idl @@ -12,6 +12,8 @@ interface ntp_signd { + const int NTP_SIGND_PROTOCOL_VERSION_0 = 0; + typedef [v1_enum] enum { SIGN_TO_CLIENT = 0, ASK_SERVER_TO_SIGN = 1, @@ -21,7 +23,7 @@ interface ntp_signd } ntp_signd_op; typedef [flag(NDR_BIG_ENDIAN),public] struct { - uint32 version; + [value(NTP_SIGND_PROTOCOL_VERSION_0)] uint32 version; ntp_signd_op op; uint16 packet_id; [flag(NDR_LITTLE_ENDIAN)] uint32 key_id; @@ -30,7 +32,7 @@ interface ntp_signd } sign_request; typedef [flag(NDR_BIG_ENDIAN),public] struct samba_key_out { - uint32 version; + [value(NTP_SIGND_PROTOCOL_VERSION_0)] uint32 version; ntp_signd_op op; uint32 packet_id; [flag(NDR_REMAINING)] DATA_BLOB signed_packet; diff --git a/source4/ntp_signd/ntp_signd.c b/source4/ntp_signd/ntp_signd.c index 6c6416dea0..8ea7fe4ff9 100644 --- a/source4/ntp_signd/ntp_signd.c +++ b/source4/ntp_signd/ntp_signd.c @@ -74,7 +74,6 @@ static NTSTATUS signing_failure(struct ntp_signd_connection *ntp_signdconn, NT_STATUS_HAVE_NO_MEMORY(tmp_ctx); - signed_reply.version = 1; signed_reply.op = SIGNING_FAILURE; signed_reply.packet_id = packet_id; signed_reply.signed_packet = data_blob(NULL, 0); @@ -155,7 +154,7 @@ static NTSTATUS ntp_signd_recv(void *private_data, DATA_BLOB wrapped_input) /* We need to implement 'check signature' and 'request server * to sign' operations at some point */ - if (sign_request.version != 1) { + if (sign_request.version != NTP_SIGND_PROTOCOL_VERSION_0) { talloc_free(tmp_ctx); return signing_failure(ntp_signdconn, sign_request.packet_id); } @@ -214,7 +213,6 @@ static NTSTATUS ntp_signd_recv(void *private_data, DATA_BLOB wrapped_input) } /* Generate the reply packet */ - signed_reply.version = 1; signed_reply.packet_id = sign_request.packet_id; signed_reply.op = SIGNING_SUCCESS; signed_reply.signed_packet = data_blob_talloc(tmp_ctx, diff --git a/source4/torture/ntp/ntp_signd.c b/source4/torture/ntp/ntp_signd.c index e82276a086..1b3c59543e 100644 --- a/source4/torture/ntp/ntp_signd.c +++ b/source4/torture/ntp/ntp_signd.c @@ -154,7 +154,6 @@ static bool test_ntp_signd(struct torture_context *tctx, torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate3"); torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed"); - sign_req.version = 1; sign_req.op = SIGN_TO_CLIENT; sign_req.packet_id = 1; sign_req.key_id = rid; @@ -225,7 +224,7 @@ static bool test_ntp_signd(struct torture_context *tctx, torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), ndr_map_error2string(ndr_err)); torture_assert_u64_equal(tctx, signed_reply.version, - sign_req.version, "Invalid Version"); + NTP_SIGND_PROTOCOL_VERSION_0, "Invalid Version"); torture_assert_u64_equal(tctx, signed_reply.packet_id, sign_req.packet_id, "Invalid Packet ID"); torture_assert_u64_equal(tctx, signed_reply.op, |