| #!/usr/bin/env bash |
| |
| . ./test.common |
| |
| test_start "NTP authentication with NTS" |
| |
| check_config_h 'FEAT_NTS 1' || test_skip |
| certtool --help &> /dev/null || test_skip |
| |
| export CLKNETSIM_START_DATE=$(date -d 'Jan 1 00:00:00 UTC 2010' +'%s') |
| |
| for i in 1 2; do |
| cat > tmp/cert$i.cfg <<-EOF |
| cn = "node$i.net1.clk" |
| dns_name = "node$i.net1.clk" |
| ip_address = "192.168.123.$i" |
| serial = 001 |
| activation_date = "2010-01-01 00:00:00 UTC" |
| expiration_date = "2010-01-02 00:00:00 UTC" |
| signing_key |
| encryption_key |
| EOF |
| |
| certtool --generate-privkey --key-type=ed25519 --outfile tmp/server$i.key &> \ |
| tmp/log.certtool$i |
| certtool --generate-self-signed --load-privkey tmp/server$i.key \ |
| --template tmp/cert$i.cfg --outfile tmp/server$i.crt &>> tmp/log.certtool$i |
| done |
| |
| max_sync_time=400 |
| dns=1 |
| server_conf=" |
| ntsserverkey tmp/server1.key |
| ntsservercert tmp/server1.crt |
| ntsprocesses 0 |
| ntsrotate 66 |
| ntsdumpdir tmp |
| " |
| client_server_options="minpoll 6 maxpoll 6 nts" |
| client_conf=" |
| nosystemcert |
| ntstrustedcerts /dev/null |
| ntstrustedcerts tmp/server1.crt |
| ntstrustedcerts /dev/null |
| logdir tmp |
| log rawmeasurements" |
| |
| run_test || test_fail |
| check_chronyd_exit || test_fail |
| check_source_selection || test_fail |
| check_sync || test_fail |
| |
| check_file_messages "20.*123\.1.* 111 111 1111" 75 80 measurements.log || test_fail |
| check_file_messages "20.*123\.1.* 111 001 0000" 37 39 measurements.log || test_fail |
| check_file_messages " 2 1 .* 4460 " 260 300 log.packets || test_fail |
| check_file_messages "." 6 6 ntskeys || test_fail |
| rm -f tmp/measurements.log |
| |
| client_conf+=" |
| ntsrefresh 120 |
| ntsdumpdir tmp" |
| |
| run_test || test_fail |
| check_chronyd_exit || test_fail |
| check_source_selection || test_fail |
| check_sync || test_fail |
| |
| check_file_messages "20.*123\.1.* 111 111 1111" 99 103 measurements.log || test_fail |
| check_file_messages "20.*123\.1.* 111 001 0000" 0 0 measurements.log || test_fail |
| check_file_messages " 2 1 .* 4460 " 350 390 log.packets || test_fail |
| check_file_messages "." 6 6 ntskeys || test_fail |
| check_file_messages "." 12 13 192.168.123.1.nts || test_fail |
| rm -f tmp/measurements.log |
| |
| export CLKNETSIM_START_DATE=$(date -d 'Jan 1 00:00:00 UTC 2010 + 40000 sec' +'%s') |
| |
| server_conf+=" |
| ntsrotate 100000" |
| client_conf+=" |
| ntsrefresh 39500" |
| |
| run_test || test_fail |
| check_chronyd_exit || test_fail |
| check_source_selection || test_fail |
| check_sync || test_fail |
| |
| check_file_messages "20.*123\.1.* 111 111 1111" 150 160 measurements.log || test_fail |
| check_file_messages "20.*123\.1.* 111 001 0000" 0 0 measurements.log || test_fail |
| check_file_messages " 2 1 .* 4460 " 6 10 log.packets || test_fail |
| check_file_messages "^9\.......e+03 2 1 .* 4460 " 6 10 log.packets || test_fail |
| check_file_messages "." 6 6 ntskeys || test_fail |
| check_file_messages "." 12 13 192.168.123.1.nts || test_fail |
| rm -f tmp/measurements.log |
| |
| client_conf=" |
| nosystemcert" |
| |
| run_test || test_fail |
| check_chronyd_exit || test_fail |
| check_source_selection && test_fail |
| check_sync && test_fail |
| |
| check_file_messages " 2 1 .* 123 " 0 0 log.packets || test_fail |
| check_file_messages " 2 1 .* 4460 " 10 20 log.packets || test_fail |
| |
| export CLKNETSIM_START_DATE=$(date -d 'Jan 2 00:00:01 UTC 2010' +'%s') |
| |
| client_conf=" |
| nosystemcert |
| ntstrustedcerts tmp/server1.crt" |
| |
| run_test || test_fail |
| check_chronyd_exit || test_fail |
| check_source_selection && test_fail |
| check_sync && test_fail |
| |
| check_file_messages " 2 1 .* 123 " 0 0 log.packets || test_fail |
| check_file_messages " 2 1 .* 4460 " 10 20 log.packets || test_fail |
| check_log_messages "expired certificate" 4 4 || test_fail |
| |
| client_conf+=" |
| nocerttimecheck 1" |
| |
| run_test || test_fail |
| check_chronyd_exit || test_fail |
| check_source_selection || test_fail |
| check_sync || test_fail |
| |
| export CLKNETSIM_START_DATE=$(date -d 'Jan 1 00:00:00 UTC 2010' +'%s') |
| |
| client_conf=" |
| nosystemcert |
| ntstrustedcerts tmp/server1.crt |
| ntsrefresh 500" |
| |
| for dns in 1 0; do |
| server_conf=" |
| ntsserverkey tmp/server1.key |
| ntsservercert tmp/server1.crt |
| ntsprocesses 0 |
| ntsrotate 0 |
| ntsdumpdir tmp" |
| |
| if [ $dns != 0 ]; then |
| server_conf+=" |
| ntsntpserver node2.net1.clk" |
| client_server_conf="server node1.net1.clk $client_server_options" |
| else |
| server_conf+=" |
| ntsntpserver 192.168.123.2" |
| client_server_conf="server 192.168.123.1 $client_server_options" |
| fi |
| |
| servers=1 |
| |
| run_test || test_fail |
| check_chronyd_exit || test_fail |
| check_source_selection && test_fail |
| check_sync && test_fail |
| |
| check_file_messages " 2 1 .* 4460 " 50 100 log.packets || test_fail |
| check_file_messages " 2 2 .* 4460 " 0 0 log.packets || test_fail |
| check_log_messages "Source 192.168.123.1 changed to 192.168.123.2" 6 8 || test_fail |
| check_log_messages "Source 192.168.123.2 replaced with 192.168.123.1" 6 8 || test_fail |
| |
| servers=2 |
| |
| run_test || test_fail |
| check_chronyd_exit || test_fail |
| check_source_selection || test_fail |
| check_sync || test_fail |
| |
| check_file_messages " 3 1 .* 4460 " 100 150 log.packets || test_fail |
| check_file_messages " 3 2 .* 4460 " 0 0 log.packets || test_fail |
| check_log_messages "Source 192.168.123.1 changed to 192.168.123.2" 1 1 || test_fail |
| check_log_messages "Source 192.168.123.2 replaced with 192.168.123.1" 0 0 || test_fail |
| |
| server_conf+=" |
| ntsratelimit interval 12 burst 1 leak 4" |
| |
| run_test || test_fail |
| check_chronyd_exit || test_fail |
| check_source_selection && test_fail |
| |
| check_file_messages " 3 1 .* 4460 1 0 2" 25 50 log.packets || test_fail |
| check_file_messages " 3 2 .* 4460 " 0 0 log.packets || test_fail |
| check_log_messages "Source 192.168.123.1 changed to 192.168.123.2" 2 6 || test_fail |
| check_log_messages "Source 192.168.123.2 replaced with 192.168.123.1" 1 6 || test_fail |
| done |
| |
| servers=2 |
| server_conf=" |
| ntsserverkey tmp/server1.key |
| ntsservercert tmp/server1.crt |
| ntsprocesses 0 |
| ntsrotate 0 |
| ntsntpserver node2.net1.clk |
| port 11123 |
| ntsdumpdir tmp" |
| client_conf=" |
| nosystemcert |
| ntstrustedcerts tmp/server1.crt |
| ntsdumpdir tmp" |
| client_server_conf="server 192.168.123.1 $client_server_options" |
| |
| rm -f tmp/*.nts |
| |
| run_test || test_fail |
| check_chronyd_exit || test_fail |
| check_source_selection || test_fail |
| check_sync || test_fail |
| |
| check_log_messages "Could not change" 0 0 || test_fail |
| check_file_messages " 3 1 .* 4460 1 0 2" 1 1 log.packets || test_fail |
| check_file_messages " 3 2 .* 4460 " 0 0 log.packets || test_fail |
| |
| for dns in 1 0; do |
| run_test || test_fail |
| check_chronyd_exit || test_fail |
| check_source_selection || test_fail |
| check_sync || test_fail |
| |
| check_log_messages "Could not change" 0 0 || test_fail |
| check_file_messages " 3 1 .* 4460 1 0 2" 0 0 log.packets || test_fail |
| check_file_messages " 3 2 .* 4460 " 0 0 log.packets || test_fail |
| done |
| |
| server_conf=" |
| ntsserverkey tmp/server1.key |
| ntsservercert tmp/server1.crt |
| ntsprocesses 0 |
| ntsrotate 0 |
| ntsdumpdir tmp" |
| |
| head -n 8 tmp/192.168.123.1.nts > tmp/192.168.123.1.nts_ |
| mv tmp/192.168.123.1.nts_ tmp/192.168.123.1.nts |
| |
| run_test || test_fail |
| check_chronyd_exit || test_fail |
| check_source_selection || test_fail |
| check_sync || test_fail |
| |
| check_log_messages "Could not change" 0 0 || test_fail |
| check_file_messages " 3 1 .* 4460 1 0 2" 1 1 log.packets || test_fail |
| check_file_messages " 3 2 .* 4460 " 0 0 log.packets || test_fail |
| check_file_messages " 3 1 .* 11123 " 0 0 log.packets || test_fail |
| check_file_messages " 3 2 .* 123 " 0 0 log.packets || test_fail |
| check_file_messages " 3 2 .* 11123 " 3 3 log.packets || test_fail |
| |
| dns=1 |
| server_conf=" |
| ntsserverkey tmp/server1.key |
| ntsservercert tmp/server1.crt |
| ntsserverkey tmp/server2.key |
| ntsservercert tmp/server2.crt |
| ntsprocesses 0" |
| client_conf=" |
| nosystemcert |
| ntstrustedcerts tmp/server1.crt |
| ntstrustedcerts tmp/server2.crt |
| minsources 2" |
| client_server_conf="" |
| |
| run_test || test_fail |
| check_chronyd_exit || test_fail |
| check_source_selection || test_fail |
| check_sync || test_fail |
| |
| client_conf=" |
| nosystemcert |
| ntstrustedcerts tmp/server1.crt |
| ntstrustedcerts 1 tmp/server1.crt |
| ntstrustedcerts 2 tmp/server2.crt |
| ntstrustedcerts 3 tmp/server2.crt" |
| client_server_conf=" |
| server node1.net1.clk $client_server_options certset 0 |
| server node2.net1.clk $client_server_options certset 2" |
| |
| run_test || test_fail |
| check_chronyd_exit || test_fail |
| check_source_selection || test_fail |
| check_sync || test_fail |
| |
| check_file_messages " 3 1 .* 123 " 100 200 log.packets || test_fail |
| check_file_messages " 3 2 .* 123 " 100 200 log.packets || test_fail |
| |
| client_server_conf=" |
| server node1.net1.clk $client_server_options certset 2 |
| server node2.net1.clk $client_server_options" |
| |
| run_test || test_fail |
| check_chronyd_exit || test_fail |
| check_source_selection && test_fail |
| check_sync && test_fail |
| |
| check_file_messages " 3 1 .* 123 " 0 0 log.packets || test_fail |
| check_file_messages " 3 2 .* 123 " 0 0 log.packets || test_fail |
| |
| client_conf=" |
| nosystemcert |
| ntstrustedcerts tmp/nosuch.crt |
| ntstrustedcerts 2 tmp/nosuch.crt" |
| |
| run_test || test_fail |
| check_chronyd_exit || test_fail |
| check_source_selection && test_fail |
| check_sync && test_fail |
| |
| check_file_messages " 3 1 .* 123 " 0 0 log.packets || test_fail |
| check_file_messages " 3 2 .* 123 " 0 0 log.packets || test_fail |
| |
| test_pass |