blob: f1d2de32adcdf77c7720213f341b2296c83123ef (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
|
#!/usr/bin/env bash
. ./test.common
test_start "NTP authentication with NTS"
check_config_h 'FEAT_NTS 1' || test_skip
certtool --help &> /dev/null || test_skip
export CLKNETSIM_START_DATE=$(date -d 'Jan 1 00:00:00 UTC 2010' +'%s')
for i in 1 2; do
cat > tmp/cert$i.cfg <<-EOF
cn = "node$i.net1.clk"
dns_name = "node$i.net1.clk"
ip_address = "192.168.123.$i"
serial = 001
activation_date = "2010-01-01 00:00:00 UTC"
expiration_date = "2010-01-02 00:00:00 UTC"
signing_key
encryption_key
EOF
certtool --generate-privkey --key-type=ed25519 --outfile tmp/server$i.key &> \
tmp/log.certtool$i
certtool --generate-self-signed --load-privkey tmp/server$i.key \
--template tmp/cert$i.cfg --outfile tmp/server$i.crt &>> tmp/log.certtool$i
done
max_sync_time=400
dns=1
server_conf="
ntsserverkey tmp/server1.key
ntsservercert tmp/server1.crt
ntsprocesses 0
ntsrotate 66
ntsdumpdir tmp
"
client_server_options="minpoll 6 maxpoll 6 nts"
client_conf="
nosystemcert
ntstrustedcerts /dev/null
ntstrustedcerts tmp/server1.crt
ntstrustedcerts /dev/null
logdir tmp
log rawmeasurements"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_file_messages "20.*123\.1.* 111 111 1111" 75 80 measurements.log || test_fail
check_file_messages "20.*123\.1.* 111 001 0000" 37 39 measurements.log || test_fail
check_file_messages " 2 1 .* 4460 " 260 300 log.packets || test_fail
check_file_messages "." 6 6 ntskeys || test_fail
rm -f tmp/measurements.log
client_conf+="
ntsrefresh 120
ntsdumpdir tmp"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_file_messages "20.*123\.1.* 111 111 1111" 99 103 measurements.log || test_fail
check_file_messages "20.*123\.1.* 111 001 0000" 0 0 measurements.log || test_fail
check_file_messages " 2 1 .* 4460 " 350 390 log.packets || test_fail
check_file_messages "." 6 6 ntskeys || test_fail
check_file_messages "." 12 13 192.168.123.1.nts || test_fail
rm -f tmp/measurements.log
export CLKNETSIM_START_DATE=$(date -d 'Jan 1 00:00:00 UTC 2010 + 40000 sec' +'%s')
server_conf+="
ntsrotate 100000"
client_conf+="
ntsrefresh 39500"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_file_messages "20.*123\.1.* 111 111 1111" 150 160 measurements.log || test_fail
check_file_messages "20.*123\.1.* 111 001 0000" 0 0 measurements.log || test_fail
check_file_messages " 2 1 .* 4460 " 6 10 log.packets || test_fail
check_file_messages "^9\.......e+03 2 1 .* 4460 " 6 10 log.packets || test_fail
check_file_messages "." 6 6 ntskeys || test_fail
check_file_messages "." 12 13 192.168.123.1.nts || test_fail
rm -f tmp/measurements.log
client_conf="
nosystemcert"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection && test_fail
check_sync && test_fail
check_file_messages " 2 1 .* 123 " 0 0 log.packets || test_fail
check_file_messages " 2 1 .* 4460 " 10 20 log.packets || test_fail
export CLKNETSIM_START_DATE=$(date -d 'Jan 2 00:00:01 UTC 2010' +'%s')
client_conf="
nosystemcert
ntstrustedcerts tmp/server1.crt"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection && test_fail
check_sync && test_fail
check_file_messages " 2 1 .* 123 " 0 0 log.packets || test_fail
check_file_messages " 2 1 .* 4460 " 10 20 log.packets || test_fail
check_log_messages "expired certificate" 4 4 || test_fail
client_conf+="
nocerttimecheck 1"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
export CLKNETSIM_START_DATE=$(date -d 'Jan 1 00:00:00 UTC 2010' +'%s')
client_conf="
nosystemcert
ntstrustedcerts tmp/server1.crt
ntsrefresh 500"
for dns in 1 0; do
server_conf="
ntsserverkey tmp/server1.key
ntsservercert tmp/server1.crt
ntsprocesses 0
ntsrotate 0
ntsdumpdir tmp"
if [ $dns != 0 ]; then
server_conf+="
ntsntpserver node2.net1.clk"
client_server_conf="server node1.net1.clk $client_server_options"
else
server_conf+="
ntsntpserver 192.168.123.2"
client_server_conf="server 192.168.123.1 $client_server_options"
fi
servers=1
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection && test_fail
check_sync && test_fail
check_file_messages " 2 1 .* 4460 " 45 100 log.packets || test_fail
check_file_messages " 2 2 .* 4460 " 0 0 log.packets || test_fail
check_log_messages "Source 192.168.123.1 changed to 192.168.123.2" 4 10 || test_fail
check_log_messages "Source 192.168.123.2 replaced with 192.168.123.1" 3 10 || test_fail
servers=2
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_file_messages " 3 1 .* 4460 " 100 150 log.packets || test_fail
check_file_messages " 3 2 .* 4460 " 0 0 log.packets || test_fail
check_log_messages "Source 192.168.123.1 changed to 192.168.123.2" 1 1 || test_fail
check_log_messages "Source 192.168.123.2 replaced with 192.168.123.1" 0 0 || test_fail
server_conf+="
ntsratelimit interval 12 burst 1 leak 4"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection && test_fail
check_file_messages " 3 1 .* 4460 1 0 2" 25 50 log.packets || test_fail
check_file_messages " 3 2 .* 4460 " 0 0 log.packets || test_fail
check_log_messages "Source 192.168.123.1 changed to 192.168.123.2" 2 6 || test_fail
check_log_messages "Source 192.168.123.2 replaced with 192.168.123.1" 1 6 || test_fail
done
servers=2
server_conf="
ntsserverkey tmp/server1.key
ntsservercert tmp/server1.crt
ntsprocesses 0
ntsrotate 0
ntsntpserver node2.net1.clk
port 11123
ntsdumpdir tmp"
client_conf="
nosystemcert
ntstrustedcerts tmp/server1.crt
ntsdumpdir tmp"
client_server_conf="server 192.168.123.1 $client_server_options"
rm -f tmp/*.nts
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_log_messages "Could not change" 0 0 || test_fail
check_file_messages " 3 1 .* 4460 1 0 2" 1 1 log.packets || test_fail
check_file_messages " 3 2 .* 4460 " 0 0 log.packets || test_fail
for dns in 1 0; do
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_log_messages "Could not change" 0 0 || test_fail
check_file_messages " 3 1 .* 4460 1 0 2" 0 0 log.packets || test_fail
check_file_messages " 3 2 .* 4460 " 0 0 log.packets || test_fail
done
min_sync_time=$[default_min_sync_time + 200]
max_sync_time=600
server_conf="
ntsserverkey tmp/server1.key
ntsservercert tmp/server1.crt
ntsprocesses 0
ntsrotate 0
ntsdumpdir tmp"
head -n 8 tmp/192.168.123.1.nts > tmp/192.168.123.1.nts_
mv tmp/192.168.123.1.nts_ tmp/192.168.123.1.nts
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_log_messages "Could not change" 0 0 || test_fail
check_file_messages " 3 1 .* 4460 1 0 2" 1 1 log.packets || test_fail
check_file_messages " 3 2 .* 4460 " 0 0 log.packets || test_fail
check_file_messages " 3 1 .* 11123 " 0 0 log.packets || test_fail
check_file_messages " 3 2 .* 123 " 0 0 log.packets || test_fail
check_file_messages " 3 2 .* 11123 " 3 3 log.packets || test_fail
dns=1
min_sync_time=$default_min_sync_time
max_sync_time=400
server_conf="
ntsserverkey tmp/server1.key
ntsservercert tmp/server1.crt
ntsserverkey tmp/server2.key
ntsservercert tmp/server2.crt
ntsprocesses 0"
client_conf="
nosystemcert
ntstrustedcerts tmp/server1.crt
ntstrustedcerts tmp/server2.crt
minsources 2"
client_server_conf=""
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
client_conf="
nosystemcert
ntstrustedcerts tmp/server1.crt
ntstrustedcerts 1 tmp/server1.crt
ntstrustedcerts 2 tmp/server2.crt
ntstrustedcerts 3 tmp/server2.crt"
client_server_conf="
server node1.net1.clk $client_server_options certset 0
server node2.net1.clk $client_server_options certset 2"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_file_messages " 3 1 .* 123 " 100 200 log.packets || test_fail
check_file_messages " 3 2 .* 123 " 100 200 log.packets || test_fail
client_server_conf="
server node1.net1.clk $client_server_options certset 2
server node2.net1.clk $client_server_options"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection && test_fail
check_sync && test_fail
check_file_messages " 3 1 .* 123 " 0 0 log.packets || test_fail
check_file_messages " 3 2 .* 123 " 0 0 log.packets || test_fail
client_conf="
nosystemcert
ntstrustedcerts tmp/nosuch.crt
ntstrustedcerts 2 tmp/nosuch.crt"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection && test_fail
check_sync && test_fail
check_file_messages " 3 1 .* 123 " 0 0 log.packets || test_fail
check_file_messages " 3 2 .* 123 " 0 0 log.packets || test_fail
test_pass
|
