diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index 33d674d9ff..1a2d2d2f1b 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -2327,6 +2327,7 @@ function system_ntp_configure() { $driftfile = "/var/db/ntpd.drift"; $statsdir = "/var/log/ntp"; $gps_device = '/dev/gps0'; + $ntp_keyid = config_get_path('ntpd/serverauthkeyid') ?? '1'; safe_mkdir($statsdir); @@ -2356,7 +2357,7 @@ function system_ntp_configure() { /* set NTP server authentication key */ if (config_get_path('ntpd/serverauth') == 'yes') { - $ntpkeyscfg = "1 " . strtoupper(config_get_path('ntpd/serverauthalgo')) . " " . base64_decode(config_get_path('ntpd/serverauthkey')) . "\n"; + $ntpkeyscfg = "{$ntp_keyid} " . strtoupper(config_get_path('ntpd/serverauthalgo')) . " " . base64_decode(config_get_path('ntpd/serverauthkey')) . "\n"; if (!@file_put_contents("{$g['varetc_path']}/ntp.keys", $ntpkeyscfg)) { log_error(sprintf(gettext("Could not open %s/ntp.keys for writing"), g_get('varetc_path'))); return; @@ -2373,9 +2374,9 @@ function system_ntp_configure() { if (config_get_path('ntpd/serverauth') == 'yes') { $ntpcfg .= "# Authentication settings \n"; $ntpcfg .= "keys /var/etc/ntp.keys \n"; - $ntpcfg .= "trustedkey 1 \n"; - $ntpcfg .= "requestkey 1 \n"; - $ntpcfg .= "controlkey 1 \n"; + $ntpcfg .= "trustedkey {$ntp_keyid} \n"; + $ntpcfg .= "requestkey {$ntp_keyid} \n"; + $ntpcfg .= "controlkey {$ntp_keyid} \n"; $ntpcfg .= "\n"; } @@ -2552,6 +2553,9 @@ function system_ntp_configure() { if (substr_count(config_get_path('ntpd/noselect'), $ts)) { $ntpcfg .= ' noselect'; } + if (config_get_path('ntpd/serverauth') == 'yes'/* && !substr_count(config_get_path('ntpd/ispool'), $ts)*/) { + $ntpcfg .= " key {$ntp_keyid} "; + } $ntpcfg .= "\n"; } unset($ts); diff --git a/src/usr/local/www/services_ntpd.php b/src/usr/local/www/services_ntpd.php index 6fd495ff2f..6d655ecea3 100644 --- a/src/usr/local/www/services_ntpd.php +++ b/src/usr/local/www/services_ntpd.php @@ -99,6 +99,12 @@ if ($_POST) { if (isset($pconfig['serverauth'])) { if (empty($pconfig['serverauthkey'])) { $input_errors[] = gettext("The supplied value for NTP Authentication key can't be empty."); + } elseif (empty($pconfig['serverauthkeyid'])) { + $input_errors[] = gettext("The authentication Key ID can't be empty."); + } elseif (!ctype_digit($pconfig['serverauthkeyid'])) { + $input_errors[] = gettext("The authentication Key ID must be a positive integer."); + } elseif ($pconfig['serverauthkeyid'] < 1 || $pconfig['serverauthkeyid'] > 65535) { + $input_errors[] = gettext("The authentication Key ID must be between 1-65535."); } elseif (($pconfig['serverauthalgo'] == 'md5') && ((strlen($pconfig['serverauthkey']) > 20) || !ctype_print($pconfig['serverauthkey']))) { $input_errors[] = gettext("The supplied value for NTP Authentication key for MD5 digest must be from 1 to 20 printable characters."); @@ -212,10 +218,12 @@ if ($_POST) { if (!empty($_POST['serverauth'])) { config_set_path('ntpd/serverauth', $_POST['serverauth']); config_set_path('ntpd/serverauthkey', base64_encode(trim($_POST['serverauthkey']))); + config_set_path('ntpd/serverauthkeyid', $_POST['serverauthkeyid']); config_set_path('ntpd/serverauthalgo', $_POST['serverauthalgo']); } elseif (isset($config['ntpd']['serverauth'])) { config_del_path('ntpd/serverauth'); config_del_path('ntpd/serverauthkey'); + config_del_path('ntpd/serverauthkeyid'); config_del_path('ntpd/serverauthalgo'); } @@ -540,9 +548,18 @@ $section->addInput(new Form_Checkbox( $group = new Form_Group('Authentication key'); $group->addClass('ntpserverauth'); -$group->add(new Form_IpAddress( +$group->add(new Form_Input( + 'serverauthkeyid', + 'Key ID', + null, + $pconfig['serverauthkeyid'], + ['type' => 'number', 'min' => 1, 'max' => 65535, 'step' => 1] +))->setWidth(2)->setHelp('ID associated with the authentication key'); + +$group->add(new Form_Input( 'serverauthkey', 'NTP Authentication key', + 'text', base64_decode($pconfig['serverauthkey']), ['placeholder' => 'NTP Authentication key'] ))->setHelp( @@ -557,7 +574,7 @@ $group->add(new Form_Select( null, $pconfig['serverauthalgo'], $ntp_auth_halgos -))->setWidth(3)->setHelp('Digest algorithm'); +))->setWidth(2)->setHelp('Digest algorithm'); $section->add($group); diff --git a/src/usr/local/www/status_ntpd.php b/src/usr/local/www/status_ntpd.php index 0475344d2c..2887edb293 100644 --- a/src/usr/local/www/status_ntpd.php +++ b/src/usr/local/www/status_ntpd.php @@ -52,10 +52,28 @@ if ($allow_query && (config_get_path('ntpd/enable') != 'disabled')) { $inet_version = " -4"; } - exec('/usr/local/sbin/ntpq -pnw ' . $inet_version . ' | /usr/bin/tail +3 | /usr/bin/awk -v RS= \'{gsub(/\n[[:space:]][[:space:]]+/," ")}1\'', $ntpq_output); + exec('/usr/local/sbin/ntpq -pnw' . $inet_version . ' | /usr/bin/tail +3 | /usr/bin/awk -v RS= \'{gsub(/\n[[:space:]][[:space:]]+/," ")}1\'', $ntpq_output); + exec('/usr/local/sbin/ntpq -c associations' . $inet_version . ' | /usr/bin/tail +3 | /usr/bin/awk -v RS= \'{gsub(/\n[[:space:]][[:space:]]\n+/," ")}1\'', $ntpq_associations_output); $ntpq_servers = array(); - foreach ($ntpq_output as $line) { + $ntpq_server_responses = array(); + + foreach ($ntpq_associations_output as $i => $line) { + $associations_response = array(); + $peerinfo = preg_split("/[\s\t]+/", $line); + $server['ind'] = $peerinfo[1]; + $associations_response['assid'] = $peerinfo[2]; + $associations_response['status_word'] = $peerinfo[3]; + $associations_response['conf'] = $peerinfo[4]; + $associations_response['reach'] = $peerinfo[5]; + $associations_response['auth'] = $peerinfo[6]; + $associations_response['condition'] = $peerinfo[7]; + $associations_response['last_event'] = $peerinfo[8]; + $associations_response['cnt'] = $peerinfo[9]; + $ntpq_server_responses[$i] = $associations_response; + } + + foreach ($ntpq_output as $i => $line) { $server = array(); $status_char = substr($line, 0, 1); $line = substr($line, 1); @@ -72,6 +90,15 @@ if ($allow_query && (config_get_path('ntpd/enable') != 'disabled')) { $server['offset'] = $peerinfo[8]; $server['jitter'] = $peerinfo[9]; + $server['ind'] = $ntpq_server_responses[$i]['ind']; + $server['assid'] = $ntpq_server_responses[$i]['assid']; + $server['status_word'] = $ntpq_server_responses[$i]['status_word']; + $server['conf'] = $ntpq_server_responses[$i]['conf']; + $server['auth'] = $ntpq_server_responses[$i]['auth']; + $server['condition'] = $ntpq_server_responses[$i]['condition']; + $server['last_event'] = $ntpq_server_responses[$i]['last_event']; + $server['cnt'] = $ntpq_server_responses[$i]['cnt']; + switch ($status_char) { case " ": if ($server['refid'] == ".POOL.") { @@ -252,6 +279,9 @@ function print_status() { print("