14757 – Support for MS-SNTP extended authenticator in ntp_signd

Bug 14757 - Support for MS-SNTP extended authenticator in ntp_signd

Summary: Support for MS-SNTP extended authenticator in ntp_signd

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.14.4
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-07-14 09:47 UTC by Andreas Schneider
Modified:	2021-07-14 09:47 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Schneider 2021-07-14 09:47:18 UTC

The MS-SNTP specification includes a new extended authenticator field, which is apparently used by w32time in latest Windows versions. It's not supported by ntp_signd yet. Latest versions of the specification are here:

https://msdn.microsoft.com/en-us/library/cc246877.aspx

A support for ntp_signd was recently implemented in chrony and it can detect MS-SNTP packets using the new extended authenticator field, but there is no way to pass the additional data to ntp_signd. A new command or version of the protocol will probably need to be specified.