1 files changed, 45 insertions, 42 deletions
diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c
index 37c3f0325e07f..577b5fb0af5a2 100644
--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -245,7 +245,7 @@ transmit(
 		/*
 		 * Update the reachability status. If not heard for
 		 * three consecutive polls, stuff infinity in the clock
-		 * filter. 
+		 * filter.
 		 */
 		oreach = peer->reach;
 		peer->outdate = current_time;
@@ -290,7 +290,7 @@ transmit(
 		 * If preemptible and we have more peers than maxclock,
 		 * and this peer has the minimum score of preemptibles,
 		 * demobilize.
-		 */ 
+		 */
 		if (peer->unreach >= NTP_UNREACH) {
 			hpoll++;
 			/* ephemeral: no FLAG_CONFIG nor FLAG_PREEMPT */
@@ -335,7 +335,7 @@ transmit(
 		peer->retry--;
 
 	/*
-	 * Do not transmit if in broadcast client mode. 
+	 * Do not transmit if in broadcast client mode.
 	 */
 	if (peer->hmode != MODE_BCLIENT)
 		peer_xmit(peer);
@@ -442,7 +442,7 @@ receive(
 			return;			/* no flakeway */
 		}
 	}
-	
+
 	/*
 	 * Version check must be after the query packets, since they
 	 * intentionally use an early version.
@@ -659,7 +659,7 @@ receive(
 		 * If the signature is 20 bytes long, the last 16 of
 		 * which are zero, then this is a Microsoft client
 		 * wanting AD-style authentication of the server's
-		 * reply.  
+		 * reply.
 		 *
 		 * This is described in Microsoft's WSPP docs, in MS-SNTP:
 		 * http://msdn.microsoft.com/en-us/library/cc212930.aspx
@@ -680,7 +680,7 @@ receive(
 		 * broadcast or unicast address as appropriate.
 		 */
 		if (crypto_flags && skeyid > NTP_MAXKEY) {
-		
+
 			/*
 			 * More on the autokey dance (AKD). A cookie is
 			 * constructed from public and private values.
@@ -874,7 +874,7 @@ receive(
 	 * curious and could be an intruder attempting to clog, so we
 	 * just ignore it.
 	 *
-	 * If the packet is authentic and the manycastclient or pool 
+	 * If the packet is authentic and the manycastclient or pool
 	 * association is found, we mobilize a client association and
 	 * copy pertinent variables from the manycastclient or pool
 	 * association to the new client association. If not, just
@@ -1256,16 +1256,6 @@ receive(
 	}
 
 	/*
-	 * Update the state variables.
-	 */
-	if (peer->flip == 0) {
-		if (hismode != MODE_BROADCAST)
-			peer->rec = p_xmt;
-		peer->dst = rbufp->recv_time;
-	}
-	peer->xmt = p_xmt;
-
-	/*
 	 * If this is a crypto_NAK, the server cannot authenticate a
 	 * client packet. The server might have just changed keys. Clear
 	 * the association and restart the protocol.
@@ -1284,19 +1274,21 @@ receive(
 #endif	/* AUTOKEY */
 		return;
 
-	/* 
-	 * If the digest fails, the client cannot authenticate a server
+	/*
+	 * If the digest fails or it's missing for authenticated
+	 * associations, the client cannot authenticate a server
 	 * reply to a client packet previously sent. The loopback check
 	 * is designed to avoid a bait-and-switch attack, which was
 	 * possible in past versions. If symmetric modes, return a
 	 * crypto-NAK. The peer should restart the protocol.
 	 */
-	} else if (!AUTH(has_mac || (restrict_mask & RES_DONTTRUST),
-	    is_authentic)) {
+	} else if (!AUTH(peer->keyid || has_mac ||
+			 (restrict_mask & RES_DONTTRUST), is_authentic)) {
 		report_event(PEVNT_AUTH, peer, "digest");
 		peer->flash |= TEST5;		/* bad auth */
 		peer->badauth++;
-		if (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE)
+		if (has_mac &&
+		    (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE))
 			fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask);
 		if (peer->flags & FLAG_PREEMPT) {
 			unpeer(peer);
@@ -1310,6 +1302,16 @@ receive(
 	}
 
 	/*
+	 * Update the state variables.
+	 */
+	if (peer->flip == 0) {
+		if (hismode != MODE_BROADCAST)
+			peer->rec = p_xmt;
+		peer->dst = rbufp->recv_time;
+	}
+	peer->xmt = p_xmt;
+
+	/*
 	 * Set the peer ppoll to the maximum of the packet ppoll and the
 	 * peer minpoll. If a kiss-o'-death, set the peer minpoll to
 	 * this maximum and advance the headway to give the sender some
@@ -1577,7 +1579,7 @@ process_packet(
 	/*
 	 * If the peer was previously unreachable, raise a trap. In any
 	 * case, mark it reachable.
-	 */ 
+	 */
 	if (!peer->reach) {
 		report_event(PEVNT_REACH, peer, NULL);
 		peer->timereachable = current_time;
@@ -1644,8 +1646,8 @@ process_packet(
 		 * Interleaved broadcast mode. Use interleaved timestamps.
 		 * t1 = peer->borg, t2 = p_org, t3 = p_org, t4 = aorg
 		 */
-		if (peer->flags & FLAG_XB) { 
-			ci = p_org;			/* delay */ 
+		if (peer->flags & FLAG_XB) {
+			ci = p_org;			/* delay */
 			L_SUB(&ci, &peer->aorg);
 			LFPTOD(&ci, t34);
 			ci = p_org;			/* t2 - t1 */
@@ -1774,7 +1776,7 @@ process_packet(
 			    p_del, peer->r21 / 1e3, peer->r34 / 1e3,
 			    td);
 #endif
-	} 
+	}
 #endif /* ASSYM */
 
 	/*
@@ -2240,7 +2242,7 @@ clock_filter(
 	for (i = NTP_SHIFT - 1; i >= 0; i--) {
 		if (i != 0)
 			peer->filter_disp[j] += dtemp;
-		if (peer->filter_disp[j] >= MAXDISPERSE) { 
+		if (peer->filter_disp[j] >= MAXDISPERSE) {
 			peer->filter_disp[j] = MAXDISPERSE;
 			dst[i] = MAXDISPERSE;
 		} else if (peer->update - peer->filter_epoch[j] >
@@ -2255,7 +2257,7 @@ clock_filter(
 	}
 
 	/*
-	 * If the clock has stabilized, sort the samples by distance.  
+	 * If the clock has stabilized, sort the samples by distance.
 	 */
 	if (freq_cnt == 0) {
 		for (i = 1; i < NTP_SHIFT; i++) {
@@ -2289,7 +2291,7 @@ clock_filter(
 			continue;
 		m++;
 	}
-	
+
 	/*
 	 * Compute the dispersion and jitter. The dispersion is weighted
 	 * exponentially by NTP_FWEIGHT (0.5) so it is normalized close
@@ -2493,9 +2495,9 @@ clock_select(void)
 		/*
 		 * If this peer could have the orphan parent
 		 * as a synchronization ancestor, exclude it
-		 * from selection to avoid forming a 
+		 * from selection to avoid forming a
 		 * synchronization loop within the orphan mesh,
-		 * triggering stratum climb to infinity 
+		 * triggering stratum climb to infinity
 		 * instability.  Peers at stratum higher than
 		 * the orphan stratum could have the orphan
 		 * parent in ancestry so are excluded.
@@ -2603,7 +2605,7 @@ clock_select(void)
 	for (allow = 0; 2 * allow < nlist; allow++) {
 
 		/*
-		 * Bound the interval (low, high) as the smallest 
+		 * Bound the interval (low, high) as the smallest
 		 * interval containing points from the most sources.
 		 */
 		n = 0;
@@ -2639,7 +2641,7 @@ clock_select(void)
 	 * We assert the correct time is contained in the interval, but
 	 * the best offset estimate for the interval might not be
 	 * contained in the interval. For this purpose, a truechimer is
-	 * defined as the midpoint of an interval that overlaps the 
+	 * defined as the midpoint of an interval that overlaps the
 	 * intersection interval.
 	 */
 	j = 0;
@@ -2659,9 +2661,10 @@ clock_select(void)
 		 * include any of them in the cluster population.
 		 */
 		if (peer->flags & FLAG_PPS) {
-			if (typepps == NULL) 
+			if (typepps == NULL)
 				typepps = peer;
-			continue;
+			if (!(peer->flags & FLAG_TSTAMP_PPS))
+				continue;
 		}
 #endif /* REFCLOCK */
 
@@ -2672,7 +2675,7 @@ clock_select(void)
 	nlist = j;
 
 	/*
-	 * If no survivors remain at this point, check if the modem 
+	 * If no survivors remain at this point, check if the modem
 	 * driver, local driver or orphan parent in that order. If so,
 	 * nominate the first one found as the only survivor.
 	 * Otherwise, give up and leave the island to the rats.
@@ -2709,7 +2712,7 @@ clock_select(void)
 	 * by root distance. Continue voting as long as there are more
 	 * than sys_minclock survivors and the select jitter of the peer
 	 * with the worst metric is greater than the minimum peer
-	 * jitter. Stop if we are about to discard a TRUE or PREFER 
+	 * jitter. Stop if we are about to discard a TRUE or PREFER
 	 * peer, who of course have the immunity idol.
 	 */
 	while (1) {
@@ -2815,7 +2818,7 @@ clock_select(void)
 
 		typesystem = peers[speer].peer;
 		if (osys_peer == NULL || osys_peer == typesystem) {
-			sys_clockhop = 0; 
+			sys_clockhop = 0;
 		} else if ((x = fabs(typesystem->offset -
 		    osys_peer->offset)) < sys_mindisp) {
 			if (sys_clockhop == 0)
@@ -3113,7 +3116,7 @@ peer_xmit(
 		 * the session key is generated.
 		 */
 		while (1) {
-		
+
 			/*
 			 * Allocate and initialize a keylist if not
 			 * already done. Then, use the list in inverse
@@ -3165,7 +3168,7 @@ peer_xmit(
 			break;
 
 		/*
-		 * In symmetric modes the parameter, certificate, 
+		 * In symmetric modes the parameter, certificate,
 		 * identity, cookie and autokey exchanges are
 		 * required. The leapsecond exchange is optional. But, a
 		 * peer will not believe the other peer until the other
@@ -3324,7 +3327,7 @@ peer_xmit(
 			session_key(&peer->dstadr->sin, &peer->srcadr,
 			    xkeyid, 0, 2);
 		}
-	} 
+	}
 #endif	/* AUTOKEY */
 
 	/*
@@ -3619,7 +3622,7 @@ pool_xmit(
 		return;	/* out of addresses, re-query DNS next poll */
 	restrict_mask = restrictions(rmtadr);
 	if (RES_FLAGS & restrict_mask)
-		restrict_source(rmtadr, 0, 
+		restrict_source(rmtadr, 0,
 				current_time + POOL_SOLICIT_WINDOW + 1);
 	lcladr = findinterface(rmtadr);
 	memset(&xpkt, 0, sizeof(xpkt));