Context Navigation

source: server/common/patches/openafs-pts-encrypt.patch @ 1019

Last change on this file since 1019 was 907, checked in by andersk, 15 years ago
Force queries to the PTS database to be encrypted, so that responses can be authenticated.
File size: 1.6 KB

Rev	Line
[907]	1	diff --git a/src/ptserver/pts.c b/src/ptserver/pts.c
	2	index 7b90a92..1a329c1 100644
	3	--- a/src/ptserver/pts.c
	4	+++ b/src/ptserver/pts.c
	5	@@ -176,6 +176,10 @@ GetGlobals(struct cmd_syndesc as, void arock)
	6	changed = 1;
	7	sec = 1;
	8	}
	9	+ if (as->parms[22].items) { /* -encrypt */
	10	+ changed = 1;
	11	+ sec = 3;
	12	+ }
	13	if (as->parms[18].items \|\| as->parms[20].items) { /* -test, -localauth */
	14	changed = 1;
	15	confdir = AFSDIR_SERVER_ETC_DIRPATH;
	16	@@ -1022,6 +1026,8 @@ add_std_args(register struct cmd_syndesc *ts)
	17	"use local authentication");
	18	cmd_AddParm(ts, "-auth", CMD_FLAG, CMD_OPTIONAL,
	19	"use user's authentication (default)");
	20	+ cmd_AddParm(ts, "-encrypt", CMD_FLAG, CMD_OPTIONAL,
	21	+ "encrypt commands");
	22	}
	23
	24	/*
	25	diff --git a/src/ptserver/ptuser.c b/src/ptserver/ptuser.c
	26	index fcd9d69..a5f7d16 100644
	27	--- a/src/ptserver/ptuser.c
	28	+++ b/src/ptserver/ptuser.c
	29	@@ -203,6 +203,8 @@ pr_Initialize(IN afs_int32 secLevel, IN char confDir, IN char cell)
	30	code = ktc_GetToken(&sname, &ttoken, sizeof(ttoken), NULL);
	31	if (code) {
	32	afs_com_err(whoami, code, "(getting token)");
	33	+ if (secLevel > 1)
	34	+ return code;
	35	scIndex = 0;
	36	} else {
	37	if (ttoken.kvno >= 0 && ttoken.kvno <= 256)
	38	@@ -215,7 +217,8 @@ pr_Initialize(IN afs_int32 secLevel, IN char confDir, IN char cell)
	39	scIndex = 2;
	40	}
	41	sc[2] =
	42	- rxkad_NewClientSecurityObject(rxkad_clear, &ttoken.sessionKey,
	43	+ rxkad_NewClientSecurityObject((secLevel > 1) ? rxkad_crypt :
	44	+ rxkad_clear, &ttoken.sessionKey,
	45	ttoken.kvno, ttoken.ticketLen,
	46	ttoken.ticket);
	47	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: