source: trunk/server/common/patches/openafs-pts-encrypt.patch @ 1137

Last change on this file since 1137 was 907, checked in by andersk, 14 years ago
Force queries to the PTS database to be encrypted, so that responses can be authenticated.
File size: 1.6 KB
  • src/ptserver/pts.c

    diff --git a/src/ptserver/pts.c b/src/ptserver/pts.c
    index 7b90a92..1a329c1 100644
    a b GetGlobals(struct cmd_syndesc *as, void *arock) 
    176176        changed = 1;
    177177        sec = 1;
    178178    }
     179    if (as->parms[22].items) { /* -encrypt */
     180        changed = 1;
     181        sec = 3;
     182    }
    179183    if (as->parms[18].items || as->parms[20].items) {   /* -test, -localauth */
    180184        changed = 1;
    181185        confdir = AFSDIR_SERVER_ETC_DIRPATH;
    add_std_args(register struct cmd_syndesc *ts) 
    10221026                "use local authentication");
    10231027    cmd_AddParm(ts, "-auth", CMD_FLAG, CMD_OPTIONAL,
    10241028                "use user's authentication (default)");
     1029    cmd_AddParm(ts, "-encrypt", CMD_FLAG, CMD_OPTIONAL,
     1030                "encrypt commands");
    10251031}
    10261032
    10271033/*
  • src/ptserver/ptuser.c

    diff --git a/src/ptserver/ptuser.c b/src/ptserver/ptuser.c
    index fcd9d69..a5f7d16 100644
    a b pr_Initialize(IN afs_int32 secLevel, IN char *confDir, IN char *cell) 
    203203        code = ktc_GetToken(&sname, &ttoken, sizeof(ttoken), NULL);
    204204        if (code) {
    205205            afs_com_err(whoami, code, "(getting token)");
     206            if (secLevel > 1)
     207                return code;
    206208            scIndex = 0;
    207209        } else {
    208210            if (ttoken.kvno >= 0 && ttoken.kvno <= 256)
    pr_Initialize(IN afs_int32 secLevel, IN char *confDir, IN char *cell) 
    215217                scIndex = 2;
    216218            }
    217219            sc[2] =
    218                 rxkad_NewClientSecurityObject(rxkad_clear, &ttoken.sessionKey,
     220                rxkad_NewClientSecurityObject((secLevel > 1) ? rxkad_crypt :
     221                                              rxkad_clear, &ttoken.sessionKey,
    219222                                              ttoken.kvno, ttoken.ticketLen,
    220223                                              ttoken.ticket);
    221224        }
Note: See TracBrowser for help on using the repository browser.