MessageId=
Severity=Informational
Facility=System
+SymbolicName=MSG_CRYPT_AUTH
+Language=English
+Security Level is Auth (Integrity Only).
+.
+
+
+MessageId=
+Severity=Informational
+Facility=System
SymbolicName=MSG_CRYPT_ON
Language=English
Security Level is Crypt.
code = RegQueryValueEx(parmKey, "SecurityLevel", NULL, NULL,
(BYTE *) &cryptall, &dummyLen);
if (code == ERROR_SUCCESS) {
- afsi_log("SecurityLevel is %s", cryptall?"crypt":"clear");
+ afsi_log("SecurityLevel is %s", cryptall == 1?"crypt": cryptall == 2?"auth":"clear");
} else {
cryptall = 0;
afsi_log("Default SecurityLevel is clear");
}
- if (cryptall)
+ if (cryptall == 1)
LogEvent(EVENTLOG_INFORMATION_TYPE, MSG_CRYPT_ON);
+ else if (cryptall == 2)
+ LogEvent(EVENTLOG_INFORMATION_TYPE, MSG_CRYPT_AUTH);
else
LogEvent(EVENTLOG_INFORMATION_TYPE, MSG_CRYPT_OFF);
}
if (ucellp->flags & CM_UCELLFLAG_RXKAD) {
secIndex = 2;
- if (cryptall) {
- tcp->cryptlevel = rxkad_crypt;
- } else {
+ switch (cryptall) {
+ case 0:
tcp->cryptlevel = rxkad_clear;
+ break;
+ case 2:
+ tcp->cryptlevel = rxkad_auth;
+ break;
+ default:
+ tcp->cryptlevel = rxkad_crypt;
}
secObjp = rxkad_NewClientSecurityObject(tcp->cryptlevel,
&ucellp->sessionKey, ucellp->kvno,
lock_ObtainMutex(&tcp->mx);
if ((tcp->flags & CM_CONN_FLAG_FORCE_NEW) ||
(tcp->ucgen < ucellp->gen) ||
- (tcp->cryptlevel != (cryptall ? (ucellp->flags & CM_UCELLFLAG_RXKAD ? rxkad_crypt : rxkad_clear) : rxkad_clear)))
+ (tcp->cryptlevel != (ucellp->flags & CM_UCELLFLAG_RXKAD ? (cryptall == 1 ? rxkad_crypt : (cryptall == 2 ? rxkad_auth : rxkad_clear)) : rxkad_clear)))
{
if (tcp->ucgen < ucellp->gen)
osi_Log0(afsd_logp, "cm_ConnByServer replace connection due to token update");
memcpy(&cryptall, ioctlp->inDatap, sizeof(cryptall));
if (c != cryptall) {
- if (cryptall)
+ if (cryptall == 1)
LogEvent(EVENTLOG_INFORMATION_TYPE, MSG_CRYPT_ON);
+ else if (cryptall == 2)
+ LogEvent(EVENTLOG_INFORMATION_TYPE, MSG_CRYPT_AUTH);
else
LogEvent(EVENTLOG_INFORMATION_TYPE, MSG_CRYPT_OFF);
}
flag = 1;
else if (strcmp(tp, "off") == 0)
flag = 0;
+ else if (strcmp(tp, "auth") == 0)
+ flag = 0;
else {
- fprintf (stderr, "%s: %s must be \"on\" or \"off\".\n", pn, tp);
+ fprintf (stderr, "%s: %s must be \"on\", \"auth\", or \"off\".\n", pn, tp);
return EINVAL;
}
memcpy(&flag, tp, sizeof(afs_int32));
printf("Security level is currently ");
if (flag == 1)
+ printf("auth (data integrity).\n");
+ else if (flag == 1)
printf("crypt (data security).\n");
else
printf("clear.\n");