From: Volker Holfeld Date: Wed, 4 Apr 2001 13:46:19 +0000 (+0000) Subject: winnt-enable-cryptall-support-20010404 X-Git-Tag: openafs-stable-1_1_0~232 X-Git-Url: https://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=814ac0fc1d98b09667bcd5738b3607f9b8595359;hp=bf58cfd11f28c1b32501d5f79a03dcd7c8d35517 winnt-enable-cryptall-support-20010404 introduce fs setcrypt/fs getcrypt features to nt client add registry parameter SecurityLevel to allow persistent setting --- diff --git a/src/WINNT/afsd/afsd_init.c b/src/WINNT/afsd/afsd_init.c index aba2900..f7c7fec 100644 --- a/src/WINNT/afsd/afsd_init.c +++ b/src/WINNT/afsd/afsd_init.c @@ -31,6 +31,8 @@ extern int RXAFSCB_ExecuteRequest(); extern int RXSTATS_ExecuteRequest(); +extern afs_int32 cryptall; + char AFSConfigKeyName[] = "SYSTEM\\CurrentControlSet\\Services\\TransarcAFSDaemon\\Parameters"; @@ -380,6 +382,16 @@ int afsd_InitCM(char **reasonP) afsi_log("Default sys name %s", cm_sysName); } + dummyLen = sizeof(cryptall); + code = RegQueryValueEx(parmKey, "SecurityLevel", NULL, NULL, + (BYTE *) &cryptall, &dummyLen); + if (code == ERROR_SUCCESS) + afsi_log("SecurityLevel is %s", cryptall?"crypt":"clear"); + else { + cryptall = rxkad_clear; + afsi_log("Default SecurityLevel is clear"); + } + RegCloseKey (parmKey); /* setup early variables */ diff --git a/src/WINNT/afsd/cm_conn.c b/src/WINNT/afsd/cm_conn.c index 704720c..c78bc66 100644 --- a/src/WINNT/afsd/cm_conn.c +++ b/src/WINNT/afsd/cm_conn.c @@ -23,6 +23,8 @@ osi_rwlock_t cm_connLock; long RDRtimeout = CM_CONN_DEFAULTRDRTIMEOUT; +afs_int32 cryptall = 0; + void cm_PutConn(cm_conn_t *connp) { lock_ObtainWrite(&cm_connLock); @@ -329,6 +331,7 @@ static void cm_NewRXConnection(cm_conn_t *tcp, cm_ucell_t *ucellp, int serviceID; int secIndex; struct rx_securityClass *secObjp; + afs_int32 level; if (serverp->type == CM_SERVER_VLDB) { port = htons(7003); @@ -341,7 +344,13 @@ static void cm_NewRXConnection(cm_conn_t *tcp, cm_ucell_t *ucellp, } if (ucellp->flags & CM_UCELLFLAG_RXKAD) { secIndex = 2; - secObjp = rxkad_NewClientSecurityObject(rxkad_clear, + if (cryptall) { + level = rxkad_crypt; + tcp->cryptlevel = rxkad_crypt; + } else { + level = rxkad_clear; + } + secObjp = rxkad_NewClientSecurityObject(level, &ucellp->sessionKey, ucellp->kvno, ucellp->ticketLen, ucellp->ticketp); } @@ -382,11 +391,13 @@ long cm_ConnByServer(cm_server_t *serverp, cm_user_t *userp, cm_conn_t **connpp) cm_HoldUser(userp); lock_InitializeMutex(&tcp->mx, "cm_conn_t mutex"); tcp->serverp = serverp; + tcp->cryptlevel = rxkad_clear; cm_NewRXConnection(tcp, ucellp, serverp); tcp->refCount = 1; } else { - if (tcp->ucgen < ucellp->gen) { + if ((tcp->ucgen < ucellp->gen) || (tcp->cryptlevel != cryptall)) + { rx_DestroyConnection(tcp->callp); cm_NewRXConnection(tcp, ucellp, serverp); } diff --git a/src/WINNT/afsd/cm_conn.h b/src/WINNT/afsd/cm_conn.h index 2e2ab4d..e03bfe6 100644 --- a/src/WINNT/afsd/cm_conn.h +++ b/src/WINNT/afsd/cm_conn.h @@ -23,6 +23,7 @@ typedef struct cm_conn { int refCount; /* locked by cm_connLock */ int ucgen; /* ucellp's generation number */ long flags; /* locked by mx */ + int cryptlevel; /* encrytion status */ } cm_conn_t; /* structure used for tracking RPC progress */ diff --git a/src/WINNT/afsd/cm_ioctl.c b/src/WINNT/afsd/cm_ioctl.c index 2764b6f..db9346d 100644 --- a/src/WINNT/afsd/cm_ioctl.c +++ b/src/WINNT/afsd/cm_ioctl.c @@ -35,6 +35,8 @@ osi_mutex_t cm_Afsdsbmt_Lock; +extern afs_int32 cryptall; + void cm_InitIoctl(void) { lock_InitializeMutex(&cm_Afsdsbmt_Lock, "AFSDSBMT.INI Access Lock"); @@ -1788,3 +1790,19 @@ long cm_IoctlMakeSubmount(smb_ioctl_t *ioctlp, cm_user_t *userp) return 0; } +long cm_IoctlGetRxkcrypt(smb_ioctl_t *ioctlp, cm_user_t *userp) +{ + memcpy(ioctlp->outDatap, &cryptall, sizeof(cryptall)); + ioctlp->outDatap += sizeof(cryptall); + + return 0; +} + +long cm_IoctlSetRxkcrypt(smb_ioctl_t *ioctlp, cm_user_t *userp) +{ + cm_SkipIoctlPath(ioctlp); + + memcpy(&cryptall, ioctlp->inDatap, sizeof(cryptall)); + + return 0; +} diff --git a/src/WINNT/afsd/cm_ioctl.h b/src/WINNT/afsd/cm_ioctl.h index c0ce809..0346d29 100644 --- a/src/WINNT/afsd/cm_ioctl.h +++ b/src/WINNT/afsd/cm_ioctl.h @@ -119,6 +119,10 @@ extern long cm_IoctlDeletelink(smb_ioctl_t *ioctlp, cm_user_t *userp); extern long cm_IoctlMakeSubmount(smb_ioctl_t *ioctlp, cm_user_t *userp); +extern long cm_IoctlGetRxkcrypt(smb_ioctl_t *ioctlp, cm_user_t *userp); + +extern long cm_IoctlSetRxkcrypt(smb_ioctl_t *ioctlp, cm_user_t *userp); + #endif /* __CM_IOCTL_INTERFACES_ONLY__ */ #endif /* __CM_IOCTL_H_ENV__ */ diff --git a/src/WINNT/afsd/fs.c b/src/WINNT/afsd/fs.c index a769464..985c444 100644 --- a/src/WINNT/afsd/fs.c +++ b/src/WINNT/afsd/fs.c @@ -2621,6 +2621,59 @@ struct cmd_syndesc *as; { return 0; } +static afs_int32 SetCryptCmd(as) + struct cmd_syndesc *as; +{ + afs_int32 code = 0, flag; + struct ViceIoctl blob; + char *tp; + + tp = as->parms[0].items->data; + if (strcmp(tp, "on") == 0) + flag = 1; + else if (strcmp(tp, "off") == 0) + flag = 0; + else { + fprintf (stderr, "%s: %s must be \"on\" or \"off\".\n", pn, tp); + return EINVAL; + } + + blob.in = (char *) &flag; + blob.in_size = sizeof(flag); + blob.out_size = 0; + code = pioctl(0, VIOC_SETRXKCRYPT, &blob, 1); + if (code) + Die(code, (char *) 0); + return 0; +} + +static afs_int32 GetCryptCmd(as) + struct cmd_syndesc *as; +{ + afs_int32 code = 0, flag; + struct ViceIoctl blob; + char *tp; + + blob.in = (char *) 0; + blob.in_size = 0; + blob.out_size = sizeof(flag); + blob.out = space; + + code = pioctl(0, VIOC_GETRXKCRYPT, &blob, 1); + + if (code) Die(code, (char *) 0); + else { + tp = space; + bcopy(tp, &flag, sizeof(afs_int32)); + printf("Security level is currently "); + if (flag == 1) + printf("crypt (data security).\n"); + else + printf("clear.\n"); + } + return 0; +} + main(argc, argv) int argc; char **argv; { @@ -2838,7 +2891,12 @@ defect 3069 cmd_AddParm(ts, "-files", CMD_LIST, CMD_OPTIONAL, "specific pathnames"); cmd_AddParm(ts, "-allfiles", CMD_SINGLE, CMD_OPTIONAL, "new default (KB)"); cmd_CreateAlias(ts, "sb"); - + + ts = cmd_CreateSyntax("setcrypt", SetCryptCmd, 0, "set cache manager encryption flag"); + cmd_AddParm(ts, "-crypt", CMD_SINGLE, 0, "on or off"); + + ts = cmd_CreateSyntax("getcrypt", GetCryptCmd, 0, "get cache manager encryption flag"); + ts = cmd_CreateSyntax("trace", TraceCmd, 0, "enable or disable CM tracing"); cmd_AddParm(ts, "-on", CMD_FLAG, CMD_OPTIONAL, "enable tracing"); cmd_AddParm(ts, "-off", CMD_FLAG, CMD_OPTIONAL, "disable tracing"); diff --git a/src/WINNT/afsd/smb_iocons.h b/src/WINNT/afsd/smb_iocons.h index 78daaa6..4986e1f 100644 --- a/src/WINNT/afsd/smb_iocons.h +++ b/src/WINNT/afsd/smb_iocons.h @@ -88,4 +88,7 @@ typedef struct cm_cacheParms { #define VIOC_DELSYMLINK 0x25 #define VIOC_MAKESUBMOUNT 0x26 +#define VIOC_GETRXKCRYPT 0x27 +#define VIOC_SETRXKCRYPT 0x28 + #endif /* __SMB_IOCONS_H_ENV_ */ diff --git a/src/WINNT/afsd/smb_ioctl.c b/src/WINNT/afsd/smb_ioctl.c index 63cfe5c..0e0f742 100644 --- a/src/WINNT/afsd/smb_ioctl.c +++ b/src/WINNT/afsd/smb_ioctl.c @@ -62,6 +62,8 @@ void smb_InitIoctl(void) smb_ioctlProcsp[VIOC_LISTSYMLINK] = cm_IoctlListlink; smb_ioctlProcsp[VIOC_DELSYMLINK] = cm_IoctlDeletelink; smb_ioctlProcsp[VIOC_MAKESUBMOUNT] = cm_IoctlMakeSubmount; + smb_ioctlProcsp[VIOC_GETRXKCRYPT] = cm_IoctlGetRxkcrypt; + smb_ioctlProcsp[VIOC_SETRXKCRYPT] = cm_IoctlSetRxkcrypt; } /* called to make a fid structure into an IOCTL fid structure */