From: Andrew Deason <adeason@sinenomine.net>
Date: Fri, 24 May 2013 19:02:11 +0000 (-0500)
Subject: cacheout: Add -encrypt option
X-Git-Tag: openafs-stable-1_8_0pre1~1139
X-Git-Url: https://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=dcd2b052b97bbef9e3d9952c9f8bfa0055381a39;hp=1e8788927ed61c7bcc1d8ccb2c50582488fcfb6e

cacheout: Add -encrypt option

Add the -encrypt option to cacheout, for forcing communication with
servers over encrypted channels.

Change-Id: I1a2a9faf2fb72238102b018b7692a6691a7c0054
Reviewed-on: http://gerrit.openafs.org/9941
Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: Derrick Brashear <shadow@your-file-system.com>
---

diff --git a/src/venus/cacheout.c b/src/venus/cacheout.c
index 60b902f..075b697 100644
--- a/src/venus/cacheout.c
+++ b/src/venus/cacheout.c
@@ -240,12 +240,17 @@ MyBeforeProc(struct cmd_syndesc *as, void *arock)
     struct rx_connection *serverconns[MAXSERVERS];
     afs_int32 code, i;
     struct rx_securityClass *scnull;
+    rxkad_level sclevel = rxkad_auth;
 
     sprintf(confdir, "%s", AFSDIR_CLIENT_ETC_DIRPATH);
     if (as->parms[4].items) { /* -localauth */
 	sprintf(confdir, "%s", AFSDIR_SERVER_ETC_DIRPATH);
     }
 
+    if (as->parms[5].items) { /* -encrypt */
+	sclevel = rxkad_crypt;
+    }
+
     /* setup to talk to servers */
     code = rx_Init(0);
     if (code) {
@@ -271,7 +276,11 @@ MyBeforeProc(struct cmd_syndesc *as, void *arock)
     }
 
     if (as->parms[4].items) { /* -localauth */
-	code = afsconf_ClientAuth(tdir, &sc, &scindex);
+	if (sclevel == rxkad_crypt) {
+	    code = afsconf_ClientAuthSecure(tdir, &sc, &scindex);
+	} else {
+	    code = afsconf_ClientAuth(tdir, &sc, &scindex);
+	}
 	if (code || scindex == 0) {
 	    afsconf_Close(tdir);
 	    fprintf(stderr, "Could not get security object for -localauth (code: %d)\n",
@@ -292,7 +301,7 @@ MyBeforeProc(struct cmd_syndesc *as, void *arock)
 	    fprintf(stderr, "Could not get afs tokens, running unauthenticated\n");
 	} else {
 	    scindex = 2;
-	    sc = rxkad_NewClientSecurityObject(rxkad_auth, &ttoken.sessionKey,
+	    sc = rxkad_NewClientSecurityObject(sclevel, &ttoken.sessionKey,
 	                                       ttoken.kvno, ttoken.ticketLen,
 	                                       ttoken.ticket);
 	}
@@ -343,6 +352,7 @@ main(int argc, char **argv)
     cmd_AddParm(ts, "-cell", CMD_SINGLE, CMD_OPTIONAL, "cell name");
     cmd_AddParm(ts, "-noauth", CMD_FLAG, CMD_OPTIONAL, "don't authenticate");
     cmd_AddParm(ts, "-localauth", CMD_FLAG, CMD_OPTIONAL, "user server tickets");
+    cmd_AddParm(ts, "-encrypt", CMD_FLAG, CMD_OPTIONAL, "encrypt commands");
 
     ts = cmd_CreateSyntax("listservers", GetServerList, NULL,
 			  "list servers in the cell");