extern int RXAFSCB_ExecuteRequest();
extern int RXSTATS_ExecuteRequest();
+extern afs_int32 cryptall;
+
char AFSConfigKeyName[] =
"SYSTEM\\CurrentControlSet\\Services\\TransarcAFSDaemon\\Parameters";
afsi_log("Default sys name %s", cm_sysName);
}
+ dummyLen = sizeof(cryptall);
+ code = RegQueryValueEx(parmKey, "SecurityLevel", NULL, NULL,
+ (BYTE *) &cryptall, &dummyLen);
+ if (code == ERROR_SUCCESS)
+ afsi_log("SecurityLevel is %s", cryptall?"crypt":"clear");
+ else {
+ cryptall = rxkad_clear;
+ afsi_log("Default SecurityLevel is clear");
+ }
+
RegCloseKey (parmKey);
/* setup early variables */
long RDRtimeout = CM_CONN_DEFAULTRDRTIMEOUT;
+afs_int32 cryptall = 0;
+
void cm_PutConn(cm_conn_t *connp)
{
lock_ObtainWrite(&cm_connLock);
int serviceID;
int secIndex;
struct rx_securityClass *secObjp;
+ afs_int32 level;
if (serverp->type == CM_SERVER_VLDB) {
port = htons(7003);
}
if (ucellp->flags & CM_UCELLFLAG_RXKAD) {
secIndex = 2;
- secObjp = rxkad_NewClientSecurityObject(rxkad_clear,
+ if (cryptall) {
+ level = rxkad_crypt;
+ tcp->cryptlevel = rxkad_crypt;
+ } else {
+ level = rxkad_clear;
+ }
+ secObjp = rxkad_NewClientSecurityObject(level,
&ucellp->sessionKey, ucellp->kvno,
ucellp->ticketLen, ucellp->ticketp);
}
cm_HoldUser(userp);
lock_InitializeMutex(&tcp->mx, "cm_conn_t mutex");
tcp->serverp = serverp;
+ tcp->cryptlevel = rxkad_clear;
cm_NewRXConnection(tcp, ucellp, serverp);
tcp->refCount = 1;
}
else {
- if (tcp->ucgen < ucellp->gen) {
+ if ((tcp->ucgen < ucellp->gen) || (tcp->cryptlevel != cryptall))
+ {
rx_DestroyConnection(tcp->callp);
cm_NewRXConnection(tcp, ucellp, serverp);
}
int refCount; /* locked by cm_connLock */
int ucgen; /* ucellp's generation number */
long flags; /* locked by mx */
+ int cryptlevel; /* encrytion status */
} cm_conn_t;
/* structure used for tracking RPC progress */
osi_mutex_t cm_Afsdsbmt_Lock;
+extern afs_int32 cryptall;
+
void cm_InitIoctl(void)
{
lock_InitializeMutex(&cm_Afsdsbmt_Lock, "AFSDSBMT.INI Access Lock");
return 0;
}
+long cm_IoctlGetRxkcrypt(smb_ioctl_t *ioctlp, cm_user_t *userp)
+{
+ memcpy(ioctlp->outDatap, &cryptall, sizeof(cryptall));
+ ioctlp->outDatap += sizeof(cryptall);
+
+ return 0;
+}
+
+long cm_IoctlSetRxkcrypt(smb_ioctl_t *ioctlp, cm_user_t *userp)
+{
+ cm_SkipIoctlPath(ioctlp);
+
+ memcpy(&cryptall, ioctlp->inDatap, sizeof(cryptall));
+
+ return 0;
+}
extern long cm_IoctlMakeSubmount(smb_ioctl_t *ioctlp, cm_user_t *userp);
+extern long cm_IoctlGetRxkcrypt(smb_ioctl_t *ioctlp, cm_user_t *userp);
+
+extern long cm_IoctlSetRxkcrypt(smb_ioctl_t *ioctlp, cm_user_t *userp);
+
#endif /* __CM_IOCTL_INTERFACES_ONLY__ */
#endif /* __CM_IOCTL_H_ENV__ */
return 0;
}
+static afs_int32 SetCryptCmd(as)
+ struct cmd_syndesc *as;
+{
+ afs_int32 code = 0, flag;
+ struct ViceIoctl blob;
+ char *tp;
+
+ tp = as->parms[0].items->data;
+ if (strcmp(tp, "on") == 0)
+ flag = 1;
+ else if (strcmp(tp, "off") == 0)
+ flag = 0;
+ else {
+ fprintf (stderr, "%s: %s must be \"on\" or \"off\".\n", pn, tp);
+ return EINVAL;
+ }
+
+ blob.in = (char *) &flag;
+ blob.in_size = sizeof(flag);
+ blob.out_size = 0;
+ code = pioctl(0, VIOC_SETRXKCRYPT, &blob, 1);
+ if (code)
+ Die(code, (char *) 0);
+ return 0;
+}
+
+static afs_int32 GetCryptCmd(as)
+ struct cmd_syndesc *as;
+{
+ afs_int32 code = 0, flag;
+ struct ViceIoctl blob;
+ char *tp;
+
+ blob.in = (char *) 0;
+ blob.in_size = 0;
+ blob.out_size = sizeof(flag);
+ blob.out = space;
+
+ code = pioctl(0, VIOC_GETRXKCRYPT, &blob, 1);
+
+ if (code) Die(code, (char *) 0);
+ else {
+ tp = space;
+ bcopy(tp, &flag, sizeof(afs_int32));
+ printf("Security level is currently ");
+ if (flag == 1)
+ printf("crypt (data security).\n");
+ else
+ printf("clear.\n");
+ }
+ return 0;
+}
+
main(argc, argv)
int argc;
char **argv; {
cmd_AddParm(ts, "-files", CMD_LIST, CMD_OPTIONAL, "specific pathnames");
cmd_AddParm(ts, "-allfiles", CMD_SINGLE, CMD_OPTIONAL, "new default (KB)");
cmd_CreateAlias(ts, "sb");
-
+
+ ts = cmd_CreateSyntax("setcrypt", SetCryptCmd, 0, "set cache manager encryption flag");
+ cmd_AddParm(ts, "-crypt", CMD_SINGLE, 0, "on or off");
+
+ ts = cmd_CreateSyntax("getcrypt", GetCryptCmd, 0, "get cache manager encryption flag");
+
ts = cmd_CreateSyntax("trace", TraceCmd, 0, "enable or disable CM tracing");
cmd_AddParm(ts, "-on", CMD_FLAG, CMD_OPTIONAL, "enable tracing");
cmd_AddParm(ts, "-off", CMD_FLAG, CMD_OPTIONAL, "disable tracing");
#define VIOC_DELSYMLINK 0x25
#define VIOC_MAKESUBMOUNT 0x26
+#define VIOC_GETRXKCRYPT 0x27
+#define VIOC_SETRXKCRYPT 0x28
+
#endif /* __SMB_IOCONS_H_ENV_ */
smb_ioctlProcsp[VIOC_LISTSYMLINK] = cm_IoctlListlink;
smb_ioctlProcsp[VIOC_DELSYMLINK] = cm_IoctlDeletelink;
smb_ioctlProcsp[VIOC_MAKESUBMOUNT] = cm_IoctlMakeSubmount;
+ smb_ioctlProcsp[VIOC_GETRXKCRYPT] = cm_IoctlGetRxkcrypt;
+ smb_ioctlProcsp[VIOC_SETRXKCRYPT] = cm_IoctlSetRxkcrypt;
}
/* called to make a fid structure into an IOCTL fid structure */
projects / packages / o / openafs.git / commitdiff