From 664e5aca1692b664cfacd906bd4e632baedf4a4b Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Mon, 12 Oct 2009 14:20:00 -0400
Subject: [PATCH] Windows: If SecurityLevel is configured use it for vos.exe
 and pts.exe

If the SecurityLevel registry value indicates that crypt should be
the default, then always set -encrypt for vos.exe and pts.exe.

Reviewed-on: http://gerrit.openafs.org/648
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
---
 src/ptserver/pts.c | 30 +++++++++++++++++++++++++++++-
 src/volser/vos.c   | 30 +++++++++++++++++++++++++++++-
 2 files changed, 58 insertions(+), 2 deletions(-)

diff --git a/src/ptserver/pts.c b/src/ptserver/pts.c
index 2af653239..56cfc743a 100644
--- a/src/ptserver/pts.c
+++ b/src/ptserver/pts.c
@@ -23,6 +23,7 @@
 #ifdef AFS_NT40_ENV
 #include <winsock2.h>
 #include <WINNT/afsevent.h>
+#include <WINNT/afsreg.h>
 #else
 #include <netinet/in.h>
 #endif
@@ -142,6 +143,29 @@ osi_audit(void)
     return 0;
 }
 
+#ifdef AFS_NT40_ENV
+static DWORD
+win32_enableCrypt(void)
+{
+    HKEY parmKey;
+    DWORD dummyLen;
+    DWORD cryptall = 0;
+    DWORD code;
+
+    /* Look up configuration parameters in Registry */
+    code = RegOpenKeyEx(HKEY_LOCAL_MACHINE, AFSREG_CLT_SVC_PARAM_SUBKEY,
+                        0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey);
+    if (code != ERROR_SUCCESS) {
+        dummyLen = sizeof(cryptall);
+        RegQueryValueEx(parmKey, "SecurityLevel", NULL, NULL,
+                        (BYTE *) &cryptall, &dummyLen);
+    }
+    RegCloseKey (parmKey);
+
+    return cryptall;
+}
+#endif /* AFS_NT40_ENV */
+
 static int
 GetGlobals(struct cmd_syndesc *as, void *arock)
 {
@@ -182,7 +206,11 @@ GetGlobals(struct cmd_syndesc *as, void *arock)
 	changed = 1;
 	sec = 1;
     }
-    if (as->parms[22].items) { /* -encrypt */
+    if (as->parms[22].items    /* -encrypt */
+#ifdef AFS_NT40_ENV
+        || win32_enableCrypt()
+#endif /* AFS_NT40_ENV */
+        ) {
 	changed = 1;
 	sec = 3;
     }
diff --git a/src/volser/vos.c b/src/volser/vos.c
index 0428be0e6..a2274ac9e 100644
--- a/src/volser/vos.c
+++ b/src/volser/vos.c
@@ -20,6 +20,7 @@
 #include <fcntl.h>
 #include <io.h>
 #include <winsock2.h>
+#include <WINNT/afsreg.h>
 #else
 #include <sys/time.h>
 #include <sys/file.h>
@@ -5678,6 +5679,29 @@ PrintDiagnostics(char *astring, afs_int32 acode)
 }
 
 
+#ifdef AFS_NT40_ENV
+static DWORD
+win32_enableCrypt(void)
+{
+    HKEY parmKey;
+    DWORD dummyLen;
+    DWORD cryptall = 0;
+    DWORD code;
+
+    /* Look up configuration parameters in Registry */
+    code = RegOpenKeyEx(HKEY_LOCAL_MACHINE, AFSREG_CLT_SVC_PARAM_SUBKEY,
+                        0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey);
+    if (code != ERROR_SUCCESS) {
+        dummyLen = sizeof(cryptall);
+        RegQueryValueEx(parmKey, "SecurityLevel", NULL, NULL,
+                        (BYTE *) &cryptall, &dummyLen);
+    }
+    RegCloseKey (parmKey);
+
+    return cryptall;
+}
+#endif /* AFS_NT40_ENV */
+
 static int
 MyBeforeProc(struct cmd_syndesc *as, void *arock)
 {
@@ -5695,7 +5719,11 @@ MyBeforeProc(struct cmd_syndesc *as, void *arock)
 	tcell = as->parms[12].items->data;
     if (as->parms[14].items)	/* -serverauth specified */
 	sauth = 1;
-    if (as->parms[16].items)	/* -crypt specified */
+    if (as->parms[16].items     /* -encrypt specified */
+#ifdef AFS_NT40_ENV
+        || win32_enableCrypt()
+#endif /* AFS_NT40_ENV */
+         )
 	vsu_SetCrypt(1);
     if ((code =
 	 vsu_ClientInit((as->parms[13].items != 0), confdir, tcell, sauth,
-- 
2.39.5