From b5f8c9f3f5d3aea06e572f2eb5e636deb0f2cfe9 Mon Sep 17 00:00:00 2001
From: Marc Dionne <marc.dionne@your-file-system.com>
Date: Fri, 5 Jul 2013 12:50:36 -0400
Subject: [PATCH] bos: Do encryption if requested

Commit d008089a79 didn't replace the processing of the aencrypt
flag passed to the GetConn() function, causing all bos connections
to be un-encrypted.  This causes "addkey" to fail with an error
from the server, and "listkeys" to silently ignore the -showkey
option to display keys.

Set the AFSCONF_SECOPTS_ALWAYSENCRYPT flag, and don't set
AFSCONF_SECOPTS_FALLBACK_NULL since fallback is not acceptable if
the caller requested enrcyption.

Reviewed-on: http://gerrit.openafs.org/10043
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 7565cb420366d79df319e344678a8d9ceab6db08)

Change-Id: Ibc643a352ed560ad0f32cbff61167463e16201ee
Reviewed-on: http://gerrit.openafs.org/10863
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
---
 src/bozo/bos.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/bozo/bos.c b/src/bozo/bos.c
index 3f1282b39..15bf343af 100644
--- a/src/bozo/bos.c
+++ b/src/bozo/bos.c
@@ -186,7 +186,11 @@ GetConn(struct cmd_syndesc *as, int aencrypt)
     }
     memcpy(&addr, th->h_addr, sizeof(afs_int32));
 
-    secFlags = AFSCONF_SECOPTS_FALLBACK_NULL;
+    if (aencrypt)
+	secFlags = AFSCONF_SECOPTS_ALWAYSENCRYPT;
+    else
+	secFlags = AFSCONF_SECOPTS_FALLBACK_NULL;
+
 
     if (as->parms[ADDPARMOFFSET + 2].items) { /* -localauth */
 	secFlags |= AFSCONF_SECOPTS_LOCALAUTH;
-- 
2.39.5