From cc7f6d17d39892459be85247720545c76bfdcc73 Mon Sep 17 00:00:00 2001
From: Chaskiel Grundman <cg2v@andrew.cmu.edu>
Date: Mon, 18 Mar 2013 01:22:00 -0400
Subject: [PATCH] Make server processes enable keytab decrypt

1.6 has common code for this, but not 1.4....
Keep the calls conditional on the presence of a krb5 library.

Change-Id: I5a1bcd515cb56a410f94de0a0f3614a8c8312b19
---
 src/bozo/bosserver.c    | 4 ++++
 src/budb/server.c       | 4 ++++
 src/ptserver/ptserver.c | 4 ++++
 src/update/server.c     | 5 ++++-
 src/viced/viced.c       | 6 ++++++
 src/vlserver/vlserver.c | 5 ++++-
 src/volser/volmain.c    | 4 ++++
 7 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/src/bozo/bosserver.c b/src/bozo/bosserver.c
index 60c7df11a..afe4bc2cf 100644
--- a/src/bozo/bosserver.c
+++ b/src/bozo/bosserver.c
@@ -1005,6 +1005,10 @@ main(int argc, char **argv, char **envp)
     bozo_rxsc[1] = (struct rx_securityClass *)0;
     bozo_rxsc[2] =
 	rxkad_NewServerSecurityObject(0, tdir, afsconf_GetKey, NULL);
+#ifdef USE_RXKAD_KEYTAB
+    if (rxkad_InitKeytabDecrypt(AFSDIR_SERVER_RXKAD_KEYTAB_FILEPATH) == 0)
+        rxkad_BindKeytabDecrypt(bozo_rxsc[2]);
+#endif
 
     /* Disable jumbograms */
     rx_SetNoJumbo();
diff --git a/src/budb/server.c b/src/budb/server.c
index bcff72ffd..40b002a2d 100644
--- a/src/budb/server.c
+++ b/src/budb/server.c
@@ -524,6 +524,10 @@ main(argc, argv)
     sca[RX_SCINDEX_KAD] =
 	rxkad_NewServerSecurityObject(rxkad_clear, BU_conf, afsconf_GetKey,
 				      NULL);
+#ifdef USE_RXKAD_KEYTAB
+    if (rxkad_InitKeytabDecrypt(AFSDIR_SERVER_RXKAD_KEYTAB_FILEPATH) == 0)
+        rxkad_BindKeytabDecrypt(sca[RX_SCINDEX_KAD]);
+#endif
 
     /* Disable jumbograms */
     rx_SetNoJumbo();
diff --git a/src/ptserver/ptserver.c b/src/ptserver/ptserver.c
index a8dda5cc4..b87d0200f 100644
--- a/src/ptserver/ptserver.c
+++ b/src/ptserver/ptserver.c
@@ -523,6 +523,10 @@ main(int argc, char **argv)
     sc[1] = 0;
     if (kerberosKeys) {
 	sc[2] = rxkad_NewServerSecurityObject(0, prdir, afsconf_GetKey, NULL);
+#ifdef USE_RXKAD_KEYTAB
+	if (rxkad_InitKeytabDecrypt(AFSDIR_SERVER_RXKAD_KEYTAB_FILEPATH) == 0)
+	    rxkad_BindKeytabDecrypt(sc[2]);
+#endif
     } else
 	sc[2] = sc[0];
 
diff --git a/src/update/server.c b/src/update/server.c
index 2c211c5f4..e29a3cbec 100644
--- a/src/update/server.c
+++ b/src/update/server.c
@@ -314,7 +314,10 @@ main(int argc, char *argv[])
 	rxkad_NewServerSecurityObject(rxkad_clear, cdir, afsconf_GetKey, 0);
     if (securityObjects[2] == (struct rx_securityClass *)0)
 	Quit("rxkad_NewServerSecurityObject");
-
+#ifdef USE_RXKAD_KEYTAB
+    if (rxkad_InitKeytabDecrypt(AFSDIR_SERVER_RXKAD_KEYTAB_FILEPATH) == 0)
+        rxkad_BindKeytabDecrypt(securityObjects[2]);
+#endif
     /* Instantiate a single UPDATE service.  The rxgen-generated procedure
      * which is called to decode requests is passed in here
      * (UPDATE_ExecuteRequest). */
diff --git a/src/viced/viced.c b/src/viced/viced.c
index 59e69777f..5ed97c869 100644
--- a/src/viced/viced.c
+++ b/src/viced/viced.c
@@ -1873,6 +1873,12 @@ main(int argc, char *argv[])
     sc[1] = 0;			/* rxvab_NewServerSecurityObject(key1, 0) */
     sc[2] = rxkad_NewServerSecurityObject(rxkad_clear, NULL, get_key, NULL);
     sc[3] = rxkad_NewServerSecurityObject(rxkad_crypt, NULL, get_key, NULL);
+#ifdef USE_RXKAD_KEYTAB
+    if (rxkad_InitKeytabDecrypt(AFSDIR_SERVER_RXKAD_KEYTAB_FILEPATH) == 0) {
+        rxkad_BindKeytabDecrypt(sc[2]);
+        rxkad_BindKeytabDecrypt(sc[3]);
+    }
+#endif
     tservice = rx_NewServiceHost(rx_bindhost,  /* port */ 0, /* service id */ 
 				 1,	/*service name */
 				 "AFS",
diff --git a/src/vlserver/vlserver.c b/src/vlserver/vlserver.c
index 7b5dca73d..2e686eeed 100644
--- a/src/vlserver/vlserver.c
+++ b/src/vlserver/vlserver.c
@@ -355,7 +355,10 @@ main(argc, argv)
     sc[0] = rxnull_NewServerSecurityObject();
     sc[1] = (struct rx_securityClass *)0;
     sc[2] = rxkad_NewServerSecurityObject(0, tdir, afsconf_GetKey, NULL);
-
+#ifdef USE_RXKAD_KEYTAB
+    if (rxkad_InitKeytabDecrypt(AFSDIR_SERVER_RXKAD_KEYTAB_FILEPATH) == 0)
+	rxkad_BindKeytabDecrypt(sc[2]);
+#endif
     tservice =
 	rx_NewServiceHost(host, 0, USER_SERVICE_ID, "Vldb server", sc, 3,
 		      VL_ExecuteRequest);
diff --git a/src/volser/volmain.c b/src/volser/volmain.c
index 3a7e19487..398e394b7 100644
--- a/src/volser/volmain.c
+++ b/src/volser/volmain.c
@@ -494,6 +494,10 @@ main(int argc, char **argv)
 	rxkad_NewServerSecurityObject(0, tdir, afsconf_GetKey, NULL);
     if (securityObjects[0] == (struct rx_securityClass *)0)
 	Abort("rxnull_NewServerSecurityObject");
+#ifdef USE_RXKAD_KEYTAB
+    if (securityObjects[2] != NULL && rxkad_InitKeytabDecrypt(AFSDIR_SERVER_RXKAD_KEYTAB_FILEPATH) == 0)
+        rxkad_BindKeytabDecrypt(securityObjects[2]);
+#endif
     service =
 	rx_NewServiceHost(host, 0, VOLSERVICE_ID, "VOLSER", securityObjects, 3,
 		      AFSVolExecuteRequest);
-- 
2.39.5