From dcd2b052b97bbef9e3d9952c9f8bfa0055381a39 Mon Sep 17 00:00:00 2001
From: Andrew Deason <adeason@sinenomine.net>
Date: Fri, 24 May 2013 14:02:11 -0500
Subject: [PATCH] cacheout: Add -encrypt option

Add the -encrypt option to cacheout, for forcing communication with
servers over encrypted channels.

Change-Id: I1a2a9faf2fb72238102b018b7692a6691a7c0054
Reviewed-on: http://gerrit.openafs.org/9941
Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: Derrick Brashear <shadow@your-file-system.com>
---
 src/venus/cacheout.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/venus/cacheout.c b/src/venus/cacheout.c
index 60b902f3e..075b6978f 100644
--- a/src/venus/cacheout.c
+++ b/src/venus/cacheout.c
@@ -240,12 +240,17 @@ MyBeforeProc(struct cmd_syndesc *as, void *arock)
     struct rx_connection *serverconns[MAXSERVERS];
     afs_int32 code, i;
     struct rx_securityClass *scnull;
+    rxkad_level sclevel = rxkad_auth;
 
     sprintf(confdir, "%s", AFSDIR_CLIENT_ETC_DIRPATH);
     if (as->parms[4].items) { /* -localauth */
 	sprintf(confdir, "%s", AFSDIR_SERVER_ETC_DIRPATH);
     }
 
+    if (as->parms[5].items) { /* -encrypt */
+	sclevel = rxkad_crypt;
+    }
+
     /* setup to talk to servers */
     code = rx_Init(0);
     if (code) {
@@ -271,7 +276,11 @@ MyBeforeProc(struct cmd_syndesc *as, void *arock)
     }
 
     if (as->parms[4].items) { /* -localauth */
-	code = afsconf_ClientAuth(tdir, &sc, &scindex);
+	if (sclevel == rxkad_crypt) {
+	    code = afsconf_ClientAuthSecure(tdir, &sc, &scindex);
+	} else {
+	    code = afsconf_ClientAuth(tdir, &sc, &scindex);
+	}
 	if (code || scindex == 0) {
 	    afsconf_Close(tdir);
 	    fprintf(stderr, "Could not get security object for -localauth (code: %d)\n",
@@ -292,7 +301,7 @@ MyBeforeProc(struct cmd_syndesc *as, void *arock)
 	    fprintf(stderr, "Could not get afs tokens, running unauthenticated\n");
 	} else {
 	    scindex = 2;
-	    sc = rxkad_NewClientSecurityObject(rxkad_auth, &ttoken.sessionKey,
+	    sc = rxkad_NewClientSecurityObject(sclevel, &ttoken.sessionKey,
 	                                       ttoken.kvno, ttoken.ticketLen,
 	                                       ttoken.ticket);
 	}
@@ -343,6 +352,7 @@ main(int argc, char **argv)
     cmd_AddParm(ts, "-cell", CMD_SINGLE, CMD_OPTIONAL, "cell name");
     cmd_AddParm(ts, "-noauth", CMD_FLAG, CMD_OPTIONAL, "don't authenticate");
     cmd_AddParm(ts, "-localauth", CMD_FLAG, CMD_OPTIONAL, "user server tickets");
+    cmd_AddParm(ts, "-encrypt", CMD_FLAG, CMD_OPTIONAL, "encrypt commands");
 
     ts = cmd_CreateSyntax("listservers", GetServerList, NULL,
 			  "list servers in the cell");
-- 
2.39.5