diff -u -r /afs/csn-v64.tu-chemnitz.de/openafs/src/WINNT/afsd/afsd_init.c src/WINNT/afsd/afsd_init.c --- /afs/csn-v64.tu-chemnitz.de/openafs/src/WINNT/afsd/afsd_init.c Sat Nov 4 11:01:35 2000 +++ src/WINNT/afsd/afsd_init.c Tue Apr 3 16:57:33 2001 @@ -31,6 +31,8 @@ extern int RXAFSCB_ExecuteRequest(); extern int RXSTATS_ExecuteRequest(); +extern afs_int32 cryptall; + char AFSConfigKeyName[] = "SYSTEM\\CurrentControlSet\\Services\\TransarcAFSDaemon\\Parameters"; @@ -378,6 +380,16 @@ else { strcat(cm_sysName, "i386_nt40"); afsi_log("Default sys name %s", cm_sysName); + } + + dummyLen = sizeof(cryptall); + code = RegQueryValueEx(parmKey, "SecurityLevel", NULL, NULL, + (BYTE *) &cryptall, &dummyLen); + if (code == ERROR_SUCCESS) + afsi_log("SecurityLevel is %s", cryptall?"crypt":"clear"); + else { + cryptall = rxkad_clear; + afsi_log("Default SecurityLevel is clear"); } RegCloseKey (parmKey); diff -u -r /afs/csn-v64.tu-chemnitz.de/openafs/src/WINNT/afsd/cm_conn.c src/WINNT/afsd/cm_conn.c --- /afs/csn-v64.tu-chemnitz.de/openafs/src/WINNT/afsd/cm_conn.c Sat Nov 4 11:01:37 2000 +++ src/WINNT/afsd/cm_conn.c Tue Apr 3 15:47:06 2001 @@ -23,6 +23,8 @@ long RDRtimeout = CM_CONN_DEFAULTRDRTIMEOUT; +afs_int32 cryptall = 0; + void cm_PutConn(cm_conn_t *connp) { lock_ObtainWrite(&cm_connLock); @@ -329,6 +331,7 @@ int serviceID; int secIndex; struct rx_securityClass *secObjp; + afs_int32 level; if (serverp->type == CM_SERVER_VLDB) { port = htons(7003); @@ -341,7 +344,13 @@ } if (ucellp->flags & CM_UCELLFLAG_RXKAD) { secIndex = 2; - secObjp = rxkad_NewClientSecurityObject(rxkad_clear, + if (cryptall) { + level = rxkad_crypt; + tcp->cryptlevel = rxkad_crypt; + } else { + level = rxkad_clear; + } + secObjp = rxkad_NewClientSecurityObject(level, &ucellp->sessionKey, ucellp->kvno, ucellp->ticketLen, ucellp->ticketp); } @@ -382,11 +391,13 @@ cm_HoldUser(userp); lock_InitializeMutex(&tcp->mx, "cm_conn_t mutex"); tcp->serverp = serverp; + tcp->cryptlevel = rxkad_clear; cm_NewRXConnection(tcp, ucellp, serverp); tcp->refCount = 1; } else { - if (tcp->ucgen < ucellp->gen) { + if ((tcp->ucgen < ucellp->gen) || (tcp->cryptlevel != cryptall)) + { rx_DestroyConnection(tcp->callp); cm_NewRXConnection(tcp, ucellp, serverp); } diff -u -r /afs/csn-v64.tu-chemnitz.de/openafs/src/WINNT/afsd/cm_conn.h src/WINNT/afsd/cm_conn.h --- /afs/csn-v64.tu-chemnitz.de/openafs/src/WINNT/afsd/cm_conn.h Sat Nov 4 11:01:38 2000 +++ src/WINNT/afsd/cm_conn.h Tue Apr 3 15:40:41 2001 @@ -23,6 +23,7 @@ int refCount; /* locked by cm_connLock */ int ucgen; /* ucellp's generation number */ long flags; /* locked by mx */ + int cryptlevel; /* encrytion status */ } cm_conn_t; /* structure used for tracking RPC progress */ diff -u -r /afs/csn-v64.tu-chemnitz.de/openafs/src/WINNT/afsd/cm_ioctl.c src/WINNT/afsd/cm_ioctl.c --- /afs/csn-v64.tu-chemnitz.de/openafs/src/WINNT/afsd/cm_ioctl.c Sat Nov 4 11:01:38 2000 +++ src/WINNT/afsd/cm_ioctl.c Tue Apr 3 14:33:21 2001 @@ -35,6 +35,8 @@ osi_mutex_t cm_Afsdsbmt_Lock; +extern afs_int32 cryptall; + void cm_InitIoctl(void) { lock_InitializeMutex(&cm_Afsdsbmt_Lock, "AFSDSBMT.INI Access Lock"); @@ -1788,3 +1790,19 @@ return 0; } +long cm_IoctlGetRxkcrypt(smb_ioctl_t *ioctlp, cm_user_t *userp) +{ + memcpy(ioctlp->outDatap, &cryptall, sizeof(cryptall)); + ioctlp->outDatap += sizeof(cryptall); + + return 0; +} + +long cm_IoctlSetRxkcrypt(smb_ioctl_t *ioctlp, cm_user_t *userp) +{ + cm_SkipIoctlPath(ioctlp); + + memcpy(&cryptall, ioctlp->inDatap, sizeof(cryptall)); + + return 0; +} diff -u -r /afs/csn-v64.tu-chemnitz.de/openafs/src/WINNT/afsd/cm_ioctl.h src/WINNT/afsd/cm_ioctl.h --- /afs/csn-v64.tu-chemnitz.de/openafs/src/WINNT/afsd/cm_ioctl.h Sat Nov 4 11:01:39 2000 +++ src/WINNT/afsd/cm_ioctl.h Tue Apr 3 14:15:06 2001 @@ -119,6 +119,10 @@ extern long cm_IoctlMakeSubmount(smb_ioctl_t *ioctlp, cm_user_t *userp); +extern long cm_IoctlGetRxkcrypt(smb_ioctl_t *ioctlp, cm_user_t *userp); + +extern long cm_IoctlSetRxkcrypt(smb_ioctl_t *ioctlp, cm_user_t *userp); + #endif /* __CM_IOCTL_INTERFACES_ONLY__ */ #endif /* __CM_IOCTL_H_ENV__ */ diff -u -r /afs/csn-v64.tu-chemnitz.de/openafs/src/WINNT/afsd/fs.c src/WINNT/afsd/fs.c --- /afs/csn-v64.tu-chemnitz.de/openafs/src/WINNT/afsd/fs.c Sat Nov 4 11:01:41 2000 +++ src/WINNT/afsd/fs.c Tue Apr 3 14:55:07 2001 @@ -2621,6 +2621,59 @@ return 0; } +static afs_int32 SetCryptCmd(as) + struct cmd_syndesc *as; +{ + afs_int32 code = 0, flag; + struct ViceIoctl blob; + char *tp; + + tp = as->parms[0].items->data; + if (strcmp(tp, "on") == 0) + flag = 1; + else if (strcmp(tp, "off") == 0) + flag = 0; + else { + fprintf (stderr, "%s: %s must be \"on\" or \"off\".\n", pn, tp); + return EINVAL; + } + + blob.in = (char *) &flag; + blob.in_size = sizeof(flag); + blob.out_size = 0; + code = pioctl(0, VIOC_SETRXKCRYPT, &blob, 1); + if (code) + Die(code, (char *) 0); + return 0; +} + +static afs_int32 GetCryptCmd(as) + struct cmd_syndesc *as; +{ + afs_int32 code = 0, flag; + struct ViceIoctl blob; + char *tp; + + blob.in = (char *) 0; + blob.in_size = 0; + blob.out_size = sizeof(flag); + blob.out = space; + + code = pioctl(0, VIOC_GETRXKCRYPT, &blob, 1); + + if (code) Die(code, (char *) 0); + else { + tp = space; + bcopy(tp, &flag, sizeof(afs_int32)); + printf("Security level is currently "); + if (flag == 1) + printf("crypt (data security).\n"); + else + printf("clear.\n"); + } + return 0; +} + main(argc, argv) int argc; char **argv; { @@ -2838,7 +2891,12 @@ cmd_AddParm(ts, "-files", CMD_LIST, CMD_OPTIONAL, "specific pathnames"); cmd_AddParm(ts, "-allfiles", CMD_SINGLE, CMD_OPTIONAL, "new default (KB)"); cmd_CreateAlias(ts, "sb"); - + + ts = cmd_CreateSyntax("setcrypt", SetCryptCmd, 0, "set cache manager encryption flag"); + cmd_AddParm(ts, "-crypt", CMD_SINGLE, 0, "on or off"); + + ts = cmd_CreateSyntax("getcrypt", GetCryptCmd, 0, "get cache manager encryption flag"); + ts = cmd_CreateSyntax("trace", TraceCmd, 0, "enable or disable CM tracing"); cmd_AddParm(ts, "-on", CMD_FLAG, CMD_OPTIONAL, "enable tracing"); cmd_AddParm(ts, "-off", CMD_FLAG, CMD_OPTIONAL, "disable tracing"); diff -u -r /afs/csn-v64.tu-chemnitz.de/openafs/src/WINNT/afsd/smb_iocons.h src/WINNT/afsd/smb_iocons.h --- /afs/csn-v64.tu-chemnitz.de/openafs/src/WINNT/afsd/smb_iocons.h Sat Nov 4 11:01:45 2000 +++ src/WINNT/afsd/smb_iocons.h Tue Apr 3 13:55:13 2001 @@ -88,4 +88,7 @@ #define VIOC_DELSYMLINK 0x25 #define VIOC_MAKESUBMOUNT 0x26 +#define VIOC_GETRXKCRYPT 0x27 +#define VIOC_SETRXKCRYPT 0x28 + #endif /* __SMB_IOCONS_H_ENV_ */ diff -u -r /afs/csn-v64.tu-chemnitz.de/openafs/src/WINNT/afsd/smb_ioctl.c src/WINNT/afsd/smb_ioctl.c --- /afs/csn-v64.tu-chemnitz.de/openafs/src/WINNT/afsd/smb_ioctl.c Sat Nov 4 11:01:45 2000 +++ src/WINNT/afsd/smb_ioctl.c Tue Apr 3 14:08:03 2001 @@ -62,6 +62,8 @@ smb_ioctlProcsp[VIOC_LISTSYMLINK] = cm_IoctlListlink; smb_ioctlProcsp[VIOC_DELSYMLINK] = cm_IoctlDeletelink; smb_ioctlProcsp[VIOC_MAKESUBMOUNT] = cm_IoctlMakeSubmount; + smb_ioctlProcsp[VIOC_GETRXKCRYPT] = cm_IoctlGetRxkcrypt; + smb_ioctlProcsp[VIOC_SETRXKCRYPT] = cm_IoctlSetRxkcrypt; } /* called to make a fid structure into an IOCTL fid structure */ diff -u -r /afs/csn-v64.tu-chemnitz.de/openafs/src/WINNT/client_config/dlg_automap.cpp src/WINNT/client_config/dlg_automap.cpp --- /afs/csn-v64.tu-chemnitz.de/openafs/src/WINNT/client_config/dlg_automap.cpp Sat Nov 4 11:02:37 2000 +++ src/WINNT/client_config/dlg_automap.cpp Tue Apr 3 16:29:44 2001 @@ -212,13 +212,14 @@ TCHAR szValueName[128]; HKEY hKey; LONG result; + DWORD dwDispo; if (!pDrive) return FALSE; _stprintf(szKeyName, TEXT("%s\\GlobalAutoMapper"), AFSConfigKeyName); - if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, szKeyName, 0, KEY_SET_VALUE, &hKey) != ERROR_SUCCESS) + if (RegCreateKeyEx(HKEY_LOCAL_MACHINE, szKeyName, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_SET_VALUE, NULL, &hKey, &dwDispo) != ERROR_SUCCESS) return FALSE; _stprintf(szValueName, TEXT("%c:"), pDrive->chDrive);