Invirtify openafs to include the pts -encrypt patch.

svn path=/trunk/third/openafs/; revision=2316

diff --git a/invirtify-openafs b/invirtify-openafs
new file mode 100755 (executable)
index 0000000..b50f31e
--- /dev/null
+++ b/invirtify-openafs
@@ -0,0 +1,21 @@
+#!/bin/sh
+set -e
+
+name=openafs
+ivversionappend=+invirt1
+
+dir=$(cd "$(dirname "$0")"; pwd)
+
+hack_package () {
+    QUILT_PATCHES=debian/patches quilt import "$dir/secure-pts"
+    append_description <<EOF
+ .
+ This package was rebuilt for the Invirt project to allow
+ encrypting communication with the ptserver.
+EOF
+    add_changelog 'Allow encrypting requests to the ptserver.'
+    add_invirt_provides
+    munge_sections
+}
+
+. ../common/invirtificator.sh

diff --git a/secure-pts b/secure-pts
new file mode 100644 (file)
index 0000000..5a091b3
--- /dev/null
+++ b/secure-pts
@@ -0,0 +1,48 @@
+Index: openafs-1.4.6.dfsg1/src/ptserver/pts.c
+===================================================================
+--- openafs-1.4.6.dfsg1.orig/src/ptserver/pts.c        2007-08-11 19:54:04.000000000 -0400
++++ openafs-1.4.6.dfsg1/src/ptserver/pts.c     2008-12-19 23:54:55.000000000 -0500
+@@ -146,6 +146,8 @@
+       cell = 0;
+     if (as->parms[17].items)
+       sec = 0;
++    if (as->parms[20].items) /* -encrypt */
++      sec = 3;
+ 
+     if (as->parms[18].items) {        /* testing? */
+       code = pr_Initialize(sec, AFSDIR_SERVER_ETC_DIRPATH, cell);
+@@ -972,6 +974,7 @@
+     cmd_AddParm(ts, "-test", CMD_FLAG, CMD_OPTIONAL | CMD_HIDE, test_help);
+     cmd_AddParm(ts, "-force", CMD_FLAG, CMD_OPTIONAL,
+               "Continue oper despite reasonable errors");
++    cmd_AddParm(ts, "-encrypt", CMD_FLAG, CMD_OPTIONAL, "encrypt commands");
+ }
+ 
+ /*
+Index: openafs-1.4.6.dfsg1/src/ptserver/ptuser.c
+===================================================================
+--- openafs-1.4.6.dfsg1.orig/src/ptserver/ptuser.c     2007-04-10 14:43:45.000000000 -0400
++++ openafs-1.4.6.dfsg1/src/ptserver/ptuser.c  2008-12-19 23:56:27.000000000 -0500
+@@ -200,8 +200,11 @@
+       sname.instance[0] = 0;
+       strcpy(sname.name, "afs");
+       code = ktc_GetToken(&sname, &ttoken, sizeof(ttoken), NULL);
+-      if (code)
++      if (code) {
++          if (secLevel > 1)
++              return code;
+           scIndex = 0;
++      }
+       else {
+           if (ttoken.kvno >= 0 && ttoken.kvno <= 256)
+               /* this is a kerberos ticket, set scIndex accordingly */
+@@ -213,7 +216,8 @@
+               scIndex = 2;
+           }
+           sc[2] =
+-              rxkad_NewClientSecurityObject(rxkad_clear, &ttoken.sessionKey,
++              rxkad_NewClientSecurityObject((secLevel > 1) ? rxkad_crypt :
++                                            rxkad_clear, &ttoken.sessionKey,
+                                             ttoken.kvno, ttoken.ticketLen,
+                                             ttoken.ticket);
+       }