From 4791948d9c18086670e3daeabcb3875d35028acb Mon Sep 17 00:00:00 2001
From: Evan Broder <broder@mit.edu>
Date: Sat, 2 May 2009 12:29:39 -0400
Subject: [PATCH] Invirtify openafs to include the pts -encrypt patch.

svn path=/trunk/third/openafs/; revision=2316
---
 invirtify-openafs |   21 +++++++++++++++++++++
 secure-pts        |   48 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 69 insertions(+)
 create mode 100755 invirtify-openafs
 create mode 100644 secure-pts

diff --git a/invirtify-openafs b/invirtify-openafs
new file mode 100755
index 0000000..b50f31e
--- /dev/null
+++ b/invirtify-openafs
@@ -0,0 +1,21 @@
+#!/bin/sh
+set -e
+
+name=openafs
+ivversionappend=+invirt1
+
+dir=$(cd "$(dirname "$0")"; pwd)
+
+hack_package () {
+    QUILT_PATCHES=debian/patches quilt import "$dir/secure-pts"
+    append_description <<EOF
+ .
+ This package was rebuilt for the Invirt project to allow
+ encrypting communication with the ptserver.
+EOF
+    add_changelog 'Allow encrypting requests to the ptserver.'
+    add_invirt_provides
+    munge_sections
+}
+
+. ../common/invirtificator.sh
diff --git a/secure-pts b/secure-pts
new file mode 100644
index 0000000..5a091b3
--- /dev/null
+++ b/secure-pts
@@ -0,0 +1,48 @@
+Index: openafs-1.4.6.dfsg1/src/ptserver/pts.c
+===================================================================
+--- openafs-1.4.6.dfsg1.orig/src/ptserver/pts.c	2007-08-11 19:54:04.000000000 -0400
++++ openafs-1.4.6.dfsg1/src/ptserver/pts.c	2008-12-19 23:54:55.000000000 -0500
+@@ -146,6 +146,8 @@
+ 	cell = 0;
+     if (as->parms[17].items)
+ 	sec = 0;
++    if (as->parms[20].items) /* -encrypt */
++	sec = 3;
+ 
+     if (as->parms[18].items) {	/* testing? */
+ 	code = pr_Initialize(sec, AFSDIR_SERVER_ETC_DIRPATH, cell);
+@@ -972,6 +974,7 @@
+     cmd_AddParm(ts, "-test", CMD_FLAG, CMD_OPTIONAL | CMD_HIDE, test_help);
+     cmd_AddParm(ts, "-force", CMD_FLAG, CMD_OPTIONAL,
+ 		"Continue oper despite reasonable errors");
++    cmd_AddParm(ts, "-encrypt", CMD_FLAG, CMD_OPTIONAL, "encrypt commands");
+ }
+ 
+ /*
+Index: openafs-1.4.6.dfsg1/src/ptserver/ptuser.c
+===================================================================
+--- openafs-1.4.6.dfsg1.orig/src/ptserver/ptuser.c	2007-04-10 14:43:45.000000000 -0400
++++ openafs-1.4.6.dfsg1/src/ptserver/ptuser.c	2008-12-19 23:56:27.000000000 -0500
+@@ -200,8 +200,11 @@
+ 	sname.instance[0] = 0;
+ 	strcpy(sname.name, "afs");
+ 	code = ktc_GetToken(&sname, &ttoken, sizeof(ttoken), NULL);
+-	if (code)
++	if (code) {
++	    if (secLevel > 1)
++		return code;
+ 	    scIndex = 0;
++	}
+ 	else {
+ 	    if (ttoken.kvno >= 0 && ttoken.kvno <= 256)
+ 		/* this is a kerberos ticket, set scIndex accordingly */
+@@ -213,7 +216,8 @@
+ 		scIndex = 2;
+ 	    }
+ 	    sc[2] =
+-		rxkad_NewClientSecurityObject(rxkad_clear, &ttoken.sessionKey,
++		rxkad_NewClientSecurityObject((secLevel > 1) ? rxkad_crypt :
++					      rxkad_clear, &ttoken.sessionKey,
+ 					      ttoken.kvno, ttoken.ticketLen,
+ 					      ttoken.ticket);
+ 	}
-- 
1.7.9.5