From 4af75fe96a9e4a985081d4af78439aeebabd6939 Mon Sep 17 00:00:00 2001 From: Derrick Brashear Date: Wed, 3 Jun 2009 06:39:47 +0000 Subject: [PATCH] curpag-via-pioctl-20090603 LICENSE IPL10 FIXES 124709 curpag needs to know about kernel constructs (getpagvalue on AIX, onegroup versus two group on linux) and on aix 5.1 simply can't work. add a new pioctl and use it to simply ask the kernel what the current pag is --- Makefile.in | 4 +- doc/man-pages/pod8/asetkey.pod | 15 +++- src/afs/LINUX/osi_vnodeops.c | 1 - src/afs/afs_pioctl.c | 29 ++++++++ src/afsweb/apache_afs_utils.c | 31 +------- src/aklog/asetkey.c | 105 ++++++++++++++++++++------- src/auth/Makefile.in | 10 +-- src/auth/ktc.c | 87 ++++++++++++++-------- src/config/vioc.h | 3 +- src/packaging/RedHat/openafs.spec.in | 1 - src/pam/afs_util.c | 38 +--------- src/rxkad/Makefile.in | 1 - src/sys/Makefile.in | 2 +- src/sys/pagsh.c | 92 ----------------------- 14 files changed, 185 insertions(+), 234 deletions(-) diff --git a/Makefile.in b/Makefile.in index 06dd0a5e14..d9f05ece12 100644 --- a/Makefile.in +++ b/Makefile.in @@ -175,13 +175,13 @@ afs: config export comerr afs_depinstall des: config ${COMPILE_PART1} des ${COMPILE_PART2} -sys: cmd comerr afs des rx rxstat fsint sys_depinstall +sys: cmd comerr afs des rx rxstat fsint auth sys_depinstall ${COMPILE_PART1} sys ${COMPILE_PART2} rxkad: cmd comerr sys des rx rxkad_depinstall ${COMPILE_PART1} rxkad ${COMPILE_PART2} -auth: cmd comerr comerr des lwp rx sys rxkad audit auth_depinstall +auth: cmd comerr comerr des lwp rx rxkad audit sys_depinstall auth_depinstall ${COMPILE_PART1} auth ${COMPILE_PART2} ubik: cmd comerr auth ubik_depinstall diff --git a/doc/man-pages/pod8/asetkey.pod b/doc/man-pages/pod8/asetkey.pod index b7f0765b51..0465baa0fc 100644 --- a/doc/man-pages/pod8/asetkey.pod +++ b/doc/man-pages/pod8/asetkey.pod @@ -9,6 +9,8 @@ asetkey - Add a key from a keytab to an AFS KeyFile B add > > > +B add > > + B delete > B list @@ -21,7 +23,8 @@ B list The B command is used to add a key to an AFS KeyFile from a Kerberos keytab. It is similar to B except that it must be run locally on the system where the KeyFile is located and it takes the -new key from a Kerberos 5 keytab rather than prompting for the password. +new key from the command line or a Kerberos 5 keytab rather than prompting +for the password. B can be used to delete a key (similar to B), and B will list the keys in a KeyFile (similar @@ -38,7 +41,8 @@ that key to the KeyFile with B. The I chosen should match the kvno in the Kerberos KDC (checked with B or the C function of B). I should be the name of the AFS principal in the keytab, which must be either C or -C>. +C>. B can also be used to install a key +from a hex string. In cells that use the Update Server to distribute the contents of the F directory, it is conventional to run B only @@ -82,6 +86,13 @@ C. You may want to use C> instead of C, particularly if you may have multiple AFS cells for a single Kerberos realm. +In the event you have been distributed a key by a Kerberos administrator +in the form of a hex string, you may use asetkey to install that. + + % asetkey add 3 80b6a7cd7a9dadb6 + +I should be an 8 byte hex representation. + =head1 PRIVILEGE REQUIRED The issuer must be able to read (for B) and write (for diff --git a/src/afs/LINUX/osi_vnodeops.c b/src/afs/LINUX/osi_vnodeops.c index 4608d7f455..18f2498530 100644 --- a/src/afs/LINUX/osi_vnodeops.c +++ b/src/afs/LINUX/osi_vnodeops.c @@ -587,7 +587,6 @@ afs_linux_lock(struct file *fp, int cmd, struct file_lock *flp) crfree(credp); return -code; - } #ifdef STRUCT_FILE_OPERATIONS_HAS_FLOCK diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c index cecc4267e2..d5237a0ff7 100644 --- a/src/afs/afs_pioctl.c +++ b/src/afs/afs_pioctl.c @@ -119,6 +119,7 @@ DECL_PIOCTL(PDiscon); DECL_PIOCTL(PNFSNukeCreds); DECL_PIOCTL(PNewUuid); DECL_PIOCTL(PPrecache); +DECL_PIOCTL(PGetPAG); #if defined(AFS_CACHE_BYPASS) DECL_PIOCTL(PSetCachingThreshold); DECL_PIOCTL(PSetCachingBlkSize); @@ -237,6 +238,7 @@ static pioctlFunction CpioctlSw[] = { PBogus, /* 0 */ PBogus, /* 0 */ PPrecache, /* 12 */ + PGetPAG, /* 13 */ }; static int (*(OpioctlSw[])) () = { @@ -2382,6 +2384,33 @@ DECL_PIOCTL(PViceAccess) return EACCES; } +/*! + * VIOC_GETPAG (13) - Get PAG value + * + * \ingroup pioctl + * + * \param[in] ain not in use + * \param[out] aout PAG value or NOPAG + * + * \retval E2BIG Error not enough space to copy out value + * + * \post get PAG value for the caller's cred + */ +DECL_PIOCTL(PGetPAG) +{ + afs_int32 pag; + + if (aoutSize < sizeof(afs_int32)) { + return E2BIG; + } + + pag = PagInCred(*acred); + + memcpy(aout, (char *)&pag, sizeof(afs_int32)); + *aoutSize = sizeof(afs_int32); + return 0; +} + DECL_PIOCTL(PPrecache) { afs_int32 newValue; diff --git a/src/afsweb/apache_afs_utils.c b/src/afsweb/apache_afs_utils.c index 8ae4501e31..4a87fbea11 100644 --- a/src/afsweb/apache_afs_utils.c +++ b/src/afsweb/apache_afs_utils.c @@ -93,35 +93,6 @@ flipPrimary(char *tokenBuf) return 0; } -/* get the current AFS pag for the calling process */ -static afs_int32 -curpag() -{ - gid_t groups[30]; - afs_uint32 g0, g1; - afs_uint32 h, l, ret; - - if (getgroups(sizeof groups / sizeof groups[0], groups) < 2) - return 0; - - g0 = groups[0] & 0xffff; - g1 = groups[1] & 0xffff; - g0 -= 0x3f00; - g1 -= 0x3f00; - if (g0 < 0xc000 && g1 < 0xc000) { - l = ((g0 & 0x3fff) << 14) | (g1 & 0x3fff); - h = (g0 >> 14); - h = (g1 >> 14) + h + h + h; - ret = ((h << 28) | l); - /* Additional testing */ - if (((ret >> 24) & 0xff) == 'A') - return ret; - else - return -1; - } - return -1; -} - /* Returns the AFS pag number, if any, otherwise return -1 */ afs_int32 getPAG() @@ -131,7 +102,7 @@ getPAG() assert(sizeof(afs_uint32) == 4); assert(sizeof(afs_int32) == 4); - pag = curpag(); + pag = ktc_curpag(); if (pag == 0 || pag == -1) return -1; diff --git a/src/aklog/asetkey.c b/src/aklog/asetkey.c index 4f62f03175..927606e3ee 100644 --- a/src/aklog/asetkey.c +++ b/src/aklog/asetkey.c @@ -37,6 +37,29 @@ #define USING_HEIMDAL 1 #endif +static int +char2hex(char c) +{ + if (c >= '0' && c <= '9') + return (c - 48); + if ((c >= 'a') && (c <= 'f')) + return (c - 'a' + 10); + + if ((c >= 'A') && (c <= 'F')) + return (c - 'A' + 10); + + return -1; +} + +static int +hex2char(char c) +{ + if (c <= 9) + return (c + 48); + + return (c - 10 + 'a'); +} + int main(int argc, char *argv[]) { @@ -48,6 +71,8 @@ main(int argc, char *argv[]) fprintf(stderr, "%s: usage is '%s options, e.g.\n", argv[0], argv[0]); fprintf(stderr, "\t%s add \n", argv[0]); + fprintf(stderr, "\tOR\n\t%s add \n", argv[0]); + fprintf(stderr, "\t\tEx: %s add 0 \"80b6a7cd7a9dadb6\"\n", argv[0]); fprintf(stderr, "\t%s delete \n", argv[0]); fprintf(stderr, "\t%s list\n", argv[0]); exit(1); @@ -66,55 +91,79 @@ main(int argc, char *argv[]) krb5_principal principal; krb5_keyblock *key; krb5_error_code retval; - int kvno; + int kvno, keymode = 0; if (argc != 5) { - fprintf(stderr, "%s add: usage is '%s add " - "\n", argv[0], argv[0]); - exit(1); + if (argc == 4) + keymode = 1; + else { + fprintf(stderr, "%s add: usage is '%s add " + "\n", argv[0], argv[0]); + fprintf(stderr, "\tOR\n\t%s add \n", argv[0]); + fprintf(stderr, "\t\tEx: %s add 0 \"80b6a7cd7a9dadb6\"\n", argv[0]); + exit(1); + } } - krb5_init_context(&context); - kvno = atoi(argv[2]); - retval = krb5_parse_name(context, argv[4], &principal); - if (retval != 0) { + if (keymode) { + char tkey[8]; + int i; + char *cp; + if (strlen(argv[3]) != 16) { + printf("key %s is not in right format\n", argv[3]); + printf(" should be an 8byte hex representation \n"); + printf(" Ex: setkey add 0 \"80b6a7cd7a9dadb6\"\n"); + exit(1); + } + memset(tkey, 0, sizeof(tkey)); + for (i = 7, cp = argv[3] + 15; i >= 0; i--, cp -= 2) + tkey[i] = char2hex(*cp) + char2hex(*(cp - 1)) * 16; + code = afsconf_AddKey(tdir, kvno, tkey, 1); + } else { + krb5_init_context(&context); + + retval = krb5_parse_name(context, argv[4], &principal); + if (retval != 0) { afs_com_err(argv[0], retval, "while parsing AFS principal"); exit(1); - } - retval = krb5_kt_read_service_key(context, argv[3], principal, kvno, - ENCTYPE_DES_CBC_CRC, &key); - if (retval != 0) { + } + retval = krb5_kt_read_service_key(context, argv[3], principal, kvno, + ENCTYPE_DES_CBC_CRC, &key); + if (retval != 0) { afs_com_err(argv[0], retval, "while extracting AFS service key"); exit(1); - } - + } + #ifdef USING_HEIMDAL -#define deref_key_length(key) \ - key->keyvalue.length - -#define deref_key_contents(key) \ - key->keyvalue.data +#define deref_key_length(key) \ + key->keyvalue.length + +#define deref_key_contents(key) \ + key->keyvalue.data #else -#define deref_key_length(key) \ - key->length - -#define deref_key_contents(key) \ - key->contents +#define deref_key_length(key) \ + key->length + +#define deref_key_contents(key) \ + key->contents #endif - if (deref_key_length(key) != 8) { + if (deref_key_length(key) != 8) { fprintf(stderr, "Key length should be 8, but is really %d!\n", deref_key_length(key)); exit(1); + } + code = afsconf_AddKey(tdir, kvno, (char *) deref_key_contents(key), 1); } - code = afsconf_AddKey(tdir, kvno, (char *) deref_key_contents(key), 1); if (code) { fprintf(stderr, "%s: failed to set key, code %ld.\n", argv[0], code); exit(1); } - krb5_free_principal(context, principal); - krb5_free_keyblock(context, key); + if (keymode == 0) { + krb5_free_principal(context, principal); + krb5_free_keyblock(context, key); + } } else if (strcmp(argv[1], "delete")==0) { long kvno; diff --git a/src/auth/Makefile.in b/src/auth/Makefile.in index e5ca8b4586..97eb7950e0 100644 --- a/src/auth/Makefile.in +++ b/src/auth/Makefile.in @@ -17,7 +17,7 @@ OBJS= cellconfig.o ktc.o userok.o writeconfig.o authcon.o \ KOBJS= cellconfig.o ktc.krb.o userok.o writeconfig.o authcon.o \ acfg_errors.o ktc_errors.o -LIBS=libauth.a ${TOP_LIBDIR}/libsys.a \ +LIBS=libauth.a \ ${TOP_LIBDIR}/librxkad.a ${TOP_LIBDIR}/libdes.a \ ${TOP_LIBDIR}/librx.a ${TOP_LIBDIR}/libsys.a \ ${TOP_LIBDIR}/liblwp.a ${TOP_LIBDIR}/util.a @@ -26,7 +26,7 @@ KSRCS=auth.h UKSRCS=${KSRCS} cellconfig.h acfg_errors.c keys.h cellconfig.c \ ktc.c authcon.c ktc_errors.c -all: ${TOP_LIBDIR}/libauth.a ${TOP_LIBDIR}/libauth.krb.a depinstall copyauth setkey +all: ${TOP_LIBDIR}/libauth.a ${TOP_LIBDIR}/libauth.krb.a depinstall depinstall: ${TOP_INCDIR}/afs/keys.h \ ${TOP_INCDIR}/afs/cellconfig.h \ @@ -94,7 +94,7 @@ ktc_errors.c auth.h: ktc_errors.et auth.p.h # # Install targets # -install: copyauth libauth.a libauth.krb.a auth.h cellconfig.h +install: libauth.a libauth.krb.a auth.h cellconfig.h ${INSTALL} -d ${DESTDIR}${libdir}/afs ${INSTALL} -d ${DESTDIR}${includedir}/afs ${INSTALL_DATA} libauth.a ${DESTDIR}${libdir}/afs/libauth.a @@ -103,9 +103,8 @@ install: copyauth libauth.a libauth.krb.a auth.h cellconfig.h ${INSTALL_DATA} cellconfig.h ${DESTDIR}${includedir}/afs/cellconfig.h ${INSTALL_DATA} auth.h ${DESTDIR}${includedir}/afs/auth.h ${INSTALL_DATA} ktc.h ${DESTDIR}${includedir}/afs/ktc.h - ${INSTALL_PROGRAM} copyauth ${DESTDIR}${sbindir}/copyauth -dest: copyauth libauth.a libauth.krb.a auth.h cellconfig.h +dest: libauth.a libauth.krb.a auth.h cellconfig.h ${INSTALL} -d ${DEST}/lib/afs ${INSTALL} -d ${DEST}/include/afs ${INSTALL_DATA} libauth.a ${DEST}/lib/afs/libauth.a @@ -114,7 +113,6 @@ dest: copyauth libauth.a libauth.krb.a auth.h cellconfig.h ${INSTALL_DATA} cellconfig.h ${DEST}/include/afs/cellconfig.h ${INSTALL_DATA} auth.h ${DEST}/include/afs/auth.h ${INSTALL_DATA} ktc.h ${DEST}/include/afs/ktc.h - ${INSTALL_PROGRAM} copyauth ${DEST}/etc/copyauth # # Misc. targets diff --git a/src/auth/ktc.c b/src/auth/ktc.c index 165e3fccb1..5818f86291 100644 --- a/src/auth/ktc.c +++ b/src/auth/ktc.c @@ -1614,39 +1614,53 @@ afs_tf_dest_tkt(void) return 0; } -static afs_uint32 -curpag(void) +afs_uint32 +ktc_curpag(void) { + int code; + struct ViceIoctl iob; + afs_int32 pag; + + /* now setup for the pioctl */ + iob.in = -1; + iob.in_size = 0; + iob.out = &pag; + iob.out_size = sizeof(afs_int32); + + code = PIOCTL(0, VIOC_GETPAG, &iob, 0); + if (code < 0) { #if defined(AFS_AIX51_ENV) - int code = getpagvalue("afs"); - if (code < 0 && errno == EINVAL) - code = 0; - return code; + code = getpagvalue("afs"); + if (code < 0 && errno == EINVAL) + code = 0; + return code; #else - gid_t groups[NGROUPS_MAX]; - afs_uint32 g0, g1; - afs_uint32 h, l, ret; - - if (getgroups(sizeof groups / sizeof groups[0], groups) < 2) - return 0; - - g0 = groups[0] & 0xffff; - g1 = groups[1] & 0xffff; - g0 -= 0x3f00; - g1 -= 0x3f00; - if (g0 < 0xc000 && g1 < 0xc000) { - l = ((g0 & 0x3fff) << 14) | (g1 & 0x3fff); - h = (g0 >> 14); - h = (g1 >> 14) + h + h + h; - ret = ((h << 28) | l); - /* Additional testing */ - if (((ret >> 24) & 0xff) == 'A') - return ret; - else - return -1; - } - return -1; + gid_t groups[NGROUPS_MAX]; + afs_uint32 g0, g1; + afs_uint32 h, l, ret; + + if (getgroups(sizeof groups / sizeof groups[0], groups) < 2) + return 0; + + g0 = groups[0] & 0xffff; + g1 = groups[1] & 0xffff; + g0 -= 0x3f00; + g1 -= 0x3f00; + if (g0 < 0xc000 && g1 < 0xc000) { + l = ((g0 & 0x3fff) << 14) | (g1 & 0x3fff); + h = (g0 >> 14); + h = (g1 >> 14) + h + h + h; + ret = ((h << 28) | l); + /* Additional testing */ + if (((ret >> 24) & 0xff) == 'A') + return ret; + else + return -1; + } + return -1; #endif + } + return pag; } int @@ -1657,19 +1671,23 @@ ktc_newpag(void) afs_uint32 pag; struct stat sbuf; char fname[256], *prefix = "/ticket/"; + char fname5[256], *prefix5 = "FILE:/ticket/krb5cc_"; int numenv; char **newenv, **senv, **denv; LOCK_GLOBAL_MUTEX; if (stat("/ticket", &sbuf) == -1) { prefix = "/tmp/tkt"; + prefix5 = "FILE:/tmp/krb5cc_"; } - pag = curpag() & 0xffffffff; + pag = ktc_curpag() & 0xffffffff; if (pag == -1) { sprintf(fname, "%s%d", prefix, getuid()); + sprintf(fname5, "%s%d", prefix5, getuid()); } else { sprintf(fname, "%sp%lu", prefix, afs_cast_uint32(pag)); + sprintf(fname5, "%sp%lud", prefix5, (long unsigned int) pag); } ktc_set_tkt_string(fname); @@ -1678,13 +1696,18 @@ ktc_newpag(void) newenv = (char **)malloc((numenv + 2) * sizeof(char *)); for (senv = environ, denv = newenv; *senv; senv++) { - if (strncmp(*senv, "KRBTKFILE=", 10) != 0) + if (strncmp(*senv, "KRBTKFILE=", 10) != 0 && + strncmp(*senv, "KRB5CCNAME=", 11) != 0) *denv++ = *senv; } - *denv = (char *)malloc(10 + strlen(fname) + 1); + *denv = malloc(10+11 + strlen(fname) + strlen(fname5) + 2); strcpy(*denv, "KRBTKFILE="); strcat(*denv, fname); + *(denv+1) = *denv + strlen(*denv) + 1; + denv++; + strcpy(*denv, "KRB5CCNAME="); + strcat(*denv, fname5); *++denv = 0; environ = newenv; UNLOCK_GLOBAL_MUTEX; diff --git a/src/config/vioc.h b/src/config/vioc.h index fefb2a915a..705f275265 100644 --- a/src/config/vioc.h +++ b/src/config/vioc.h @@ -100,7 +100,8 @@ #define VIOC_CBADDR _CVICEIOCTL(3) /* push callback addr */ #define VIOC_DISCON _CVICEIOCTL(5) /* set/get discon mode */ #define VIOC_NEWUUID _CVICEIOCTL(9) /* new uuid */ -#define VIOCPRECACHE _CVICEIOCTL(12) /* precache size */ +#define VIOCPRECACHE _CVICEIOCTL(12) /* precache size */ +#define VIOC_GETPAG _CVICEIOCTL(13) /* get pag value */ /* OpenAFS-specific 'O' pioctl's */ #define VIOC_NFS_NUKE_CREDS _OVICEIOCTL(1) /* nuke creds for all PAG's */ diff --git a/src/packaging/RedHat/openafs.spec.in b/src/packaging/RedHat/openafs.spec.in index bdc4643d61..ad507bd971 100644 --- a/src/packaging/RedHat/openafs.spec.in +++ b/src/packaging/RedHat/openafs.spec.in @@ -1148,7 +1148,6 @@ grep -v "^#" >openafs-file-list <> 14); - h = (g1 >> 14) + h + h + h; - ret = ((h << 28) | l); - /* Additional testing */ - if (((ret >> 24) & 0xff) == 'A') - return ret; - else - return -1; - } - return -1; -#endif -} - /* Returns the AFS pag number, if any, otherwise return -1 */ afs_int32 getPAG(void) { afs_int32 pag; - pag = curpag(); + pag = ktc_curpag(); if (pag == 0 || pag == -1) return -1; diff --git a/src/rxkad/Makefile.in b/src/rxkad/Makefile.in index 5a31a65427..b80e0a33b6 100644 --- a/src/rxkad/Makefile.in +++ b/src/rxkad/Makefile.in @@ -30,7 +30,6 @@ fc_test_LIBS=\ ${TOP_LIBDIR}/libdes.a \ ${TOP_LIBDIR}/librx.a \ ${TOP_LIBDIR}/liblwp.a \ - ${TOP_LIBDIR}/libsys.a \ ${TOP_LIBDIR}/libafsutil.a all: ${TOP_LIBDIR}/librxkad.a fc_test depinstall diff --git a/src/sys/Makefile.in b/src/sys/Makefile.in index f59b034fc8..197c64d827 100644 --- a/src/sys/Makefile.in +++ b/src/sys/Makefile.in @@ -158,7 +158,7 @@ pagsh: libsys.a AFS_component_version_number.o pagsh.krb: libsys.a ${CC} ${CFLAGS} -c ${srcdir}/pagsh.c -DAFS_KERBEROS_ENV - ${CC} ${CFLAGS} -o pagsh.krb pagsh.o ${LIBS} + ${CC} ${CFLAGS} -o pagsh.krb pagsh.o ${TOP_LIBDIR}/libauth.krb.a ${TOP_LIBDIR}/librxkad.a ${TOP_LIBDIR}/libdes.a ${LIBS} # # Test programs. diff --git a/src/sys/pagsh.c b/src/sys/pagsh.c index 7b674434cc..1368d8f765 100644 --- a/src/sys/pagsh.c +++ b/src/sys/pagsh.c @@ -40,8 +40,6 @@ RCSID #include "AFS_component_version_number.c" -int ktc_newpag(void); - int main(int argc, char *argv[]) { @@ -85,93 +83,3 @@ main(int argc, char *argv[]) fprintf(stderr, "No shell\n"); exit(1); } - - -#ifdef AFS_KERBEROS_ENV -/* stolen from auth/ktc.c */ - -static afs_uint32 -curpag(void) -{ -#if defined(AFS_AIX51_ENV) - int code = getpagvalue("afs"); - if (code < 0 && errno == EINVAL) - code = 0; - return code; -#else - afs_uint32 groups[NGROUPS_MAX]; - afs_uint32 g0, g1; - afs_uint32 h, l, ret; - - if (getgroups(sizeof groups / sizeof groups[0], groups) < 2) - return 0; - - g0 = groups[0] & 0xffff; - g1 = groups[1] & 0xffff; - g0 -= 0x3f00; - g1 -= 0x3f00; - if ((g0 < 0xc000) && (g1 < 0xc000)) { - l = ((g0 & 0x3fff) << 14) | (g1 & 0x3fff); - h = (g0 >> 14); - h = (g1 >> 14) + h + h + h; - ret = ((h << 28) | l); - /* Additional testing */ - if (((ret >> 24) & 0xff) == 'A') - return ret; - else - return -1; - } - return -1; -#endif -} - -int -ktc_newpag(void) -{ - extern char **environ; - - afs_uint32 pag; - struct stat sbuf; - char fname[256], *prefix = "/ticket/"; - char fname5[256], *prefix5 = "FILE:/ticket/krb5cc_"; - int numenv; - char **newenv, **senv, **denv; - - if (stat("/ticket", &sbuf) == -1) { - prefix = "/tmp/tkt"; - prefix5 = "FILE:/tmp/krb5cc_"; - } - - pag = curpag() & 0xffffffff; - if (pag == -1) { - sprintf(fname, "%s%d", prefix, getuid()); - sprintf(fname5, "%s%d", prefix5, getuid()); - } else { - sprintf(fname, "%sp%lud", prefix, (long unsigned int) pag); - sprintf(fname5, "%sp%lud", prefix5, (long unsigned int) pag); - } -/* ktc_set_tkt_string(fname); */ - - for (senv = environ, numenv = 0; *senv; senv++) - numenv++; - newenv = (char **)malloc((numenv + 2) * sizeof(char *)); - - for (senv = environ, denv = newenv; *senv; *senv++) { - if (strncmp(*senv, "KRBTKFILE=", 10) != 0 && - strncmp(*senv, "KRB5CCNAME=", 11) != 0) - *denv++ = *senv; - } - - *denv = malloc(10+11 + strlen(fname) + strlen(fname5) + 2); - strcpy(*denv, "KRBTKFILE="); - strcat(*denv, fname); - *(denv+1) = *denv + strlen(*denv) + 1; - denv++; - strcpy(*denv, "KRB5CCNAME="); - strcat(*denv, fname5); - *++denv = 0; - environ = newenv; - return 0; -} - -#endif