2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* ticket caching code */
12 #include <afsconfig.h>
13 #include <afs/param.h>
19 #include <afs/pthread_glock.h>
22 #ifdef HAVE_SYS_FILE_H
27 #include "afsincludes.h"
31 #include <sys/lockf.h>
40 #ifdef HAVE_CRT_EXTERNS_H
41 #include <crt_externs.h>
46 #include <afs/venus.h>
47 #include <afs/afsutil.h>
50 #include <afs/sys_prototypes.h>
53 #if defined(AFS_LINUX26_ENV)
54 #include <sys/syscall.h>
55 #if defined(SYS_keyctl)
56 /* Open code this value to avoid a dependency on keyutils */
57 #define KEYCTL_SESSION_TO_PARENT 18
64 #ifdef AFS_KERBEROS_ENV
65 #include "cellconfig.h"
66 static char lcell
[MAXCELLCHARS
];
68 #define TKT_ROOT "/tmp/tkt"
73 /* Definitions for ticket file utilities */
77 /* Error codes returned by ticket file utilities */
78 #define NO_TKT_FIL 76 /* No ticket file found */
79 #define TKT_FIL_ACC 77 /* Couldn't access tkt file */
80 #define TKT_FIL_LCK 78 /* Couldn't lock ticket file */
81 #define TKT_FIL_FMT 79 /* Bad ticket file format */
82 #define TKT_FIL_INI 80 /* afs_tf_init not called first */
84 /* Values returned by get_credentials */
85 #define RET_TKFIL 21 /* Can't read ticket file */
91 #if defined(AFS_AIX_ENV) || defined(AFS_SUN5_ENV)
92 static struct flock fileWlock
= { F_WRLCK
, 0, 0, 0, 0, 0 };
93 static struct flock fileRlock
= { F_RDLCK
, 0, 0, 0, 0, 0 };
94 static struct flock fileUlock
= { F_UNLCK
, 0, 0, 0, 0, 0 };
97 static struct flock fileWlock
= { F_WRLCK
, 0, 0, 0, 0 };
98 static struct flock fileRlock
= { F_RDLCK
, 0, 0, 0, 0 };
99 static struct flock fileUlock
= { F_UNLCK
, 0, 0, 0, 0 };
106 /* the following routines aren't static anymore on behalf of the kerberos IV
107 * compatibility library built in subtree krb.
109 int afs_tf_init(char *, int);
110 int afs_tf_get_pname(char *);
111 int afs_tf_get_pinst(char *);
112 int afs_tf_get_cred(struct ktc_principal
*, struct ktc_token
*);
113 int afs_tf_save_cred(struct ktc_principal
*, struct ktc_token
*,
114 struct ktc_principal
*);
115 int afs_tf_close(void);
116 int afs_tf_create(char *, char *);
117 int afs_tf_dest_tkt(void);
118 static void ktc_LocalCell(void);
119 #endif /* AFS_KERBEROS_ENV */
122 #define PIOCTL afs_pioctl
123 #elif defined(UKERNEL)
124 #define PIOCTL(A,B,C,D) (errno = (call_syscall(AFSCALL_PIOCTL,A,B,C,D)), errno?-1:0)
126 #define PIOCTL pioctl
129 #if !defined(UKERNEL)
130 /* this is a structure used to communicate with the afs cache mgr, but is
131 * otherwise irrelevant */
133 afs_int32 AuthHandle
;
134 char HandShakeKey
[8];
136 afs_int32 BeginTimestamp
;
137 afs_int32 EndTimestamp
;
139 #endif /* !defined(UKERNEL) */
141 #define MAXLOCALTOKENS 4
145 struct ktc_principal server
;
146 struct ktc_principal client
;
147 struct ktc_token token
;
148 } local_tokens
[MAXLOCALTOKENS
];
151 GetToken(struct ktc_principal
*aserver
, struct ktc_token
*atoken
,
152 int atokenLen
, struct ktc_principal
*alicnet
, afs_int32
*aviceid
);
155 #define MAXPIOCTLTOKENLEN \
156 (3*sizeof(afs_int32)+MAXKTCTICKETLEN+sizeof(struct ClearToken)+MAXKTCREALMLEN)
159 SetToken(struct ktc_principal
*aserver
, struct ktc_token
*atoken
,
160 struct ktc_principal
*aclient
, afs_int32 flags
)
162 struct ViceIoctl iob
;
163 char tbuffer
[MAXPIOCTLTOKENLEN
];
165 struct ClearToken ct
;
169 if (strcmp(aserver
->name
, "afs") != 0) {
172 for (i
= 0; i
< MAXLOCALTOKENS
; i
++)
173 if (local_tokens
[i
].valid
) {
174 if ((strcmp(local_tokens
[i
].server
.name
, aserver
->name
) == 0)
177 (local_tokens
[i
].server
.instance
,
178 aserver
->instance
) == 0)
179 && (strcmp(local_tokens
[i
].server
.cell
, aserver
->cell
) ==
181 found
= i
; /* replace existing entry */
184 /* valid, but no match */
187 found
= i
; /* remember this empty slot */
190 memcpy(&local_tokens
[found
].token
, atoken
, sizeof(struct ktc_token
));
191 local_tokens
[found
].server
= *aserver
;
192 local_tokens
[found
].client
= *aclient
;
193 local_tokens
[found
].valid
= 1;
196 tp
= tbuffer
; /* start copying here */
197 if ((atoken
->ticketLen
< MINKTCTICKETLEN
)
198 || (atoken
->ticketLen
> MAXKTCTICKETLEN
))
200 memcpy(tp
, &atoken
->ticketLen
, sizeof(afs_int32
)); /* copy in ticket length */
201 tp
+= sizeof(afs_int32
);
202 memcpy(tp
, atoken
->ticket
, atoken
->ticketLen
); /* copy in ticket */
203 tp
+= atoken
->ticketLen
;
204 /* next, copy in the "clear token", describing who we are */
205 ct
.AuthHandle
= atoken
->kvno
; /* hide auth handle here */
206 memcpy(ct
.HandShakeKey
, &atoken
->sessionKey
, 8);
208 ct
.BeginTimestamp
= atoken
->startTime
;
209 ct
.EndTimestamp
= atoken
->endTime
;
210 if (ct
.BeginTimestamp
== 0)
211 ct
.BeginTimestamp
= 1;
213 if ((strlen(aclient
->name
) > strlen("AFS ID "))
214 && (aclient
->instance
[0] == 0)) {
216 afs_int32 viceId
= 0;
217 char *cp
= aclient
->name
+ strlen("AFS ID ");
224 viceId
= viceId
* 10 + (int)(*cp
- '0');
229 ct
.ViceId
= viceId
* sign
; /* OK to let any value here? */
230 if (((ct
.EndTimestamp
- ct
.BeginTimestamp
) & 1) == 0)
231 ct
.BeginTimestamp
++; /* force lifetime to be odd */
234 ct
.ViceId
= getuid(); /* wrong, but works in primary cell */
235 if (((ct
.EndTimestamp
- ct
.BeginTimestamp
) & 1) == 1)
236 ct
.BeginTimestamp
++; /* force lifetime to be even */
241 * Information needed by the user space cache manager
243 get_user_struct()->u_expiration
= ct
.EndTimestamp
;
244 get_user_struct()->u_viceid
= ct
.ViceId
;
247 temp
= sizeof(struct ClearToken
);
248 memcpy(tp
, &temp
, sizeof(afs_int32
));
249 tp
+= sizeof(afs_int32
);
250 memcpy(tp
, &ct
, sizeof(struct ClearToken
));
251 tp
+= sizeof(struct ClearToken
);
253 /* next copy in primary flag */
257 * The following means that setpag will happen inside afs just before
258 * the authentication to prevent the setpag/klog race condition.
260 * The following means that setpag will affect the parent process as
261 * well as the current process.
263 if (flags
& AFS_SETTOK_SETPAG
)
266 memcpy(tp
, &temp
, sizeof(afs_int32
));
267 tp
+= sizeof(afs_int32
);
269 /* finally copy in the cell name */
270 temp
= strlen(aserver
->cell
);
271 if (temp
>= MAXKTCREALMLEN
)
273 strcpy(tp
, aserver
->cell
);
276 /* now setup for the pioctl */
278 iob
.in_size
= tp
- tbuffer
;
280 iob
.out_size
= sizeof(tbuffer
);
282 #if defined(NO_AFS_CLIENT)
286 if ((tkfile
= getenv("TKTFILE"))
289 open(tkfile
, O_WRONLY
| O_APPEND
| O_TRUNC
| O_CREAT
,
291 printf("Writing ticket to: %s\n", tkfile
);
292 code
= (write(fd
, iob
.in
, iob
.in_size
) != iob
.in_size
);
295 code
= KTC_PIOCTLFAIL
;
297 #else /* NO_AFS_CLIENT */
298 code
= PIOCTL(0, VIOCSETTOK
, &iob
, 0);
299 #endif /* NO_AFS_CLIENT */
301 return KTC_PIOCTLFAIL
;
306 ktc_SetTokenEx(struct ktc_setTokenData
*token
) {
307 struct ViceIoctl iob
;
311 xdrlen_create(&xdrs
);
312 if (!xdr_ktc_setTokenData(&xdrs
, token
))
314 iob
.in_size
= xdr_getpos(&xdrs
);
317 iob
.in
= malloc(iob
.in_size
);
321 xdrmem_create(&xdrs
, iob
.in
, iob
.in_size
, XDR_ENCODE
);
322 if (!xdr_ktc_setTokenData(&xdrs
, token
))
329 code
= PIOCTL(0, VIOC_SETTOK2
, &iob
, 0);
333 /* If we can't use the new pioctl, then fallback to using the old
334 * one, with just the rxkad portion of the token we're being asked to
337 if (code
== -1 && errno
== EINVAL
) {
338 struct ktc_principal server
, client
;
339 struct ktc_token
*rxkadToken
;
342 /* With the growth of ticket sizes, a ktc_token is now 12k. Don't
343 * allocate it on the stack! */
344 rxkadToken
= malloc(sizeof(*rxkadToken
));
345 if (rxkadToken
== NULL
)
348 code
= token_extractRxkad(token
, rxkadToken
, &flags
, &client
);
354 memset(&server
, 0, sizeof(server
));
355 strcpy(server
.name
, "afs");
356 if (strlcpy(server
.cell
, token
->cell
, sizeof(server
.cell
))
357 >= sizeof(server
.cell
)) {
361 code
= ktc_SetToken(&server
, rxkadToken
, &client
, flags
);
367 return KTC_PIOCTLFAIL
;
368 #if defined(AFS_LINUX26_ENV) && defined(SYS_keyctl)
371 * If we're using keyring based PAGs and the SESSION_TO_PARENT keyctl
372 * is available, use it to copy the session keyring to the parent process
374 if (token
->flags
& AFS_SETTOK_SETPAG
)
375 syscall(SYS_keyctl
, KEYCTL_SESSION_TO_PARENT
);
382 ktc_SetToken(struct ktc_principal
*aserver
,
383 struct ktc_token
*atoken
,
384 struct ktc_principal
*aclient
,
390 #ifdef AFS_KERBEROS_ENV
394 if ( /*!strcmp(aclient->cell, lcell) && this would only store local creds */
395 (strcmp(aserver
->name
, "AuthServer")
396 || strcmp(aserver
->instance
, "Admin"))) {
397 if (strcmp(aserver
->name
, "krbtgt") == 0) {
398 static char lrealm
[MAXKTCREALMLEN
];
401 ucstring(lrealm
, lcell
, MAXKTCREALMLEN
);
402 if (strcmp(aserver
->instance
, lrealm
) == 0) {
403 afs_tf_create(aclient
->name
, aclient
->instance
);
407 code
= afs_tf_init(ktc_tkt_string(), W_TKT_FIL
);
408 if (code
== NO_TKT_FIL
) {
409 (void)afs_tf_create(aclient
->name
, aclient
->instance
);
410 code
= afs_tf_init(ktc_tkt_string(), W_TKT_FIL
);
414 afs_tf_save_cred(aserver
, atoken
, aclient
);
420 #endif /* NO_AFS_CLIENT */
424 #ifndef NO_AFS_CLIENT
425 code
= SetToken(aserver
, atoken
, aclient
, flags
);
430 else if (code
== KTC_PIOCTLFAIL
)
438 return KTC_PIOCTLFAIL
;
440 #endif /* NO_AFS_CLIENT */
446 * Get a token, given the cell that we need to get information for
449 * The name of the cell we're getting the token for - if NULL, we'll
450 * get information for the primary cell
453 ktc_GetTokenEx(char *cellName
, struct ktc_setTokenData
**tokenSet
) {
454 struct ViceIoctl iob
;
455 char tbuffer
[MAXPIOCTLTOKENLEN
];
462 /* If we have a cellName, write it out here */
464 memcpy(tp
, cellName
, strlen(cellName
) +1);
465 tp
+= strlen(cellName
)+1;
469 iob
.in_size
= tp
- tbuffer
;
471 iob
.out_size
= sizeof(tbuffer
);
473 code
= PIOCTL(0, VIOC_GETTOK2
, &iob
, 0);
475 /* If we can't use the new pioctl, the fall back to the old one. We then
476 * need to convert the rxkad token we get back into the new format
478 if (code
== -1 && errno
== EINVAL
) {
479 struct ktc_principal server
;
480 struct ktc_tokenUnion token
;
481 struct ktc_token
*ktcToken
; /* too huge for the stack */
484 memset(&server
, 0, sizeof(server
));
485 ktcToken
= malloc(sizeof(struct ktc_token
));
486 if (ktcToken
== NULL
)
488 memset(ktcToken
, 0, sizeof(struct ktc_token
));
490 strcpy(server
.name
, "afs");
492 if (cellName
!= NULL
)
493 strcpy(server
.cell
, cellName
);
495 code
= GetToken(&server
, ktcToken
, sizeof(struct ktc_token
),
496 NULL
/*client*/, &viceid
);
498 *tokenSet
= token_buildTokenJar(cellName
);
499 token
.at_type
= AFSTOKEN_UNION_KAD
;
500 token
.ktc_tokenUnion_u
.at_kad
.rk_kvno
= ktcToken
->kvno
;
501 memcpy(token
.ktc_tokenUnion_u
.at_kad
.rk_key
,
502 ktcToken
->sessionKey
.data
, 8);
504 token
.ktc_tokenUnion_u
.at_kad
.rk_begintime
= ktcToken
->startTime
;
505 token
.ktc_tokenUnion_u
.at_kad
.rk_endtime
= ktcToken
->endTime
;
506 token
.ktc_tokenUnion_u
.at_kad
.rk_ticket
.rk_ticket_len
507 = ktcToken
->ticketLen
;
508 token
.ktc_tokenUnion_u
.at_kad
.rk_ticket
.rk_ticket_val
510 token
.ktc_tokenUnion_u
.at_kad
.rk_viceid
= viceid
;
512 token_addToken(*tokenSet
, &token
);
514 memset(ktcToken
, 0, sizeof(struct ktc_token
));
520 return KTC_PIOCTLFAIL
;
522 *tokenSet
= malloc(sizeof(struct ktc_setTokenData
));
523 if (*tokenSet
== NULL
)
525 memset(*tokenSet
, 0, sizeof(struct ktc_setTokenData
));
527 xdrmem_create(&xdrs
, iob
.out
, iob
.out_size
, XDR_DECODE
);
528 if (!xdr_ktc_setTokenData(&xdrs
, *tokenSet
)) {
538 /* get token, given server we need and token buffer. aclient will eventually
539 * be set to our identity to the server.
542 ktc_GetToken(struct ktc_principal
*aserver
, struct ktc_token
*atoken
,
543 int atokenLen
, struct ktc_principal
*aclient
)
545 return GetToken(aserver
, atoken
, atokenLen
, aclient
, NULL
);
549 GetToken(struct ktc_principal
*aserver
, struct ktc_token
*atoken
,
550 int atokenLen
, struct ktc_principal
*aclient
, afs_int32
*aviceid
)
552 struct ViceIoctl iob
;
553 char tbuffer
[MAXPIOCTLTOKENLEN
];
556 char *stp
, *cellp
; /* secret token ptr */
557 struct ClearToken ct
;
560 int maxLen
; /* biggest ticket we can copy */
561 int tktLen
; /* server ticket length */
562 #ifdef AFS_KERBEROS_ENV
571 #ifdef AFS_KERBEROS_ENV
575 #ifndef NO_AFS_CLIENT
576 if (strcmp(aserver
->name
, "afs") != 0)
577 #endif /* NO_AFS_CLIENT */
580 /* try the local tokens */
581 for (i
= 0; i
< MAXLOCALTOKENS
; i
++)
582 if (local_tokens
[i
].valid
583 && (strcmp(local_tokens
[i
].server
.name
, aserver
->name
) == 0)
584 && (strcmp(local_tokens
[i
].server
.instance
, aserver
->instance
)
586 && (strcmp(local_tokens
[i
].server
.cell
, aserver
->cell
) == 0)) {
587 memcpy(atoken
, &local_tokens
[i
].token
,
588 min(atokenLen
, sizeof(struct ktc_token
)));
590 *aclient
= local_tokens
[i
].client
;
594 #ifdef AFS_KERBEROS_ENV
595 if (!afs_tf_init(ktc_tkt_string(), R_TKT_FIL
)) {
597 if (!afs_tf_get_pname(aclient
->name
)
598 && !afs_tf_get_pinst(aclient
->instance
))
601 char tmpstring
[MAXHOSTCHARS
];
602 afs_tf_get_pname(tmpstring
);
603 afs_tf_get_pinst(tmpstring
);
608 struct ktc_principal cprincipal
;
609 struct ktc_token ctoken
;
611 while (!afs_tf_get_cred(&cprincipal
, &ctoken
)) {
612 if (strcmp(cprincipal
.name
, aserver
->name
) == 0
613 && strcmp(cprincipal
.instance
, aserver
->instance
) == 0
614 && strcmp(cprincipal
.cell
, aserver
->cell
) == 0) {
617 strcpy(aclient
->cell
, lcell
);
618 memcpy(atoken
, &ctoken
,
619 min(atokenLen
, sizeof(struct ktc_token
)));
632 #ifndef NO_AFS_CLIENT
633 for (index
= 0; index
< 200; index
++) { /* sanity check in case pioctl fails */
634 iob
.in
= (char *)&index
;
635 iob
.in_size
= sizeof(afs_int32
);
637 iob
.out_size
= sizeof(tbuffer
);
639 code
= PIOCTL(0, VIOCGETTOK
, &iob
, 0);
642 /* failed to retrieve specified token */
643 if (code
< 0 && errno
== EDOM
) {
648 /* token retrieved; parse buffer */
651 /* get ticket length */
652 memcpy(&temp
, tp
, sizeof(afs_int32
));
654 tp
+= sizeof(afs_int32
);
656 /* remember where ticket is and skip over it */
660 /* get size of clear token and verify */
661 memcpy(&temp
, tp
, sizeof(afs_int32
));
662 if (temp
!= sizeof(struct ClearToken
)) {
666 tp
+= sizeof(afs_int32
);
668 /* copy clear token */
669 memcpy(&ct
, tp
, temp
);
672 /* skip over primary flag */
673 tp
+= sizeof(afs_int32
);
675 /* remember where cell name is */
678 if ((strcmp(cellp
, aserver
->cell
) == 0)
679 #ifdef AFS_KERBEROS_ENV
680 || (*aserver
->cell
== '\0' && strcmp(cellp
, lcell
) == 0)
683 /* got token for cell; check that it will fit */
685 atokenLen
- sizeof(struct ktc_token
) + MAXKTCTICKETLEN
;
686 if (tktLen
< 0 || tktLen
> maxLen
) {
691 /* set return values */
692 memcpy(atoken
->ticket
, stp
, tktLen
);
693 atoken
->startTime
= ct
.BeginTimestamp
;
694 atoken
->endTime
= ct
.EndTimestamp
;
695 if (ct
.AuthHandle
== -1) {
698 atoken
->kvno
= ct
.AuthHandle
;
699 memcpy(&atoken
->sessionKey
, ct
.HandShakeKey
,
700 sizeof(struct ktc_encryptionKey
));
701 atoken
->ticketLen
= tktLen
;
703 if (aclient
|| aviceid
) {
705 strlcpy(aclient
->cell
, cellp
, sizeof(aclient
->cell
));
706 aclient
->instance
[0] = 0;
709 if ((atoken
->kvno
== 999) || /* old style bcrypt ticket */
710 (ct
.BeginTimestamp
&& /* new w/ prserver lookup */
711 (((ct
.EndTimestamp
- ct
.BeginTimestamp
) & 1) == 1))) {
713 sprintf(aclient
->name
, "AFS ID %d", ct
.ViceId
);
716 *aviceid
= ct
.ViceId
;
718 } else if (aclient
) {
719 sprintf(aclient
->name
, "Unix UID %d", ct
.ViceId
);
727 #endif /* NO_AFS_CLIENT */
730 if ((code
< 0) && (errno
== EINVAL
))
732 return KTC_PIOCTLFAIL
; /* probable cause */
736 * Forget tokens for this server and the calling user.
737 * NOT IMPLEMENTED YET!
739 #ifndef NO_AFS_CLIENT
741 ktc_ForgetToken(struct ktc_principal
*aserver
)
746 rc
= ktc_ForgetAllTokens(); /* bogus, but better */
750 #endif /* NO_AFS_CLIENT */
753 * An iterator which can list all cells with tokens in the cache
755 * This function may be used to list the names of all cells for which
756 * tokens exist in the current cache. The first time that it is called,
757 * prevIndex should be set to 0. On all subsequent calls, prevIndex
758 * should be set to the value returned in newIndex by the last call
759 * to the function. Note that there is no guarantee that the index value
760 * is monotonically increasing.
763 * The index returned by the last call, or 0 if this is the first
764 * call in an iteration
766 * A pointer to an int which, upon return, will hold the next value
769 * A pointer to a char * which, upon return, will hold a cellname.
770 * This must be freed by the caller using free()
774 ktc_ListTokensEx(int prevIndex
, int *newIndex
, char **cellName
) {
775 struct ViceIoctl iob
;
776 char tbuffer
[MAXPIOCTLTOKENLEN
];
779 struct ktc_setTokenData tokenSet
;
782 memset(&tokenSet
, 0, sizeof(tokenSet
));
785 *newIndex
= prevIndex
;
789 while (index
<100) { /* Safety, incase of pioctl failure */
790 memset(tbuffer
, 0, sizeof(tbuffer
));
792 memcpy(tbuffer
, &index
, sizeof(afs_int32
));
793 iob
.in_size
= sizeof(afs_int32
);
795 iob
.out_size
= sizeof(tbuffer
);
797 code
= PIOCTL(0, VIOC_GETTOK2
, &iob
, 0);
799 if (code
== -1 && errno
== EDOM
)
800 return KTC_NOENT
; /* no more tokens to be found */
802 /* Can't use new pioctl, so must use old one */
803 if (code
== -1 && errno
== EINVAL
) {
804 struct ktc_principal server
;
806 code
= ktc_ListTokens(index
, newIndex
, &server
);
808 *cellName
= strdup(server
.cell
);
813 /* Got a token from the pioctl. Now we throw it away,
814 * so we can return just a cellname. This is rather wasteful,
815 * but it's what the old API does. Ho hum. */
817 xdrmem_create(&xdrs
, iob
.out
, iob
.out_size
, XDR_DECODE
);
818 if (!xdr_ktc_setTokenData(&xdrs
, &tokenSet
)) {
823 *cellName
= strdup(tokenSet
.cell
);
824 xdr_free((xdrproc_t
)xdr_ktc_setTokenData
, &tokenSet
);
825 *newIndex
= index
+ 1;
830 return KTC_PIOCTLFAIL
;
833 /* ktc_ListTokens - list all tokens. start aprevIndex at 0, it returns the
834 * next rock in (*aindex). (*aserver) is set to the relevant ticket on
838 ktc_ListTokens(int aprevIndex
,
840 struct ktc_principal
*aserver
)
842 struct ViceIoctl iob
;
843 char tbuffer
[MAXPIOCTLTOKENLEN
];
846 afs_int32 temp
, index
;
848 memset(tbuffer
, 0, sizeof(tbuffer
));
856 #endif /* NO_AFS_CLIENT */
857 #ifdef AFS_KERBEROS_ENV
860 struct ktc_principal cprincipal
;
861 struct ktc_token ctoken
;
863 if (afs_tf_init(ktc_tkt_string(), R_TKT_FIL
)
864 || afs_tf_get_pname(tbuffer
) || afs_tf_get_pinst(tbuffer
)) {
870 for (i
= 214; i
< index
; i
++) {
871 if (afs_tf_get_cred(&cprincipal
, &ctoken
)) {
879 if (afs_tf_get_cred(&cprincipal
, &ctoken
)) {
886 #ifndef NO_AFS_CLIENT
887 if (!strcmp(cprincipal
.name
, "afs") && cprincipal
.instance
[0] == 0) {
890 #endif /* NO_AFS_CLIENT */
892 for (i
= 0; i
< MAXLOCALTOKENS
; i
++) {
893 if (!strcmp(cprincipal
.name
, local_tokens
[i
].server
.name
)
894 && !strcmp(cprincipal
.instance
,
895 local_tokens
[i
].server
.instance
)
896 && !strcmp(cprincipal
.cell
, local_tokens
[i
].server
.cell
)) {
901 *aserver
= cprincipal
;
909 #ifndef NO_AFS_CLIENT
910 if (index
>= 123) { /* special hack for returning TCS */
911 while (index
- 123 < MAXLOCALTOKENS
) {
912 if (local_tokens
[index
- 123].valid
) {
913 *aserver
= local_tokens
[index
- 123].server
;
921 #ifdef AFS_KERBEROS_ENV
922 return ktc_ListTokens(214, aindex
, aserver
);
928 /* get tokens from the kernel */
929 while (index
< 200) { /* sanity check in case pioctl fails */
930 iob
.in
= (char *)&index
;
931 iob
.in_size
= sizeof(afs_int32
);
933 iob
.out_size
= sizeof(tbuffer
);
934 code
= PIOCTL(0, VIOCGETTOK
, &iob
, 0);
935 if (code
< 0 && errno
== EDOM
) {
938 rc
= ktc_ListTokens(123, aindex
, aserver
);
947 break; /* got a ticket */
948 /* otherwise we should skip this ticket slot */
955 return KTC_PIOCTLFAIL
;
961 /* next iterator determined by earlier loop */
964 memcpy(&temp
, tp
, sizeof(afs_int32
)); /* get size of secret token */
965 tp
+= sizeof(afs_int32
);
966 tp
+= temp
; /* skip ticket for now */
967 memcpy(&temp
, tp
, sizeof(afs_int32
)); /* get size of clear token */
968 if (temp
!= sizeof(struct ClearToken
)) {
972 tp
+= sizeof(afs_int32
); /* skip length */
973 tp
+= temp
; /* skip clear token itself */
974 tp
+= sizeof(afs_int32
); /* skip primary flag */
975 /* tp now points to the cell name */
976 strlcpy(aserver
->cell
, tp
, sizeof(aserver
->cell
));
977 aserver
->instance
[0] = 0;
978 strcpy(aserver
->name
, "afs");
979 #endif /* NO_AFS_CLIENT */
987 struct ViceIoctl iob
;
991 for (i
= 0; i
< MAXLOCALTOKENS
; i
++)
992 local_tokens
[i
].valid
= 0;
998 #ifndef NO_AFS_CLIENT
999 code
= PIOCTL(0, VIOCUNPAG
, &iob
, 0);
1001 return KTC_PIOCTLFAIL
;
1002 #endif /* NO_AFS_CLIENT */
1007 ktc_ForgetAllTokens(void)
1012 #ifdef AFS_KERBEROS_ENV
1013 (void)afs_tf_dest_tkt();
1016 ocode
= ForgetAll();
1020 else if (ocode
== KTC_PIOCTLFAIL
)
1022 UNLOCK_GLOBAL_MUTEX
;
1023 if (ocode
== EINVAL
)
1024 return KTC_NOPIOCTL
;
1025 return KTC_PIOCTLFAIL
;
1027 UNLOCK_GLOBAL_MUTEX
;
1031 /* ktc_OldPioctl - returns a boolean true if the kernel supports only the old
1032 * pioctl interface for delivering AFS tickets to the cache manager. */
1044 struct ViceIoctl iob
;
1047 /* now setup for the pioctl */
1050 iob
.out
= (caddr_t
) &pag
;
1051 iob
.out_size
= sizeof(afs_uint32
);
1053 code
= PIOCTL(0, VIOC_GETPAG
, &iob
, 0);
1055 #if defined(AFS_AIX52_ENV)
1056 code
= getpagvalue("afs");
1057 if (code
< 0 && errno
== EINVAL
)
1060 #elif defined(AFS_AIX51_ENV)
1063 gid_t groups
[NGROUPS_MAX
];
1065 afs_uint32 h
, l
, ret
;
1067 #ifdef AFS_PAG_ONEGROUP_ENV
1071 ngroups
= getgroups(sizeof groups
/ sizeof groups
[0], groups
);
1073 #ifdef AFS_PAG_ONEGROUP_ENV
1074 /* Check for one-group PAGs. */
1075 for (i
= 0; i
< ngroups
; i
++) {
1076 if (((groups
[i
] >> 24) & 0xff) == 'A') {
1085 g0
= groups
[0] & 0xffff;
1086 g1
= groups
[1] & 0xffff;
1089 if (g0
< 0xc000 && g1
< 0xc000) {
1090 l
= ((g0
& 0x3fff) << 14) | (g1
& 0x3fff);
1092 h
= (g1
>> 14) + h
+ h
+ h
;
1093 ret
= ((h
<< 28) | l
);
1094 /* Additional testing */
1095 if (((ret
>> 24) & 0xff) == 'A')
1107 #ifdef AFS_KERBEROS_ENV
1109 * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
1111 * For copying and distribution information, please see the file
1112 * <mit-copyright.h>.
1116 #include <sys/file.h>
1121 #define TF_LCK_RETRY ((unsigned)2) /* seconds to sleep before
1122 * retry if ticket file is
1126 * fd must be initialized to something that won't ever occur as a real
1127 * file descriptor. Since open(2) returns only non-negative numbers as
1128 * valid file descriptors, and afs_tf_init always stuffs the return value
1129 * from open in here even if it is an error flag, we must
1130 * a. Initialize fd to a negative number, to indicate that it is
1131 * not initially valid.
1132 * b. When checking for a valid fd, assume that negative values
1133 * are invalid (ie. when deciding whether afs_tf_init has been
1135 * c. In tf_close, be sure it gets reinitialized to a negative
1139 static int curpos
; /* Position in tfbfr */
1140 static int lastpos
; /* End of tfbfr */
1141 static char tfbfr
[BUFSIZ
]; /* Buffer for ticket data */
1143 static int tf_gets(char *, int);
1144 static int tf_read(char *, int);
1147 * This file contains routines for manipulating the ticket cache file.
1149 * The ticket file is in the following format:
1151 * principal's name (null-terminated string)
1152 * principal's instance (null-terminated string)
1159 * Where "CREDENTIAL_x" consists of the following fixed-length
1160 * fields from the CREDENTIALS structure (see "krb.h"):
1162 * char service[MAXKTCNAMELEN]
1163 * char instance[MAXKTCNAMELEN]
1164 * char realm[REALM_SZ]
1168 * KTEXT_ST ticket_st
1169 * afs_int32 issue_date
1171 * Short description of routines:
1173 * afs_tf_init() opens the ticket file and locks it.
1175 * afs_tf_get_pname() returns the principal's name.
1177 * afs_tf_get_pinst() returns the principal's instance (may be null).
1179 * afs_tf_get_cred() returns the next CREDENTIALS record.
1181 * afs_tf_save_cred() appends a new CREDENTIAL record to the ticket file.
1183 * afs_tf_close() closes the ticket file and releases the lock.
1185 * tf_gets() returns the next null-terminated string. It's an internal
1186 * routine used by afs_tf_get_pname(), afs_tf_get_pinst(), and
1187 * afs_tf_get_cred().
1189 * tf_read() reads a given number of bytes. It's an internal routine
1190 * used by afs_tf_get_cred().
1194 * afs_tf_init() should be called before the other ticket file routines.
1195 * It takes the name of the ticket file to use, "tf_name", and a
1196 * read/write flag "rw" as arguments.
1198 * It tries to open the ticket file, checks the mode, and if everything
1199 * is okay, locks the file. If it's opened for reading, the lock is
1200 * shared. If it's opened for writing, the lock is exclusive.
1202 * Returns 0 if all went well, otherwise one of the following:
1204 * NO_TKT_FIL - file wasn't there
1205 * TKT_FIL_ACC - file was in wrong mode, etc.
1206 * TKT_FIL_LCK - couldn't lock the file, even after a retry
1210 afs_tf_init(char *tf_name
, int rw
)
1214 struct stat stat_buf
;
1226 if (lstat(tf_name
, &stat_buf
) < 0)
1234 if ((stat_buf
.st_uid
!= me
&& me
!= 0)
1235 || ((stat_buf
.st_mode
& S_IFMT
) != S_IFREG
))
1239 * If "wflag" is set, open the ticket file in append-writeonly mode
1240 * and lock the ticket file in exclusive mode. If unable to lock
1241 * the file, sleep and try again. If we fail again, return with the
1242 * proper error message.
1245 curpos
= sizeof(tfbfr
);
1248 fd
= open(tf_name
, O_RDWR
, 0600);
1252 #if defined(AFS_AIX_ENV) || defined(AFS_HPUX_ENV) || defined(AFS_SUN5_ENV)
1253 if (fcntl(fd
, F_SETLK
, &fileWlock
) == -1) {
1254 sleep(TF_LCK_RETRY
);
1255 if (fcntl(fd
, F_SETLK
, &fileWlock
) == -1) {
1257 if (flock(fd
, LOCK_EX
| LOCK_NB
) < 0) {
1258 sleep(TF_LCK_RETRY
);
1259 if (flock(fd
, LOCK_EX
| LOCK_NB
) < 0) {
1269 * Otherwise "wflag" is not set and the ticket file should be opened
1270 * for read-only operations and locked for shared access.
1273 fd
= open(tf_name
, O_RDONLY
, 0600);
1277 #if defined(AFS_AIX_ENV) || defined(AFS_HPUX_ENV) || defined(AFS_SUN5_ENV)
1278 if (fcntl(fd
, F_SETLK
, &fileRlock
) == -1) {
1279 sleep(TF_LCK_RETRY
);
1280 if (fcntl(fd
, F_SETLK
, &fileRlock
) == -1) {
1282 if (flock(fd
, LOCK_SH
| LOCK_NB
) < 0) {
1283 sleep(TF_LCK_RETRY
);
1284 if (flock(fd
, LOCK_SH
| LOCK_NB
) < 0) {
1295 * afs_tf_get_pname() reads the principal's name from the ticket file. It
1296 * should only be called after afs_tf_init() has been called. The
1297 * principal's name is filled into the "p" parameter. If all goes well,
1298 * 0 is returned. If afs_tf_init() wasn't called, TKT_FIL_INI is
1299 * returned. If the name was null, or EOF was encountered, or the name
1300 * was longer than MAXKTCNAMELEN, TKT_FIL_FMT is returned.
1304 afs_tf_get_pname(char *p
)
1309 if (tf_gets(p
, MAXKTCNAMELEN
) < 2) /* can't be just a null */
1315 * afs_tf_get_pinst() reads the principal's instance from a ticket file.
1316 * It should only be called after afs_tf_init() and afs_tf_get_pname() have
1317 * been called. The instance is filled into the "inst" parameter. If all
1318 * goes well, 0 is returned. If afs_tf_init() wasn't called,
1319 * TKT_FIL_INI is returned. If EOF was encountered, or the instance
1320 * was longer than MAXKTCNAMELEN, TKT_FIL_FMT is returned. Note that the
1321 * instance may be null.
1325 afs_tf_get_pinst(char *inst
)
1330 if (tf_gets(inst
, MAXKTCNAMELEN
) < 1)
1336 * afs_tf_get_cred() reads a CREDENTIALS record from a ticket file and fills
1337 * in the given structure "c". It should only be called after afs_tf_init(),
1338 * afs_tf_get_pname(), and afs_tf_get_pinst() have been called. If all goes
1339 * well, 0 is returned. Possible error codes are:
1341 * TKT_FIL_INI - afs_tf_init wasn't called first
1342 * TKT_FIL_FMT - bad format
1343 * EOF - end of file encountered
1347 afs_tf_get_cred(struct ktc_principal
*principal
, struct ktc_token
*token
)
1351 long mit_compat
; /* MIT Kerberos 5 with Krb4 uses a "long" for issue_date */
1356 if ((k_errno
= tf_gets(principal
->name
, MAXKTCNAMELEN
)) < 2)
1359 case 1: /* can't be just a null */
1364 if ((k_errno
= tf_gets(principal
->instance
, MAXKTCNAMELEN
)) < 1)
1371 if ((k_errno
= tf_gets(principal
->cell
, MAXKTCREALMLEN
)) < 2)
1374 case 1: /* can't be just a null */
1379 lcstring(principal
->cell
, principal
->cell
, MAXKTCREALMLEN
);
1380 if (tf_read((char *)&(token
->sessionKey
), 8) < 1
1381 || tf_read((char *)&(lifetime
), sizeof(lifetime
)) < 1
1382 || tf_read((char *)&(kvno
), sizeof(kvno
)) < 1
1383 || tf_read((char *)&(token
->ticketLen
), sizeof(token
->ticketLen
))
1385 /* don't try to read a silly amount into ticket->dat */
1386 token
->ticketLen
> MAXKTCTICKETLEN
1387 || tf_read((char *)(token
->ticket
), token
->ticketLen
) < 1
1388 || tf_read((char *)&mit_compat
, sizeof(mit_compat
)) < 1) {
1391 token
->startTime
= mit_compat
;
1392 token
->endTime
= life_to_time(token
->startTime
, lifetime
);
1398 * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is
1399 * not a valid file descriptor, it just returns. It also clears the
1400 * buffer used to read tickets.
1402 * The return value is not defined.
1409 #if defined(AFS_AIX_ENV) || defined(AFS_HPUX_ENV) || defined(AFS_SUN5_ENV)
1410 (void)fcntl(fd
, F_SETLK
, &fileUlock
);
1412 (void)flock(fd
, LOCK_UN
);
1415 fd
= -1; /* see declaration of fd above */
1417 memset(tfbfr
, 0, sizeof(tfbfr
));
1422 * tf_gets() is an internal routine. It takes a string "s" and a count
1423 * "n", and reads from the file until either it has read "n" characters,
1424 * or until it reads a null byte. When finished, what has been read exists
1427 * Possible return values are:
1429 * n the number of bytes read (including null terminator)
1430 * when all goes well
1432 * 0 end of file or read error
1434 * TOO_BIG if "count" characters are read and no null is
1435 * encountered. This is an indication that the ticket
1436 * file is seriously ill.
1440 tf_gets(char *s
, int n
)
1447 for (count
= n
- 1; count
> 0; --count
) {
1448 if (curpos
>= sizeof(tfbfr
)) {
1449 lastpos
= read(fd
, tfbfr
, sizeof(tfbfr
));
1452 if (curpos
== lastpos
) {
1455 *s
= tfbfr
[curpos
++];
1463 * tf_read() is an internal routine. It takes a string "s" and a count
1464 * "n", and reads from the file until "n" bytes have been read. When
1465 * finished, what has been read exists in "s".
1467 * Possible return values are:
1469 * n the number of bytes read when all goes well
1471 * 0 on end of file or read error
1475 tf_read(char *s
, int n
)
1479 for (count
= n
; count
> 0; --count
) {
1480 if (curpos
>= sizeof(tfbfr
)) {
1481 lastpos
= read(fd
, tfbfr
, sizeof(tfbfr
));
1484 if (curpos
== lastpos
) {
1487 *s
++ = tfbfr
[curpos
++];
1493 * afs_tf_save_cred() appends an incoming ticket to the end of the ticket
1494 * file. You must call afs_tf_init() before calling afs_tf_save_cred().
1496 * The "service", "instance", and "realm" arguments specify the
1497 * server's name; "aticket" contains the credential.
1499 * Returns 0 if all goes well, TKT_FIL_INI if afs_tf_init() wasn't
1500 * called previously, and KFAILURE for anything else that went wrong.
1504 afs_tf_save_cred(struct ktc_principal
*aserver
,
1505 struct ktc_token
*atoken
,
1506 struct ktc_principal
*aclient
)
1508 char realm
[MAXKTCREALMLEN
+ 1];
1509 char junk
[MAXKTCNAMELEN
];
1510 struct ktc_principal principal
;
1511 struct ktc_token token
;
1515 int count
; /* count for write */
1516 long mit_compat
; /* MIT Kerberos 5 with Krb4 uses a "long" for issue_date */
1518 if (fd
< 0) { /* fd is ticket file as set by afs_tf_init */
1522 ucstring(realm
, aserver
->cell
, MAXKTCREALMLEN
);
1523 realm
[MAXKTCREALMLEN
] = '\0';
1525 /* Look for a duplicate ticket */
1526 (void)lseek(fd
, (off_t
) 0L, 0);
1527 curpos
= sizeof(tfbfr
);
1529 if (afs_tf_get_pname(junk
) || strcmp(junk
, aclient
->name
)
1530 || afs_tf_get_pinst(junk
) || strcmp(junk
, aclient
->instance
))
1534 start
= lseek(fd
, (off_t
) 0L, 1) - lastpos
+ curpos
;
1535 status
= afs_tf_get_cred(&principal
, &token
);
1536 } while (status
== 0
1537 && (strcmp(aserver
->name
, principal
.name
) != 0
1538 || strcmp(aserver
->instance
, principal
.instance
) != 0
1539 || strcmp(aserver
->cell
, principal
.cell
) != 0));
1542 * Two tickets for the same user authenticating to the same service
1543 * should be the same length, but we check here just to make sure.
1545 if (status
== 0 && token
.ticketLen
!= atoken
->ticketLen
)
1547 if (status
&& status
!= EOF
)
1550 /* Position over the credential we just matched (or the EOF) */
1551 lseek(fd
, start
, 0);
1552 curpos
= lastpos
= sizeof(tfbfr
);
1554 /* Write the ticket and associated data */
1556 count
= strlen(aserver
->name
) + 1;
1557 if (write(fd
, aserver
->name
, count
) != count
)
1560 count
= strlen(aserver
->instance
) + 1;
1561 if (write(fd
, aserver
->instance
, count
) != count
)
1564 count
= strlen(realm
) + 1;
1565 if (write(fd
, realm
, count
) != count
)
1568 if (write(fd
, (char *)&atoken
->sessionKey
, 8) != 8)
1571 lifetime
= time_to_life(atoken
->startTime
, atoken
->endTime
);
1572 if (write(fd
, (char *)&lifetime
, sizeof(int)) != sizeof(int))
1575 kvno
= atoken
->kvno
;
1576 if (write(fd
, (char *)&kvno
, sizeof(int)) != sizeof(int))
1579 if (write(fd
, (char *)&(atoken
->ticketLen
), sizeof(int)) != sizeof(int))
1582 count
= atoken
->ticketLen
;
1583 if (write(fd
, atoken
->ticket
, count
) != count
)
1586 mit_compat
= atoken
->startTime
;
1587 if (write(fd
, (char *)&mit_compat
, sizeof(mit_compat
))
1588 != sizeof(mit_compat
))
1591 /* Actually, we should check each write for success */
1598 * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
1601 * For copying and distribution information, please see the file
1602 * <mit-copyright.h>.
1606 * This routine is used to generate the name of the file that holds
1607 * the user's cache of server tickets and associated session keys.
1609 * If it is set, krb_ticket_string contains the ticket file name.
1610 * Otherwise, the filename is constructed as follows:
1612 * If it is set, the environment variable "KRBTKFILE" will be used as
1613 * the ticket file name. Otherwise TKT_ROOT (defined in "krb.h") and
1614 * the user's uid are concatenated to produce the ticket file name
1615 * (e.g., "/tmp/tkt123"). A pointer to the string containing the ticket
1616 * file name is returned.
1619 static char krb_ticket_string
[4096] = "";
1622 ktc_tkt_string(void)
1624 return ktc_tkt_string_uid(getuid());
1628 ktc_tkt_string_uid(afs_uint32 uid
)
1633 if (!*krb_ticket_string
) {
1634 if ((env
= getenv("KRBTKFILE"))) {
1635 (void)strncpy(krb_ticket_string
, env
,
1636 sizeof(krb_ticket_string
) - 1);
1637 krb_ticket_string
[sizeof(krb_ticket_string
) - 1] = '\0';
1639 /* 32 bits of signed integer will always fit in 11 characters
1640 * (including the sign), so no need to worry about overflow */
1641 (void)sprintf(krb_ticket_string
, "%s%d", TKT_ROOT
, uid
);
1644 UNLOCK_GLOBAL_MUTEX
;
1645 return krb_ticket_string
;
1649 * This routine is used to set the name of the file that holds the user's
1650 * cache of server tickets and associated session keys.
1652 * The value passed in is copied into local storage.
1654 * NOTE: This routine should be called during initialization, before other
1655 * Kerberos routines are called; otherwise tkt_string() above may be called
1656 * and return an undesired ticket file name until this routine is called.
1660 ktc_set_tkt_string(char * val
)
1664 (void)strncpy(krb_ticket_string
, val
, sizeof(krb_ticket_string
) - 1);
1665 krb_ticket_string
[sizeof(krb_ticket_string
) - 1] = '\0';
1666 UNLOCK_GLOBAL_MUTEX
;
1671 * tf_create() is used to initialize the ticket store. It creates the
1672 * file to contain the tickets and writes the given user's name "pname"
1673 * and instance "pinst" in the file. in_tkt() returns KSUCCESS on
1674 * success, or KFAILURE if something goes wrong.
1678 afs_tf_create(char *pname
, char *pinst
)
1683 char *file
= ktc_tkt_string();
1692 if (lstat(file
, &sbuf
) == 0) {
1693 if ((sbuf
.st_uid
!= me
&& me
!= 0)
1694 || ((sbuf
.st_mode
& S_IFMT
) != S_IFREG
) || sbuf
.st_mode
& 077) {
1697 /* file already exists, and permissions appear ok, so nuke it */
1698 if ((fd
= open(file
, O_RDWR
, 0)) < 0)
1699 goto out
; /* can't zero it, but we can still try truncating it */
1701 memset(zerobuf
, 0, sizeof(zerobuf
));
1703 for (i
= 0; i
< sbuf
.st_size
; i
+= sizeof(zerobuf
))
1704 if (write(fd
, zerobuf
, sizeof(zerobuf
)) != sizeof(zerobuf
)) {
1715 /* arrange so the file is owned by the ruid
1716 * (swap real & effective uid if necessary).
1717 * This isn't a security problem, since the ticket file, if it already
1718 * exists, has the right uid (== ruid) and mode. */
1720 if (setreuid(metoo
, me
) < 0) {
1724 tktfile
= creat(file
, 0600);
1726 if (setreuid(me
, metoo
) < 0) {
1727 /* can't switch??? fail! */
1734 count
= strlen(pname
) + 1;
1735 if (write(tktfile
, pname
, count
) != count
) {
1736 (void)close(tktfile
);
1739 count
= strlen(pinst
) + 1;
1740 if (write(tktfile
, pinst
, count
) != count
) {
1741 (void)close(tktfile
);
1744 (void)close(tktfile
);
1749 * dest_tkt() is used to destroy the ticket store upon logout.
1750 * If the ticket file does not exist, dest_tkt() returns RET_TKFIL.
1751 * Otherwise the function returns 0 on success, KFAILURE on
1756 afs_tf_dest_tkt(void)
1758 char *file
= ktc_tkt_string();
1764 if (lstat(file
, &statb
) < 0)
1767 if (!(statb
.st_mode
& S_IFREG
))
1770 if ((fd
= open(file
, O_RDWR
, 0)) < 0)
1773 memset(buf
, 0, BUFSIZ
);
1775 for (i
= 0; i
< statb
.st_size
; i
+= BUFSIZ
)
1776 if (write(fd
, buf
, BUFSIZ
) != BUFSIZ
) {
1788 if (errno
== ENOENT
)
1790 else if (errno
!= 0)
1798 #if !defined(AFS_DARWIN100_ENV) || defined(HAVE_CRT_EXTERNS_H)
1799 # if defined(AFS_DARWIN100_ENV)
1800 # define environ (*_NSGetEnviron())
1802 extern char **environ
;
1807 char fname
[256], *prefix
= "/ticket/";
1808 char fname5
[256], *prefix5
= "FILE:/ticket/krb5cc_";
1810 char **newenv
, **senv
, **denv
;
1813 if (stat("/ticket", &sbuf
) == -1) {
1814 prefix
= "/tmp/tkt";
1815 prefix5
= "FILE:/tmp/krb5cc_";
1818 pag
= ktc_curpag() & 0xffffffff;
1820 sprintf(fname
, "%s%d", prefix
, getuid());
1821 sprintf(fname5
, "%s%d", prefix5
, getuid());
1823 sprintf(fname
, "%sp%lu", prefix
, afs_printable_uint32_lu(pag
));
1824 sprintf(fname5
, "%sp%lud", prefix5
, afs_printable_uint32_lu(pag
));
1826 ktc_set_tkt_string(fname
);
1828 for (senv
= environ
, numenv
= 0; *senv
; senv
++)
1830 newenv
= malloc((numenv
+ 2) * sizeof(char *));
1832 for (senv
= environ
, denv
= newenv
; *senv
; senv
++) {
1833 if (strncmp(*senv
, "KRBTKFILE=", 10) != 0 &&
1834 strncmp(*senv
, "KRB5CCNAME=", 11) != 0)
1838 *denv
= malloc(10+11 + strlen(fname
) + strlen(fname5
) + 2);
1839 strcpy(*denv
, "KRBTKFILE=");
1840 strcat(*denv
, fname
);
1841 *(denv
+1) = *denv
+ strlen(*denv
) + 1;
1843 strcpy(*denv
, "KRB5CCNAME=");
1844 strcat(*denv
, fname5
);
1847 UNLOCK_GLOBAL_MUTEX
;
1853 * BLETCH! We have to invoke the entire afsconf package just to
1854 * find out what the local cell is.
1860 struct afsconf_dir
*conf
;
1862 if ((conf
= afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH
))
1863 || (conf
= afsconf_Open(AFSDIR_SERVER_ETC_DIRPATH
))) {
1864 code
= afsconf_GetLocalCell(conf
, lcell
, sizeof(lcell
));
1865 afsconf_Close(conf
);
1867 if (!conf
|| code
) {
1868 printf("** Can't determine local cell name!\n");