diff --git a/appl/afsutil/pagsh.c b/appl/afsutil/pagsh.c index c9c4e6eb5..7d7e62b5e 100644 --- a/appl/afsutil/pagsh.c +++ b/appl/afsutil/pagsh.c @@ -83,7 +83,7 @@ main(int argc, char **argv) f = mkstemp (tf + 5); close (f); unlink (tf + 5); - setenv("KRB5CCNAME", tf, 1); + esetenv("KRB5CCNAME", tf, 1); #endif #ifdef KRB4 @@ -91,7 +91,7 @@ main(int argc, char **argv) f = mkstemp (tf); close (f); unlink (tf); - setenv("KRBTKFILE", tf, 1); + esetenv("KRBTKFILE", tf, 1); #endif i = 0; diff --git a/appl/dceutils/k5dcecon.c b/appl/dceutils/k5dcecon.c index 38acee950..6eaedcc09 100644 --- a/appl/dceutils/k5dcecon.c +++ b/appl/dceutils/k5dcecon.c @@ -221,7 +221,7 @@ int k5dcesession(luid, pname, tgt, ppag, tflags) *ppag = prev_pag; strcpy(ccname+38,prev_name); - setenv("KRB5CCNAME",ccname,1); + esetenv("KRB5CCNAME",ccname,1); return(0); } @@ -315,7 +315,7 @@ int k5dcegettgt(pcache, ccname, pname, tgt) * either. */ - setenv("KRB5CCNAME",ccname,1); + esetenv("KRB5CCNAME",ccname,1); cache = NULL; *tgt = NULL; @@ -449,7 +449,7 @@ int k5dcecon(luid, luser, pname) return(0); /* but OK to continue */ } - setenv("KRB5CCNAME","",1); + esetenv("KRB5CCNAME","",1); #define TKT_ACCEPTABLE (TKT_FLG_FORWARDABLE | TKT_FLG_PROXIABLE \ | TKT_FLG_MAY_POSTDATE | TKT_FLG_RENEWABLE | TKT_FLG_HW_AUTH \ @@ -538,7 +538,7 @@ int k5dcecreate(luid, luser, pname, krbtgt) int lst; dce_error_string_t err_string; - setenv("KRB5CCNAME","",1); /* make sure it not misused */ + esetenv("KRB5CCNAME","",1); /* make sure it not misused */ uid = getuid(); DEEDEBUG2("uid=%d\n",uid); diff --git a/appl/dceutils/testpag.c b/appl/dceutils/testpag.c index a4211c246..4613fba5e 100644 --- a/appl/dceutils/testpag.c +++ b/appl/dceutils/testpag.c @@ -140,7 +140,7 @@ main(argc, argv) sprintf (ccname, "FILE:/opt/dcelocal/var/security/creds/dcecred_%8.8x", pag); - setenv("KRB5CCNAME",ccname,1); + esetenv("KRB5CCNAME",ccname,1); execl("/bin/csh","csh",0); } else { diff --git a/appl/ftp/ftpd/gss_userok.c b/appl/ftp/ftpd/gss_userok.c index 8d50052b4..a40a8ca1d 100644 --- a/appl/ftp/ftpd/gss_userok.c +++ b/appl/ftp/ftpd/gss_userok.c @@ -100,7 +100,7 @@ gss_userok(void *app_data, char *username) krb5_afslog(gssapi_krb5_context, ccache, 0, 0); } #endif - setenv ("KRB5CCNAME", ticketfile, 1); + esetenv ("KRB5CCNAME", ticketfile, 1); fail: if (ccache) diff --git a/appl/login/login.c b/appl/login/login.c index fb5a61fdb..b5959f69a 100644 --- a/appl/login/login.c +++ b/appl/login/login.c @@ -696,7 +696,7 @@ main(int argc, char **argv) } #if defined(DCE) && defined(AIX) - setenv("AUTHSTATE", "DCE", 1); + esetenv("AUTHSTATE", "DCE", 1); #endif /* XXX should we care about environment on the command line? */ diff --git a/appl/rsh/rshd.c b/appl/rsh/rshd.c index 7fc2d5a5d..d0a79d004 100644 --- a/appl/rsh/rshd.c +++ b/appl/rsh/rshd.c @@ -685,7 +685,7 @@ doit (int do_kerberos, int check_rhosts) } #if defined(DCE) && defined(AIX) - setenv("AUTHSTATE", "DCE", 1); + esetenv("AUTHSTATE", "DCE", 1); #endif pwd = getpwnam (server_user); @@ -734,7 +734,7 @@ doit (int do_kerberos, int check_rhosts) #if defined(DCE) if (kerberos_status) { - setenv("KRB5CCNAME", tkfile, 1); + esetenv("KRB5CCNAME", tkfile, 1); dfspag = krb5_dfs_pag(context, kerberos_status, user_ticket->client, server_user); } #endif diff --git a/appl/su/su.c b/appl/su/su.c index 3055fef94..f1bf43e7f 100644 --- a/appl/su/su.c +++ b/appl/su/su.c @@ -206,7 +206,7 @@ krb5_start_session(void) asprintf(&cc_name, "%s:%s", krb5_cc_get_type(context, ccache2), krb5_cc_get_name(context, ccache2)); - setenv("KRB5CCNAME", cc_name, 1); + esetenv("KRB5CCNAME", cc_name, 1); /* we want to export this even if we don't directly support KRB4 */ { @@ -220,7 +220,7 @@ krb5_start_session(void) fd = mkstemp(tkfile); if(fd >= 0) { close(fd); - setenv("KRBTKFILE", tkfile, 1); + esetenv("KRBTKFILE", tkfile, 1); } } @@ -376,16 +376,16 @@ main(int argc, char **argv) if (environ == NULL) err (1, "malloc"); environ[0] = NULL; - setenv ("PATH", _PATH_DEFPATH, 1); + esetenv ("PATH", _PATH_DEFPATH, 1); if (t) - setenv ("TERM", t, 1); + esetenv ("TERM", t, 1); if (chdir (su_info->pw_dir) < 0) errx (1, "no directory"); } if (full_login || su_info->pw_uid) - setenv ("USER", su_info->pw_name, 1); - setenv("HOME", su_info->pw_dir, 1); - setenv("SHELL", shell, 1); + esetenv ("USER", su_info->pw_name, 1); + esetenv("HOME", su_info->pw_dir, 1); + esetenv("SHELL", shell, 1); } { diff --git a/appl/telnet/libtelnet/kerberos.c b/appl/telnet/libtelnet/kerberos.c index 79605e0b6..918f52111 100644 --- a/appl/telnet/libtelnet/kerberos.c +++ b/appl/telnet/libtelnet/kerberos.c @@ -331,7 +331,7 @@ kerberos4_is(Authenticator *ap, unsigned char *data, int cnt) "%s%u", TKT_ROOT, (unsigned)pw->pw_uid); - setenv("KRBTKFILE", ts, 1); + esetenv("KRBTKFILE", ts, 1); if (pw->pw_uid == 0) syslog(LOG_INFO|LOG_AUTH, diff --git a/appl/telnet/libtelnet/kerberos5.c b/appl/telnet/libtelnet/kerberos5.c index cf9731858..cf4094cb2 100644 --- a/appl/telnet/libtelnet/kerberos5.c +++ b/appl/telnet/libtelnet/kerberos5.c @@ -277,7 +277,6 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) krb5_data outbuf; krb5_keyblock *key_block; char *name; - krb5_principal server; int zero = 0; if (cnt-- < 1) @@ -312,29 +311,13 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) return; } - ret = krb5_sock_to_principal (context, - 0, - "host", - KRB5_NT_SRV_HST, - &server); - if (ret) { - Data(ap, KRB_REJECT, "krb5_sock_to_principal failed", -1); - auth_finished(ap, AUTH_REJECT); - if (auth_debug_mode) - printf("Kerberos V5: " - "krb5_sock_to_principal failed (%s)\r\n", - krb5_get_err_text(context, ret)); - return; - } - ret = krb5_rd_req(context, &auth_context, &auth, - server, + NULL, NULL, NULL, &ticket); - krb5_free_principal (context, server); if (ret) { char *errbuf; @@ -477,7 +460,7 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) } #if defined(DCE) - setenv("KRB5CCNAME", ccname, 1); + esetenv("KRB5CCNAME", ccname, 1); #endif ret = krb5_rd_cred (context, auth_context, @@ -772,9 +755,9 @@ kerberos5_dfspag(void) { if (dfsk5ok) { dfspag = krb5_dfs_pag(context, dfsfwd, ticket->client, - UserNameRequested); + UserNameRequested); } } #endif - + #endif /* KRB5 */ diff --git a/appl/telnet/telnetd/state.c b/appl/telnet/telnetd/state.c index c39cd7129..2edfa28db 100644 --- a/appl/telnet/telnetd/state.c +++ b/appl/telnet/telnetd/state.c @@ -1016,7 +1016,7 @@ suboption(void) return; settimer(xdisplocsubopt); subpointer[SB_LEN()] = '\0'; - setenv("DISPLAY", (char *)subpointer, 1); + esetenv("DISPLAY", (char *)subpointer, 1); break; } /* end of case TELOPT_XDISPLOC */ @@ -1183,7 +1183,7 @@ suboption(void) case ENV_USERVAR: *cp = '\0'; if (valp) - setenv(varp, valp, 1); + esetenv(varp, valp, 1); else unsetenv(varp); cp = varp = (char *)subpointer; @@ -1202,7 +1202,7 @@ suboption(void) } *cp = '\0'; if (valp) - setenv(varp, valp, 1); + esetenv(varp, valp, 1); else unsetenv(varp); break; diff --git a/appl/telnet/telnetd/telnetd.c b/appl/telnet/telnetd/telnetd.c index 6cc48b812..5c7331dd3 100644 --- a/appl/telnet/telnetd/telnetd.c +++ b/appl/telnet/telnetd/telnetd.c @@ -738,7 +738,7 @@ Please contact your net administrator"); */ *user_name = 0; level = getterminaltype(user_name, sizeof(user_name)); - setenv("TERM", terminaltype ? terminaltype : "network", 1); + esetenv("TERM", terminaltype ? terminaltype : "network", 1); #ifdef _SC_CRAY_SECURE_SYS if (secflag) { diff --git a/lib/auth/afskauthlib/verify.c b/lib/auth/afskauthlib/verify.c index 1e540f199..f139dc2ba 100644 --- a/lib/auth/afskauthlib/verify.c +++ b/lib/auth/afskauthlib/verify.c @@ -286,10 +286,10 @@ afs_gettktstring (void) } } #ifdef KRB5 - setenv("KRB5CCNAME",krb5ccname,1); + esetenv("KRB5CCNAME",krb5ccname,1); #endif #ifdef KRB4 - setenv("KRBTKFILE",krbtkfile,1); + esetenv("KRBTKFILE",krbtkfile,1); return krbtkfile; #else return ""; diff --git a/lib/kdfs/k5dfspag.c b/lib/kdfs/k5dfspag.c index f7c758f06..3e48a8506 100644 --- a/lib/kdfs/k5dfspag.c +++ b/lib/kdfs/k5dfspag.c @@ -330,7 +330,7 @@ int krb5_dfs_pag(context, flag, principal, luser) close(fd[0]); if (j > 0) { newccname[j] = '\0'; - setenv("KRB5CCNAME",newccname,1); + esetenv("KRB5CCNAME",newccname,1); sscanf(&newccname[j-8],"%8x",&new_pag); if (new_pag && strncmp("FILE:/opt/dcelocal/var/security/creds/dcecred_", newccname, 46) == 0) { if((pag = krb5_dfs_newpag(new_pag)) != -2) {