These functions return 0 on success, not failure.

[moira.git] / clients / lib / member.c

diff --git a/clients/lib/member.c b/clients/lib/member.c
index b47d452839027621353adfe45cbf79bfca2067c3..1e442588e5b7ac1145202ee6c9ab2a0bb3b79403 100644 (file)
--- a/clients/lib/member.c
+++ b/clients/lib/member.c
@@ -17,12 +17,10 @@
 #include <string.h>
 #include <ctype.h>
 
-#include <krb.h>
+#include <krb5.h>
 
 RCSID("$Header$");
 
-static char default_realm[REALM_SZ];
-
 int mrcl_validate_string_member(char *str)
 {
   char *p, *lname, *ret;
@@ -69,9 +67,22 @@ int mrcl_validate_string_member(char *str)
 int mrcl_validate_kerberos_member(char *str, char **ret)
 {
   char *p;
+  int code = 0;
+  krb5_context context = NULL;
+  char *default_realm = NULL;
 
   mrcl_clear_message();
 
+  for (p = str; *p; p++)
+    {
+      if (isspace(*p) || *p == ',')
+       {
+         mrcl_set_message("KERBEROS member \"%s\" may not contain whitespace "
+                          "or commas.", str);
+         return MRCL_REJECT;
+       }
+    }
+
   p = strchr(str, '@');
   if (!p)
     {
@@ -87,14 +98,27 @@ int mrcl_validate_kerberos_member(char *str, char **ret)
          return MRCL_SUCCESS;
        }
 
-      if (!*default_realm)
-       krb_get_lrealm(default_realm, 1);
+      code = krb5_init_context(&context);
+      if (code)
+        goto out;
+
+      code = krb5_get_default_realm(context, &default_realm);
+      if (code)
+        goto out;
 
       *ret = malloc(strlen(str) + strlen(default_realm) + 2);
       sprintf(*ret, "%s@%s", str, default_realm);
 
       mrcl_set_message("Warning: default realm \"%s\" added to principal "
                       "\"%s\"", default_realm, str);
+
+    out:
+      if (default_realm)
+        free(default_realm);
+      if (context)
+        krb5_free_context(context);
+      if (!code)
+        return code;
       return MRCL_SUCCESS;
     }