#include <stdlib.h>
#include <string.h>
+#ifdef HAVE_KRB4
#include <krb.h>
+#else
+#include <mr_krb.h>
+#endif
+#include <krb5.h>
EXEC SQL INCLUDE sqlca;
RCSID("$Header$");
-static char defaultrealm[REALM_SZ];
+static char *defaultrealm = NULL;
static struct hash *users, *strings;
void init_acls(void)
{
+ krb5_context context = NULL;
+ int code;
+
users = create_hash(2000);
strings = create_hash(2000);
- krb_get_lrealm(defaultrealm, 1);
+
+ code = krb5_init_context(&context);
+ if (code)
+ goto out;
+
+ code = krb5_get_default_realm(context, &defaultrealm);
+ if (code)
+ goto out;
+
+ out:
+ if (context)
+ krb5_free_context(context);
}
void dump_krb_acl(FILE *out, char *type, int id, int vers)
sq = get_acl(type, id, NULL);
while (sq_remove_data(sq, &m))
{
- if (m->type != 'S' && m->name != NULL)
+ if (m->name == NULL)
+ {
+ fprintf(stderr, "Found string_id with no associated string. Exiting.\n");
+ exit(MR_DBMS_ERR);
+ }
+ if (m->type != 'S')
{
canon_krb(m, vers, kbuf, sizeof(kbuf));
fprintf(out, "%s\n", kbuf);
void canon_krb(struct imember *m, int vers, char *buf, int len)
{
char *at;
+ char kbuf[MAX_K_NAME_SZ];
switch (m->type)
{
break;
case 'K':
+ /* We assume we have a krb4-style namespace. If we want a krb5 acl, we need to
+ * krb5_425_conv_principal() on it. For krb4, do nothing special.
+ */
at = strchr(m->name, '@');
if (!at)
at = strchr(m->name, '\0');
- if (vers == 5)
+ snprintf(kbuf, len, "%s", m->name);
+
+ if (!*at)
{
- char *dot = strchr(m->name, '.');
- if (dot && dot < at)
- snprintf(buf, len, "%.*s/%s", dot - m->name, m->name, dot + 1);
- else
- snprintf(buf, len, "%s", m->name);
+ int plen = strlen(kbuf);
+ snprintf(kbuf + plen, len - plen, "@%s", defaultrealm);
}
- else
+
+ if (vers == 5)
{
- char *slash = strchr(m->name, '/');
- if (slash && slash < at)
- snprintf(buf, len, "%.*s.%s", slash - m->name, m->name, slash + 1);
- else
- snprintf(buf, len, "%s", m->name);
+ char name[ANAME_SZ] = "\0", inst[INST_SZ] = "\0", realm[REALM_SZ] = "\0";
+ char *kuser = NULL;
+ krb5_context context = NULL;
+ krb5_principal client = NULL;
+ int status = 0;
+
+ if (mr_kname_parse(name, inst, realm, kbuf) != 0)
+ goto out;
+
+ status = krb5_init_context(&context);
+ if (status)
+ goto out;
+
+ status = krb5_425_conv_principal(context, name, inst, realm, &client);
+ if (status)
+ goto out;
+
+ status = krb5_unparse_name(context, client, &kuser);
+ if (status)
+ goto out;
+
+ strncpy(buf, kuser, MAX_K_NAME_SZ);
+ buf[MAX_K_NAME_SZ - 1] = '\0';
+
+ out:
+ if (kuser)
+ krb5_free_unparsed_name(context, kuser);
+ if (client)
+ krb5_free_principal(context, client);
+ if (context)
+ krb5_free_context(context);
}
- if (!*at)
+ else
{
- int plen = strlen(buf);
- snprintf(buf + plen, len - plen, "@%s", defaultrealm);
+ /* v4 output, and we should already have added a realm. */
+ snprintf(buf, len, "%s", kbuf);
}
break;
}
static void save_imember(struct save_queue *sq, char *type, int id, char *tag)
{
EXEC SQL BEGIN DECLARE SECTION;
- int lid = id, mid, mid2, tagid;
+ int lid = id, mid, mid2, tagid, status;
char mtype[IMEMBERS_MEMBER_TYPE_SIZE];
EXEC SQL END DECLARE SECTION;
char *mtag;
switch (*type)
{
case 'U':
- sq_save_data(sq, imember('U', user_lookup(id), tag));
+ EXEC SQL SELECT status INTO :status FROM users WHERE users_id = :id;
+ if (status != 3)
+ sq_save_data(sq, imember('U', user_lookup(id), tag));
break;
case 'K':