From 85bc153c9d6e318d1a8986715875714f08a11c7b Mon Sep 17 00:00:00 2001
From: zacheiss <zacheiss>
Date: Thu, 10 Jul 2008 16:59:11 +0000
Subject: [PATCH] Convert v4 principals to v5 principals the right way.

---
 gen/genacl.pc | 61 ++++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 46 insertions(+), 15 deletions(-)

diff --git a/gen/genacl.pc b/gen/genacl.pc
index ad5bb038..7bff1faa 100644
--- a/gen/genacl.pc
+++ b/gen/genacl.pc
@@ -17,6 +17,7 @@
 #include <string.h>
 
 #include <krb.h>
+#include <krb5.h>
 
 EXEC SQL INCLUDE sqlca;
 
@@ -65,6 +66,7 @@ void dump_krb_acl(FILE *out, char *type, int id, int vers)
 void canon_krb(struct imember *m, int vers, char *buf, int len)
 {
   char *at;
+  char kbuf[MAX_K_NAME_SZ];
 
   switch (m->type)
     {
@@ -73,29 +75,58 @@ void canon_krb(struct imember *m, int vers, char *buf, int len)
       break;
 
     case 'K':
+      /* We assume we have a krb4-style namespace.  If we want a krb5 acl, we need to
+       * krb5_425_conv_principal() on it. For krb4, do nothing special.
+       */ 
       at = strchr(m->name, '@');
       if (!at)
 	at = strchr(m->name, '\0');
-      if (vers == 5)
+      snprintf(kbuf, len, "%s", m->name);
+
+      if (!*at)
 	{
-	  char *dot = strchr(m->name, '.');
-	  if (dot && dot < at)
-	    snprintf(buf, len, "%.*s/%s", dot - m->name, m->name, dot + 1);
-	  else
-	    snprintf(buf, len, "%s", m->name);
+	  int plen = strlen(kbuf);
+	  snprintf(kbuf + plen, len - plen, "@%s", defaultrealm);
 	}
-      else
+
+      if (vers == 5)
 	{
-	  char *slash = strchr(m->name, '/');
-	  if (slash && slash < at)
-	    snprintf(buf, len, "%.*s.%s", slash - m->name, m->name, slash + 1);
-	  else
-	    snprintf(buf, len, "%s", m->name);
+	  char name[ANAME_SZ] = "\0", inst[INST_SZ] = "\0", realm[REALM_SZ] = "\0";
+	  char *kuser = NULL;
+	  krb5_context context = NULL;
+	  krb5_principal client = NULL;
+	  int status = 0;
+
+	  if (kname_parse(name, inst, realm, kbuf) != KSUCCESS)
+	    goto out;
+
+	  status = krb5_init_context(&context);
+	  if (status)
+	    goto out;
+
+	  status = krb5_425_conv_principal(context, name, inst, realm, &client);
+	  if (status)
+	    goto out;
+
+	  status = krb5_unparse_name(context, client, &kuser);
+	  if (status)
+	    goto out;
+
+	  strncpy(buf, kuser, MAX_K_NAME_SZ);
+	  buf[MAX_K_NAME_SZ - 1] = '\0';
+
+	out:
+	  if (kuser)
+	    krb5_free_unparsed_name(context, kuser);
+	  if (client)
+	    krb5_free_principal(context, client);
+	  if (context)
+	    krb5_free_context(context);
 	}
-      if (!*at)
+      else
 	{
-	  int plen = strlen(buf);
-	  snprintf(buf + plen, len - plen, "@%s", defaultrealm);
+	  /* v4 output, and we should already have added a realm. */
+	  snprintf(buf, len, "%s", kbuf);
 	}
       break;
     }
-- 
2.45.1