aklog-old-principal-conversion-sans-524-20090315

LICENSE IPL10

we'll want to fix this differently later; since 524 is dying perhaps we need
to just ship heimdal's version of this code

diff --git a/src/aklog/aklog_main.c b/src/aklog/aklog_main.c
index d2886af..38b7b92 100644 (file)
--- a/src/aklog/aklog_main.c
+++ b/src/aklog/aklog_main.c
@@ -633,6 +633,7 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
            if (dflag)
                printf("Using Kerberos V5 ticket natively\n");
 
+#ifndef HAVE_NO_KRB5_524
            status = krb5_524_conv_principal (context, v5cred->client, &k4name, &k4inst, &k4realm);
            if (status) {
                afs_com_err(progname, status, "while converting principal "
@@ -644,6 +645,22 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
                strcat (username, ".");
                strcat (username, k4inst);
            }
+#else
+           len = min(get_princ_len(context, v5cred->client, 0),
+                     second_comp(context, v5cred->client) ?
+                     MAXKTCNAMELEN - 2 : MAXKTCNAMELEN - 1);
+           strncpy(username, get_princ_str(context, v5cred->client, 0), len);
+           username[len] = '\0';
+           
+           if (second_comp(context, v5cred->client)) {
+               strcat(username, ".");
+               p = username + strlen(username);
+               len = min(get_princ_len(context, v5cred->client, 1),
+                         MAXKTCNAMELEN - strlen(username) - 1);
+               strncpy(p, get_princ_str(context, v5cred->client, 1), len);
+               p[len] = '\0';
+           }
+#endif
 
            memset(&atoken, 0, sizeof(atoken));
            atoken.kvno = RXKAD_TKT_TYPE_KERBEROS_V5;