macos: avoid KLRenewInitialTickets crash in Lion

the shimmed heimdal in Lion crashes on this call now.
the shim also exports diddly squat. fine, we pick over what
IS exported and use only calls available to us.

should be exactly as functional as before.

Reviewed-on: http://gerrit.openafs.org/5065
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
(cherry picked from commit 62cccc4547bd816dfffb2c1a4431c3c674d302f8)

Change-Id: I44ec9305c3f8e07cb68b2614b237b62e29a66516
Reviewed-on: http://gerrit.openafs.org/5071
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>

diff --git a/src/platform/DARWIN/AFSPreference/Krb5Util.m b/src/platform/DARWIN/AFSPreference/Krb5Util.m
index f88d882207688778ceb684781f6707a3ad074905..2b892e17b38bba8575ecc394ddf10d602bd13779 100644 (file)
--- a/src/platform/DARWIN/AFSPreference/Krb5Util.m
+++ b/src/platform/DARWIN/AFSPreference/Krb5Util.m
@@ -122,10 +122,66 @@
                //NSLog(@"Ticket Expiration time: %@", [expirationDate description]);
                NSTimeInterval secondToExpireTime = [expirationDate timeIntervalSinceNow];
                if(secondToExpireTime <= secToExpire) {
-                       kstatus = KLRenewInitialTickets ( nil, inLoginOptions, nil, nil);
-                       //kstatus = KLTicketExpirationTime (nil, kerberosVersion_All, &expireStartTime);
-                       //expirationDate = [NSDate dateWithTimeIntervalSince1970:expireStartTime];
-                       //NSLog(@"Ticket Renewed Unitl %@", expirationDate);
+#if defined(MAC_OS_X_VERSION_10_7) && (MAC_OS_X_VERSION_MAX_ALLOWED > MAC_OS_X_VERSION_10_6)
+                       krb5_creds in;
+                       krb5_error_code ret;
+                       krb5_ccache id = NULL;
+                       static dispatch_once_t once = 0;
+                       static krb5_context kcontext;
+                       krb5_principal me=NULL;
+                       krb5_principal server=NULL;
+                       krb5_timestamp now;
+
+                       dispatch_once(&once, ^{
+                                       krb5_init_context(&kcontext);
+                               });
+
+                       krb5_timeofday(kcontext, &now);
+                       memset((char *)&in, 0, sizeof(in));
+                       in.times.starttime = 0;
+                       in.times.endtime = now + inTicketLifetime;
+                       in.times.renew_till = now + inTicketLifetime;
+
+                       krb5_cc_default(kcontext, &id);
+                       if (ret == 0) {
+                               ret = krb5_cc_get_principal(kcontext, id,
+                                                           &me);
+                               in.client = me;
+                       }
+                       if (ret == 0) {
+                         ret = krb5_build_principal_ext(kcontext, &server,
+                                                      krb5_princ_realm(kcontext,
+                                                                       in.client)->length,
+                                                      krb5_princ_realm(kcontext,
+                                                                       in.client)->data,
+                                                      6, "krbtgt",
+                                                      krb5_princ_realm(kcontext,
+                                                                       in.client)->length,
+                                                      krb5_princ_realm(kcontext,
+                                                                       in.client)->data,
+                                                      0);
+                       }
+                       if (ret == 0) {
+                         in.server = server;
+                         ret = krb5_get_renewed_creds(kcontext, &in, me, id, server);
+                       }
+                       if (ret == 0) {
+                         ret = krb5_cc_initialize (kcontext, id, me);
+                         ret = krb5_cc_store_cred(kcontext, id, &in);
+                         krb5_cc_close(kcontext,id);
+                       }
+                       krb5_free_principal(kcontext, server);
+#else
+                       KLPrincipal klprinc = nil;
+                       kstatus = KLRenewInitialTickets ( klprinc, inLoginOptions, nil, nil);
+#endif
+
+#if 0
+                       /* handoff to growl agent? */
+                       kstatus = KLTicketExpirationTime (nil, kerberosVersion_All, &expireStartTime);
+                       expirationDate = [NSDate dateWithTimeIntervalSince1970:expireStartTime];
+                       BuildNotificationInfo(@"Ticket Renewed Unitl %@", expirationDate,  callbackInfo->dcref, callbackInfo->regref, callbackInfo->icon);
+#endif
                }
        }
        @catch (NSException * e) {