From 62cccc4547bd816dfffb2c1a4431c3c674d302f8 Mon Sep 17 00:00:00 2001 From: Derrick Brashear Date: Fri, 22 Jul 2011 14:24:08 -0400 Subject: [PATCH] macos: avoid KLRenewInitialTickets crash in Lion the shimmed heimdal in Lion crashes on this call now. the shim also exports diddly squat. fine, we pick over what IS exported and use only calls available to us. should be exactly as functional as before. Change-Id: I6a55209b94694e8eb462bc0a4607a891b9f8b570 Reviewed-on: http://gerrit.openafs.org/5065 Tested-by: BuildBot Reviewed-by: Derrick Brashear --- src/platform/DARWIN/AFSPreference/Krb5Util.m | 64 ++++++++++++++++++-- 1 file changed, 60 insertions(+), 4 deletions(-) diff --git a/src/platform/DARWIN/AFSPreference/Krb5Util.m b/src/platform/DARWIN/AFSPreference/Krb5Util.m index f88d88220..2b892e17b 100644 --- a/src/platform/DARWIN/AFSPreference/Krb5Util.m +++ b/src/platform/DARWIN/AFSPreference/Krb5Util.m @@ -122,10 +122,66 @@ //NSLog(@"Ticket Expiration time: %@", [expirationDate description]); NSTimeInterval secondToExpireTime = [expirationDate timeIntervalSinceNow]; if(secondToExpireTime <= secToExpire) { - kstatus = KLRenewInitialTickets ( nil, inLoginOptions, nil, nil); - //kstatus = KLTicketExpirationTime (nil, kerberosVersion_All, &expireStartTime); - //expirationDate = [NSDate dateWithTimeIntervalSince1970:expireStartTime]; - //NSLog(@"Ticket Renewed Unitl %@", expirationDate); +#if defined(MAC_OS_X_VERSION_10_7) && (MAC_OS_X_VERSION_MAX_ALLOWED > MAC_OS_X_VERSION_10_6) + krb5_creds in; + krb5_error_code ret; + krb5_ccache id = NULL; + static dispatch_once_t once = 0; + static krb5_context kcontext; + krb5_principal me=NULL; + krb5_principal server=NULL; + krb5_timestamp now; + + dispatch_once(&once, ^{ + krb5_init_context(&kcontext); + }); + + krb5_timeofday(kcontext, &now); + memset((char *)&in, 0, sizeof(in)); + in.times.starttime = 0; + in.times.endtime = now + inTicketLifetime; + in.times.renew_till = now + inTicketLifetime; + + krb5_cc_default(kcontext, &id); + if (ret == 0) { + ret = krb5_cc_get_principal(kcontext, id, + &me); + in.client = me; + } + if (ret == 0) { + ret = krb5_build_principal_ext(kcontext, &server, + krb5_princ_realm(kcontext, + in.client)->length, + krb5_princ_realm(kcontext, + in.client)->data, + 6, "krbtgt", + krb5_princ_realm(kcontext, + in.client)->length, + krb5_princ_realm(kcontext, + in.client)->data, + 0); + } + if (ret == 0) { + in.server = server; + ret = krb5_get_renewed_creds(kcontext, &in, me, id, server); + } + if (ret == 0) { + ret = krb5_cc_initialize (kcontext, id, me); + ret = krb5_cc_store_cred(kcontext, id, &in); + krb5_cc_close(kcontext,id); + } + krb5_free_principal(kcontext, server); +#else + KLPrincipal klprinc = nil; + kstatus = KLRenewInitialTickets ( klprinc, inLoginOptions, nil, nil); +#endif + +#if 0 + /* handoff to growl agent? */ + kstatus = KLTicketExpirationTime (nil, kerberosVersion_All, &expireStartTime); + expirationDate = [NSDate dateWithTimeIntervalSince1970:expireStartTime]; + BuildNotificationInfo(@"Ticket Renewed Unitl %@", expirationDate, callbackInfo->dcref, callbackInfo->regref, callbackInfo->icon); +#endif } } @catch (NSException * e) { -- 2.39.5