Issue #1829 - Revert “Issue #1751 -- Remove XP_MACOSX conditionals from the rest of the tree.”

This also removes some PP abuse and takes file entries out of PP when no longer
needed without XP_MACOSX conditionals.

This reverts commit 6f707bde95dab6998ac204f9ee6c925ee230c740.

2 files changed, 56 insertions, 0 deletions

diff --git a/extensions/auth/gssapi.h b/extensions/auth/gssapi.h
index a5331d741b..a3ce3d8c58 100644
--- a/extensions/auth/gssapi.h
+++ b/extensions/auth/gssapi.h
@@ -1,3 +1,4 @@
+/* vim:set ts=4 sw=4 sts=4 et cindent: */
 /* ***** BEGIN LICENSE BLOCK *****
  * Copyright 1993 by OpenVision Technologies, Inc.
  * 
@@ -93,6 +94,10 @@
 
 EXTERN_C_BEGIN
 
+#if defined(XP_MACOSX)
+#    pragma pack(push,2)
+#endif
+
 /*
  * If the platform supports the xom.h header file, it should be
  * included here.
@@ -833,6 +838,10 @@ GSS_CALLCONV GSS_FUNC(gss_duplicate_name)
               );
 
 
+#if defined(XP_MACOSX)
+#    pragma pack(pop)
+#endif
+
 EXTERN_C_END
 
 #endif /* GSSAPI_H_ */
diff --git a/extensions/auth/nsAuthGSSAPI.cpp b/extensions/auth/nsAuthGSSAPI.cpp
index bc99d519e3..0e273a3005 100644
--- a/extensions/auth/nsAuthGSSAPI.cpp
+++ b/extensions/auth/nsAuthGSSAPI.cpp
@@ -1,3 +1,4 @@
+/* vim:set ts=4 sw=4 sts=4 et cindent: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
@@ -24,6 +25,19 @@
 
 #include "nsAuthGSSAPI.h"
 
+#ifdef XP_MACOSX
+#include <Kerberos/Kerberos.h>
+#endif
+
+#ifdef XP_MACOSX
+typedef KLStatus (*KLCacheHasValidTickets_type)(
+    KLPrincipal,
+    KLKerberosVersion,
+    KLBoolean *,
+    KLPrincipal *,
+    char **);
+#endif
+
 #if defined(HAVE_RES_NINIT)
 #include <sys/types.h>
 #include <netinet/in.h>
@@ -77,6 +91,12 @@ static PRLibrary* gssLibrary = nullptr;
 #define gss_wrap_ptr                ((gss_wrap_type)*gssFuncs[8].func)
 #define gss_unwrap_ptr              ((gss_unwrap_type)*gssFuncs[9].func)
 
+#ifdef XP_MACOSX
+static PRFuncPtr KLCacheHasValidTicketsPtr;
+#define KLCacheHasValidTickets_ptr \
+        ((KLCacheHasValidTickets_type)*KLCacheHasValidTicketsPtr)
+#endif
+
 static nsresult
 gssInit()
 {
@@ -192,6 +212,15 @@ gssInit()
             return NS_ERROR_FAILURE;
         }
     }
+#ifdef XP_MACOSX
+    if (gssNativeImp &&
+            !(KLCacheHasValidTicketsPtr =
+               PR_FindFunctionSymbol(lib, "KLCacheHasValidTickets"))) {
+        LOG(("Fail to load KLCacheHasValidTickets function from gssapi library\n"));
+        PR_UnloadLibrary(lib);
+        return NS_ERROR_FAILURE;
+    }
+#endif
 
     gssLibrary = lib;
     return NS_OK;
@@ -412,6 +441,24 @@ nsAuthGSSAPI::GetNextToken(const void *inToken,
         return NS_ERROR_UNEXPECTED; 
     }
 
+#if defined(XP_MACOSX)
+    // Suppress Kerberos prompts to get credentials.  See bug 240643.
+    // We can only use Mac OS X specific kerb functions if we are using 
+    // the native lib
+    KLBoolean found;    
+    bool doingMailTask = mServiceName.Find("imap@") ||
+                           mServiceName.Find("pop@") ||
+                           mServiceName.Find("smtp@") ||
+                           mServiceName.Find("ldap@");
+    
+    if (!doingMailTask && (gssNativeImp &&
+         (KLCacheHasValidTickets_ptr(nullptr, kerberosVersion_V5, &found, nullptr, nullptr) != klNoErr || !found)))
+    {
+        major_status = GSS_S_FAILURE;
+        minor_status = 0;
+    }
+    else
+#endif /* XP_MACOSX */
     major_status = gss_init_sec_context_ptr(&minor_status,
                                             GSS_C_NO_CREDENTIAL,
                                             &mCtx,