diff options
Diffstat (limited to 'extensions/auth')
-rw-r--r-- | extensions/auth/gssapi.h | 9 | ||||
-rw-r--r-- | extensions/auth/nsAuthGSSAPI.cpp | 47 |
2 files changed, 56 insertions, 0 deletions
diff --git a/extensions/auth/gssapi.h b/extensions/auth/gssapi.h index a5331d741b..a3ce3d8c58 100644 --- a/extensions/auth/gssapi.h +++ b/extensions/auth/gssapi.h @@ -1,3 +1,4 @@ +/* vim:set ts=4 sw=4 sts=4 et cindent: */ /* ***** BEGIN LICENSE BLOCK ***** * Copyright 1993 by OpenVision Technologies, Inc. * @@ -93,6 +94,10 @@ EXTERN_C_BEGIN +#if defined(XP_MACOSX) +# pragma pack(push,2) +#endif + /* * If the platform supports the xom.h header file, it should be * included here. @@ -833,6 +838,10 @@ GSS_CALLCONV GSS_FUNC(gss_duplicate_name) ); +#if defined(XP_MACOSX) +# pragma pack(pop) +#endif + EXTERN_C_END #endif /* GSSAPI_H_ */ diff --git a/extensions/auth/nsAuthGSSAPI.cpp b/extensions/auth/nsAuthGSSAPI.cpp index bc99d519e3..0e273a3005 100644 --- a/extensions/auth/nsAuthGSSAPI.cpp +++ b/extensions/auth/nsAuthGSSAPI.cpp @@ -1,3 +1,4 @@ +/* vim:set ts=4 sw=4 sts=4 et cindent: */ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ @@ -24,6 +25,19 @@ #include "nsAuthGSSAPI.h" +#ifdef XP_MACOSX +#include <Kerberos/Kerberos.h> +#endif + +#ifdef XP_MACOSX +typedef KLStatus (*KLCacheHasValidTickets_type)( + KLPrincipal, + KLKerberosVersion, + KLBoolean *, + KLPrincipal *, + char **); +#endif + #if defined(HAVE_RES_NINIT) #include <sys/types.h> #include <netinet/in.h> @@ -77,6 +91,12 @@ static PRLibrary* gssLibrary = nullptr; #define gss_wrap_ptr ((gss_wrap_type)*gssFuncs[8].func) #define gss_unwrap_ptr ((gss_unwrap_type)*gssFuncs[9].func) +#ifdef XP_MACOSX +static PRFuncPtr KLCacheHasValidTicketsPtr; +#define KLCacheHasValidTickets_ptr \ + ((KLCacheHasValidTickets_type)*KLCacheHasValidTicketsPtr) +#endif + static nsresult gssInit() { @@ -192,6 +212,15 @@ gssInit() return NS_ERROR_FAILURE; } } +#ifdef XP_MACOSX + if (gssNativeImp && + !(KLCacheHasValidTicketsPtr = + PR_FindFunctionSymbol(lib, "KLCacheHasValidTickets"))) { + LOG(("Fail to load KLCacheHasValidTickets function from gssapi library\n")); + PR_UnloadLibrary(lib); + return NS_ERROR_FAILURE; + } +#endif gssLibrary = lib; return NS_OK; @@ -412,6 +441,24 @@ nsAuthGSSAPI::GetNextToken(const void *inToken, return NS_ERROR_UNEXPECTED; } +#if defined(XP_MACOSX) + // Suppress Kerberos prompts to get credentials. See bug 240643. + // We can only use Mac OS X specific kerb functions if we are using + // the native lib + KLBoolean found; + bool doingMailTask = mServiceName.Find("imap@") || + mServiceName.Find("pop@") || + mServiceName.Find("smtp@") || + mServiceName.Find("ldap@"); + + if (!doingMailTask && (gssNativeImp && + (KLCacheHasValidTickets_ptr(nullptr, kerberosVersion_V5, &found, nullptr, nullptr) != klNoErr || !found))) + { + major_status = GSS_S_FAILURE; + minor_status = 0; + } + else +#endif /* XP_MACOSX */ major_status = gss_init_sec_context_ptr(&minor_status, GSS_C_NO_CREDENTIAL, &mCtx, |