author | lancea |
Wed, 07 Aug 2019 14:04:10 -0400 | |
changeset 57670 | cffcc4c5a5ba |
parent 57487 | 643978a35f6e |
child 58331 | e4ce29f6094e |
permissions | -rw-r--r-- |
12047 | 1 |
/* |
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
47216
diff
changeset
|
2 |
* Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved. |
12047 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
7 |
* published by the Free Software Foundation. Oracle designates this |
|
8 |
* particular file as subject to the "Classpath" exception as provided |
|
9 |
* by Oracle in the LICENSE file that accompanied this code. |
|
10 |
* |
|
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
24 |
*/ |
|
25 |
||
26 |
#import "sun_security_krb5_Credentials.h" |
|
27 |
#import <Kerberos/Kerberos.h> |
|
29491 | 28 |
#import <string.h> |
29 |
#import <time.h> |
|
12047 | 30 |
|
33653
c1ee09fe3274
8136556: Add the ability to perform static builds of MacOSX x64 binaries
bobv
parents:
29491
diff
changeset
|
31 |
#include "jni_util.h" |
c1ee09fe3274
8136556: Add the ability to perform static builds of MacOSX x64 binaries
bobv
parents:
29491
diff
changeset
|
32 |
|
12047 | 33 |
/* |
34 |
* Based largely on klist.c, |
|
35 |
* |
|
36 |
* Created by Scott Kovatch on 8/12/04. |
|
37 |
* |
|
38 |
* See http://www.opensource.apple.com/darwinsource/10.3.3/Kerberos-47/KerberosClients/klist/Sources/klist.c |
|
39 |
||
40 |
*/ |
|
41 |
||
42 |
/* |
|
43 |
* Statics for this module |
|
44 |
*/ |
|
45 |
||
46 |
static jclass derValueClass = NULL; |
|
47 |
static jclass ticketClass = NULL; |
|
48 |
static jclass principalNameClass = NULL; |
|
49 |
static jclass encryptionKeyClass = NULL; |
|
50 |
static jclass ticketFlagsClass = NULL; |
|
51 |
static jclass kerberosTimeClass = NULL; |
|
52 |
static jclass javaLangStringClass = NULL; |
|
53 |
static jclass javaLangIntegerClass = NULL; |
|
54 |
static jclass hostAddressClass = NULL; |
|
55 |
static jclass hostAddressesClass = NULL; |
|
56 |
||
57 |
static jmethodID derValueConstructor = 0; |
|
58 |
static jmethodID ticketConstructor = 0; |
|
59 |
static jmethodID principalNameConstructor = 0; |
|
60 |
static jmethodID encryptionKeyConstructor = 0; |
|
61 |
static jmethodID ticketFlagsConstructor = 0; |
|
62 |
static jmethodID kerberosTimeConstructor = 0; |
|
63 |
static jmethodID krbcredsConstructor = 0; |
|
64 |
static jmethodID integerConstructor = 0; |
|
65 |
static jmethodID hostAddressConstructor = 0; |
|
66 |
static jmethodID hostAddressesConstructor = 0; |
|
67 |
||
68 |
/* |
|
69 |
* Function prototypes for internal routines |
|
70 |
*/ |
|
71 |
||
72 |
static jobject BuildTicket(JNIEnv *env, krb5_data *encodedTicket); |
|
73 |
static jobject BuildClientPrincipal(JNIEnv *env, krb5_context kcontext, krb5_principal principalName); |
|
74 |
static jobject BuildEncryptionKey(JNIEnv *env, krb5_keyblock *cryptoKey); |
|
75 |
static jobject BuildTicketFlags(JNIEnv *env, krb5_flags flags); |
|
76 |
static jobject BuildKerberosTime(JNIEnv *env, krb5_timestamp kerbtime); |
|
77 |
static jobject BuildAddressList(JNIEnv *env, krb5_address **kerbtime); |
|
78 |
||
79 |
static void printiferr (errcode_t err, const char *format, ...); |
|
80 |
||
81 |
static jclass FindClass(JNIEnv *env, char *className) |
|
82 |
{ |
|
83 |
jclass cls = (*env)->FindClass(env, className); |
|
84 |
||
85 |
if (cls == NULL) { |
|
86 |
printf("Couldn't find %s\n", className); |
|
87 |
return NULL; |
|
88 |
} |
|
89 |
||
90 |
jobject returnValue = (*env)->NewWeakGlobalRef(env,cls); |
|
91 |
return returnValue; |
|
92 |
} |
|
93 |
/* |
|
94 |
* Class: sun_security_krb5_KrbCreds |
|
95 |
* Method: JNI_OnLoad |
|
96 |
*/ |
|
33653
c1ee09fe3274
8136556: Add the ability to perform static builds of MacOSX x64 binaries
bobv
parents:
29491
diff
changeset
|
97 |
JNIEXPORT jint JNICALL DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) |
12047 | 98 |
{ |
99 |
JNIEnv *env; |
|
100 |
||
101 |
if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_4)) { |
|
102 |
return JNI_EVERSION; /* JNI version not supported */ |
|
103 |
} |
|
104 |
||
105 |
ticketClass = FindClass(env, "sun/security/krb5/internal/Ticket"); |
|
106 |
if (ticketClass == NULL) return JNI_ERR; |
|
107 |
||
108 |
principalNameClass = FindClass(env, "sun/security/krb5/PrincipalName"); |
|
109 |
if (principalNameClass == NULL) return JNI_ERR; |
|
110 |
||
111 |
derValueClass = FindClass(env, "sun/security/util/DerValue"); |
|
112 |
if (derValueClass == NULL) return JNI_ERR; |
|
113 |
||
114 |
encryptionKeyClass = FindClass(env, "sun/security/krb5/EncryptionKey"); |
|
115 |
if (encryptionKeyClass == NULL) return JNI_ERR; |
|
116 |
||
117 |
ticketFlagsClass = FindClass(env,"sun/security/krb5/internal/TicketFlags"); |
|
118 |
if (ticketFlagsClass == NULL) return JNI_ERR; |
|
119 |
||
120 |
kerberosTimeClass = FindClass(env,"sun/security/krb5/internal/KerberosTime"); |
|
121 |
if (kerberosTimeClass == NULL) return JNI_ERR; |
|
122 |
||
123 |
javaLangStringClass = FindClass(env,"java/lang/String"); |
|
124 |
if (javaLangStringClass == NULL) return JNI_ERR; |
|
125 |
||
126 |
javaLangIntegerClass = FindClass(env,"java/lang/Integer"); |
|
127 |
if (javaLangIntegerClass == NULL) return JNI_ERR; |
|
128 |
||
129 |
hostAddressClass = FindClass(env,"sun/security/krb5/internal/HostAddress"); |
|
130 |
if (hostAddressClass == NULL) return JNI_ERR; |
|
131 |
||
132 |
hostAddressesClass = FindClass(env,"sun/security/krb5/internal/HostAddresses"); |
|
133 |
if (hostAddressesClass == NULL) return JNI_ERR; |
|
134 |
||
135 |
derValueConstructor = (*env)->GetMethodID(env, derValueClass, "<init>", "([B)V"); |
|
136 |
if (derValueConstructor == 0) { |
|
137 |
printf("Couldn't find DerValue constructor\n"); |
|
138 |
return JNI_ERR; |
|
139 |
} |
|
140 |
||
141 |
ticketConstructor = (*env)->GetMethodID(env, ticketClass, "<init>", "(Lsun/security/util/DerValue;)V"); |
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
142 |
if (ticketConstructor == 0) { |
12047 | 143 |
printf("Couldn't find Ticket constructor\n"); |
144 |
return JNI_ERR; |
|
145 |
} |
|
146 |
||
147 |
principalNameConstructor = (*env)->GetMethodID(env, principalNameClass, "<init>", "(Ljava/lang/String;I)V"); |
|
148 |
if (principalNameConstructor == 0) { |
|
149 |
printf("Couldn't find PrincipalName constructor\n"); |
|
150 |
return JNI_ERR; |
|
151 |
} |
|
152 |
||
153 |
encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass, "<init>", "(I[B)V"); |
|
154 |
if (encryptionKeyConstructor == 0) { |
|
155 |
printf("Couldn't find EncryptionKey constructor\n"); |
|
156 |
return JNI_ERR; |
|
157 |
} |
|
158 |
||
159 |
ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass, "<init>", "(I[B)V"); |
|
160 |
if (ticketFlagsConstructor == 0) { |
|
161 |
printf("Couldn't find TicketFlags constructor\n"); |
|
162 |
return JNI_ERR; |
|
163 |
} |
|
164 |
||
165 |
kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass, "<init>", "(J)V"); |
|
166 |
if (kerberosTimeConstructor == 0) { |
|
167 |
printf("Couldn't find KerberosTime constructor\n"); |
|
168 |
return JNI_ERR; |
|
169 |
} |
|
170 |
||
171 |
integerConstructor = (*env)->GetMethodID(env, javaLangIntegerClass, "<init>", "(I)V"); |
|
172 |
if (integerConstructor == 0) { |
|
173 |
printf("Couldn't find Integer constructor\n"); |
|
174 |
return JNI_ERR; |
|
175 |
} |
|
176 |
||
177 |
hostAddressConstructor = (*env)->GetMethodID(env, hostAddressClass, "<init>", "(I[B)V"); |
|
178 |
if (hostAddressConstructor == 0) { |
|
179 |
printf("Couldn't find HostAddress constructor\n"); |
|
180 |
return JNI_ERR; |
|
181 |
} |
|
182 |
||
183 |
hostAddressesConstructor = (*env)->GetMethodID(env, hostAddressesClass, "<init>", "([Lsun/security/krb5/internal/HostAddress;)V"); |
|
184 |
if (hostAddressesConstructor == 0) { |
|
185 |
printf("Couldn't find HostAddresses constructor\n"); |
|
186 |
return JNI_ERR; |
|
187 |
} |
|
188 |
||
189 |
return JNI_VERSION_1_2; |
|
190 |
} |
|
191 |
||
192 |
/* |
|
193 |
* Class: sun_security_jgss_KrbCreds |
|
194 |
* Method: JNI_OnUnload |
|
195 |
*/ |
|
33653
c1ee09fe3274
8136556: Add the ability to perform static builds of MacOSX x64 binaries
bobv
parents:
29491
diff
changeset
|
196 |
JNIEXPORT void JNICALL DEF_JNI_OnUnload(JavaVM *jvm, void *reserved) |
12047 | 197 |
{ |
198 |
JNIEnv *env; |
|
199 |
||
200 |
if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) { |
|
201 |
return; /* Nothing else we can do */ |
|
202 |
} |
|
203 |
||
204 |
if (ticketClass != NULL) { |
|
205 |
(*env)->DeleteWeakGlobalRef(env,ticketClass); |
|
206 |
} |
|
207 |
if (derValueClass != NULL) { |
|
208 |
(*env)->DeleteWeakGlobalRef(env,derValueClass); |
|
209 |
} |
|
210 |
if (principalNameClass != NULL) { |
|
211 |
(*env)->DeleteWeakGlobalRef(env,principalNameClass); |
|
212 |
} |
|
213 |
if (encryptionKeyClass != NULL) { |
|
214 |
(*env)->DeleteWeakGlobalRef(env,encryptionKeyClass); |
|
215 |
} |
|
216 |
if (ticketFlagsClass != NULL) { |
|
217 |
(*env)->DeleteWeakGlobalRef(env,ticketFlagsClass); |
|
218 |
} |
|
219 |
if (kerberosTimeClass != NULL) { |
|
220 |
(*env)->DeleteWeakGlobalRef(env,kerberosTimeClass); |
|
221 |
} |
|
222 |
if (javaLangStringClass != NULL) { |
|
223 |
(*env)->DeleteWeakGlobalRef(env,javaLangStringClass); |
|
224 |
} |
|
225 |
if (javaLangIntegerClass != NULL) { |
|
226 |
(*env)->DeleteWeakGlobalRef(env,javaLangIntegerClass); |
|
227 |
} |
|
228 |
if (hostAddressClass != NULL) { |
|
229 |
(*env)->DeleteWeakGlobalRef(env,hostAddressClass); |
|
230 |
} |
|
231 |
if (hostAddressesClass != NULL) { |
|
232 |
(*env)->DeleteWeakGlobalRef(env,hostAddressesClass); |
|
233 |
} |
|
234 |
||
235 |
} |
|
236 |
||
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
237 |
int isIn(krb5_enctype e, int n, jint* etypes) |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
238 |
{ |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
239 |
int i; |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
240 |
for (i=0; i<n; i++) { |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
241 |
if (e == etypes[i]) return 1; |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
242 |
} |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
243 |
return 0; |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
244 |
} |
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
245 |
|
12047 | 246 |
/* |
247 |
* Class: sun_security_krb5_Credentials |
|
248 |
* Method: acquireDefaultNativeCreds |
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
249 |
* Signature: ([I])Lsun/security/krb5/Credentials; |
12047 | 250 |
*/ |
251 |
JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativeCreds |
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
252 |
(JNIEnv *env, jclass krbcredsClass, jintArray jetypes) |
12047 | 253 |
{ |
254 |
jobject krbCreds = NULL; |
|
255 |
krb5_error_code err = 0; |
|
256 |
krb5_ccache ccache = NULL; |
|
257 |
krb5_cc_cursor cursor = NULL; |
|
258 |
krb5_creds creds; |
|
259 |
krb5_flags flags = 0; |
|
260 |
krb5_context kcontext = NULL; |
|
261 |
||
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
262 |
int netypes; |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
263 |
jint *etypes = NULL; |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
264 |
|
12047 | 265 |
/* Initialize the Kerberos 5 context */ |
266 |
err = krb5_init_context (&kcontext); |
|
267 |
||
268 |
if (!err) { |
|
269 |
err = krb5_cc_default (kcontext, &ccache); |
|
270 |
} |
|
271 |
||
272 |
if (!err) { |
|
273 |
err = krb5_cc_set_flags (kcontext, ccache, flags); /* turn off OPENCLOSE */ |
|
274 |
} |
|
275 |
||
276 |
if (!err) { |
|
277 |
err = krb5_cc_start_seq_get (kcontext, ccache, &cursor); |
|
278 |
} |
|
279 |
||
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
280 |
netypes = (*env)->GetArrayLength(env, jetypes); |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
281 |
etypes = (jint *) (*env)->GetIntArrayElements(env, jetypes, NULL); |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
282 |
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
283 |
if (etypes != NULL && !err) { |
12047 | 284 |
while ((err = krb5_cc_next_cred (kcontext, ccache, &cursor, &creds)) == 0) { |
285 |
char *serverName = NULL; |
|
286 |
||
287 |
if (!err) { |
|
288 |
err = krb5_unparse_name (kcontext, creds.server, &serverName); |
|
289 |
printiferr (err, "while unparsing server name"); |
|
290 |
} |
|
291 |
||
292 |
if (!err) { |
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
293 |
char* slash = strchr(serverName, '/'); |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
294 |
char* at = strchr(serverName, '@'); |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
295 |
// Make sure the server's name is krbtgt/REALM@REALM, the etype |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
296 |
// is supported, and the ticket has not expired |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
297 |
if (slash && at && |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
298 |
strncmp (serverName, "krbtgt", slash-serverName) == 0 && |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
299 |
// the ablove line shows at must be after slash |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
300 |
strncmp (slash+1, at+1, at-slash-1) == 0 && |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
301 |
isIn (creds.keyblock.enctype, netypes, etypes) && |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
302 |
creds.times.endtime > time(0)) { |
12047 | 303 |
jobject ticket, clientPrincipal, targetPrincipal, encryptionKey; |
304 |
jobject ticketFlags, startTime, endTime; |
|
305 |
jobject authTime, renewTillTime, hostAddresses; |
|
306 |
||
307 |
ticket = clientPrincipal = targetPrincipal = encryptionKey = NULL; |
|
308 |
ticketFlags = startTime = endTime = NULL; |
|
309 |
authTime = renewTillTime = hostAddresses = NULL; |
|
310 |
||
311 |
// For the default credentials we're only interested in the krbtgt server. |
|
312 |
clientPrincipal = BuildClientPrincipal(env, kcontext, creds.client); |
|
313 |
if (clientPrincipal == NULL) goto cleanup; |
|
314 |
||
315 |
targetPrincipal = BuildClientPrincipal(env, kcontext, creds.server); |
|
316 |
if (targetPrincipal == NULL) goto cleanup; |
|
317 |
||
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
318 |
// Build a sun/security/krb5/internal/Ticket |
12047 | 319 |
ticket = BuildTicket(env, &creds.ticket); |
320 |
if (ticket == NULL) goto cleanup; |
|
321 |
||
322 |
// Get the encryption key |
|
323 |
encryptionKey = BuildEncryptionKey(env, &creds.keyblock); |
|
324 |
if (encryptionKey == NULL) goto cleanup; |
|
325 |
||
326 |
// and the ticket flags |
|
327 |
ticketFlags = BuildTicketFlags(env, creds.ticket_flags); |
|
328 |
if (ticketFlags == NULL) goto cleanup; |
|
329 |
||
330 |
// Get the timestamps out. |
|
331 |
startTime = BuildKerberosTime(env, creds.times.starttime); |
|
332 |
if (startTime == NULL) goto cleanup; |
|
333 |
||
334 |
authTime = BuildKerberosTime(env, creds.times.authtime); |
|
335 |
if (authTime == NULL) goto cleanup; |
|
336 |
||
337 |
endTime = BuildKerberosTime(env, creds.times.endtime); |
|
338 |
if (endTime == NULL) goto cleanup; |
|
339 |
||
340 |
renewTillTime = BuildKerberosTime(env, creds.times.renew_till); |
|
341 |
if (renewTillTime == NULL) goto cleanup; |
|
342 |
||
343 |
// Create the addresses object. |
|
344 |
hostAddresses = BuildAddressList(env, creds.addresses); |
|
345 |
||
346 |
if (krbcredsConstructor == 0) { |
|
347 |
krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "<init>", |
|
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
47216
diff
changeset
|
348 |
"(Lsun/security/krb5/internal/Ticket;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/EncryptionKey;Lsun/security/krb5/internal/TicketFlags;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/HostAddresses;)V"); |
12047 | 349 |
if (krbcredsConstructor == 0) { |
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
350 |
printf("Couldn't find sun.security.krb5.internal.Ticket constructor\n"); |
12047 | 351 |
break; |
352 |
} |
|
353 |
} |
|
354 |
||
355 |
// and now go build a KrbCreds object |
|
356 |
krbCreds = (*env)->NewObject( |
|
357 |
env, |
|
358 |
krbcredsClass, |
|
359 |
krbcredsConstructor, |
|
360 |
ticket, |
|
361 |
clientPrincipal, |
|
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
47216
diff
changeset
|
362 |
NULL, |
12047 | 363 |
targetPrincipal, |
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
47216
diff
changeset
|
364 |
NULL, |
12047 | 365 |
encryptionKey, |
366 |
ticketFlags, |
|
367 |
authTime, |
|
368 |
startTime, |
|
369 |
endTime, |
|
370 |
renewTillTime, |
|
371 |
hostAddresses); |
|
372 |
cleanup: |
|
373 |
if (ticket) (*env)->DeleteLocalRef(env, ticket); |
|
374 |
if (clientPrincipal) (*env)->DeleteLocalRef(env, clientPrincipal); |
|
375 |
if (targetPrincipal) (*env)->DeleteLocalRef(env, targetPrincipal); |
|
376 |
if (encryptionKey) (*env)->DeleteLocalRef(env, encryptionKey); |
|
377 |
if (ticketFlags) (*env)->DeleteLocalRef(env, ticketFlags); |
|
378 |
if (authTime) (*env)->DeleteLocalRef(env, authTime); |
|
379 |
if (startTime) (*env)->DeleteLocalRef(env, startTime); |
|
380 |
if (endTime) (*env)->DeleteLocalRef(env, endTime); |
|
381 |
if (renewTillTime) (*env)->DeleteLocalRef(env, renewTillTime); |
|
382 |
if (hostAddresses) (*env)->DeleteLocalRef(env, hostAddresses); |
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
383 |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
384 |
// Stop if there is an exception or we already found the initial TGT |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
385 |
if ((*env)->ExceptionCheck(env) || krbCreds) { |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
386 |
break; |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
387 |
} |
12047 | 388 |
} |
389 |
} |
|
390 |
||
391 |
if (serverName != NULL) { krb5_free_unparsed_name (kcontext, serverName); } |
|
392 |
||
393 |
krb5_free_cred_contents (kcontext, &creds); |
|
394 |
} |
|
395 |
||
396 |
if (err == KRB5_CC_END) { err = 0; } |
|
397 |
printiferr (err, "while retrieving a ticket"); |
|
398 |
} |
|
399 |
||
400 |
if (!err) { |
|
401 |
err = krb5_cc_end_seq_get (kcontext, ccache, &cursor); |
|
402 |
printiferr (err, "while finishing ticket retrieval"); |
|
403 |
} |
|
404 |
||
405 |
if (!err) { |
|
406 |
flags = KRB5_TC_OPENCLOSE; /* restore OPENCLOSE mode */ |
|
407 |
err = krb5_cc_set_flags (kcontext, ccache, flags); |
|
408 |
printiferr (err, "while finishing ticket retrieval"); |
|
409 |
} |
|
410 |
||
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
411 |
if (etypes != NULL) { |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
412 |
(*env)->ReleaseIntArrayElements(env, jetypes, etypes, 0); |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
413 |
} |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
414 |
|
12047 | 415 |
krb5_free_context (kcontext); |
416 |
return krbCreds; |
|
417 |
} |
|
418 |
||
419 |
||
420 |
#pragma mark - |
|
421 |
||
422 |
jobject BuildTicket(JNIEnv *env, krb5_data *encodedTicket) |
|
423 |
{ |
|
424 |
/* To build a Ticket, we first need to build a DerValue out of the EncodedTicket. |
|
425 |
* But before we can do that, we need to make a byte array out of the ET. |
|
426 |
*/ |
|
427 |
||
428 |
jobject derValue, ticket; |
|
429 |
jbyteArray ary; |
|
430 |
||
431 |
ary = (*env)->NewByteArray(env, encodedTicket->length); |
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
432 |
if ((*env)->ExceptionCheck(env)) { |
12047 | 433 |
return (jobject) NULL; |
434 |
} |
|
435 |
||
436 |
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, encodedTicket->length, (jbyte *)encodedTicket->data); |
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
437 |
if ((*env)->ExceptionCheck(env)) { |
12047 | 438 |
(*env)->DeleteLocalRef(env, ary); |
439 |
return (jobject) NULL; |
|
440 |
} |
|
441 |
||
442 |
derValue = (*env)->NewObject(env, derValueClass, derValueConstructor, ary); |
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
443 |
if ((*env)->ExceptionCheck(env)) { |
12047 | 444 |
(*env)->DeleteLocalRef(env, ary); |
445 |
return (jobject) NULL; |
|
446 |
} |
|
447 |
||
448 |
(*env)->DeleteLocalRef(env, ary); |
|
449 |
ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, derValue); |
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
450 |
if ((*env)->ExceptionCheck(env)) { |
12047 | 451 |
(*env)->DeleteLocalRef(env, derValue); |
452 |
return (jobject) NULL; |
|
453 |
} |
|
454 |
(*env)->DeleteLocalRef(env, derValue); |
|
455 |
return ticket; |
|
456 |
} |
|
457 |
||
458 |
jobject BuildClientPrincipal(JNIEnv *env, krb5_context kcontext, krb5_principal principalName) { |
|
459 |
// Get the full principal string. |
|
460 |
char *principalString = NULL; |
|
461 |
jobject principal = NULL; |
|
462 |
int err = krb5_unparse_name (kcontext, principalName, &principalString); |
|
463 |
||
464 |
if (!err) { |
|
465 |
// Make a PrincipalName from the full string and the type. Let the PrincipalName class parse it out. |
|
466 |
jstring principalStringObj = (*env)->NewStringUTF(env, principalString); |
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
467 |
if (principalStringObj == NULL) { |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
468 |
if (principalString != NULL) { krb5_free_unparsed_name (kcontext, principalString); } |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
469 |
return (jobject) NULL; |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
470 |
} |
12047 | 471 |
principal = (*env)->NewObject(env, principalNameClass, principalNameConstructor, principalStringObj, principalName->type); |
472 |
if (principalString != NULL) { krb5_free_unparsed_name (kcontext, principalString); } |
|
473 |
(*env)->DeleteLocalRef(env, principalStringObj); |
|
474 |
} |
|
475 |
||
476 |
return principal; |
|
477 |
} |
|
478 |
||
479 |
jobject BuildEncryptionKey(JNIEnv *env, krb5_keyblock *cryptoKey) { |
|
480 |
// First, need to build a byte array |
|
481 |
jbyteArray ary; |
|
482 |
jobject encryptionKey = NULL; |
|
483 |
||
484 |
ary = (*env)->NewByteArray(env,cryptoKey->length); |
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
485 |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
486 |
if (ary == NULL) { |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
487 |
return (jobject) NULL; |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
488 |
} |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
489 |
|
12047 | 490 |
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->length, (jbyte *)cryptoKey->contents); |
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
491 |
if (!(*env)->ExceptionCheck(env)) { |
12047 | 492 |
encryptionKey = (*env)->NewObject(env, encryptionKeyClass, encryptionKeyConstructor, cryptoKey->enctype, ary); |
493 |
} |
|
494 |
||
495 |
(*env)->DeleteLocalRef(env, ary); |
|
496 |
return encryptionKey; |
|
497 |
} |
|
498 |
||
499 |
jobject BuildTicketFlags(JNIEnv *env, krb5_flags flags) { |
|
500 |
jobject ticketFlags = NULL; |
|
501 |
jbyteArray ary; |
|
502 |
||
503 |
/* |
|
504 |
* Convert the bytes to network byte order before copying |
|
505 |
* them to a Java byte array. |
|
506 |
*/ |
|
507 |
unsigned long nlflags = htonl(flags); |
|
508 |
||
509 |
ary = (*env)->NewByteArray(env, sizeof(flags)); |
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
510 |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
511 |
if (ary == NULL) { |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
512 |
return (jobject) NULL; |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
513 |
} |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
514 |
|
12047 | 515 |
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(flags), (jbyte *)&nlflags); |
516 |
||
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
517 |
if (!(*env)->ExceptionCheck(env)) { |
12047 | 518 |
ticketFlags = (*env)->NewObject(env, ticketFlagsClass, ticketFlagsConstructor, sizeof(flags)*8, ary); |
519 |
} |
|
520 |
||
521 |
(*env)->DeleteLocalRef(env, ary); |
|
522 |
return ticketFlags; |
|
523 |
} |
|
524 |
||
525 |
jobject BuildKerberosTime(JNIEnv *env, krb5_timestamp kerbtime) { |
|
526 |
jlong time = kerbtime; |
|
527 |
||
528 |
// Kerberos time is in seconds, but the KerberosTime class assumes milliseconds, so multiply by 1000. |
|
529 |
time *= 1000; |
|
530 |
return (*env)->NewObject(env, kerberosTimeClass, kerberosTimeConstructor, time); |
|
531 |
} |
|
532 |
||
533 |
jobject BuildAddressList(JNIEnv *env, krb5_address **addresses) { |
|
534 |
||
535 |
if (addresses == NULL) { |
|
536 |
return NULL; |
|
537 |
} |
|
538 |
||
539 |
int addressCount = 0; |
|
540 |
||
541 |
// See how many we have. |
|
542 |
krb5_address **p = addresses; |
|
543 |
||
544 |
while (*p != 0) { |
|
545 |
addressCount++; |
|
546 |
p++; |
|
547 |
} |
|
548 |
||
549 |
jobject address_list = (*env)->NewObjectArray(env, addressCount, hostAddressClass, NULL); |
|
550 |
||
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
551 |
if (address_list == NULL) { |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
552 |
return (jobject) NULL; |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
553 |
} |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
554 |
|
12047 | 555 |
// Create a new HostAddress object for each address block. |
556 |
// First, reset the iterator. |
|
557 |
p = addresses; |
|
558 |
jsize index = 0; |
|
559 |
while (*p != 0) { |
|
560 |
krb5_address *currAddress = *p; |
|
561 |
||
562 |
// HostAddres needs a byte array of the host data. |
|
563 |
jbyteArray ary = (*env)->NewByteArray(env, currAddress->length); |
|
564 |
||
565 |
if (ary == NULL) return NULL; |
|
566 |
||
567 |
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, currAddress->length, (jbyte *)currAddress->contents); |
|
568 |
jobject address = (*env)->NewObject(env, hostAddressClass, hostAddressConstructor, currAddress->length, ary); |
|
569 |
||
570 |
(*env)->DeleteLocalRef(env, ary); |
|
571 |
||
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
572 |
if (address == NULL) { |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
573 |
return (jobject) NULL; |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
574 |
} |
12047 | 575 |
// Add the HostAddress to the arrray. |
576 |
(*env)->SetObjectArrayElement(env, address_list, index, address); |
|
577 |
||
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
578 |
if ((*env)->ExceptionCheck(env)) { |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
579 |
return (jobject) NULL; |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
580 |
} |
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
581 |
|
12047 | 582 |
index++; |
583 |
p++; |
|
584 |
} |
|
585 |
||
586 |
return address_list; |
|
587 |
} |
|
588 |
||
589 |
#pragma mark - Utility methods - |
|
590 |
||
591 |
static void printiferr (errcode_t err, const char *format, ...) |
|
592 |
{ |
|
593 |
if (err) { |
|
594 |
va_list pvar; |
|
595 |
||
596 |
va_start (pvar, format); |
|
597 |
com_err_va ("ticketParser:", err, format, pvar); |
|
598 |
va_end (pvar); |
|
599 |
} |
|
600 |
} |
|
601 |