author | weijun |
Wed, 25 Sep 2019 17:54:21 +0800 | |
changeset 58331 | e4ce29f6094e |
parent 57487 | 643978a35f6e |
child 58679 | 9c3209ff7550 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
53326
diff
changeset
|
2 |
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
/* |
|
27 |
* =========================================================================== |
|
28 |
* (C) Copyright IBM Corp. 2000 All Rights Reserved. |
|
29 |
* =========================================================================== |
|
30 |
*/ |
|
31 |
||
32 |
#define UNICODE |
|
33 |
#define _UNICODE |
|
34 |
||
35 |
#include <windows.h> |
|
36 |
#include <stdio.h> |
|
37 |
#include <string.h> |
|
38 |
#define SECURITY_WIN32 |
|
39 |
#include <security.h> |
|
40 |
#include <ntsecapi.h> |
|
41 |
#include <dsgetdc.h> |
|
42 |
#include <lmcons.h> |
|
43 |
#include <lmapibuf.h> |
|
44 |
#include <jni.h> |
|
33653
c1ee09fe3274
8136556: Add the ability to perform static builds of MacOSX x64 binaries
bobv
parents:
30322
diff
changeset
|
45 |
#include "jni_util.h" |
2 | 46 |
#include <winsock.h> |
50471
f0aeede1b855
8204572: SetupJdkLibrary should setup SRC and -I flags automatically
ihse
parents:
47216
diff
changeset
|
47 |
#include "sun_security_krb5_Credentials.h" |
2 | 48 |
|
49 |
#undef LSA_SUCCESS |
|
50 |
#define LSA_SUCCESS(Status) ((Status) >= 0) |
|
51 |
#define EXIT_FAILURE -1 // mdu |
|
52 |
||
53 |
/* |
|
54 |
* Library-wide static references |
|
55 |
*/ |
|
56 |
||
57 |
jclass ticketClass = NULL; |
|
58 |
jclass principalNameClass = NULL; |
|
59 |
jclass encryptionKeyClass = NULL; |
|
60 |
jclass ticketFlagsClass = NULL; |
|
61 |
jclass kerberosTimeClass = NULL; |
|
62 |
jclass javaLangStringClass = NULL; |
|
63 |
||
64 |
jmethodID ticketConstructor = 0; |
|
65 |
jmethodID principalNameConstructor = 0; |
|
66 |
jmethodID encryptionKeyConstructor = 0; |
|
67 |
jmethodID ticketFlagsConstructor = 0; |
|
68 |
jmethodID kerberosTimeConstructor = 0; |
|
69 |
jmethodID krbcredsConstructor = 0; |
|
70 |
||
71 |
/* |
|
72 |
* Function prototypes for internal routines |
|
73 |
* |
|
74 |
*/ |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
75 |
BOOL native_debug = 0; |
2 | 76 |
|
77 |
BOOL PackageConnectLookup(PHANDLE,PULONG); |
|
78 |
||
53326 | 79 |
NTSTATUS ConstructTicketRequest(JNIEnv *env, |
80 |
UNICODE_STRING DomainName, |
|
2 | 81 |
PKERB_RETRIEVE_TKT_REQUEST *outRequest, |
82 |
ULONG *outSize); |
|
83 |
||
84 |
DWORD ConcatenateUnicodeStrings(UNICODE_STRING *pTarget, |
|
85 |
UNICODE_STRING Source1, |
|
86 |
UNICODE_STRING Source2); |
|
87 |
||
88 |
VOID ShowNTError(LPSTR,NTSTATUS); |
|
89 |
||
90 |
VOID |
|
91 |
InitUnicodeString( |
|
73 | 92 |
PUNICODE_STRING DestinationString, |
2 | 93 |
PCWSTR SourceString OPTIONAL |
73 | 94 |
); |
2 | 95 |
|
96 |
jobject BuildTicket(JNIEnv *env, PUCHAR encodedTicket, ULONG encodedTicketSize); |
|
97 |
||
98 |
//mdu |
|
99 |
jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName, |
|
100 |
UNICODE_STRING domainName); |
|
101 |
||
102 |
jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey); |
|
103 |
jobject BuildTicketFlags(JNIEnv *env, PULONG flags); |
|
104 |
jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime); |
|
105 |
||
53326 | 106 |
void ThrowOOME(JNIEnv *env, const char *szMessage); |
107 |
||
2 | 108 |
/* |
109 |
* Class: sun_security_krb5_KrbCreds |
|
110 |
* Method: JNI_OnLoad |
|
111 |
*/ |
|
112 |
||
33653
c1ee09fe3274
8136556: Add the ability to perform static builds of MacOSX x64 binaries
bobv
parents:
30322
diff
changeset
|
113 |
JNIEXPORT jint JNICALL DEF_JNI_OnLoad( |
73 | 114 |
JavaVM *jvm, |
115 |
void *reserved) { |
|
2 | 116 |
|
73 | 117 |
jclass cls; |
118 |
JNIEnv *env; |
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
119 |
jfieldID fldDEBUG; |
2 | 120 |
|
73 | 121 |
if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) { |
122 |
return JNI_EVERSION; /* JNI version not supported */ |
|
123 |
} |
|
2 | 124 |
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
125 |
cls = (*env)->FindClass(env,"sun/security/krb5/internal/Krb5"); |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
126 |
if (cls == NULL) { |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
127 |
printf("LSA: Couldn't find Krb5\n"); |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
128 |
return JNI_ERR; |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
129 |
} |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
130 |
fldDEBUG = (*env)->GetStaticFieldID(env, cls, "DEBUG", "Z"); |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
131 |
if (fldDEBUG == NULL) { |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
132 |
printf("LSA: Krb5 has no DEBUG field\n"); |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
133 |
return JNI_ERR; |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
134 |
} |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
135 |
native_debug = (*env)->GetStaticBooleanField(env, cls, fldDEBUG); |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
136 |
|
73 | 137 |
cls = (*env)->FindClass(env,"sun/security/krb5/internal/Ticket"); |
2 | 138 |
|
73 | 139 |
if (cls == NULL) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
140 |
printf("LSA: Couldn't find Ticket\n"); |
73 | 141 |
return JNI_ERR; |
142 |
} |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
143 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
144 |
printf("LSA: Found Ticket\n"); |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
145 |
} |
2 | 146 |
|
73 | 147 |
ticketClass = (*env)->NewWeakGlobalRef(env,cls); |
148 |
if (ticketClass == NULL) { |
|
149 |
return JNI_ERR; |
|
150 |
} |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
151 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
152 |
printf("LSA: Made NewWeakGlobalRef\n"); |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
153 |
} |
2 | 154 |
|
73 | 155 |
cls = (*env)->FindClass(env, "sun/security/krb5/PrincipalName"); |
2 | 156 |
|
73 | 157 |
if (cls == NULL) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
158 |
printf("LSA: Couldn't find PrincipalName\n"); |
73 | 159 |
return JNI_ERR; |
160 |
} |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
161 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
162 |
printf("LSA: Found PrincipalName\n"); |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
163 |
} |
2 | 164 |
|
73 | 165 |
principalNameClass = (*env)->NewWeakGlobalRef(env,cls); |
166 |
if (principalNameClass == NULL) { |
|
167 |
return JNI_ERR; |
|
168 |
} |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
169 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
170 |
printf("LSA: Made NewWeakGlobalRef\n"); |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
171 |
} |
2 | 172 |
|
73 | 173 |
cls = (*env)->FindClass(env,"sun/security/krb5/EncryptionKey"); |
2 | 174 |
|
73 | 175 |
if (cls == NULL) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
176 |
printf("LSA: Couldn't find EncryptionKey\n"); |
73 | 177 |
return JNI_ERR; |
178 |
} |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
179 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
180 |
printf("LSA: Found EncryptionKey\n"); |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
181 |
} |
2 | 182 |
|
73 | 183 |
encryptionKeyClass = (*env)->NewWeakGlobalRef(env,cls); |
184 |
if (encryptionKeyClass == NULL) { |
|
185 |
return JNI_ERR; |
|
186 |
} |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
187 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
188 |
printf("LSA: Made NewWeakGlobalRef\n"); |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
189 |
} |
2 | 190 |
|
73 | 191 |
cls = (*env)->FindClass(env,"sun/security/krb5/internal/TicketFlags"); |
2 | 192 |
|
73 | 193 |
if (cls == NULL) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
194 |
printf("LSA: Couldn't find TicketFlags\n"); |
73 | 195 |
return JNI_ERR; |
196 |
} |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
197 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
198 |
printf("LSA: Found TicketFlags\n"); |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
199 |
} |
2 | 200 |
|
73 | 201 |
ticketFlagsClass = (*env)->NewWeakGlobalRef(env,cls); |
202 |
if (ticketFlagsClass == NULL) { |
|
203 |
return JNI_ERR; |
|
204 |
} |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
205 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
206 |
printf("LSA: Made NewWeakGlobalRef\n"); |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
207 |
} |
2 | 208 |
|
73 | 209 |
cls = (*env)->FindClass(env,"sun/security/krb5/internal/KerberosTime"); |
2 | 210 |
|
73 | 211 |
if (cls == NULL) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
212 |
printf("LSA: Couldn't find KerberosTime\n"); |
73 | 213 |
return JNI_ERR; |
214 |
} |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
215 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
216 |
printf("LSA: Found KerberosTime\n"); |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
217 |
} |
2 | 218 |
|
73 | 219 |
kerberosTimeClass = (*env)->NewWeakGlobalRef(env,cls); |
220 |
if (kerberosTimeClass == NULL) { |
|
221 |
return JNI_ERR; |
|
222 |
} |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
223 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
224 |
printf("LSA: Made NewWeakGlobalRef\n"); |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
225 |
} |
2 | 226 |
|
73 | 227 |
cls = (*env)->FindClass(env,"java/lang/String"); |
2 | 228 |
|
73 | 229 |
if (cls == NULL) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
230 |
printf("LSA: Couldn't find String\n"); |
73 | 231 |
return JNI_ERR; |
232 |
} |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
233 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
234 |
printf("LSA: Found String\n"); |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
235 |
} |
2 | 236 |
|
73 | 237 |
javaLangStringClass = (*env)->NewWeakGlobalRef(env,cls); |
238 |
if (javaLangStringClass == NULL) { |
|
239 |
return JNI_ERR; |
|
240 |
} |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
241 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
242 |
printf("LSA: Made NewWeakGlobalRef\n"); |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
243 |
} |
2 | 244 |
|
73 | 245 |
ticketConstructor = (*env)->GetMethodID(env, ticketClass, |
58331
e4ce29f6094e
8228659: Record which Java methods are called by native codes in JGSS and JAAS
weijun
parents:
57487
diff
changeset
|
246 |
"<init>", "([B)V"); |
73 | 247 |
if (ticketConstructor == 0) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
248 |
printf("LSA: Couldn't find Ticket constructor\n"); |
73 | 249 |
return JNI_ERR; |
250 |
} |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
251 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
252 |
printf("LSA: Found Ticket constructor\n"); |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
253 |
} |
2 | 254 |
|
73 | 255 |
principalNameConstructor = (*env)->GetMethodID(env, principalNameClass, |
13247 | 256 |
"<init>", "([Ljava/lang/String;Ljava/lang/String;)V"); |
73 | 257 |
if (principalNameConstructor == 0) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
258 |
printf("LSA: Couldn't find PrincipalName constructor\n"); |
73 | 259 |
return JNI_ERR; |
260 |
} |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
261 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
262 |
printf("LSA: Found PrincipalName constructor\n"); |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
263 |
} |
2 | 264 |
|
73 | 265 |
encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass, |
266 |
"<init>", "(I[B)V"); |
|
267 |
if (encryptionKeyConstructor == 0) { |
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
268 |
printf("LSA: Couldn't find EncryptionKey constructor\n"); |
73 | 269 |
return JNI_ERR; |
270 |
} |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
271 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
272 |
printf("LSA: Found EncryptionKey constructor\n"); |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
273 |
} |
2 | 274 |
|
73 | 275 |
ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass, |
276 |
"<init>", "(I[B)V"); |
|
277 |
if (ticketFlagsConstructor == 0) { |
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
278 |
printf("LSA: Couldn't find TicketFlags constructor\n"); |
73 | 279 |
return JNI_ERR; |
280 |
} |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
281 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
282 |
printf("LSA: Found TicketFlags constructor\n"); |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
283 |
} |
2 | 284 |
|
73 | 285 |
kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass, |
286 |
"<init>", "(Ljava/lang/String;)V"); |
|
287 |
if (kerberosTimeConstructor == 0) { |
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
288 |
printf("LSA: Couldn't find KerberosTime constructor\n"); |
73 | 289 |
return JNI_ERR; |
290 |
} |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
291 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
292 |
printf("LSA: Found KerberosTime constructor\n"); |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
293 |
} |
2 | 294 |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
295 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
296 |
printf("LSA: Finished OnLoad processing\n"); |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
297 |
} |
2 | 298 |
|
73 | 299 |
return JNI_VERSION_1_2; |
2 | 300 |
} |
301 |
||
302 |
/* |
|
303 |
* Class: sun_security_jgss_KrbCreds |
|
304 |
* Method: JNI_OnUnload |
|
305 |
*/ |
|
306 |
||
33653
c1ee09fe3274
8136556: Add the ability to perform static builds of MacOSX x64 binaries
bobv
parents:
30322
diff
changeset
|
307 |
JNIEXPORT void JNICALL DEF_JNI_OnUnload( |
73 | 308 |
JavaVM *jvm, |
309 |
void *reserved) { |
|
2 | 310 |
|
73 | 311 |
JNIEnv *env; |
2 | 312 |
|
73 | 313 |
if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) { |
314 |
return; /* Nothing else we can do */ |
|
315 |
} |
|
2 | 316 |
|
73 | 317 |
if (ticketClass != NULL) { |
318 |
(*env)->DeleteWeakGlobalRef(env,ticketClass); |
|
319 |
} |
|
320 |
if (principalNameClass != NULL) { |
|
321 |
(*env)->DeleteWeakGlobalRef(env,principalNameClass); |
|
322 |
} |
|
323 |
if (encryptionKeyClass != NULL) { |
|
324 |
(*env)->DeleteWeakGlobalRef(env,encryptionKeyClass); |
|
325 |
} |
|
326 |
if (ticketFlagsClass != NULL) { |
|
327 |
(*env)->DeleteWeakGlobalRef(env,ticketFlagsClass); |
|
328 |
} |
|
329 |
if (kerberosTimeClass != NULL) { |
|
330 |
(*env)->DeleteWeakGlobalRef(env,kerberosTimeClass); |
|
331 |
} |
|
332 |
if (javaLangStringClass != NULL) { |
|
333 |
(*env)->DeleteWeakGlobalRef(env,javaLangStringClass); |
|
334 |
} |
|
2 | 335 |
|
73 | 336 |
return; |
2 | 337 |
} |
338 |
||
339 |
/* |
|
340 |
* Class: sun_security_krb5_Credentials |
|
341 |
* Method: acquireDefaultNativeCreds |
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
342 |
* Signature: ([I])Lsun/security/krb5/Credentials; |
2 | 343 |
*/ |
344 |
JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativeCreds( |
|
73 | 345 |
JNIEnv *env, |
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
346 |
jclass krbcredsClass, |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
347 |
jintArray jetypes) { |
2 | 348 |
|
73 | 349 |
KERB_QUERY_TKT_CACHE_REQUEST CacheRequest; |
350 |
PKERB_RETRIEVE_TKT_RESPONSE TktCacheResponse = NULL; |
|
351 |
PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL; |
|
352 |
PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL; |
|
353 |
NTSTATUS Status, SubStatus; |
|
354 |
ULONG requestSize = 0; |
|
355 |
ULONG responseSize = 0; |
|
356 |
ULONG rspSize = 0; |
|
357 |
HANDLE LogonHandle = NULL; |
|
358 |
ULONG PackageId; |
|
359 |
jobject ticket, clientPrincipal, targetPrincipal, encryptionKey; |
|
360 |
jobject ticketFlags, startTime, endTime, krbCreds = NULL; |
|
361 |
jobject authTime, renewTillTime, hostAddresses = NULL; |
|
362 |
KERB_EXTERNAL_TICKET *msticket; |
|
22269
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
363 |
int found = 0; |
30322
c08d5c975168
8078495: End time checking for native TGT is wrong
weijun
parents:
25859
diff
changeset
|
364 |
FILETIME Now, EndTime; |
2 | 365 |
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
366 |
int i, netypes; |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
367 |
jint *etypes = NULL; |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
368 |
|
73 | 369 |
while (TRUE) { |
2 | 370 |
|
371 |
if (krbcredsConstructor == 0) { |
|
73 | 372 |
krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "<init>", |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
373 |
"(Lsun/security/krb5/internal/Ticket;" |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
374 |
"Lsun/security/krb5/PrincipalName;" |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
375 |
"Lsun/security/krb5/PrincipalName;" |
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
53326
diff
changeset
|
376 |
"Lsun/security/krb5/PrincipalName;" |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
53326
diff
changeset
|
377 |
"Lsun/security/krb5/PrincipalName;" |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
378 |
"Lsun/security/krb5/EncryptionKey;" |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
379 |
"Lsun/security/krb5/internal/TicketFlags;" |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
380 |
"Lsun/security/krb5/internal/KerberosTime;" |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
381 |
"Lsun/security/krb5/internal/KerberosTime;" |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
382 |
"Lsun/security/krb5/internal/KerberosTime;" |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
383 |
"Lsun/security/krb5/internal/KerberosTime;" |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
384 |
"Lsun/security/krb5/internal/HostAddresses;)V"); |
2 | 385 |
if (krbcredsConstructor == 0) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
386 |
printf("LSA: Couldn't find sun.security.krb5.Credentials constructor\n"); |
2 | 387 |
break; |
388 |
} |
|
389 |
} |
|
390 |
||
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
391 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
392 |
printf("LSA: Found KrbCreds constructor\n"); |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
393 |
} |
2 | 394 |
|
395 |
// |
|
396 |
// Get the logon handle and package ID from the |
|
397 |
// Kerberos package |
|
398 |
// |
|
399 |
if (!PackageConnectLookup(&LogonHandle, &PackageId)) |
|
400 |
break; |
|
401 |
||
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
402 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
403 |
printf("LSA: Got handle to Kerberos package\n"); |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
404 |
} |
2 | 405 |
|
406 |
// Get the MS TGT from cache |
|
407 |
CacheRequest.MessageType = KerbRetrieveTicketMessage; |
|
408 |
CacheRequest.LogonId.LowPart = 0; |
|
409 |
CacheRequest.LogonId.HighPart = 0; |
|
410 |
||
411 |
Status = LsaCallAuthenticationPackage( |
|
412 |
LogonHandle, |
|
413 |
PackageId, |
|
414 |
&CacheRequest, |
|
415 |
sizeof(CacheRequest), |
|
416 |
&TktCacheResponse, |
|
417 |
&rspSize, |
|
418 |
&SubStatus |
|
419 |
); |
|
420 |
||
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
421 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
422 |
printf("LSA: Response size is %d\n", rspSize); |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
423 |
} |
2 | 424 |
|
425 |
if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) { |
|
426 |
if (!LSA_SUCCESS(Status)) { |
|
427 |
ShowNTError("LsaCallAuthenticationPackage", Status); |
|
428 |
} else { |
|
429 |
ShowNTError("Protocol status", SubStatus); |
|
430 |
} |
|
431 |
break; |
|
432 |
} |
|
433 |
||
434 |
// got the native MS TGT |
|
435 |
msticket = &(TktCacheResponse->Ticket); |
|
436 |
||
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
437 |
netypes = (*env)->GetArrayLength(env, jetypes); |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
438 |
etypes = (jint *) (*env)->GetIntArrayElements(env, jetypes, NULL); |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
439 |
|
23030
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
440 |
if (etypes == NULL) { |
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
441 |
break; |
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
442 |
} |
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
443 |
|
2 | 444 |
// check TGT validity |
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
445 |
if (native_debug) { |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
446 |
printf("LSA: TICKET SessionKey KeyType is %d\n", msticket->SessionKey.KeyType); |
2 | 447 |
} |
448 |
||
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
449 |
if ((msticket->TicketFlags & KERB_TICKET_FLAGS_invalid) == 0) { |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
450 |
GetSystemTimeAsFileTime(&Now); |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
451 |
EndTime.dwLowDateTime = msticket->EndTime.LowPart; |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
452 |
EndTime.dwHighDateTime = msticket->EndTime.HighPart; |
30322
c08d5c975168
8078495: End time checking for native TGT is wrong
weijun
parents:
25859
diff
changeset
|
453 |
if (CompareFileTime(&Now, &EndTime) < 0) { |
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
454 |
for (i=0; i<netypes; i++) { |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
455 |
if (etypes[i] == msticket->SessionKey.KeyType) { |
22269
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
456 |
found = 1; |
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
457 |
if (native_debug) { |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
458 |
printf("LSA: Valid etype found: %d\n", etypes[i]); |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
459 |
} |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
460 |
break; |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
461 |
} |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
462 |
} |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
463 |
} |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
464 |
} |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
465 |
|
22269
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
466 |
if (!found) { |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
467 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
468 |
printf("LSA: MS TGT in cache is invalid/not supported; request new ticket\n"); |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
469 |
} |
2 | 470 |
|
471 |
// use domain to request Ticket |
|
53326 | 472 |
Status = ConstructTicketRequest(env, msticket->TargetDomainName, |
2 | 473 |
&pTicketRequest, &requestSize); |
474 |
if (!LSA_SUCCESS(Status)) { |
|
475 |
ShowNTError("ConstructTicketRequest status", Status); |
|
476 |
break; |
|
477 |
} |
|
478 |
||
479 |
pTicketRequest->MessageType = KerbRetrieveEncodedTicketMessage; |
|
480 |
pTicketRequest->CacheOptions = KERB_RETRIEVE_TICKET_DONT_USE_CACHE; |
|
481 |
||
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
482 |
for (i=0; i<netypes; i++) { |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
483 |
pTicketRequest->EncryptionType = etypes[i]; |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
484 |
Status = LsaCallAuthenticationPackage( |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
485 |
LogonHandle, |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
486 |
PackageId, |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
487 |
pTicketRequest, |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
488 |
requestSize, |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
489 |
&pTicketResponse, |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
490 |
&responseSize, |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
491 |
&SubStatus |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
492 |
); |
2 | 493 |
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
494 |
if (native_debug) { |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
495 |
printf("LSA: Response size is %d for %d\n", responseSize, etypes[i]); |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
496 |
} |
2 | 497 |
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
498 |
if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) { |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
499 |
if (!LSA_SUCCESS(Status)) { |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
500 |
ShowNTError("LsaCallAuthenticationPackage", Status); |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
501 |
} else { |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
502 |
ShowNTError("Protocol status", SubStatus); |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
503 |
} |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
504 |
continue; |
2 | 505 |
} |
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
506 |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
507 |
// got the native MS Kerberos TGT |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
508 |
msticket = &(pTicketResponse->Ticket); |
22269
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
509 |
|
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
510 |
if (msticket->SessionKey.KeyType != etypes[i]) { |
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
511 |
if (native_debug) { |
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
512 |
printf("LSA: Response etype is %d for %d. Retry.\n", msticket->SessionKey.KeyType, etypes[i]); |
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
513 |
} |
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
514 |
continue; |
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
515 |
} |
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
516 |
found = 1; |
2 | 517 |
break; |
518 |
} |
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
519 |
} |
2 | 520 |
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
521 |
if (etypes != NULL) { |
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
522 |
(*env)->ReleaseIntArrayElements(env, jetypes, etypes, 0); |
2 | 523 |
} |
524 |
||
73 | 525 |
/* |
2 | 526 |
|
73 | 527 |
typedef struct _KERB_RETRIEVE_TKT_RESPONSE { |
528 |
KERB_EXTERNAL_TICKET Ticket; |
|
529 |
} KERB_RETRIEVE_TKT_RESPONSE, *PKERB_RETRIEVE_TKT_RESPONSE; |
|
2 | 530 |
|
73 | 531 |
typedef struct _KERB_EXTERNAL_TICKET { |
532 |
PKERB_EXTERNAL_NAME ServiceName; |
|
533 |
PKERB_EXTERNAL_NAME TargetName; |
|
534 |
PKERB_EXTERNAL_NAME ClientName; |
|
535 |
UNICODE_STRING DomainName; |
|
536 |
UNICODE_STRING TargetDomainName; |
|
537 |
UNICODE_STRING AltTargetDomainName; |
|
538 |
KERB_CRYPTO_KEY SessionKey; |
|
539 |
ULONG TicketFlags; |
|
540 |
ULONG Flags; |
|
541 |
LARGE_INTEGER KeyExpirationTime; |
|
542 |
LARGE_INTEGER StartTime; |
|
543 |
LARGE_INTEGER EndTime; |
|
544 |
LARGE_INTEGER RenewUntil; |
|
545 |
LARGE_INTEGER TimeSkew; |
|
546 |
ULONG EncodedTicketSize; |
|
547 |
PUCHAR EncodedTicket; <========== Here's the good stuff |
|
548 |
} KERB_EXTERNAL_TICKET, *PKERB_EXTERNAL_TICKET; |
|
2 | 549 |
|
73 | 550 |
typedef struct _KERB_EXTERNAL_NAME { |
551 |
SHORT NameType; |
|
552 |
USHORT NameCount; |
|
553 |
UNICODE_STRING Names[ANYSIZE_ARRAY]; |
|
554 |
} KERB_EXTERNAL_NAME, *PKERB_EXTERNAL_NAME; |
|
2 | 555 |
|
73 | 556 |
typedef struct _LSA_UNICODE_STRING { |
557 |
USHORT Length; |
|
558 |
USHORT MaximumLength; |
|
559 |
PWSTR Buffer; |
|
560 |
} LSA_UNICODE_STRING, *PLSA_UNICODE_STRING; |
|
2 | 561 |
|
73 | 562 |
typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING; |
2 | 563 |
|
73 | 564 |
typedef struct KERB_CRYPTO_KEY { |
565 |
LONG KeyType; |
|
566 |
ULONG Length; |
|
567 |
PUCHAR Value; |
|
568 |
} KERB_CRYPTO_KEY, *PKERB_CRYPTO_KEY; |
|
2 | 569 |
|
73 | 570 |
*/ |
22269
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
571 |
if (!found) { |
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
572 |
break; |
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
573 |
} |
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
574 |
|
2 | 575 |
// Build a com.sun.security.krb5.Ticket |
576 |
ticket = BuildTicket(env, msticket->EncodedTicket, |
|
577 |
msticket->EncodedTicketSize); |
|
578 |
if (ticket == NULL) { |
|
73 | 579 |
break; |
2 | 580 |
} |
581 |
// OK, have a Ticket, now need to get the client name |
|
582 |
clientPrincipal = BuildPrincipal(env, msticket->ClientName, |
|
583 |
msticket->TargetDomainName); // mdu |
|
584 |
if (clientPrincipal == NULL) { |
|
73 | 585 |
break; |
2 | 586 |
} |
587 |
||
588 |
// and the "name" of tgt |
|
589 |
targetPrincipal = BuildPrincipal(env, msticket->ServiceName, |
|
590 |
msticket->DomainName); |
|
591 |
if (targetPrincipal == NULL) { |
|
73 | 592 |
break; |
2 | 593 |
} |
594 |
||
595 |
// Get the encryption key |
|
596 |
encryptionKey = BuildEncryptionKey(env, &(msticket->SessionKey)); |
|
597 |
if (encryptionKey == NULL) { |
|
73 | 598 |
break; |
2 | 599 |
} |
600 |
||
601 |
// and the ticket flags |
|
602 |
ticketFlags = BuildTicketFlags(env, &(msticket->TicketFlags)); |
|
603 |
if (ticketFlags == NULL) { |
|
73 | 604 |
break; |
2 | 605 |
} |
606 |
||
607 |
// Get the start time |
|
608 |
startTime = BuildKerberosTime(env, &(msticket->StartTime)); |
|
609 |
if (startTime == NULL) { |
|
73 | 610 |
break; |
2 | 611 |
} |
612 |
||
613 |
/* |
|
614 |
* mdu: No point storing the eky expiration time in the auth |
|
615 |
* time field. Set it to be same as startTime. Looks like |
|
616 |
* windows does not have post-dated tickets. |
|
617 |
*/ |
|
618 |
authTime = startTime; |
|
619 |
||
620 |
// and the end time |
|
621 |
endTime = BuildKerberosTime(env, &(msticket->EndTime)); |
|
622 |
if (endTime == NULL) { |
|
73 | 623 |
break; |
2 | 624 |
} |
625 |
||
626 |
// Get the renew till time |
|
627 |
renewTillTime = BuildKerberosTime(env, &(msticket->RenewUntil)); |
|
628 |
if (renewTillTime == NULL) { |
|
73 | 629 |
break; |
2 | 630 |
} |
631 |
||
632 |
// and now go build a KrbCreds object |
|
633 |
krbCreds = (*env)->NewObject( |
|
634 |
env, |
|
635 |
krbcredsClass, |
|
636 |
krbcredsConstructor, |
|
637 |
ticket, |
|
638 |
clientPrincipal, |
|
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
53326
diff
changeset
|
639 |
NULL, |
2 | 640 |
targetPrincipal, |
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
53326
diff
changeset
|
641 |
NULL, |
2 | 642 |
encryptionKey, |
643 |
ticketFlags, |
|
644 |
authTime, // mdu |
|
645 |
startTime, |
|
646 |
endTime, |
|
647 |
renewTillTime, //mdu |
|
648 |
hostAddresses); |
|
649 |
||
650 |
break; |
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
651 |
} // end of WHILE. This WHILE will never loop. |
2 | 652 |
|
73 | 653 |
// clean up resources |
654 |
if (TktCacheResponse != NULL) { |
|
655 |
LsaFreeReturnBuffer(TktCacheResponse); |
|
656 |
} |
|
657 |
if (pTicketRequest) { |
|
658 |
LocalFree(pTicketRequest); |
|
659 |
} |
|
660 |
if (pTicketResponse != NULL) { |
|
661 |
LsaFreeReturnBuffer(pTicketResponse); |
|
662 |
} |
|
2 | 663 |
|
73 | 664 |
return krbCreds; |
2 | 665 |
} |
666 |
||
667 |
static NTSTATUS |
|
53326 | 668 |
ConstructTicketRequest(JNIEnv *env, UNICODE_STRING DomainName, |
2 | 669 |
PKERB_RETRIEVE_TKT_REQUEST *outRequest, ULONG *outSize) |
670 |
{ |
|
73 | 671 |
NTSTATUS Status; |
672 |
UNICODE_STRING TargetPrefix; |
|
673 |
USHORT TargetSize; |
|
674 |
ULONG RequestSize; |
|
675 |
ULONG Length; |
|
676 |
PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL; |
|
2 | 677 |
|
73 | 678 |
*outRequest = NULL; |
679 |
*outSize = 0; |
|
2 | 680 |
|
73 | 681 |
// |
682 |
// Set up the "krbtgt/" target prefix into a UNICODE_STRING so we |
|
683 |
// can easily concatenate it later. |
|
684 |
// |
|
2 | 685 |
|
73 | 686 |
TargetPrefix.Buffer = L"krbtgt/"; |
687 |
Length = (ULONG)wcslen(TargetPrefix.Buffer) * sizeof(WCHAR); |
|
688 |
TargetPrefix.Length = (USHORT)Length; |
|
689 |
TargetPrefix.MaximumLength = TargetPrefix.Length; |
|
2 | 690 |
|
73 | 691 |
// |
692 |
// We will need to concatenate the "krbtgt/" prefix and the |
|
693 |
// Logon Session's DnsDomainName into our request's target name. |
|
694 |
// |
|
695 |
// Therefore, first compute the necessary buffer size for that. |
|
696 |
// |
|
697 |
// Note that we might theoretically have integer overflow. |
|
698 |
// |
|
2 | 699 |
|
73 | 700 |
TargetSize = TargetPrefix.Length + DomainName.Length; |
2 | 701 |
|
73 | 702 |
// |
703 |
// The ticket request buffer needs to be a single buffer. That buffer |
|
704 |
// needs to include the buffer for the target name. |
|
705 |
// |
|
2 | 706 |
|
73 | 707 |
RequestSize = sizeof (*pTicketRequest) + TargetSize; |
2 | 708 |
|
73 | 709 |
// |
710 |
// Allocate the request buffer and make sure it's zero-filled. |
|
711 |
// |
|
2 | 712 |
|
73 | 713 |
pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST) |
714 |
LocalAlloc(LMEM_ZEROINIT, RequestSize); |
|
53326 | 715 |
if (!pTicketRequest) { |
716 |
ThrowOOME(env, "Can't allocate memory for ticket"); |
|
73 | 717 |
return GetLastError(); |
53326 | 718 |
} |
2 | 719 |
|
73 | 720 |
// |
21278 | 721 |
// Concatenate the target prefix with the previous response's |
73 | 722 |
// target domain. |
723 |
// |
|
2 | 724 |
|
73 | 725 |
pTicketRequest->TargetName.Length = 0; |
726 |
pTicketRequest->TargetName.MaximumLength = TargetSize; |
|
727 |
pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1); |
|
728 |
Status = ConcatenateUnicodeStrings(&(pTicketRequest->TargetName), |
|
729 |
TargetPrefix, |
|
730 |
DomainName); |
|
731 |
*outRequest = pTicketRequest; |
|
732 |
*outSize = RequestSize; |
|
733 |
return Status; |
|
2 | 734 |
} |
735 |
||
736 |
DWORD |
|
737 |
ConcatenateUnicodeStrings( |
|
738 |
UNICODE_STRING *pTarget, |
|
739 |
UNICODE_STRING Source1, |
|
740 |
UNICODE_STRING Source2 |
|
741 |
) |
|
742 |
{ |
|
73 | 743 |
// |
744 |
// The buffers for Source1 and Source2 cannot overlap pTarget's |
|
745 |
// buffer. Source1.Length + Source2.Length must be <= 0xFFFF, |
|
746 |
// otherwise we overflow... |
|
747 |
// |
|
2 | 748 |
|
73 | 749 |
USHORT TotalSize = Source1.Length + Source2.Length; |
750 |
PBYTE buffer = (PBYTE) pTarget->Buffer; |
|
2 | 751 |
|
73 | 752 |
if (TotalSize > pTarget->MaximumLength) |
753 |
return ERROR_INSUFFICIENT_BUFFER; |
|
2 | 754 |
|
73 | 755 |
pTarget->Length = TotalSize; |
756 |
memcpy(buffer, Source1.Buffer, Source1.Length); |
|
757 |
memcpy(buffer + Source1.Length, Source2.Buffer, Source2.Length); |
|
758 |
return ERROR_SUCCESS; |
|
2 | 759 |
} |
760 |
||
761 |
BOOL |
|
762 |
PackageConnectLookup( |
|
763 |
HANDLE *pLogonHandle, |
|
764 |
ULONG *pPackageId |
|
765 |
) |
|
766 |
{ |
|
767 |
LSA_STRING Name; |
|
768 |
NTSTATUS Status; |
|
769 |
||
770 |
Status = LsaConnectUntrusted( |
|
771 |
pLogonHandle |
|
772 |
); |
|
773 |
||
774 |
if (!LSA_SUCCESS(Status)) |
|
775 |
{ |
|
776 |
ShowNTError("LsaConnectUntrusted", Status); |
|
777 |
return FALSE; |
|
778 |
} |
|
779 |
||
780 |
Name.Buffer = MICROSOFT_KERBEROS_NAME_A; |
|
781 |
Name.Length = (USHORT)strlen(Name.Buffer); |
|
782 |
Name.MaximumLength = Name.Length + 1; |
|
783 |
||
784 |
Status = LsaLookupAuthenticationPackage( |
|
785 |
*pLogonHandle, |
|
786 |
&Name, |
|
787 |
pPackageId |
|
788 |
); |
|
789 |
||
790 |
if (!LSA_SUCCESS(Status)) |
|
791 |
{ |
|
792 |
ShowNTError("LsaLookupAuthenticationPackage", Status); |
|
793 |
return FALSE; |
|
794 |
} |
|
795 |
||
796 |
return TRUE; |
|
797 |
||
798 |
} |
|
799 |
||
800 |
VOID |
|
801 |
ShowLastError( |
|
802 |
LPSTR szAPI, |
|
803 |
DWORD dwError |
|
804 |
) |
|
805 |
{ |
|
73 | 806 |
#define MAX_MSG_SIZE 256 |
2 | 807 |
|
73 | 808 |
static WCHAR szMsgBuf[MAX_MSG_SIZE]; |
809 |
DWORD dwRes; |
|
2 | 810 |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
811 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
812 |
printf("LSA: Error calling function %s: %lu\n", szAPI, dwError); |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
813 |
} |
2 | 814 |
|
73 | 815 |
dwRes = FormatMessage ( |
816 |
FORMAT_MESSAGE_FROM_SYSTEM, |
|
817 |
NULL, |
|
818 |
dwError, |
|
819 |
0, |
|
820 |
szMsgBuf, |
|
821 |
MAX_MSG_SIZE, |
|
822 |
NULL); |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
823 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
824 |
if (0 == dwRes) { |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
825 |
printf("LSA: FormatMessage failed with %d\n", GetLastError()); |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
826 |
// ExitProcess(EXIT_FAILURE); |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
827 |
} else { |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
828 |
printf("LSA: %S",szMsgBuf); |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
829 |
} |
73 | 830 |
} |
2 | 831 |
} |
832 |
||
833 |
VOID |
|
834 |
ShowNTError( |
|
835 |
LPSTR szAPI, |
|
836 |
NTSTATUS Status |
|
837 |
) |
|
838 |
{ |
|
839 |
// |
|
840 |
// Convert the NTSTATUS to Winerror. Then call ShowLastError(). |
|
841 |
// |
|
842 |
ShowLastError(szAPI, LsaNtStatusToWinError(Status)); |
|
843 |
} |
|
844 |
||
845 |
VOID |
|
846 |
InitUnicodeString( |
|
847 |
PUNICODE_STRING DestinationString, |
|
848 |
PCWSTR SourceString OPTIONAL |
|
849 |
) |
|
850 |
{ |
|
851 |
ULONG Length; |
|
852 |
||
853 |
DestinationString->Buffer = (PWSTR)SourceString; |
|
854 |
if (SourceString != NULL) { |
|
855 |
Length = (ULONG)wcslen( SourceString ) * sizeof( WCHAR ); |
|
856 |
DestinationString->Length = (USHORT)Length; |
|
857 |
DestinationString->MaximumLength = (USHORT)(Length + sizeof(UNICODE_NULL)); |
|
73 | 858 |
} |
2 | 859 |
else { |
860 |
DestinationString->MaximumLength = 0; |
|
861 |
DestinationString->Length = 0; |
|
73 | 862 |
} |
2 | 863 |
} |
864 |
||
865 |
jobject BuildTicket(JNIEnv *env, PUCHAR encodedTicket, ULONG encodedTicketSize) { |
|
866 |
||
58331
e4ce29f6094e
8228659: Record which Java methods are called by native codes in JGSS and JAAS
weijun
parents:
57487
diff
changeset
|
867 |
// To build a Ticket, we need to make a byte array out of the EncodedTicket. |
2 | 868 |
|
58331
e4ce29f6094e
8228659: Record which Java methods are called by native codes in JGSS and JAAS
weijun
parents:
57487
diff
changeset
|
869 |
jobject ticket; |
73 | 870 |
jbyteArray ary; |
2 | 871 |
|
73 | 872 |
ary = (*env)->NewByteArray(env,encodedTicketSize); |
53326 | 873 |
if (ary == NULL) { |
73 | 874 |
return (jobject) NULL; |
875 |
} |
|
2 | 876 |
|
73 | 877 |
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, encodedTicketSize, |
878 |
(jbyte *)encodedTicket); |
|
879 |
if ((*env)->ExceptionOccurred(env)) { |
|
880 |
(*env)->DeleteLocalRef(env, ary); |
|
881 |
return (jobject) NULL; |
|
882 |
} |
|
2 | 883 |
|
58331
e4ce29f6094e
8228659: Record which Java methods are called by native codes in JGSS and JAAS
weijun
parents:
57487
diff
changeset
|
884 |
ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, ary); |
73 | 885 |
if ((*env)->ExceptionOccurred(env)) { |
2 | 886 |
(*env)->DeleteLocalRef(env, ary); |
73 | 887 |
return (jobject) NULL; |
888 |
} |
|
889 |
(*env)->DeleteLocalRef(env, ary); |
|
890 |
return ticket; |
|
2 | 891 |
} |
892 |
||
893 |
// mdu |
|
894 |
jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName, |
|
895 |
UNICODE_STRING domainName) { |
|
896 |
||
73 | 897 |
/* |
898 |
* To build the Principal, we need to get the names out of |
|
899 |
* this goofy MS structure |
|
900 |
*/ |
|
901 |
jobject principal = NULL; |
|
902 |
jobject realmStr = NULL; |
|
903 |
jobjectArray stringArray; |
|
904 |
jstring tempString; |
|
905 |
int nameCount,i; |
|
906 |
PUNICODE_STRING scanner; |
|
907 |
WCHAR *realm; |
|
908 |
ULONG realmLen; |
|
2 | 909 |
|
73 | 910 |
realm = (WCHAR *) LocalAlloc(LMEM_ZEROINIT, |
911 |
((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL))); |
|
53326 | 912 |
if (realm == NULL) { |
913 |
ThrowOOME(env, "Can't allocate memory for realm"); |
|
914 |
return NULL; |
|
915 |
} |
|
73 | 916 |
wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR)); |
2 | 917 |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
918 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
919 |
printf("LSA: Principal domain is %S\n", realm); |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
920 |
printf("LSA: Name type is %x\n", principalName->NameType); |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
921 |
printf("LSA: Name count is %x\n", principalName->NameCount); |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
922 |
} |
2 | 923 |
|
73 | 924 |
nameCount = principalName->NameCount; |
925 |
stringArray = (*env)->NewObjectArray(env, nameCount, |
|
926 |
javaLangStringClass, NULL); |
|
927 |
if (stringArray == NULL) { |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
928 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
929 |
printf("LSA: Can't allocate String array for Principal\n"); |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
930 |
} |
23030
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
931 |
goto cleanup; |
73 | 932 |
} |
2 | 933 |
|
73 | 934 |
for (i=0; i<nameCount; i++) { |
935 |
// get the principal name |
|
936 |
scanner = &(principalName->Names[i]); |
|
2 | 937 |
|
73 | 938 |
// OK, got a Char array, so construct a String |
939 |
tempString = (*env)->NewString(env, (const jchar*)scanner->Buffer, |
|
940 |
scanner->Length/sizeof(WCHAR)); |
|
23030
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
941 |
|
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
942 |
if (tempString == NULL) { |
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
943 |
goto cleanup; |
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
944 |
} |
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
945 |
|
73 | 946 |
// Set the String into the StringArray |
947 |
(*env)->SetObjectArrayElement(env, stringArray, i, tempString); |
|
2 | 948 |
|
23030
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
949 |
if ((*env)->ExceptionCheck(env)) { |
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
950 |
goto cleanup; |
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
951 |
} |
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
952 |
|
73 | 953 |
// Do I have to worry about storage reclamation here? |
954 |
} |
|
955 |
// now set the realm in the principal |
|
956 |
realmLen = (ULONG)wcslen((PWCHAR)realm); |
|
957 |
realmStr = (*env)->NewString(env, (PWCHAR)realm, (USHORT)realmLen); |
|
13247 | 958 |
|
23030
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
959 |
if (realmStr == NULL) { |
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
960 |
goto cleanup; |
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
961 |
} |
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
962 |
|
13247 | 963 |
principal = (*env)->NewObject(env, principalNameClass, |
964 |
principalNameConstructor, stringArray, realmStr); |
|
2 | 965 |
|
23030
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
966 |
cleanup: |
73 | 967 |
// free local resources |
968 |
LocalFree(realm); |
|
2 | 969 |
|
73 | 970 |
return principal; |
2 | 971 |
} |
972 |
||
973 |
jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey) { |
|
73 | 974 |
// First, need to build a byte array |
975 |
jbyteArray ary; |
|
976 |
jobject encryptionKey = NULL; |
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
977 |
unsigned int i; |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
978 |
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
979 |
for (i=0; i<cryptoKey->Length; i++) { |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
980 |
if (cryptoKey->Value[i]) break; |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
981 |
} |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
982 |
if (i == cryptoKey->Length) { |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
983 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
984 |
printf("LSA: Session key all zero. Stop.\n"); |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
985 |
} |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
986 |
return NULL; |
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
987 |
} |
2 | 988 |
|
73 | 989 |
ary = (*env)->NewByteArray(env,cryptoKey->Length); |
53326 | 990 |
if (ary == NULL) { |
991 |
return (jobject) NULL; |
|
992 |
} |
|
73 | 993 |
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length, |
994 |
(jbyte *)cryptoKey->Value); |
|
995 |
if ((*env)->ExceptionOccurred(env)) { |
|
996 |
(*env)->DeleteLocalRef(env, ary); |
|
997 |
} else { |
|
998 |
encryptionKey = (*env)->NewObject(env, encryptionKeyClass, |
|
999 |
encryptionKeyConstructor, cryptoKey->KeyType, ary); |
|
1000 |
} |
|
2 | 1001 |
|
73 | 1002 |
return encryptionKey; |
2 | 1003 |
} |
1004 |
||
1005 |
jobject BuildTicketFlags(JNIEnv *env, PULONG flags) { |
|
73 | 1006 |
jobject ticketFlags = NULL; |
1007 |
jbyteArray ary; |
|
1008 |
/* |
|
1009 |
* mdu: Convert the bytes to nework byte order before copying |
|
1010 |
* them to a Java byte array. |
|
1011 |
*/ |
|
1012 |
ULONG nlflags = htonl(*flags); |
|
2 | 1013 |
|
73 | 1014 |
ary = (*env)->NewByteArray(env, sizeof(*flags)); |
53326 | 1015 |
if (ary == NULL) { |
1016 |
return (jobject) NULL; |
|
1017 |
} |
|
73 | 1018 |
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(*flags), |
1019 |
(jbyte *)&nlflags); |
|
1020 |
if ((*env)->ExceptionOccurred(env)) { |
|
1021 |
(*env)->DeleteLocalRef(env, ary); |
|
1022 |
} else { |
|
1023 |
ticketFlags = (*env)->NewObject(env, ticketFlagsClass, |
|
1024 |
ticketFlagsConstructor, sizeof(*flags)*8, ary); |
|
1025 |
} |
|
2 | 1026 |
|
73 | 1027 |
return ticketFlags; |
2 | 1028 |
} |
1029 |
||
1030 |
jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime) { |
|
73 | 1031 |
jobject kerberosTime = NULL; |
1032 |
jstring stringTime = NULL; |
|
1033 |
SYSTEMTIME systemTime; |
|
1034 |
WCHAR timeString[16]; |
|
1035 |
WCHAR month[3]; |
|
1036 |
WCHAR day[3]; |
|
1037 |
WCHAR hour[3]; |
|
1038 |
WCHAR minute[3]; |
|
1039 |
WCHAR second[3]; |
|
2 | 1040 |
|
73 | 1041 |
if (FileTimeToSystemTime((FILETIME *)kerbtime, &systemTime)) { |
1042 |
// XXX Cannot use %02.2ld, because the leading 0 is ignored for integers. |
|
1043 |
// So, print them to strings, and then print them to the master string with a |
|
1044 |
// format pattern that makes it two digits and prefix with a 0 if necessary. |
|
8781
1ecbd60a9024
6990848: JGSS/windows security code native code compiler warnings
weijun
parents:
5506
diff
changeset
|
1045 |
swprintf( (wchar_t *)month, 3, L"%2.2d", systemTime.wMonth); |
1ecbd60a9024
6990848: JGSS/windows security code native code compiler warnings
weijun
parents:
5506
diff
changeset
|
1046 |
swprintf( (wchar_t *)day, 3, L"%2.2d", systemTime.wDay); |
1ecbd60a9024
6990848: JGSS/windows security code native code compiler warnings
weijun
parents:
5506
diff
changeset
|
1047 |
swprintf( (wchar_t *)hour, 3, L"%2.2d", systemTime.wHour); |
1ecbd60a9024
6990848: JGSS/windows security code native code compiler warnings
weijun
parents:
5506
diff
changeset
|
1048 |
swprintf( (wchar_t *)minute, 3, L"%2.2d", systemTime.wMinute); |
1ecbd60a9024
6990848: JGSS/windows security code native code compiler warnings
weijun
parents:
5506
diff
changeset
|
1049 |
swprintf( (wchar_t *)second, 3, L"%2.2d", systemTime.wSecond); |
1ecbd60a9024
6990848: JGSS/windows security code native code compiler warnings
weijun
parents:
5506
diff
changeset
|
1050 |
swprintf( (wchar_t *)timeString, 16, |
73 | 1051 |
L"%ld%02.2s%02.2s%02.2s%02.2s%02.2sZ", |
2 | 1052 |
systemTime.wYear, |
1053 |
month, |
|
1054 |
day, |
|
1055 |
hour, |
|
1056 |
minute, |
|
1057 |
second ); |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
1058 |
if (native_debug) { |
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
1059 |
printf("LSA: %S\n", (wchar_t *)timeString); |
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
1060 |
} |
73 | 1061 |
stringTime = (*env)->NewString(env, timeString, |
1062 |
(sizeof(timeString)/sizeof(WCHAR))-1); |
|
1063 |
if (stringTime != NULL) { // everything's OK so far |
|
1064 |
kerberosTime = (*env)->NewObject(env, kerberosTimeClass, |
|
1065 |
kerberosTimeConstructor, stringTime); |
|
2 | 1066 |
} |
73 | 1067 |
} |
1068 |
return kerberosTime; |
|
2 | 1069 |
} |
53326 | 1070 |
|
1071 |
void ThrowOOME(JNIEnv *env, const char *szMessage) { |
|
1072 |
jclass exceptionClazz = (*env)->FindClass(env, "java/lang/OutOfMemoryError"); |
|
1073 |
if (exceptionClazz != NULL) { |
|
1074 |
(*env)->ThrowNew(env, exceptionClazz, szMessage); |
|
1075 |
} |
|
1076 |
} |