| author | ihse |
| Fri, 08 Jun 2018 18:11:32 +0200 | |
| changeset 50471 | f0aeede1b855 |
| parent 47216 | 71c04702a3d5 |
| child 53326 | 0060e9d7c450 |
| permissions | -rw-r--r-- |
| 2 | 1 |
/* |
|
50471
f0aeede1b855
8204572: SetupJdkLibrary should setup SRC and -I flags automatically
ihse
parents:
47216
diff
changeset
|
2 |
* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. |
| 2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
| 5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
| 2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
| 5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
| 2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
| 5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
| 2 | 24 |
*/ |
25 |
||
26 |
/* |
|
27 |
* =========================================================================== |
|
28 |
* (C) Copyright IBM Corp. 2000 All Rights Reserved. |
|
29 |
* =========================================================================== |
|
30 |
*/ |
|
31 |
||
32 |
#define UNICODE |
|
33 |
#define _UNICODE |
|
34 |
||
35 |
#include <windows.h> |
|
36 |
#include <stdio.h> |
|
37 |
#include <string.h> |
|
38 |
#define SECURITY_WIN32 |
|
39 |
#include <security.h> |
|
40 |
#include <ntsecapi.h> |
|
41 |
#include <dsgetdc.h> |
|
42 |
#include <lmcons.h> |
|
43 |
#include <lmapibuf.h> |
|
44 |
#include <jni.h> |
|
|
33653
c1ee09fe3274
8136556: Add the ability to perform static builds of MacOSX x64 binaries
bobv
parents:
30322
diff
changeset
|
45 |
#include "jni_util.h" |
| 2 | 46 |
#include <winsock.h> |
|
50471
f0aeede1b855
8204572: SetupJdkLibrary should setup SRC and -I flags automatically
ihse
parents:
47216
diff
changeset
|
47 |
#include "sun_security_krb5_Credentials.h" |
| 2 | 48 |
|
49 |
#undef LSA_SUCCESS |
|
50 |
#define LSA_SUCCESS(Status) ((Status) >= 0) |
|
51 |
#define EXIT_FAILURE -1 // mdu |
|
52 |
||
53 |
/* |
|
54 |
* Library-wide static references |
|
55 |
*/ |
|
56 |
||
57 |
jclass derValueClass = NULL; |
|
58 |
jclass ticketClass = NULL; |
|
59 |
jclass principalNameClass = NULL; |
|
60 |
jclass encryptionKeyClass = NULL; |
|
61 |
jclass ticketFlagsClass = NULL; |
|
62 |
jclass kerberosTimeClass = NULL; |
|
63 |
jclass javaLangStringClass = NULL; |
|
64 |
||
65 |
jmethodID derValueConstructor = 0; |
|
66 |
jmethodID ticketConstructor = 0; |
|
67 |
jmethodID principalNameConstructor = 0; |
|
68 |
jmethodID encryptionKeyConstructor = 0; |
|
69 |
jmethodID ticketFlagsConstructor = 0; |
|
70 |
jmethodID kerberosTimeConstructor = 0; |
|
71 |
jmethodID krbcredsConstructor = 0; |
|
72 |
||
73 |
/* |
|
74 |
* Function prototypes for internal routines |
|
75 |
* |
|
76 |
*/ |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
77 |
BOOL native_debug = 0; |
| 2 | 78 |
|
79 |
BOOL PackageConnectLookup(PHANDLE,PULONG); |
|
80 |
||
81 |
NTSTATUS ConstructTicketRequest(UNICODE_STRING DomainName, |
|
82 |
PKERB_RETRIEVE_TKT_REQUEST *outRequest, |
|
83 |
ULONG *outSize); |
|
84 |
||
85 |
DWORD ConcatenateUnicodeStrings(UNICODE_STRING *pTarget, |
|
86 |
UNICODE_STRING Source1, |
|
87 |
UNICODE_STRING Source2); |
|
88 |
||
89 |
VOID ShowNTError(LPSTR,NTSTATUS); |
|
90 |
||
91 |
VOID |
|
92 |
InitUnicodeString( |
|
| 73 | 93 |
PUNICODE_STRING DestinationString, |
| 2 | 94 |
PCWSTR SourceString OPTIONAL |
| 73 | 95 |
); |
| 2 | 96 |
|
97 |
jobject BuildTicket(JNIEnv *env, PUCHAR encodedTicket, ULONG encodedTicketSize); |
|
98 |
||
99 |
//mdu |
|
100 |
jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName, |
|
101 |
UNICODE_STRING domainName); |
|
102 |
||
103 |
jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey); |
|
104 |
jobject BuildTicketFlags(JNIEnv *env, PULONG flags); |
|
105 |
jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime); |
|
106 |
||
107 |
/* |
|
108 |
* Class: sun_security_krb5_KrbCreds |
|
109 |
* Method: JNI_OnLoad |
|
110 |
*/ |
|
111 |
||
|
33653
c1ee09fe3274
8136556: Add the ability to perform static builds of MacOSX x64 binaries
bobv
parents:
30322
diff
changeset
|
112 |
JNIEXPORT jint JNICALL DEF_JNI_OnLoad( |
| 73 | 113 |
JavaVM *jvm, |
114 |
void *reserved) {
|
|
| 2 | 115 |
|
| 73 | 116 |
jclass cls; |
117 |
JNIEnv *env; |
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
118 |
jfieldID fldDEBUG; |
| 2 | 119 |
|
| 73 | 120 |
if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) {
|
121 |
return JNI_EVERSION; /* JNI version not supported */ |
|
122 |
} |
|
| 2 | 123 |
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
124 |
cls = (*env)->FindClass(env,"sun/security/krb5/internal/Krb5"); |
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
125 |
if (cls == NULL) {
|
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
126 |
printf("LSA: Couldn't find Krb5\n");
|
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
127 |
return JNI_ERR; |
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
128 |
} |
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
129 |
fldDEBUG = (*env)->GetStaticFieldID(env, cls, "DEBUG", "Z"); |
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
130 |
if (fldDEBUG == NULL) {
|
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
131 |
printf("LSA: Krb5 has no DEBUG field\n");
|
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
132 |
return JNI_ERR; |
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
133 |
} |
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
134 |
native_debug = (*env)->GetStaticBooleanField(env, cls, fldDEBUG); |
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
135 |
|
| 73 | 136 |
cls = (*env)->FindClass(env,"sun/security/krb5/internal/Ticket"); |
| 2 | 137 |
|
| 73 | 138 |
if (cls == NULL) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
139 |
printf("LSA: Couldn't find Ticket\n");
|
| 73 | 140 |
return JNI_ERR; |
141 |
} |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
142 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
143 |
printf("LSA: Found Ticket\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
144 |
} |
| 2 | 145 |
|
| 73 | 146 |
ticketClass = (*env)->NewWeakGlobalRef(env,cls); |
147 |
if (ticketClass == NULL) {
|
|
148 |
return JNI_ERR; |
|
149 |
} |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
150 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
151 |
printf("LSA: Made NewWeakGlobalRef\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
152 |
} |
| 2 | 153 |
|
| 73 | 154 |
cls = (*env)->FindClass(env, "sun/security/krb5/PrincipalName"); |
| 2 | 155 |
|
| 73 | 156 |
if (cls == NULL) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
157 |
printf("LSA: Couldn't find PrincipalName\n");
|
| 73 | 158 |
return JNI_ERR; |
159 |
} |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
160 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
161 |
printf("LSA: Found PrincipalName\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
162 |
} |
| 2 | 163 |
|
| 73 | 164 |
principalNameClass = (*env)->NewWeakGlobalRef(env,cls); |
165 |
if (principalNameClass == NULL) {
|
|
166 |
return JNI_ERR; |
|
167 |
} |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
168 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
169 |
printf("LSA: Made NewWeakGlobalRef\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
170 |
} |
| 2 | 171 |
|
| 73 | 172 |
cls = (*env)->FindClass(env,"sun/security/util/DerValue"); |
| 2 | 173 |
|
| 73 | 174 |
if (cls == NULL) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
175 |
printf("LSA: Couldn't find DerValue\n");
|
| 73 | 176 |
return JNI_ERR; |
177 |
} |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
178 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
179 |
printf("LSA: Found DerValue\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
180 |
} |
| 2 | 181 |
|
| 73 | 182 |
derValueClass = (*env)->NewWeakGlobalRef(env,cls); |
183 |
if (derValueClass == NULL) {
|
|
184 |
return JNI_ERR; |
|
185 |
} |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
186 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
187 |
printf("LSA: Made NewWeakGlobalRef\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
188 |
} |
| 2 | 189 |
|
| 73 | 190 |
cls = (*env)->FindClass(env,"sun/security/krb5/EncryptionKey"); |
| 2 | 191 |
|
| 73 | 192 |
if (cls == NULL) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
193 |
printf("LSA: Couldn't find EncryptionKey\n");
|
| 73 | 194 |
return JNI_ERR; |
195 |
} |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
196 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
197 |
printf("LSA: Found EncryptionKey\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
198 |
} |
| 2 | 199 |
|
| 73 | 200 |
encryptionKeyClass = (*env)->NewWeakGlobalRef(env,cls); |
201 |
if (encryptionKeyClass == NULL) {
|
|
202 |
return JNI_ERR; |
|
203 |
} |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
204 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
205 |
printf("LSA: Made NewWeakGlobalRef\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
206 |
} |
| 2 | 207 |
|
| 73 | 208 |
cls = (*env)->FindClass(env,"sun/security/krb5/internal/TicketFlags"); |
| 2 | 209 |
|
| 73 | 210 |
if (cls == NULL) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
211 |
printf("LSA: Couldn't find TicketFlags\n");
|
| 73 | 212 |
return JNI_ERR; |
213 |
} |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
214 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
215 |
printf("LSA: Found TicketFlags\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
216 |
} |
| 2 | 217 |
|
| 73 | 218 |
ticketFlagsClass = (*env)->NewWeakGlobalRef(env,cls); |
219 |
if (ticketFlagsClass == NULL) {
|
|
220 |
return JNI_ERR; |
|
221 |
} |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
222 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
223 |
printf("LSA: Made NewWeakGlobalRef\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
224 |
} |
| 2 | 225 |
|
| 73 | 226 |
cls = (*env)->FindClass(env,"sun/security/krb5/internal/KerberosTime"); |
| 2 | 227 |
|
| 73 | 228 |
if (cls == NULL) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
229 |
printf("LSA: Couldn't find KerberosTime\n");
|
| 73 | 230 |
return JNI_ERR; |
231 |
} |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
232 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
233 |
printf("LSA: Found KerberosTime\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
234 |
} |
| 2 | 235 |
|
| 73 | 236 |
kerberosTimeClass = (*env)->NewWeakGlobalRef(env,cls); |
237 |
if (kerberosTimeClass == NULL) {
|
|
238 |
return JNI_ERR; |
|
239 |
} |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
240 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
241 |
printf("LSA: Made NewWeakGlobalRef\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
242 |
} |
| 2 | 243 |
|
| 73 | 244 |
cls = (*env)->FindClass(env,"java/lang/String"); |
| 2 | 245 |
|
| 73 | 246 |
if (cls == NULL) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
247 |
printf("LSA: Couldn't find String\n");
|
| 73 | 248 |
return JNI_ERR; |
249 |
} |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
250 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
251 |
printf("LSA: Found String\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
252 |
} |
| 2 | 253 |
|
| 73 | 254 |
javaLangStringClass = (*env)->NewWeakGlobalRef(env,cls); |
255 |
if (javaLangStringClass == NULL) {
|
|
256 |
return JNI_ERR; |
|
257 |
} |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
258 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
259 |
printf("LSA: Made NewWeakGlobalRef\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
260 |
} |
| 2 | 261 |
|
| 73 | 262 |
derValueConstructor = (*env)->GetMethodID(env, derValueClass, |
263 |
"<init>", "([B)V"); |
|
264 |
if (derValueConstructor == 0) {
|
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
265 |
printf("LSA: Couldn't find DerValue constructor\n");
|
| 73 | 266 |
return JNI_ERR; |
267 |
} |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
268 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
269 |
printf("LSA: Found DerValue constructor\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
270 |
} |
| 2 | 271 |
|
| 73 | 272 |
ticketConstructor = (*env)->GetMethodID(env, ticketClass, |
273 |
"<init>", "(Lsun/security/util/DerValue;)V"); |
|
274 |
if (ticketConstructor == 0) {
|
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
275 |
printf("LSA: Couldn't find Ticket constructor\n");
|
| 73 | 276 |
return JNI_ERR; |
277 |
} |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
278 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
279 |
printf("LSA: Found Ticket constructor\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
280 |
} |
| 2 | 281 |
|
| 73 | 282 |
principalNameConstructor = (*env)->GetMethodID(env, principalNameClass, |
| 13247 | 283 |
"<init>", "([Ljava/lang/String;Ljava/lang/String;)V"); |
| 73 | 284 |
if (principalNameConstructor == 0) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
285 |
printf("LSA: Couldn't find PrincipalName constructor\n");
|
| 73 | 286 |
return JNI_ERR; |
287 |
} |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
288 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
289 |
printf("LSA: Found PrincipalName constructor\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
290 |
} |
| 2 | 291 |
|
| 73 | 292 |
encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass, |
293 |
"<init>", "(I[B)V"); |
|
294 |
if (encryptionKeyConstructor == 0) {
|
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
295 |
printf("LSA: Couldn't find EncryptionKey constructor\n");
|
| 73 | 296 |
return JNI_ERR; |
297 |
} |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
298 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
299 |
printf("LSA: Found EncryptionKey constructor\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
300 |
} |
| 2 | 301 |
|
| 73 | 302 |
ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass, |
303 |
"<init>", "(I[B)V"); |
|
304 |
if (ticketFlagsConstructor == 0) {
|
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
305 |
printf("LSA: Couldn't find TicketFlags constructor\n");
|
| 73 | 306 |
return JNI_ERR; |
307 |
} |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
308 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
309 |
printf("LSA: Found TicketFlags constructor\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
310 |
} |
| 2 | 311 |
|
| 73 | 312 |
kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass, |
313 |
"<init>", "(Ljava/lang/String;)V"); |
|
314 |
if (kerberosTimeConstructor == 0) {
|
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
315 |
printf("LSA: Couldn't find KerberosTime constructor\n");
|
| 73 | 316 |
return JNI_ERR; |
317 |
} |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
318 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
319 |
printf("LSA: Found KerberosTime constructor\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
320 |
} |
| 2 | 321 |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
322 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
323 |
printf("LSA: Finished OnLoad processing\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
324 |
} |
| 2 | 325 |
|
| 73 | 326 |
return JNI_VERSION_1_2; |
| 2 | 327 |
} |
328 |
||
329 |
/* |
|
330 |
* Class: sun_security_jgss_KrbCreds |
|
331 |
* Method: JNI_OnUnload |
|
332 |
*/ |
|
333 |
||
|
33653
c1ee09fe3274
8136556: Add the ability to perform static builds of MacOSX x64 binaries
bobv
parents:
30322
diff
changeset
|
334 |
JNIEXPORT void JNICALL DEF_JNI_OnUnload( |
| 73 | 335 |
JavaVM *jvm, |
336 |
void *reserved) {
|
|
| 2 | 337 |
|
| 73 | 338 |
JNIEnv *env; |
| 2 | 339 |
|
| 73 | 340 |
if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) {
|
341 |
return; /* Nothing else we can do */ |
|
342 |
} |
|
| 2 | 343 |
|
| 73 | 344 |
if (ticketClass != NULL) {
|
345 |
(*env)->DeleteWeakGlobalRef(env,ticketClass); |
|
346 |
} |
|
347 |
if (derValueClass != NULL) {
|
|
348 |
(*env)->DeleteWeakGlobalRef(env,derValueClass); |
|
349 |
} |
|
350 |
if (principalNameClass != NULL) {
|
|
351 |
(*env)->DeleteWeakGlobalRef(env,principalNameClass); |
|
352 |
} |
|
353 |
if (encryptionKeyClass != NULL) {
|
|
354 |
(*env)->DeleteWeakGlobalRef(env,encryptionKeyClass); |
|
355 |
} |
|
356 |
if (ticketFlagsClass != NULL) {
|
|
357 |
(*env)->DeleteWeakGlobalRef(env,ticketFlagsClass); |
|
358 |
} |
|
359 |
if (kerberosTimeClass != NULL) {
|
|
360 |
(*env)->DeleteWeakGlobalRef(env,kerberosTimeClass); |
|
361 |
} |
|
362 |
if (javaLangStringClass != NULL) {
|
|
363 |
(*env)->DeleteWeakGlobalRef(env,javaLangStringClass); |
|
364 |
} |
|
| 2 | 365 |
|
| 73 | 366 |
return; |
| 2 | 367 |
} |
368 |
||
369 |
/* |
|
370 |
* Class: sun_security_krb5_Credentials |
|
371 |
* Method: acquireDefaultNativeCreds |
|
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
372 |
* Signature: ([I])Lsun/security/krb5/Credentials; |
| 2 | 373 |
*/ |
374 |
JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativeCreds( |
|
| 73 | 375 |
JNIEnv *env, |
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
376 |
jclass krbcredsClass, |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
377 |
jintArray jetypes) {
|
| 2 | 378 |
|
| 73 | 379 |
KERB_QUERY_TKT_CACHE_REQUEST CacheRequest; |
380 |
PKERB_RETRIEVE_TKT_RESPONSE TktCacheResponse = NULL; |
|
381 |
PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL; |
|
382 |
PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL; |
|
383 |
NTSTATUS Status, SubStatus; |
|
384 |
ULONG requestSize = 0; |
|
385 |
ULONG responseSize = 0; |
|
386 |
ULONG rspSize = 0; |
|
387 |
HANDLE LogonHandle = NULL; |
|
388 |
ULONG PackageId; |
|
389 |
jobject ticket, clientPrincipal, targetPrincipal, encryptionKey; |
|
390 |
jobject ticketFlags, startTime, endTime, krbCreds = NULL; |
|
391 |
jobject authTime, renewTillTime, hostAddresses = NULL; |
|
392 |
KERB_EXTERNAL_TICKET *msticket; |
|
|
22269
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
393 |
int found = 0; |
|
30322
c08d5c975168
8078495: End time checking for native TGT is wrong
weijun
parents:
25859
diff
changeset
|
394 |
FILETIME Now, EndTime; |
| 2 | 395 |
|
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
396 |
int i, netypes; |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
397 |
jint *etypes = NULL; |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
398 |
|
| 73 | 399 |
while (TRUE) {
|
| 2 | 400 |
|
401 |
if (krbcredsConstructor == 0) {
|
|
| 73 | 402 |
krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "<init>", |
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
403 |
"(Lsun/security/krb5/internal/Ticket;" |
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
404 |
"Lsun/security/krb5/PrincipalName;" |
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
405 |
"Lsun/security/krb5/PrincipalName;" |
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
406 |
"Lsun/security/krb5/EncryptionKey;" |
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
407 |
"Lsun/security/krb5/internal/TicketFlags;" |
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
408 |
"Lsun/security/krb5/internal/KerberosTime;" |
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
409 |
"Lsun/security/krb5/internal/KerberosTime;" |
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
410 |
"Lsun/security/krb5/internal/KerberosTime;" |
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
411 |
"Lsun/security/krb5/internal/KerberosTime;" |
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
412 |
"Lsun/security/krb5/internal/HostAddresses;)V"); |
| 2 | 413 |
if (krbcredsConstructor == 0) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
414 |
printf("LSA: Couldn't find sun.security.krb5.Credentials constructor\n");
|
| 2 | 415 |
break; |
416 |
} |
|
417 |
} |
|
418 |
||
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
419 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
420 |
printf("LSA: Found KrbCreds constructor\n");
|
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
421 |
} |
| 2 | 422 |
|
423 |
// |
|
424 |
// Get the logon handle and package ID from the |
|
425 |
// Kerberos package |
|
426 |
// |
|
427 |
if (!PackageConnectLookup(&LogonHandle, &PackageId)) |
|
428 |
break; |
|
429 |
||
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
430 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
431 |
printf("LSA: Got handle to Kerberos package\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
432 |
} |
| 2 | 433 |
|
434 |
// Get the MS TGT from cache |
|
435 |
CacheRequest.MessageType = KerbRetrieveTicketMessage; |
|
436 |
CacheRequest.LogonId.LowPart = 0; |
|
437 |
CacheRequest.LogonId.HighPart = 0; |
|
438 |
||
439 |
Status = LsaCallAuthenticationPackage( |
|
440 |
LogonHandle, |
|
441 |
PackageId, |
|
442 |
&CacheRequest, |
|
443 |
sizeof(CacheRequest), |
|
444 |
&TktCacheResponse, |
|
445 |
&rspSize, |
|
446 |
&SubStatus |
|
447 |
); |
|
448 |
||
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
449 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
450 |
printf("LSA: Response size is %d\n", rspSize);
|
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
451 |
} |
| 2 | 452 |
|
453 |
if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) {
|
|
454 |
if (!LSA_SUCCESS(Status)) {
|
|
455 |
ShowNTError("LsaCallAuthenticationPackage", Status);
|
|
456 |
} else {
|
|
457 |
ShowNTError("Protocol status", SubStatus);
|
|
458 |
} |
|
459 |
break; |
|
460 |
} |
|
461 |
||
462 |
// got the native MS TGT |
|
463 |
msticket = &(TktCacheResponse->Ticket); |
|
464 |
||
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
465 |
netypes = (*env)->GetArrayLength(env, jetypes); |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
466 |
etypes = (jint *) (*env)->GetIntArrayElements(env, jetypes, NULL); |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
467 |
|
|
23030
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
468 |
if (etypes == NULL) {
|
|
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
469 |
break; |
|
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
470 |
} |
|
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
471 |
|
| 2 | 472 |
// check TGT validity |
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
473 |
if (native_debug) {
|
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
474 |
printf("LSA: TICKET SessionKey KeyType is %d\n", msticket->SessionKey.KeyType);
|
| 2 | 475 |
} |
476 |
||
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
477 |
if ((msticket->TicketFlags & KERB_TICKET_FLAGS_invalid) == 0) {
|
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
478 |
GetSystemTimeAsFileTime(&Now); |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
479 |
EndTime.dwLowDateTime = msticket->EndTime.LowPart; |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
480 |
EndTime.dwHighDateTime = msticket->EndTime.HighPart; |
|
30322
c08d5c975168
8078495: End time checking for native TGT is wrong
weijun
parents:
25859
diff
changeset
|
481 |
if (CompareFileTime(&Now, &EndTime) < 0) {
|
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
482 |
for (i=0; i<netypes; i++) {
|
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
483 |
if (etypes[i] == msticket->SessionKey.KeyType) {
|
|
22269
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
484 |
found = 1; |
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
485 |
if (native_debug) {
|
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
486 |
printf("LSA: Valid etype found: %d\n", etypes[i]);
|
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
487 |
} |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
488 |
break; |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
489 |
} |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
490 |
} |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
491 |
} |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
492 |
} |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
493 |
|
|
22269
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
494 |
if (!found) {
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
495 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
496 |
printf("LSA: MS TGT in cache is invalid/not supported; request new ticket\n");
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
497 |
} |
| 2 | 498 |
|
499 |
// use domain to request Ticket |
|
500 |
Status = ConstructTicketRequest(msticket->TargetDomainName, |
|
501 |
&pTicketRequest, &requestSize); |
|
502 |
if (!LSA_SUCCESS(Status)) {
|
|
503 |
ShowNTError("ConstructTicketRequest status", Status);
|
|
504 |
break; |
|
505 |
} |
|
506 |
||
507 |
pTicketRequest->MessageType = KerbRetrieveEncodedTicketMessage; |
|
508 |
pTicketRequest->CacheOptions = KERB_RETRIEVE_TICKET_DONT_USE_CACHE; |
|
509 |
||
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
510 |
for (i=0; i<netypes; i++) {
|
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
511 |
pTicketRequest->EncryptionType = etypes[i]; |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
512 |
Status = LsaCallAuthenticationPackage( |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
513 |
LogonHandle, |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
514 |
PackageId, |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
515 |
pTicketRequest, |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
516 |
requestSize, |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
517 |
&pTicketResponse, |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
518 |
&responseSize, |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
519 |
&SubStatus |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
520 |
); |
| 2 | 521 |
|
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
522 |
if (native_debug) {
|
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
523 |
printf("LSA: Response size is %d for %d\n", responseSize, etypes[i]);
|
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
524 |
} |
| 2 | 525 |
|
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
526 |
if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) {
|
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
527 |
if (!LSA_SUCCESS(Status)) {
|
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
528 |
ShowNTError("LsaCallAuthenticationPackage", Status);
|
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
529 |
} else {
|
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
530 |
ShowNTError("Protocol status", SubStatus);
|
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
531 |
} |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
532 |
continue; |
| 2 | 533 |
} |
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
534 |
|
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
535 |
// got the native MS Kerberos TGT |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
536 |
msticket = &(pTicketResponse->Ticket); |
|
22269
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
537 |
|
|
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
538 |
if (msticket->SessionKey.KeyType != etypes[i]) {
|
|
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
539 |
if (native_debug) {
|
|
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
540 |
printf("LSA: Response etype is %d for %d. Retry.\n", msticket->SessionKey.KeyType, etypes[i]);
|
|
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
541 |
} |
|
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
542 |
continue; |
|
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
543 |
} |
|
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
544 |
found = 1; |
| 2 | 545 |
break; |
546 |
} |
|
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
547 |
} |
| 2 | 548 |
|
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
549 |
if (etypes != NULL) {
|
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
550 |
(*env)->ReleaseIntArrayElements(env, jetypes, etypes, 0); |
| 2 | 551 |
} |
552 |
||
| 73 | 553 |
/* |
| 2 | 554 |
|
| 73 | 555 |
typedef struct _KERB_RETRIEVE_TKT_RESPONSE {
|
556 |
KERB_EXTERNAL_TICKET Ticket; |
|
557 |
} KERB_RETRIEVE_TKT_RESPONSE, *PKERB_RETRIEVE_TKT_RESPONSE; |
|
| 2 | 558 |
|
| 73 | 559 |
typedef struct _KERB_EXTERNAL_TICKET {
|
560 |
PKERB_EXTERNAL_NAME ServiceName; |
|
561 |
PKERB_EXTERNAL_NAME TargetName; |
|
562 |
PKERB_EXTERNAL_NAME ClientName; |
|
563 |
UNICODE_STRING DomainName; |
|
564 |
UNICODE_STRING TargetDomainName; |
|
565 |
UNICODE_STRING AltTargetDomainName; |
|
566 |
KERB_CRYPTO_KEY SessionKey; |
|
567 |
ULONG TicketFlags; |
|
568 |
ULONG Flags; |
|
569 |
LARGE_INTEGER KeyExpirationTime; |
|
570 |
LARGE_INTEGER StartTime; |
|
571 |
LARGE_INTEGER EndTime; |
|
572 |
LARGE_INTEGER RenewUntil; |
|
573 |
LARGE_INTEGER TimeSkew; |
|
574 |
ULONG EncodedTicketSize; |
|
575 |
PUCHAR EncodedTicket; <========== Here's the good stuff |
|
576 |
} KERB_EXTERNAL_TICKET, *PKERB_EXTERNAL_TICKET; |
|
| 2 | 577 |
|
| 73 | 578 |
typedef struct _KERB_EXTERNAL_NAME {
|
579 |
SHORT NameType; |
|
580 |
USHORT NameCount; |
|
581 |
UNICODE_STRING Names[ANYSIZE_ARRAY]; |
|
582 |
} KERB_EXTERNAL_NAME, *PKERB_EXTERNAL_NAME; |
|
| 2 | 583 |
|
| 73 | 584 |
typedef struct _LSA_UNICODE_STRING {
|
585 |
USHORT Length; |
|
586 |
USHORT MaximumLength; |
|
587 |
PWSTR Buffer; |
|
588 |
} LSA_UNICODE_STRING, *PLSA_UNICODE_STRING; |
|
| 2 | 589 |
|
| 73 | 590 |
typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING; |
| 2 | 591 |
|
| 73 | 592 |
typedef struct KERB_CRYPTO_KEY {
|
593 |
LONG KeyType; |
|
594 |
ULONG Length; |
|
595 |
PUCHAR Value; |
|
596 |
} KERB_CRYPTO_KEY, *PKERB_CRYPTO_KEY; |
|
| 2 | 597 |
|
| 73 | 598 |
*/ |
|
22269
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
599 |
if (!found) {
|
|
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
600 |
break; |
|
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
601 |
} |
|
852e4737460a
8031046: Native Windows ccache might still get unsupported ticket
weijun
parents:
21278
diff
changeset
|
602 |
|
| 2 | 603 |
// Build a com.sun.security.krb5.Ticket |
604 |
ticket = BuildTicket(env, msticket->EncodedTicket, |
|
605 |
msticket->EncodedTicketSize); |
|
606 |
if (ticket == NULL) {
|
|
| 73 | 607 |
break; |
| 2 | 608 |
} |
609 |
// OK, have a Ticket, now need to get the client name |
|
610 |
clientPrincipal = BuildPrincipal(env, msticket->ClientName, |
|
611 |
msticket->TargetDomainName); // mdu |
|
612 |
if (clientPrincipal == NULL) {
|
|
| 73 | 613 |
break; |
| 2 | 614 |
} |
615 |
||
616 |
// and the "name" of tgt |
|
617 |
targetPrincipal = BuildPrincipal(env, msticket->ServiceName, |
|
618 |
msticket->DomainName); |
|
619 |
if (targetPrincipal == NULL) {
|
|
| 73 | 620 |
break; |
| 2 | 621 |
} |
622 |
||
623 |
// Get the encryption key |
|
624 |
encryptionKey = BuildEncryptionKey(env, &(msticket->SessionKey)); |
|
625 |
if (encryptionKey == NULL) {
|
|
| 73 | 626 |
break; |
| 2 | 627 |
} |
628 |
||
629 |
// and the ticket flags |
|
630 |
ticketFlags = BuildTicketFlags(env, &(msticket->TicketFlags)); |
|
631 |
if (ticketFlags == NULL) {
|
|
| 73 | 632 |
break; |
| 2 | 633 |
} |
634 |
||
635 |
// Get the start time |
|
636 |
startTime = BuildKerberosTime(env, &(msticket->StartTime)); |
|
637 |
if (startTime == NULL) {
|
|
| 73 | 638 |
break; |
| 2 | 639 |
} |
640 |
||
641 |
/* |
|
642 |
* mdu: No point storing the eky expiration time in the auth |
|
643 |
* time field. Set it to be same as startTime. Looks like |
|
644 |
* windows does not have post-dated tickets. |
|
645 |
*/ |
|
646 |
authTime = startTime; |
|
647 |
||
648 |
// and the end time |
|
649 |
endTime = BuildKerberosTime(env, &(msticket->EndTime)); |
|
650 |
if (endTime == NULL) {
|
|
| 73 | 651 |
break; |
| 2 | 652 |
} |
653 |
||
654 |
// Get the renew till time |
|
655 |
renewTillTime = BuildKerberosTime(env, &(msticket->RenewUntil)); |
|
656 |
if (renewTillTime == NULL) {
|
|
| 73 | 657 |
break; |
| 2 | 658 |
} |
659 |
||
660 |
// and now go build a KrbCreds object |
|
661 |
krbCreds = (*env)->NewObject( |
|
662 |
env, |
|
663 |
krbcredsClass, |
|
664 |
krbcredsConstructor, |
|
665 |
ticket, |
|
666 |
clientPrincipal, |
|
667 |
targetPrincipal, |
|
668 |
encryptionKey, |
|
669 |
ticketFlags, |
|
670 |
authTime, // mdu |
|
671 |
startTime, |
|
672 |
endTime, |
|
673 |
renewTillTime, //mdu |
|
674 |
hostAddresses); |
|
675 |
||
676 |
break; |
|
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
677 |
} // end of WHILE. This WHILE will never loop. |
| 2 | 678 |
|
| 73 | 679 |
// clean up resources |
680 |
if (TktCacheResponse != NULL) {
|
|
681 |
LsaFreeReturnBuffer(TktCacheResponse); |
|
682 |
} |
|
683 |
if (pTicketRequest) {
|
|
684 |
LocalFree(pTicketRequest); |
|
685 |
} |
|
686 |
if (pTicketResponse != NULL) {
|
|
687 |
LsaFreeReturnBuffer(pTicketResponse); |
|
688 |
} |
|
| 2 | 689 |
|
| 73 | 690 |
return krbCreds; |
| 2 | 691 |
} |
692 |
||
693 |
static NTSTATUS |
|
694 |
ConstructTicketRequest(UNICODE_STRING DomainName, |
|
695 |
PKERB_RETRIEVE_TKT_REQUEST *outRequest, ULONG *outSize) |
|
696 |
{
|
|
| 73 | 697 |
NTSTATUS Status; |
698 |
UNICODE_STRING TargetPrefix; |
|
699 |
USHORT TargetSize; |
|
700 |
ULONG RequestSize; |
|
701 |
ULONG Length; |
|
702 |
PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL; |
|
| 2 | 703 |
|
| 73 | 704 |
*outRequest = NULL; |
705 |
*outSize = 0; |
|
| 2 | 706 |
|
| 73 | 707 |
// |
708 |
// Set up the "krbtgt/" target prefix into a UNICODE_STRING so we |
|
709 |
// can easily concatenate it later. |
|
710 |
// |
|
| 2 | 711 |
|
| 73 | 712 |
TargetPrefix.Buffer = L"krbtgt/"; |
713 |
Length = (ULONG)wcslen(TargetPrefix.Buffer) * sizeof(WCHAR); |
|
714 |
TargetPrefix.Length = (USHORT)Length; |
|
715 |
TargetPrefix.MaximumLength = TargetPrefix.Length; |
|
| 2 | 716 |
|
| 73 | 717 |
// |
718 |
// We will need to concatenate the "krbtgt/" prefix and the |
|
719 |
// Logon Session's DnsDomainName into our request's target name. |
|
720 |
// |
|
721 |
// Therefore, first compute the necessary buffer size for that. |
|
722 |
// |
|
723 |
// Note that we might theoretically have integer overflow. |
|
724 |
// |
|
| 2 | 725 |
|
| 73 | 726 |
TargetSize = TargetPrefix.Length + DomainName.Length; |
| 2 | 727 |
|
| 73 | 728 |
// |
729 |
// The ticket request buffer needs to be a single buffer. That buffer |
|
730 |
// needs to include the buffer for the target name. |
|
731 |
// |
|
| 2 | 732 |
|
| 73 | 733 |
RequestSize = sizeof (*pTicketRequest) + TargetSize; |
| 2 | 734 |
|
| 73 | 735 |
// |
736 |
// Allocate the request buffer and make sure it's zero-filled. |
|
737 |
// |
|
| 2 | 738 |
|
| 73 | 739 |
pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST) |
740 |
LocalAlloc(LMEM_ZEROINIT, RequestSize); |
|
741 |
if (!pTicketRequest) |
|
742 |
return GetLastError(); |
|
| 2 | 743 |
|
| 73 | 744 |
// |
| 21278 | 745 |
// Concatenate the target prefix with the previous response's |
| 73 | 746 |
// target domain. |
747 |
// |
|
| 2 | 748 |
|
| 73 | 749 |
pTicketRequest->TargetName.Length = 0; |
750 |
pTicketRequest->TargetName.MaximumLength = TargetSize; |
|
751 |
pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1); |
|
752 |
Status = ConcatenateUnicodeStrings(&(pTicketRequest->TargetName), |
|
753 |
TargetPrefix, |
|
754 |
DomainName); |
|
755 |
*outRequest = pTicketRequest; |
|
756 |
*outSize = RequestSize; |
|
757 |
return Status; |
|
| 2 | 758 |
} |
759 |
||
760 |
DWORD |
|
761 |
ConcatenateUnicodeStrings( |
|
762 |
UNICODE_STRING *pTarget, |
|
763 |
UNICODE_STRING Source1, |
|
764 |
UNICODE_STRING Source2 |
|
765 |
) |
|
766 |
{
|
|
| 73 | 767 |
// |
768 |
// The buffers for Source1 and Source2 cannot overlap pTarget's |
|
769 |
// buffer. Source1.Length + Source2.Length must be <= 0xFFFF, |
|
770 |
// otherwise we overflow... |
|
771 |
// |
|
| 2 | 772 |
|
| 73 | 773 |
USHORT TotalSize = Source1.Length + Source2.Length; |
774 |
PBYTE buffer = (PBYTE) pTarget->Buffer; |
|
| 2 | 775 |
|
| 73 | 776 |
if (TotalSize > pTarget->MaximumLength) |
777 |
return ERROR_INSUFFICIENT_BUFFER; |
|
| 2 | 778 |
|
| 73 | 779 |
pTarget->Length = TotalSize; |
780 |
memcpy(buffer, Source1.Buffer, Source1.Length); |
|
781 |
memcpy(buffer + Source1.Length, Source2.Buffer, Source2.Length); |
|
782 |
return ERROR_SUCCESS; |
|
| 2 | 783 |
} |
784 |
||
785 |
BOOL |
|
786 |
PackageConnectLookup( |
|
787 |
HANDLE *pLogonHandle, |
|
788 |
ULONG *pPackageId |
|
789 |
) |
|
790 |
{
|
|
791 |
LSA_STRING Name; |
|
792 |
NTSTATUS Status; |
|
793 |
||
794 |
Status = LsaConnectUntrusted( |
|
795 |
pLogonHandle |
|
796 |
); |
|
797 |
||
798 |
if (!LSA_SUCCESS(Status)) |
|
799 |
{
|
|
800 |
ShowNTError("LsaConnectUntrusted", Status);
|
|
801 |
return FALSE; |
|
802 |
} |
|
803 |
||
804 |
Name.Buffer = MICROSOFT_KERBEROS_NAME_A; |
|
805 |
Name.Length = (USHORT)strlen(Name.Buffer); |
|
806 |
Name.MaximumLength = Name.Length + 1; |
|
807 |
||
808 |
Status = LsaLookupAuthenticationPackage( |
|
809 |
*pLogonHandle, |
|
810 |
&Name, |
|
811 |
pPackageId |
|
812 |
); |
|
813 |
||
814 |
if (!LSA_SUCCESS(Status)) |
|
815 |
{
|
|
816 |
ShowNTError("LsaLookupAuthenticationPackage", Status);
|
|
817 |
return FALSE; |
|
818 |
} |
|
819 |
||
820 |
return TRUE; |
|
821 |
||
822 |
} |
|
823 |
||
824 |
VOID |
|
825 |
ShowLastError( |
|
826 |
LPSTR szAPI, |
|
827 |
DWORD dwError |
|
828 |
) |
|
829 |
{
|
|
| 73 | 830 |
#define MAX_MSG_SIZE 256 |
| 2 | 831 |
|
| 73 | 832 |
static WCHAR szMsgBuf[MAX_MSG_SIZE]; |
833 |
DWORD dwRes; |
|
| 2 | 834 |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
835 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
836 |
printf("LSA: Error calling function %s: %lu\n", szAPI, dwError);
|
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
837 |
} |
| 2 | 838 |
|
| 73 | 839 |
dwRes = FormatMessage ( |
840 |
FORMAT_MESSAGE_FROM_SYSTEM, |
|
841 |
NULL, |
|
842 |
dwError, |
|
843 |
0, |
|
844 |
szMsgBuf, |
|
845 |
MAX_MSG_SIZE, |
|
846 |
NULL); |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
847 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
848 |
if (0 == dwRes) {
|
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
849 |
printf("LSA: FormatMessage failed with %d\n", GetLastError());
|
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
850 |
// ExitProcess(EXIT_FAILURE); |
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
851 |
} else {
|
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
852 |
printf("LSA: %S",szMsgBuf);
|
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
853 |
} |
| 73 | 854 |
} |
| 2 | 855 |
} |
856 |
||
857 |
VOID |
|
858 |
ShowNTError( |
|
859 |
LPSTR szAPI, |
|
860 |
NTSTATUS Status |
|
861 |
) |
|
862 |
{
|
|
863 |
// |
|
864 |
// Convert the NTSTATUS to Winerror. Then call ShowLastError(). |
|
865 |
// |
|
866 |
ShowLastError(szAPI, LsaNtStatusToWinError(Status)); |
|
867 |
} |
|
868 |
||
869 |
VOID |
|
870 |
InitUnicodeString( |
|
871 |
PUNICODE_STRING DestinationString, |
|
872 |
PCWSTR SourceString OPTIONAL |
|
873 |
) |
|
874 |
{
|
|
875 |
ULONG Length; |
|
876 |
||
877 |
DestinationString->Buffer = (PWSTR)SourceString; |
|
878 |
if (SourceString != NULL) {
|
|
879 |
Length = (ULONG)wcslen( SourceString ) * sizeof( WCHAR ); |
|
880 |
DestinationString->Length = (USHORT)Length; |
|
881 |
DestinationString->MaximumLength = (USHORT)(Length + sizeof(UNICODE_NULL)); |
|
| 73 | 882 |
} |
| 2 | 883 |
else {
|
884 |
DestinationString->MaximumLength = 0; |
|
885 |
DestinationString->Length = 0; |
|
| 73 | 886 |
} |
| 2 | 887 |
} |
888 |
||
889 |
jobject BuildTicket(JNIEnv *env, PUCHAR encodedTicket, ULONG encodedTicketSize) {
|
|
890 |
||
| 73 | 891 |
/* To build a Ticket, we first need to build a DerValue out of the EncodedTicket. |
892 |
* But before we can do that, we need to make a byte array out of the ET. |
|
893 |
*/ |
|
| 2 | 894 |
|
| 73 | 895 |
jobject derValue, ticket; |
896 |
jbyteArray ary; |
|
| 2 | 897 |
|
| 73 | 898 |
ary = (*env)->NewByteArray(env,encodedTicketSize); |
899 |
if ((*env)->ExceptionOccurred(env)) {
|
|
900 |
return (jobject) NULL; |
|
901 |
} |
|
| 2 | 902 |
|
| 73 | 903 |
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, encodedTicketSize, |
904 |
(jbyte *)encodedTicket); |
|
905 |
if ((*env)->ExceptionOccurred(env)) {
|
|
906 |
(*env)->DeleteLocalRef(env, ary); |
|
907 |
return (jobject) NULL; |
|
908 |
} |
|
| 2 | 909 |
|
| 73 | 910 |
derValue = (*env)->NewObject(env, derValueClass, derValueConstructor, ary); |
911 |
if ((*env)->ExceptionOccurred(env)) {
|
|
| 2 | 912 |
(*env)->DeleteLocalRef(env, ary); |
| 73 | 913 |
return (jobject) NULL; |
914 |
} |
|
915 |
||
916 |
(*env)->DeleteLocalRef(env, ary); |
|
917 |
ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, derValue); |
|
918 |
if ((*env)->ExceptionOccurred(env)) {
|
|
| 2 | 919 |
(*env)->DeleteLocalRef(env, derValue); |
| 73 | 920 |
return (jobject) NULL; |
921 |
} |
|
922 |
(*env)->DeleteLocalRef(env, derValue); |
|
923 |
return ticket; |
|
| 2 | 924 |
} |
925 |
||
926 |
// mdu |
|
927 |
jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName, |
|
928 |
UNICODE_STRING domainName) {
|
|
929 |
||
| 73 | 930 |
/* |
931 |
* To build the Principal, we need to get the names out of |
|
932 |
* this goofy MS structure |
|
933 |
*/ |
|
934 |
jobject principal = NULL; |
|
935 |
jobject realmStr = NULL; |
|
936 |
jobjectArray stringArray; |
|
937 |
jstring tempString; |
|
938 |
int nameCount,i; |
|
939 |
PUNICODE_STRING scanner; |
|
940 |
WCHAR *realm; |
|
941 |
ULONG realmLen; |
|
| 2 | 942 |
|
| 73 | 943 |
realm = (WCHAR *) LocalAlloc(LMEM_ZEROINIT, |
944 |
((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL))); |
|
945 |
wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR)); |
|
| 2 | 946 |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
947 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
948 |
printf("LSA: Principal domain is %S\n", realm);
|
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
949 |
printf("LSA: Name type is %x\n", principalName->NameType);
|
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
950 |
printf("LSA: Name count is %x\n", principalName->NameCount);
|
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
951 |
} |
| 2 | 952 |
|
| 73 | 953 |
nameCount = principalName->NameCount; |
954 |
stringArray = (*env)->NewObjectArray(env, nameCount, |
|
955 |
javaLangStringClass, NULL); |
|
956 |
if (stringArray == NULL) {
|
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
957 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
958 |
printf("LSA: Can't allocate String array for Principal\n");
|
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
959 |
} |
|
23030
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
960 |
goto cleanup; |
| 73 | 961 |
} |
| 2 | 962 |
|
| 73 | 963 |
for (i=0; i<nameCount; i++) {
|
964 |
// get the principal name |
|
965 |
scanner = &(principalName->Names[i]); |
|
| 2 | 966 |
|
| 73 | 967 |
// OK, got a Char array, so construct a String |
968 |
tempString = (*env)->NewString(env, (const jchar*)scanner->Buffer, |
|
969 |
scanner->Length/sizeof(WCHAR)); |
|
|
23030
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
970 |
|
|
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
971 |
if (tempString == NULL) {
|
|
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
972 |
goto cleanup; |
|
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
973 |
} |
|
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
974 |
|
| 73 | 975 |
// Set the String into the StringArray |
976 |
(*env)->SetObjectArrayElement(env, stringArray, i, tempString); |
|
| 2 | 977 |
|
|
23030
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
978 |
if ((*env)->ExceptionCheck(env)) {
|
|
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
979 |
goto cleanup; |
|
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
980 |
} |
|
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
981 |
|
| 73 | 982 |
// Do I have to worry about storage reclamation here? |
983 |
} |
|
984 |
// now set the realm in the principal |
|
985 |
realmLen = (ULONG)wcslen((PWCHAR)realm); |
|
986 |
realmStr = (*env)->NewString(env, (PWCHAR)realm, (USHORT)realmLen); |
|
| 13247 | 987 |
|
|
23030
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
988 |
if (realmStr == NULL) {
|
|
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
989 |
goto cleanup; |
|
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
990 |
} |
|
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
991 |
|
| 13247 | 992 |
principal = (*env)->NewObject(env, principalNameClass, |
993 |
principalNameConstructor, stringArray, realmStr); |
|
| 2 | 994 |
|
|
23030
51178fbafe9c
8035759: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/krb5/NativeCreds.c
weijun
parents:
23010
diff
changeset
|
995 |
cleanup: |
| 73 | 996 |
// free local resources |
997 |
LocalFree(realm); |
|
| 2 | 998 |
|
| 73 | 999 |
return principal; |
| 2 | 1000 |
} |
1001 |
||
1002 |
jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey) {
|
|
| 73 | 1003 |
// First, need to build a byte array |
1004 |
jbyteArray ary; |
|
1005 |
jobject encryptionKey = NULL; |
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
1006 |
unsigned int i; |
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
1007 |
|
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
1008 |
for (i=0; i<cryptoKey->Length; i++) {
|
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
1009 |
if (cryptoKey->Value[i]) break; |
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
1010 |
} |
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
1011 |
if (i == cryptoKey->Length) {
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
1012 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
1013 |
printf("LSA: Session key all zero. Stop.\n");
|
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
1014 |
} |
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
1015 |
return NULL; |
|
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
1016 |
} |
| 2 | 1017 |
|
| 73 | 1018 |
ary = (*env)->NewByteArray(env,cryptoKey->Length); |
1019 |
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length, |
|
1020 |
(jbyte *)cryptoKey->Value); |
|
1021 |
if ((*env)->ExceptionOccurred(env)) {
|
|
1022 |
(*env)->DeleteLocalRef(env, ary); |
|
1023 |
} else {
|
|
1024 |
encryptionKey = (*env)->NewObject(env, encryptionKeyClass, |
|
1025 |
encryptionKeyConstructor, cryptoKey->KeyType, ary); |
|
1026 |
} |
|
| 2 | 1027 |
|
| 73 | 1028 |
return encryptionKey; |
| 2 | 1029 |
} |
1030 |
||
1031 |
jobject BuildTicketFlags(JNIEnv *env, PULONG flags) {
|
|
| 73 | 1032 |
jobject ticketFlags = NULL; |
1033 |
jbyteArray ary; |
|
1034 |
/* |
|
1035 |
* mdu: Convert the bytes to nework byte order before copying |
|
1036 |
* them to a Java byte array. |
|
1037 |
*/ |
|
1038 |
ULONG nlflags = htonl(*flags); |
|
| 2 | 1039 |
|
| 73 | 1040 |
ary = (*env)->NewByteArray(env, sizeof(*flags)); |
1041 |
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(*flags), |
|
1042 |
(jbyte *)&nlflags); |
|
1043 |
if ((*env)->ExceptionOccurred(env)) {
|
|
1044 |
(*env)->DeleteLocalRef(env, ary); |
|
1045 |
} else {
|
|
1046 |
ticketFlags = (*env)->NewObject(env, ticketFlagsClass, |
|
1047 |
ticketFlagsConstructor, sizeof(*flags)*8, ary); |
|
1048 |
} |
|
| 2 | 1049 |
|
| 73 | 1050 |
return ticketFlags; |
| 2 | 1051 |
} |
1052 |
||
1053 |
jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime) {
|
|
| 73 | 1054 |
jobject kerberosTime = NULL; |
1055 |
jstring stringTime = NULL; |
|
1056 |
SYSTEMTIME systemTime; |
|
1057 |
WCHAR timeString[16]; |
|
1058 |
WCHAR month[3]; |
|
1059 |
WCHAR day[3]; |
|
1060 |
WCHAR hour[3]; |
|
1061 |
WCHAR minute[3]; |
|
1062 |
WCHAR second[3]; |
|
| 2 | 1063 |
|
| 73 | 1064 |
if (FileTimeToSystemTime((FILETIME *)kerbtime, &systemTime)) {
|
1065 |
// XXX Cannot use %02.2ld, because the leading 0 is ignored for integers. |
|
1066 |
// So, print them to strings, and then print them to the master string with a |
|
1067 |
// format pattern that makes it two digits and prefix with a 0 if necessary. |
|
|
8781
1ecbd60a9024
6990848: JGSS/windows security code native code compiler warnings
weijun
parents:
5506
diff
changeset
|
1068 |
swprintf( (wchar_t *)month, 3, L"%2.2d", systemTime.wMonth); |
|
1ecbd60a9024
6990848: JGSS/windows security code native code compiler warnings
weijun
parents:
5506
diff
changeset
|
1069 |
swprintf( (wchar_t *)day, 3, L"%2.2d", systemTime.wDay); |
|
1ecbd60a9024
6990848: JGSS/windows security code native code compiler warnings
weijun
parents:
5506
diff
changeset
|
1070 |
swprintf( (wchar_t *)hour, 3, L"%2.2d", systemTime.wHour); |
|
1ecbd60a9024
6990848: JGSS/windows security code native code compiler warnings
weijun
parents:
5506
diff
changeset
|
1071 |
swprintf( (wchar_t *)minute, 3, L"%2.2d", systemTime.wMinute); |
|
1ecbd60a9024
6990848: JGSS/windows security code native code compiler warnings
weijun
parents:
5506
diff
changeset
|
1072 |
swprintf( (wchar_t *)second, 3, L"%2.2d", systemTime.wSecond); |
|
1ecbd60a9024
6990848: JGSS/windows security code native code compiler warnings
weijun
parents:
5506
diff
changeset
|
1073 |
swprintf( (wchar_t *)timeString, 16, |
| 73 | 1074 |
L"%ld%02.2s%02.2s%02.2s%02.2s%02.2sZ", |
| 2 | 1075 |
systemTime.wYear, |
1076 |
month, |
|
1077 |
day, |
|
1078 |
hour, |
|
1079 |
minute, |
|
1080 |
second ); |
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
1081 |
if (native_debug) {
|
|
2588
ec64fd74aa69
6587676: Krb5LoginModule failure if useTicketCache=true on Vista
weijun
parents:
715
diff
changeset
|
1082 |
printf("LSA: %S\n", (wchar_t *)timeString);
|
|
2591
6ef824d6d5c2
6830658: Changeset ec64fd74aa69 breaks the fastdebug build in NativeCreds.c
weijun
parents:
2588
diff
changeset
|
1083 |
} |
| 73 | 1084 |
stringTime = (*env)->NewString(env, timeString, |
1085 |
(sizeof(timeString)/sizeof(WCHAR))-1); |
|
1086 |
if (stringTime != NULL) { // everything's OK so far
|
|
1087 |
kerberosTime = (*env)->NewObject(env, kerberosTimeClass, |
|
1088 |
kerberosTimeConstructor, stringTime); |
|
| 2 | 1089 |
} |
| 73 | 1090 |
} |
1091 |
return kerberosTime; |
|
| 2 | 1092 |
} |