1 /* |
1 /* |
2 * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
61 |
61 |
62 private long pContext = 0; // Pointer to the gss_ctx_id_t structure |
62 private long pContext = 0; // Pointer to the gss_ctx_id_t structure |
63 private GSSNameElement srcName; |
63 private GSSNameElement srcName; |
64 private GSSNameElement targetName; |
64 private GSSNameElement targetName; |
65 private GSSCredElement cred; |
65 private GSSCredElement cred; |
|
66 private GSSCredElement disposeCred; |
66 private boolean isInitiator; |
67 private boolean isInitiator; |
67 private boolean isEstablished; |
68 private boolean isEstablished; |
68 private Oid actualMech; // Assigned during context establishment |
69 private Oid actualMech; // Assigned during context establishment |
69 |
70 |
70 private ChannelBinding cb; |
71 private ChannelBinding cb; |
71 private GSSCredElement delegatedCred; |
72 private GSSCredElement delegatedCred; |
|
73 private GSSCredElement disposeDelegatedCred; |
72 private int flags; |
74 private int flags; |
73 private int lifetime = GSSCredential.DEFAULT_LIFETIME; |
75 private int lifetime = GSSCredential.DEFAULT_LIFETIME; |
74 private final GSSLibStub cStub; |
76 private final GSSLibStub cStub; |
75 |
77 |
76 private boolean skipDelegPermCheck; |
78 private boolean skipDelegPermCheck; |
190 if (peer == null) { |
192 if (peer == null) { |
191 throw new GSSException(GSSException.FAILURE, 1, "null peer"); |
193 throw new GSSException(GSSException.FAILURE, 1, "null peer"); |
192 } |
194 } |
193 cStub = stub; |
195 cStub = stub; |
194 cred = myCred; |
196 cred = myCred; |
|
197 disposeCred = null; |
195 targetName = peer; |
198 targetName = peer; |
196 isInitiator = true; |
199 isInitiator = true; |
197 lifetime = time; |
200 lifetime = time; |
198 |
201 |
199 if (GSSUtil.isKerberosMech(cStub.getMech())) { |
202 if (GSSUtil.isKerberosMech(cStub.getMech())) { |
200 doServicePermCheck(); |
203 doServicePermCheck(); |
201 if (cred == null) { |
204 if (cred == null) { |
202 cred = new GSSCredElement(null, lifetime, |
205 disposeCred = cred = |
203 GSSCredential.INITIATE_ONLY, cStub); |
206 new GSSCredElement(null, lifetime, |
|
207 GSSCredential.INITIATE_ONLY, cStub); |
204 } |
208 } |
205 srcName = cred.getName(); |
209 srcName = cred.getName(); |
206 } |
210 } |
207 } |
211 } |
208 |
212 |
209 // Constructor for context acceptor |
213 // Constructor for context acceptor |
210 NativeGSSContext(GSSCredElement myCred, GSSLibStub stub) |
214 NativeGSSContext(GSSCredElement myCred, GSSLibStub stub) |
211 throws GSSException { |
215 throws GSSException { |
212 cStub = stub; |
216 cStub = stub; |
213 cred = myCred; |
217 cred = myCred; |
|
218 disposeCred = null; |
214 |
219 |
215 if (cred != null) targetName = cred.getName(); |
220 if (cred != null) targetName = cred.getName(); |
216 |
221 |
217 isInitiator = false; |
222 isInitiator = false; |
218 // Defer Service permission check for default acceptor cred |
223 // Defer Service permission check for default acceptor cred |
295 if (srcName == null) { |
300 if (srcName == null) { |
296 srcName = new GSSNameElement |
301 srcName = new GSSNameElement |
297 (cStub.getContextName(pContext, true), cStub); |
302 (cStub.getContextName(pContext, true), cStub); |
298 } |
303 } |
299 if (cred == null) { |
304 if (cred == null) { |
300 cred = new GSSCredElement(srcName, lifetime, |
305 disposeCred = cred = |
301 GSSCredential.INITIATE_ONLY, |
306 new GSSCredElement(srcName, lifetime, |
302 cStub); |
307 GSSCredential.INITIATE_ONLY, cStub); |
303 } |
308 } |
304 } |
309 } |
305 } |
310 } |
306 return outToken; |
311 return outToken; |
307 } |
312 } |
313 byte[] inToken = retrieveToken(is, mechTokenLen); |
318 byte[] inToken = retrieveToken(is, mechTokenLen); |
314 SunNativeProvider.debug("acceptSecContext=> inToken len=" + |
319 SunNativeProvider.debug("acceptSecContext=> inToken len=" + |
315 inToken.length); |
320 inToken.length); |
316 long pCred = (cred == null? 0 : cred.pCred); |
321 long pCred = (cred == null? 0 : cred.pCred); |
317 outToken = cStub.acceptContext(pCred, cb, inToken, this); |
322 outToken = cStub.acceptContext(pCred, cb, inToken, this); |
|
323 disposeDelegatedCred = delegatedCred; |
318 SunNativeProvider.debug("acceptSecContext=> outToken len=" + |
324 SunNativeProvider.debug("acceptSecContext=> outToken len=" + |
319 (outToken == null? 0 : outToken.length)); |
325 (outToken == null? 0 : outToken.length)); |
320 |
326 |
321 if (targetName == null) { |
327 if (targetName == null) { |
322 targetName = new GSSNameElement |
328 targetName = new GSSNameElement |
323 (cStub.getContextName(pContext, false), cStub); |
329 (cStub.getContextName(pContext, false), cStub); |
324 // Replace the current default acceptor cred now that |
330 // Replace the current default acceptor cred now that |
325 // the context acceptor name is available |
331 // the context acceptor name is available |
326 if (cred != null) cred.dispose(); |
332 if (disposeCred != null) { |
327 cred = new GSSCredElement(targetName, lifetime, |
333 disposeCred.dispose(); |
328 GSSCredential.ACCEPT_ONLY, cStub); |
334 } |
|
335 disposeCred = cred = |
|
336 new GSSCredElement(targetName, lifetime, |
|
337 GSSCredential.ACCEPT_ONLY, cStub); |
329 } |
338 } |
330 |
339 |
331 // Only inspect token when the permission check has not |
340 // Only inspect token when the permission check has not |
332 // been performed |
341 // been performed |
333 if (GSSUtil.isSpNegoMech(cStub.getMech()) && |
342 if (GSSUtil.isSpNegoMech(cStub.getMech()) && |
344 public boolean isEstablished() { |
353 public boolean isEstablished() { |
345 return isEstablished; |
354 return isEstablished; |
346 } |
355 } |
347 |
356 |
348 public void dispose() throws GSSException { |
357 public void dispose() throws GSSException { |
|
358 if (disposeCred != null) { |
|
359 disposeCred.dispose(); |
|
360 } |
|
361 if (disposeDelegatedCred != null) { |
|
362 disposeDelegatedCred.dispose(); |
|
363 } |
|
364 disposeDelegatedCred = disposeCred = cred = null; |
349 srcName = null; |
365 srcName = null; |
350 targetName = null; |
366 targetName = null; |
351 cred = null; |
|
352 delegatedCred = null; |
367 delegatedCred = null; |
353 if (pContext != 0) { |
368 if (pContext != 0) { |
354 pContext = cStub.deleteContext(pContext); |
369 pContext = cStub.deleteContext(pContext); |
355 pContext = 0; |
370 pContext = 0; |
356 } |
371 } |