jdk/src/windows/native/sun/security/krb5/NativeCreds.c
changeset 19373 4bb12c72a46f
parent 14342 8435a30053c1
child 21278 ef8a3a2a72f2
--- a/jdk/src/windows/native/sun/security/krb5/NativeCreds.c	Thu Aug 08 09:16:16 2013 +0400
+++ b/jdk/src/windows/native/sun/security/krb5/NativeCreds.c	Thu Aug 08 21:13:01 2013 +0800
@@ -367,11 +367,12 @@
 /*
  * Class:     sun_security_krb5_Credentials
  * Method:    acquireDefaultNativeCreds
- * Signature: ()Lsun/security/krb5/Credentials;
+ * Signature: ([I])Lsun/security/krb5/Credentials;
  */
 JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativeCreds(
         JNIEnv *env,
-        jclass krbcredsClass) {
+        jclass krbcredsClass,
+        jintArray jetypes) {
 
     KERB_QUERY_TKT_CACHE_REQUEST CacheRequest;
     PKERB_RETRIEVE_TKT_RESPONSE TktCacheResponse = NULL;
@@ -387,9 +388,12 @@
     jobject ticketFlags, startTime, endTime, krbCreds = NULL;
     jobject authTime, renewTillTime, hostAddresses = NULL;
     KERB_EXTERNAL_TICKET *msticket;
-    int ignore_cache = 0;
+    int found_in_cache = 0;
     FILETIME Now, EndTime, LocalEndTime;
 
+    int i, netypes;
+    jint *etypes = NULL;
+
     while (TRUE) {
 
         if (krbcredsConstructor == 0) {
@@ -456,31 +460,33 @@
         // got the native MS TGT
         msticket = &(TktCacheResponse->Ticket);
 
+        netypes = (*env)->GetArrayLength(env, jetypes);
+        etypes = (jint *) (*env)->GetIntArrayElements(env, jetypes, NULL);
+
         // check TGT validity
-        switch (msticket->SessionKey.KeyType) {
-            case KERB_ETYPE_DES_CBC_CRC:
-            case KERB_ETYPE_DES_CBC_MD5:
-            case KERB_ETYPE_NULL:
-            case KERB_ETYPE_RC4_HMAC_NT:
-                GetSystemTimeAsFileTime(&Now);
-                EndTime.dwLowDateTime = msticket->EndTime.LowPart;
-                EndTime.dwHighDateTime = msticket->EndTime.HighPart;
-                FileTimeToLocalFileTime(&EndTime, &LocalEndTime);
-                if (CompareFileTime(&Now, &LocalEndTime) >= 0) {
-                    ignore_cache = 1;
-                }
-                if (msticket->TicketFlags & KERB_TICKET_FLAGS_invalid) {
-                    ignore_cache = 1;
-                }
-                break;
-            case KERB_ETYPE_RC4_MD4:
-            default:
-                // not supported
-                ignore_cache = 1;
-                break;
+        if (native_debug) {
+            printf("LSA: TICKET SessionKey KeyType is %d\n", msticket->SessionKey.KeyType);
         }
 
-        if (ignore_cache) {
+        if ((msticket->TicketFlags & KERB_TICKET_FLAGS_invalid) == 0) {
+            GetSystemTimeAsFileTime(&Now);
+            EndTime.dwLowDateTime = msticket->EndTime.LowPart;
+            EndTime.dwHighDateTime = msticket->EndTime.HighPart;
+            FileTimeToLocalFileTime(&EndTime, &LocalEndTime);
+            if (CompareFileTime(&Now, &LocalEndTime) < 0) {
+                for (i=0; i<netypes; i++) {
+                    if (etypes[i] == msticket->SessionKey.KeyType) {
+                        found_in_cache = 1;
+                        if (native_debug) {
+                            printf("LSA: Valid etype found: %d\n", etypes[i]);
+                        }
+                        break;
+                    }
+                }
+            }
+        }
+
+        if (!found_in_cache) {
             if (native_debug) {
                 printf("LSA: MS TGT in cache is invalid/not supported; request new ticket\n");
             }
@@ -494,34 +500,41 @@
             }
 
             pTicketRequest->MessageType = KerbRetrieveEncodedTicketMessage;
-            pTicketRequest->EncryptionType = KERB_ETYPE_DES_CBC_MD5;
             pTicketRequest->CacheOptions = KERB_RETRIEVE_TICKET_DONT_USE_CACHE;
 
-            Status = LsaCallAuthenticationPackage(
-                        LogonHandle,
-                        PackageId,
-                        pTicketRequest,
-                        requestSize,
-                        &pTicketResponse,
-                        &responseSize,
-                        &SubStatus
-                        );
+            for (i=0; i<netypes; i++) {
+                pTicketRequest->EncryptionType = etypes[i];
+                Status = LsaCallAuthenticationPackage(
+                            LogonHandle,
+                            PackageId,
+                            pTicketRequest,
+                            requestSize,
+                            &pTicketResponse,
+                            &responseSize,
+                            &SubStatus
+                            );
 
-            if (native_debug) {
-                printf("LSA: Response size is %d\n", responseSize);
-            }
+                if (native_debug) {
+                    printf("LSA: Response size is %d for %d\n", responseSize, etypes[i]);
+                }
 
-            if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) {
-                if (!LSA_SUCCESS(Status)) {
-                    ShowNTError("LsaCallAuthenticationPackage", Status);
-                } else {
-                    ShowNTError("Protocol status", SubStatus);
+                if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) {
+                    if (!LSA_SUCCESS(Status)) {
+                        ShowNTError("LsaCallAuthenticationPackage", Status);
+                    } else {
+                        ShowNTError("Protocol status", SubStatus);
+                    }
+                    continue;
                 }
+
+                // got the native MS Kerberos TGT
+                msticket = &(pTicketResponse->Ticket);
                 break;
             }
+        }
 
-            // got the native MS Kerberos TGT
-            msticket = &(pTicketResponse->Ticket);
+        if (etypes != NULL) {
+            (*env)->ReleaseIntArrayElements(env, jetypes, etypes, 0);
         }
 
         /*
@@ -644,7 +657,7 @@
                 hostAddresses);
 
         break;
-    } // end of WHILE
+    } // end of WHILE. This WHILE will never loop.
 
     // clean up resources
     if (TktCacheResponse != NULL) {