| author | never |
| Mon, 25 Nov 2019 11:13:02 -0800 | |
| changeset 59260 | b0a649295f25 |
| parent 58618 | a95e1f6757c7 |
| child 58679 | 9c3209ff7550 |
| permissions | -rw-r--r-- |
| 12047 | 1 |
/* |
|
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
47216
diff
changeset
|
2 |
* Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved. |
| 12047 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
7 |
* published by the Free Software Foundation. Oracle designates this |
|
8 |
* particular file as subject to the "Classpath" exception as provided |
|
9 |
* by Oracle in the LICENSE file that accompanied this code. |
|
10 |
* |
|
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
24 |
*/ |
|
25 |
||
26 |
#import "sun_security_krb5_Credentials.h" |
|
27 |
#import <Kerberos/Kerberos.h> |
|
| 29491 | 28 |
#import <string.h> |
29 |
#import <time.h> |
|
| 12047 | 30 |
|
|
33653
c1ee09fe3274
8136556: Add the ability to perform static builds of MacOSX x64 binaries
bobv
parents:
29491
diff
changeset
|
31 |
#include "jni_util.h" |
|
c1ee09fe3274
8136556: Add the ability to perform static builds of MacOSX x64 binaries
bobv
parents:
29491
diff
changeset
|
32 |
|
| 12047 | 33 |
/* |
34 |
* Based largely on klist.c, |
|
35 |
* |
|
36 |
* Created by Scott Kovatch on 8/12/04. |
|
37 |
* |
|
38 |
* See http://www.opensource.apple.com/darwinsource/10.3.3/Kerberos-47/KerberosClients/klist/Sources/klist.c |
|
39 |
||
40 |
*/ |
|
41 |
||
42 |
/* |
|
43 |
* Statics for this module |
|
44 |
*/ |
|
45 |
||
46 |
static jclass ticketClass = NULL; |
|
47 |
static jclass principalNameClass = NULL; |
|
48 |
static jclass encryptionKeyClass = NULL; |
|
49 |
static jclass ticketFlagsClass = NULL; |
|
50 |
static jclass kerberosTimeClass = NULL; |
|
51 |
static jclass javaLangStringClass = NULL; |
|
52 |
static jclass javaLangIntegerClass = NULL; |
|
53 |
static jclass hostAddressClass = NULL; |
|
54 |
static jclass hostAddressesClass = NULL; |
|
55 |
||
56 |
static jmethodID ticketConstructor = 0; |
|
57 |
static jmethodID principalNameConstructor = 0; |
|
58 |
static jmethodID encryptionKeyConstructor = 0; |
|
59 |
static jmethodID ticketFlagsConstructor = 0; |
|
60 |
static jmethodID kerberosTimeConstructor = 0; |
|
61 |
static jmethodID krbcredsConstructor = 0; |
|
62 |
static jmethodID integerConstructor = 0; |
|
63 |
static jmethodID hostAddressConstructor = 0; |
|
64 |
static jmethodID hostAddressesConstructor = 0; |
|
65 |
||
66 |
/* |
|
67 |
* Function prototypes for internal routines |
|
68 |
*/ |
|
69 |
||
70 |
static jobject BuildTicket(JNIEnv *env, krb5_data *encodedTicket); |
|
71 |
static jobject BuildClientPrincipal(JNIEnv *env, krb5_context kcontext, krb5_principal principalName); |
|
72 |
static jobject BuildEncryptionKey(JNIEnv *env, krb5_keyblock *cryptoKey); |
|
73 |
static jobject BuildTicketFlags(JNIEnv *env, krb5_flags flags); |
|
74 |
static jobject BuildKerberosTime(JNIEnv *env, krb5_timestamp kerbtime); |
|
75 |
static jobject BuildAddressList(JNIEnv *env, krb5_address **kerbtime); |
|
76 |
||
77 |
static void printiferr (errcode_t err, const char *format, ...); |
|
78 |
||
79 |
static jclass FindClass(JNIEnv *env, char *className) |
|
80 |
{
|
|
81 |
jclass cls = (*env)->FindClass(env, className); |
|
82 |
||
83 |
if (cls == NULL) {
|
|
84 |
printf("Couldn't find %s\n", className);
|
|
85 |
return NULL; |
|
86 |
} |
|
87 |
||
88 |
jobject returnValue = (*env)->NewWeakGlobalRef(env,cls); |
|
89 |
return returnValue; |
|
90 |
} |
|
91 |
/* |
|
92 |
* Class: sun_security_krb5_KrbCreds |
|
93 |
* Method: JNI_OnLoad |
|
94 |
*/ |
|
|
33653
c1ee09fe3274
8136556: Add the ability to perform static builds of MacOSX x64 binaries
bobv
parents:
29491
diff
changeset
|
95 |
JNIEXPORT jint JNICALL DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) |
| 12047 | 96 |
{
|
97 |
JNIEnv *env; |
|
98 |
||
99 |
if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_4)) {
|
|
100 |
return JNI_EVERSION; /* JNI version not supported */ |
|
101 |
} |
|
102 |
||
103 |
ticketClass = FindClass(env, "sun/security/krb5/internal/Ticket"); |
|
104 |
if (ticketClass == NULL) return JNI_ERR; |
|
105 |
||
106 |
principalNameClass = FindClass(env, "sun/security/krb5/PrincipalName"); |
|
107 |
if (principalNameClass == NULL) return JNI_ERR; |
|
108 |
||
109 |
encryptionKeyClass = FindClass(env, "sun/security/krb5/EncryptionKey"); |
|
110 |
if (encryptionKeyClass == NULL) return JNI_ERR; |
|
111 |
||
112 |
ticketFlagsClass = FindClass(env,"sun/security/krb5/internal/TicketFlags"); |
|
113 |
if (ticketFlagsClass == NULL) return JNI_ERR; |
|
114 |
||
115 |
kerberosTimeClass = FindClass(env,"sun/security/krb5/internal/KerberosTime"); |
|
116 |
if (kerberosTimeClass == NULL) return JNI_ERR; |
|
117 |
||
118 |
javaLangStringClass = FindClass(env,"java/lang/String"); |
|
119 |
if (javaLangStringClass == NULL) return JNI_ERR; |
|
120 |
||
121 |
javaLangIntegerClass = FindClass(env,"java/lang/Integer"); |
|
122 |
if (javaLangIntegerClass == NULL) return JNI_ERR; |
|
123 |
||
124 |
hostAddressClass = FindClass(env,"sun/security/krb5/internal/HostAddress"); |
|
125 |
if (hostAddressClass == NULL) return JNI_ERR; |
|
126 |
||
127 |
hostAddressesClass = FindClass(env,"sun/security/krb5/internal/HostAddresses"); |
|
128 |
if (hostAddressesClass == NULL) return JNI_ERR; |
|
129 |
||
|
58331
e4ce29f6094e
8228659: Record which Java methods are called by native codes in JGSS and JAAS
weijun
parents:
57487
diff
changeset
|
130 |
ticketConstructor = (*env)->GetMethodID(env, ticketClass, "<init>", "([B)V"); |
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
131 |
if (ticketConstructor == 0) {
|
| 12047 | 132 |
printf("Couldn't find Ticket constructor\n");
|
133 |
return JNI_ERR; |
|
134 |
} |
|
135 |
||
136 |
principalNameConstructor = (*env)->GetMethodID(env, principalNameClass, "<init>", "(Ljava/lang/String;I)V"); |
|
137 |
if (principalNameConstructor == 0) {
|
|
138 |
printf("Couldn't find PrincipalName constructor\n");
|
|
139 |
return JNI_ERR; |
|
140 |
} |
|
141 |
||
142 |
encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass, "<init>", "(I[B)V"); |
|
143 |
if (encryptionKeyConstructor == 0) {
|
|
144 |
printf("Couldn't find EncryptionKey constructor\n");
|
|
145 |
return JNI_ERR; |
|
146 |
} |
|
147 |
||
148 |
ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass, "<init>", "(I[B)V"); |
|
149 |
if (ticketFlagsConstructor == 0) {
|
|
150 |
printf("Couldn't find TicketFlags constructor\n");
|
|
151 |
return JNI_ERR; |
|
152 |
} |
|
153 |
||
154 |
kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass, "<init>", "(J)V"); |
|
155 |
if (kerberosTimeConstructor == 0) {
|
|
156 |
printf("Couldn't find KerberosTime constructor\n");
|
|
157 |
return JNI_ERR; |
|
158 |
} |
|
159 |
||
160 |
integerConstructor = (*env)->GetMethodID(env, javaLangIntegerClass, "<init>", "(I)V"); |
|
161 |
if (integerConstructor == 0) {
|
|
162 |
printf("Couldn't find Integer constructor\n");
|
|
163 |
return JNI_ERR; |
|
164 |
} |
|
165 |
||
166 |
hostAddressConstructor = (*env)->GetMethodID(env, hostAddressClass, "<init>", "(I[B)V"); |
|
167 |
if (hostAddressConstructor == 0) {
|
|
168 |
printf("Couldn't find HostAddress constructor\n");
|
|
169 |
return JNI_ERR; |
|
170 |
} |
|
171 |
||
172 |
hostAddressesConstructor = (*env)->GetMethodID(env, hostAddressesClass, "<init>", "([Lsun/security/krb5/internal/HostAddress;)V"); |
|
173 |
if (hostAddressesConstructor == 0) {
|
|
174 |
printf("Couldn't find HostAddresses constructor\n");
|
|
175 |
return JNI_ERR; |
|
176 |
} |
|
177 |
||
178 |
return JNI_VERSION_1_2; |
|
179 |
} |
|
180 |
||
181 |
/* |
|
182 |
* Class: sun_security_jgss_KrbCreds |
|
183 |
* Method: JNI_OnUnload |
|
184 |
*/ |
|
|
33653
c1ee09fe3274
8136556: Add the ability to perform static builds of MacOSX x64 binaries
bobv
parents:
29491
diff
changeset
|
185 |
JNIEXPORT void JNICALL DEF_JNI_OnUnload(JavaVM *jvm, void *reserved) |
| 12047 | 186 |
{
|
187 |
JNIEnv *env; |
|
188 |
||
189 |
if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) {
|
|
190 |
return; /* Nothing else we can do */ |
|
191 |
} |
|
192 |
||
193 |
if (ticketClass != NULL) {
|
|
194 |
(*env)->DeleteWeakGlobalRef(env,ticketClass); |
|
195 |
} |
|
196 |
if (principalNameClass != NULL) {
|
|
197 |
(*env)->DeleteWeakGlobalRef(env,principalNameClass); |
|
198 |
} |
|
199 |
if (encryptionKeyClass != NULL) {
|
|
200 |
(*env)->DeleteWeakGlobalRef(env,encryptionKeyClass); |
|
201 |
} |
|
202 |
if (ticketFlagsClass != NULL) {
|
|
203 |
(*env)->DeleteWeakGlobalRef(env,ticketFlagsClass); |
|
204 |
} |
|
205 |
if (kerberosTimeClass != NULL) {
|
|
206 |
(*env)->DeleteWeakGlobalRef(env,kerberosTimeClass); |
|
207 |
} |
|
208 |
if (javaLangStringClass != NULL) {
|
|
209 |
(*env)->DeleteWeakGlobalRef(env,javaLangStringClass); |
|
210 |
} |
|
211 |
if (javaLangIntegerClass != NULL) {
|
|
212 |
(*env)->DeleteWeakGlobalRef(env,javaLangIntegerClass); |
|
213 |
} |
|
214 |
if (hostAddressClass != NULL) {
|
|
215 |
(*env)->DeleteWeakGlobalRef(env,hostAddressClass); |
|
216 |
} |
|
217 |
if (hostAddressesClass != NULL) {
|
|
218 |
(*env)->DeleteWeakGlobalRef(env,hostAddressesClass); |
|
219 |
} |
|
220 |
||
221 |
} |
|
222 |
||
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
223 |
int isIn(krb5_enctype e, int n, jint* etypes) |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
224 |
{
|
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
225 |
int i; |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
226 |
for (i=0; i<n; i++) {
|
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
227 |
if (e == etypes[i]) return 1; |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
228 |
} |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
229 |
return 0; |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
230 |
} |
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
231 |
|
| 12047 | 232 |
/* |
233 |
* Class: sun_security_krb5_Credentials |
|
234 |
* Method: acquireDefaultNativeCreds |
|
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
235 |
* Signature: ([I])Lsun/security/krb5/Credentials; |
| 12047 | 236 |
*/ |
237 |
JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativeCreds |
|
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
238 |
(JNIEnv *env, jclass krbcredsClass, jintArray jetypes) |
| 12047 | 239 |
{
|
240 |
jobject krbCreds = NULL; |
|
241 |
krb5_error_code err = 0; |
|
242 |
krb5_ccache ccache = NULL; |
|
243 |
krb5_cc_cursor cursor = NULL; |
|
244 |
krb5_creds creds; |
|
245 |
krb5_flags flags = 0; |
|
246 |
krb5_context kcontext = NULL; |
|
247 |
||
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
248 |
int netypes; |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
249 |
jint *etypes = NULL; |
| 58618 | 250 |
int proxy_flag = 0; |
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
251 |
|
| 12047 | 252 |
/* Initialize the Kerberos 5 context */ |
253 |
err = krb5_init_context (&kcontext); |
|
254 |
||
255 |
if (!err) {
|
|
256 |
err = krb5_cc_default (kcontext, &ccache); |
|
257 |
} |
|
258 |
||
259 |
if (!err) {
|
|
260 |
err = krb5_cc_set_flags (kcontext, ccache, flags); /* turn off OPENCLOSE */ |
|
261 |
} |
|
262 |
||
| 58618 | 263 |
// First round read. The proxy_impersonator config flag is not supported. |
264 |
// This ccache will not be used if this flag exists. |
|
265 |
if (!err) {
|
|
266 |
err = krb5_cc_start_seq_get (kcontext, ccache, &cursor); |
|
267 |
} |
|
268 |
||
269 |
if (!err) {
|
|
270 |
while ((err = krb5_cc_next_cred (kcontext, ccache, &cursor, &creds)) == 0) {
|
|
271 |
char *serverName = NULL; |
|
272 |
||
273 |
if (!err) {
|
|
274 |
err = krb5_unparse_name (kcontext, creds.server, &serverName); |
|
275 |
printiferr (err, "while unparsing server name"); |
|
276 |
} |
|
277 |
||
278 |
if (!err) {
|
|
279 |
if (!strcmp(serverName, "krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF:")) {
|
|
280 |
proxy_flag = 1; |
|
281 |
} |
|
282 |
} |
|
283 |
||
284 |
if (serverName != NULL) { krb5_free_unparsed_name (kcontext, serverName); }
|
|
285 |
||
286 |
krb5_free_cred_contents (kcontext, &creds); |
|
287 |
||
288 |
if (proxy_flag) break; |
|
289 |
} |
|
290 |
||
291 |
if (err == KRB5_CC_END) { err = 0; }
|
|
292 |
printiferr (err, "while retrieving a ticket"); |
|
293 |
} |
|
294 |
||
295 |
if (!err) {
|
|
296 |
err = krb5_cc_end_seq_get (kcontext, ccache, &cursor); |
|
297 |
printiferr (err, "while finishing ticket retrieval"); |
|
298 |
} |
|
299 |
||
300 |
if (proxy_flag) {
|
|
301 |
goto outer_cleanup; |
|
302 |
} |
|
303 |
// End of first round read |
|
304 |
||
| 12047 | 305 |
if (!err) {
|
306 |
err = krb5_cc_start_seq_get (kcontext, ccache, &cursor); |
|
307 |
} |
|
308 |
||
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
309 |
netypes = (*env)->GetArrayLength(env, jetypes); |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
310 |
etypes = (jint *) (*env)->GetIntArrayElements(env, jetypes, NULL); |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
311 |
|
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
312 |
if (etypes != NULL && !err) {
|
| 12047 | 313 |
while ((err = krb5_cc_next_cred (kcontext, ccache, &cursor, &creds)) == 0) {
|
314 |
char *serverName = NULL; |
|
315 |
||
316 |
if (!err) {
|
|
317 |
err = krb5_unparse_name (kcontext, creds.server, &serverName); |
|
318 |
printiferr (err, "while unparsing server name"); |
|
319 |
} |
|
320 |
||
321 |
if (!err) {
|
|
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
322 |
char* slash = strchr(serverName, '/'); |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
323 |
char* at = strchr(serverName, '@'); |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
324 |
// Make sure the server's name is krbtgt/REALM@REALM, the etype |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
325 |
// is supported, and the ticket has not expired |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
326 |
if (slash && at && |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
327 |
strncmp (serverName, "krbtgt", slash-serverName) == 0 && |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
328 |
// the ablove line shows at must be after slash |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
329 |
strncmp (slash+1, at+1, at-slash-1) == 0 && |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
330 |
isIn (creds.keyblock.enctype, netypes, etypes) && |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
331 |
creds.times.endtime > time(0)) {
|
| 12047 | 332 |
jobject ticket, clientPrincipal, targetPrincipal, encryptionKey; |
333 |
jobject ticketFlags, startTime, endTime; |
|
334 |
jobject authTime, renewTillTime, hostAddresses; |
|
335 |
||
336 |
ticket = clientPrincipal = targetPrincipal = encryptionKey = NULL; |
|
337 |
ticketFlags = startTime = endTime = NULL; |
|
338 |
authTime = renewTillTime = hostAddresses = NULL; |
|
339 |
||
340 |
// For the default credentials we're only interested in the krbtgt server. |
|
341 |
clientPrincipal = BuildClientPrincipal(env, kcontext, creds.client); |
|
342 |
if (clientPrincipal == NULL) goto cleanup; |
|
343 |
||
344 |
targetPrincipal = BuildClientPrincipal(env, kcontext, creds.server); |
|
345 |
if (targetPrincipal == NULL) goto cleanup; |
|
346 |
||
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
347 |
// Build a sun/security/krb5/internal/Ticket |
| 12047 | 348 |
ticket = BuildTicket(env, &creds.ticket); |
349 |
if (ticket == NULL) goto cleanup; |
|
350 |
||
351 |
// Get the encryption key |
|
352 |
encryptionKey = BuildEncryptionKey(env, &creds.keyblock); |
|
353 |
if (encryptionKey == NULL) goto cleanup; |
|
354 |
||
355 |
// and the ticket flags |
|
356 |
ticketFlags = BuildTicketFlags(env, creds.ticket_flags); |
|
357 |
if (ticketFlags == NULL) goto cleanup; |
|
358 |
||
359 |
// Get the timestamps out. |
|
360 |
startTime = BuildKerberosTime(env, creds.times.starttime); |
|
361 |
if (startTime == NULL) goto cleanup; |
|
362 |
||
363 |
authTime = BuildKerberosTime(env, creds.times.authtime); |
|
364 |
if (authTime == NULL) goto cleanup; |
|
365 |
||
366 |
endTime = BuildKerberosTime(env, creds.times.endtime); |
|
367 |
if (endTime == NULL) goto cleanup; |
|
368 |
||
369 |
renewTillTime = BuildKerberosTime(env, creds.times.renew_till); |
|
370 |
if (renewTillTime == NULL) goto cleanup; |
|
371 |
||
372 |
// Create the addresses object. |
|
373 |
hostAddresses = BuildAddressList(env, creds.addresses); |
|
374 |
||
375 |
if (krbcredsConstructor == 0) {
|
|
376 |
krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "<init>", |
|
|
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
47216
diff
changeset
|
377 |
"(Lsun/security/krb5/internal/Ticket;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/EncryptionKey;Lsun/security/krb5/internal/TicketFlags;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/HostAddresses;)V"); |
| 12047 | 378 |
if (krbcredsConstructor == 0) {
|
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
379 |
printf("Couldn't find sun.security.krb5.internal.Ticket constructor\n");
|
| 12047 | 380 |
break; |
381 |
} |
|
382 |
} |
|
383 |
||
384 |
// and now go build a KrbCreds object |
|
385 |
krbCreds = (*env)->NewObject( |
|
386 |
env, |
|
387 |
krbcredsClass, |
|
388 |
krbcredsConstructor, |
|
389 |
ticket, |
|
390 |
clientPrincipal, |
|
|
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
47216
diff
changeset
|
391 |
NULL, |
| 12047 | 392 |
targetPrincipal, |
|
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
47216
diff
changeset
|
393 |
NULL, |
| 12047 | 394 |
encryptionKey, |
395 |
ticketFlags, |
|
396 |
authTime, |
|
397 |
startTime, |
|
398 |
endTime, |
|
399 |
renewTillTime, |
|
400 |
hostAddresses); |
|
401 |
cleanup: |
|
402 |
if (ticket) (*env)->DeleteLocalRef(env, ticket); |
|
403 |
if (clientPrincipal) (*env)->DeleteLocalRef(env, clientPrincipal); |
|
404 |
if (targetPrincipal) (*env)->DeleteLocalRef(env, targetPrincipal); |
|
405 |
if (encryptionKey) (*env)->DeleteLocalRef(env, encryptionKey); |
|
406 |
if (ticketFlags) (*env)->DeleteLocalRef(env, ticketFlags); |
|
407 |
if (authTime) (*env)->DeleteLocalRef(env, authTime); |
|
408 |
if (startTime) (*env)->DeleteLocalRef(env, startTime); |
|
409 |
if (endTime) (*env)->DeleteLocalRef(env, endTime); |
|
410 |
if (renewTillTime) (*env)->DeleteLocalRef(env, renewTillTime); |
|
411 |
if (hostAddresses) (*env)->DeleteLocalRef(env, hostAddresses); |
|
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
412 |
|
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
413 |
// Stop if there is an exception or we already found the initial TGT |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
414 |
if ((*env)->ExceptionCheck(env) || krbCreds) {
|
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
415 |
break; |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
416 |
} |
| 12047 | 417 |
} |
418 |
} |
|
419 |
||
420 |
if (serverName != NULL) { krb5_free_unparsed_name (kcontext, serverName); }
|
|
421 |
||
422 |
krb5_free_cred_contents (kcontext, &creds); |
|
423 |
} |
|
424 |
||
425 |
if (err == KRB5_CC_END) { err = 0; }
|
|
426 |
printiferr (err, "while retrieving a ticket"); |
|
427 |
} |
|
428 |
||
429 |
if (!err) {
|
|
430 |
err = krb5_cc_end_seq_get (kcontext, ccache, &cursor); |
|
431 |
printiferr (err, "while finishing ticket retrieval"); |
|
432 |
} |
|
433 |
||
| 58618 | 434 |
outer_cleanup: |
| 12047 | 435 |
if (!err) {
|
436 |
flags = KRB5_TC_OPENCLOSE; /* restore OPENCLOSE mode */ |
|
437 |
err = krb5_cc_set_flags (kcontext, ccache, flags); |
|
438 |
printiferr (err, "while finishing ticket retrieval"); |
|
439 |
} |
|
440 |
||
|
19373
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
441 |
if (etypes != NULL) {
|
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
442 |
(*env)->ReleaseIntArrayElements(env, jetypes, etypes, 0); |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
443 |
} |
|
4bb12c72a46f
8016594: Native Windows ccache still reads DES tickets
weijun
parents:
14342
diff
changeset
|
444 |
|
| 12047 | 445 |
krb5_free_context (kcontext); |
446 |
return krbCreds; |
|
447 |
} |
|
448 |
||
449 |
||
450 |
#pragma mark - |
|
451 |
||
452 |
jobject BuildTicket(JNIEnv *env, krb5_data *encodedTicket) |
|
453 |
{
|
|
|
58331
e4ce29f6094e
8228659: Record which Java methods are called by native codes in JGSS and JAAS
weijun
parents:
57487
diff
changeset
|
454 |
// To build a Ticket, we need to make a byte array out of the EncodedTicket. |
| 12047 | 455 |
|
|
58331
e4ce29f6094e
8228659: Record which Java methods are called by native codes in JGSS and JAAS
weijun
parents:
57487
diff
changeset
|
456 |
jobject ticket; |
| 12047 | 457 |
jbyteArray ary; |
458 |
||
459 |
ary = (*env)->NewByteArray(env, encodedTicket->length); |
|
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
460 |
if ((*env)->ExceptionCheck(env)) {
|
| 12047 | 461 |
return (jobject) NULL; |
462 |
} |
|
463 |
||
464 |
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, encodedTicket->length, (jbyte *)encodedTicket->data); |
|
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
465 |
if ((*env)->ExceptionCheck(env)) {
|
| 12047 | 466 |
(*env)->DeleteLocalRef(env, ary); |
467 |
return (jobject) NULL; |
|
468 |
} |
|
469 |
||
|
58331
e4ce29f6094e
8228659: Record which Java methods are called by native codes in JGSS and JAAS
weijun
parents:
57487
diff
changeset
|
470 |
ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, ary); |
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
471 |
if ((*env)->ExceptionCheck(env)) {
|
| 12047 | 472 |
(*env)->DeleteLocalRef(env, ary); |
473 |
return (jobject) NULL; |
|
474 |
} |
|
475 |
(*env)->DeleteLocalRef(env, ary); |
|
476 |
return ticket; |
|
477 |
} |
|
478 |
||
479 |
jobject BuildClientPrincipal(JNIEnv *env, krb5_context kcontext, krb5_principal principalName) {
|
|
480 |
// Get the full principal string. |
|
481 |
char *principalString = NULL; |
|
482 |
jobject principal = NULL; |
|
483 |
int err = krb5_unparse_name (kcontext, principalName, &principalString); |
|
484 |
||
485 |
if (!err) {
|
|
486 |
// Make a PrincipalName from the full string and the type. Let the PrincipalName class parse it out. |
|
487 |
jstring principalStringObj = (*env)->NewStringUTF(env, principalString); |
|
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
488 |
if (principalStringObj == NULL) {
|
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
489 |
if (principalString != NULL) { krb5_free_unparsed_name (kcontext, principalString); }
|
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
490 |
return (jobject) NULL; |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
491 |
} |
| 12047 | 492 |
principal = (*env)->NewObject(env, principalNameClass, principalNameConstructor, principalStringObj, principalName->type); |
493 |
if (principalString != NULL) { krb5_free_unparsed_name (kcontext, principalString); }
|
|
494 |
(*env)->DeleteLocalRef(env, principalStringObj); |
|
495 |
} |
|
496 |
||
497 |
return principal; |
|
498 |
} |
|
499 |
||
500 |
jobject BuildEncryptionKey(JNIEnv *env, krb5_keyblock *cryptoKey) {
|
|
501 |
// First, need to build a byte array |
|
502 |
jbyteArray ary; |
|
503 |
jobject encryptionKey = NULL; |
|
504 |
||
505 |
ary = (*env)->NewByteArray(env,cryptoKey->length); |
|
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
506 |
|
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
507 |
if (ary == NULL) {
|
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
508 |
return (jobject) NULL; |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
509 |
} |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
510 |
|
| 12047 | 511 |
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->length, (jbyte *)cryptoKey->contents); |
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
512 |
if (!(*env)->ExceptionCheck(env)) {
|
| 12047 | 513 |
encryptionKey = (*env)->NewObject(env, encryptionKeyClass, encryptionKeyConstructor, cryptoKey->enctype, ary); |
514 |
} |
|
515 |
||
516 |
(*env)->DeleteLocalRef(env, ary); |
|
517 |
return encryptionKey; |
|
518 |
} |
|
519 |
||
520 |
jobject BuildTicketFlags(JNIEnv *env, krb5_flags flags) {
|
|
521 |
jobject ticketFlags = NULL; |
|
522 |
jbyteArray ary; |
|
523 |
||
524 |
/* |
|
525 |
* Convert the bytes to network byte order before copying |
|
526 |
* them to a Java byte array. |
|
527 |
*/ |
|
528 |
unsigned long nlflags = htonl(flags); |
|
529 |
||
530 |
ary = (*env)->NewByteArray(env, sizeof(flags)); |
|
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
531 |
|
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
532 |
if (ary == NULL) {
|
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
533 |
return (jobject) NULL; |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
534 |
} |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
535 |
|
| 12047 | 536 |
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(flags), (jbyte *)&nlflags); |
537 |
||
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
538 |
if (!(*env)->ExceptionCheck(env)) {
|
| 12047 | 539 |
ticketFlags = (*env)->NewObject(env, ticketFlagsClass, ticketFlagsConstructor, sizeof(flags)*8, ary); |
540 |
} |
|
541 |
||
542 |
(*env)->DeleteLocalRef(env, ary); |
|
543 |
return ticketFlags; |
|
544 |
} |
|
545 |
||
546 |
jobject BuildKerberosTime(JNIEnv *env, krb5_timestamp kerbtime) {
|
|
547 |
jlong time = kerbtime; |
|
548 |
||
549 |
// Kerberos time is in seconds, but the KerberosTime class assumes milliseconds, so multiply by 1000. |
|
550 |
time *= 1000; |
|
551 |
return (*env)->NewObject(env, kerberosTimeClass, kerberosTimeConstructor, time); |
|
552 |
} |
|
553 |
||
554 |
jobject BuildAddressList(JNIEnv *env, krb5_address **addresses) {
|
|
555 |
||
556 |
if (addresses == NULL) {
|
|
557 |
return NULL; |
|
558 |
} |
|
559 |
||
560 |
int addressCount = 0; |
|
561 |
||
562 |
// See how many we have. |
|
563 |
krb5_address **p = addresses; |
|
564 |
||
565 |
while (*p != 0) {
|
|
566 |
addressCount++; |
|
567 |
p++; |
|
568 |
} |
|
569 |
||
570 |
jobject address_list = (*env)->NewObjectArray(env, addressCount, hostAddressClass, NULL); |
|
571 |
||
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
572 |
if (address_list == NULL) {
|
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
573 |
return (jobject) NULL; |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
574 |
} |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
575 |
|
| 12047 | 576 |
// Create a new HostAddress object for each address block. |
577 |
// First, reset the iterator. |
|
578 |
p = addresses; |
|
579 |
jsize index = 0; |
|
580 |
while (*p != 0) {
|
|
581 |
krb5_address *currAddress = *p; |
|
582 |
||
583 |
// HostAddres needs a byte array of the host data. |
|
584 |
jbyteArray ary = (*env)->NewByteArray(env, currAddress->length); |
|
585 |
||
586 |
if (ary == NULL) return NULL; |
|
587 |
||
588 |
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, currAddress->length, (jbyte *)currAddress->contents); |
|
589 |
jobject address = (*env)->NewObject(env, hostAddressClass, hostAddressConstructor, currAddress->length, ary); |
|
590 |
||
591 |
(*env)->DeleteLocalRef(env, ary); |
|
592 |
||
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
593 |
if (address == NULL) {
|
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
594 |
return (jobject) NULL; |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
595 |
} |
| 12047 | 596 |
// Add the HostAddress to the arrray. |
597 |
(*env)->SetObjectArrayElement(env, address_list, index, address); |
|
598 |
||
|
22986
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
599 |
if ((*env)->ExceptionCheck(env)) {
|
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
600 |
return (jobject) NULL; |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
601 |
} |
|
d2db7c5718ca
8034033: [parfait] JNI exception pending in share/native/sun/security/krb5/nativeccache.c
weijun
parents:
19373
diff
changeset
|
602 |
|
| 12047 | 603 |
index++; |
604 |
p++; |
|
605 |
} |
|
606 |
||
607 |
return address_list; |
|
608 |
} |
|
609 |
||
610 |
#pragma mark - Utility methods - |
|
611 |
||
612 |
static void printiferr (errcode_t err, const char *format, ...) |
|
613 |
{
|
|
614 |
if (err) {
|
|
615 |
va_list pvar; |
|
616 |
||
617 |
va_start (pvar, format); |
|
618 |
com_err_va ("ticketParser:", err, format, pvar);
|
|
619 |
va_end (pvar); |
|
620 |
} |
|
621 |
} |
|
622 |