8225687: Newly added sspi.cpp in JDK-6722928 still contains some small errors
Reviewed-by: xuelei
--- a/src/java.security.jgss/share/native/libj2gss/NativeFunc.h Tue Jul 09 15:42:44 2019 -0700
+++ b/src/java.security.jgss/share/native/libj2gss/NativeFunc.h Wed Jul 10 09:43:34 2019 +0800
@@ -57,8 +57,8 @@
typedef OM_uint32 (*IMPORT_NAME_FN_PTR)
(OM_uint32 *minor_status,
- const gss_buffer_t input_name_buffer,
- const gss_OID input_name_type,
+ gss_const_buffer_t input_name_buffer,
+ gss_const_OID input_name_type,
gss_name_t *output_name);
typedef OM_uint32 (*COMPARE_NAME_FN_PTR)
@@ -70,7 +70,7 @@
typedef OM_uint32 (*CANONICALIZE_NAME_FN_PTR)
(OM_uint32 *minor_status,
gss_const_name_t input_name,
- const gss_OID mech_type,
+ gss_const_OID mech_type,
gss_name_t *output_name);
typedef OM_uint32 (*EXPORT_NAME_FN_PTR)
@@ -88,7 +88,7 @@
(OM_uint32 *minor_status,
gss_const_name_t desired_name,
OM_uint32 time_req,
- const gss_OID_set desired_mech,
+ gss_const_OID_set desired_mech,
gss_cred_usage_t cred_usage,
gss_cred_id_t *output_cred_handle,
gss_OID_set *actual_mechs,
@@ -108,7 +108,7 @@
typedef OM_uint32 (*IMPORT_SEC_CONTEXT_FN_PTR)
(OM_uint32 *minor_status,
- const gss_buffer_t interprocess_token,
+ gss_const_buffer_t interprocess_token,
gss_ctx_id_t *context_handle);
typedef OM_uint32 (*INIT_SEC_CONTEXT_FN_PTR)
@@ -116,11 +116,11 @@
gss_const_cred_id_t initiator_cred_handle,
gss_ctx_id_t *context_handle,
gss_const_name_t target_name,
- const gss_OID mech_type,
+ gss_const_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
- const gss_channel_bindings_t input_chan_bindings,
- const gss_buffer_t input_token,
+ gss_const_channel_bindings_t input_chan_bindings,
+ gss_const_buffer_t input_token,
gss_OID *actual_mech_type,
gss_buffer_t output_token,
OM_uint32 *ret_flags,
@@ -130,8 +130,8 @@
(OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
gss_const_cred_id_t acceptor_cred_handle,
- const gss_buffer_t input_token,
- const gss_channel_bindings_t input_chan_bindings,
+ gss_const_buffer_t input_token,
+ gss_const_channel_bindings_t input_chan_bindings,
gss_name_t *src_name,
gss_OID *mech_type,
gss_buffer_t output_token,
@@ -177,14 +177,14 @@
(OM_uint32 *minor_status,
gss_const_ctx_id_t context_handle,
gss_qop_t qop_req,
- const gss_buffer_t message_buffer,
+ gss_const_buffer_t message_buffer,
gss_buffer_t msg_token);
typedef OM_uint32 (*VERIFY_MIC_FN_PTR)
(OM_uint32 *minor_status,
gss_const_ctx_id_t context_handle,
- const gss_buffer_t message_buffer,
- const gss_buffer_t token_buffer,
+ gss_const_buffer_t message_buffer,
+ gss_const_buffer_t token_buffer,
gss_qop_t *qop_state);
typedef OM_uint32 (*WRAP_FN_PTR)
@@ -192,14 +192,14 @@
gss_const_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
- const gss_buffer_t input_message_buffer,
+ gss_const_buffer_t input_message_buffer,
int *conf_state,
gss_buffer_t output_message_buffer);
typedef OM_uint32 (*UNWRAP_FN_PTR)
(OM_uint32 *minor_status,
gss_const_ctx_id_t context_handle,
- const gss_buffer_t input_message_buffer,
+ gss_const_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int *conf_state,
gss_qop_t *qop_state);
@@ -210,19 +210,19 @@
typedef OM_uint32 (*INQUIRE_NAMES_FOR_MECH_FN_PTR)
(OM_uint32 *minor_status,
- const gss_OID mechanism,
+ gss_const_OID mechanism,
gss_OID_set *name_types);
typedef OM_uint32 (*ADD_OID_SET_MEMBER_FN_PTR)
(OM_uint32 *minor_status,
- const gss_OID member_oid,
+ gss_const_OID member_oid,
gss_OID_set *oid_set);
typedef OM_uint32 (*DISPLAY_STATUS_FN_PTR)
(OM_uint32 *minor_status,
OM_uint32 status_value,
int status_type,
- const gss_OID mech_type,
+ gss_const_OID mech_type,
OM_uint32 *message_context,
gss_buffer_t status_string);
--- a/src/java.security.jgss/share/native/libj2gss/gssapi.h Tue Jul 09 15:42:44 2019 -0700
+++ b/src/java.security.jgss/share/native/libj2gss/gssapi.h Wed Jul 10 09:43:34 2019 +0800
@@ -404,7 +404,7 @@
OM_uint32 *, /* minor_status */
gss_const_name_t, /* desired_name */
OM_uint32, /* time_req */
- const gss_OID_set, /* desired_mechs */
+ gss_const_OID_set, /* desired_mechs */
gss_cred_usage_t, /* cred_usage */
gss_cred_id_t *, /* output_cred_handle */
gss_OID_set *, /* actual_mechs */
@@ -421,11 +421,11 @@
gss_const_cred_id_t, /* claimant_cred_handle */
gss_ctx_id_t *, /* context_handle */
gss_const_name_t, /* target_name */
- const gss_OID, /* mech_type */
+ gss_const_OID, /* mech_type */
OM_uint32, /* req_flags */
OM_uint32, /* time_req */
- const gss_channel_bindings_t, /* input_chan_bindings */
- const gss_buffer_t, /* input_token */
+ gss_const_channel_bindings_t, /* input_chan_bindings */
+ gss_const_buffer_t, /* input_token */
gss_OID *, /* actual_mech_type */
gss_buffer_t, /* output_token */
OM_uint32 *, /* ret_flags */
@@ -436,8 +436,8 @@
OM_uint32 *, /* minor_status */
gss_ctx_id_t *, /* context_handle */
gss_const_cred_id_t, /* acceptor_cred_handle */
- const gss_buffer_t, /* input_token_buffer */
- const gss_channel_bindings_t, /* input_chan_bindings */
+ gss_const_buffer_t, /* input_token_buffer */
+ gss_const_channel_bindings_t, /* input_chan_bindings */
gss_name_t *, /* src_name */
gss_OID *, /* mech_type */
gss_buffer_t, /* output_token */
@@ -449,7 +449,7 @@
GSS_DLLIMP OM_uint32 gss_process_context_token(
OM_uint32 *, /* minor_status */
gss_const_ctx_id_t, /* context_handle */
- const gss_buffer_t /* token_buffer */
+ gss_const_buffer_t /* token_buffer */
);
GSS_DLLIMP OM_uint32 gss_delete_sec_context(
@@ -469,7 +469,7 @@
OM_uint32 *, /* minor_status */
gss_const_ctx_id_t, /* context_handle */
gss_qop_t, /* qop_req */
- const gss_buffer_t, /* message_buffer */
+ gss_const_buffer_t, /* message_buffer */
gss_buffer_t /* message_token */
);
@@ -477,8 +477,8 @@
GSS_DLLIMP OM_uint32 gss_verify_mic(
OM_uint32 *, /* minor_status */
gss_const_ctx_id_t, /* context_handle */
- const gss_buffer_t, /* message_buffer */
- const gss_buffer_t, /* message_token */
+ gss_const_buffer_t, /* message_buffer */
+ gss_const_buffer_t, /* message_token */
gss_qop_t * /* qop_state */
);
@@ -488,7 +488,7 @@
gss_const_ctx_id_t, /* context_handle */
int, /* conf_req_flag */
gss_qop_t, /* qop_req */
- const gss_buffer_t, /* input_message_buffer */
+ gss_const_buffer_t, /* input_message_buffer */
int *, /* conf_state */
gss_buffer_t /* output_message_buffer */
);
@@ -497,7 +497,7 @@
GSS_DLLIMP OM_uint32 gss_unwrap(
OM_uint32 *, /* minor_status */
gss_const_ctx_id_t, /* context_handle */
- const gss_buffer_t, /* input_message_buffer */
+ gss_const_buffer_t, /* input_message_buffer */
gss_buffer_t, /* output_message_buffer */
int *, /* conf_state */
gss_qop_t * /* qop_state */
@@ -507,7 +507,7 @@
OM_uint32 *, /* minor_status */
OM_uint32, /* status_value */
int, /* status_type */
- const gss_OID, /* mech_type (used to be const) */
+ gss_const_OID, /* mech_type (used to be const) */
OM_uint32 *, /* message_context */
gss_buffer_t /* status_string */
);
@@ -533,8 +533,8 @@
GSS_DLLIMP OM_uint32 gss_import_name(
OM_uint32 *, /* minor_status */
- const gss_buffer_t, /* input_name_buffer */
- const gss_OID, /* input_name_type(used to be const) */
+ gss_const_buffer_t, /* input_name_buffer */
+ gss_const_OID, /* input_name_type(used to be const) */
gss_name_t * /* output_name */
);
@@ -590,7 +590,7 @@
OM_uint32 *, /* minor_status */
gss_const_cred_id_t, /* input_cred_handle */
gss_const_name_t, /* desired_name */
- const gss_OID, /* desired_mech */
+ gss_const_OID, /* desired_mech */
gss_cred_usage_t, /* cred_usage */
OM_uint32, /* initiator_time_req */
OM_uint32, /* acceptor_time_req */
@@ -604,7 +604,7 @@
GSS_DLLIMP OM_uint32 gss_inquire_cred_by_mech(
OM_uint32 *, /* minor_status */
gss_const_cred_id_t, /* cred_handle */
- const gss_OID, /* mech_type */
+ gss_const_OID, /* mech_type */
gss_name_t *, /* name */
OM_uint32 *, /* initiator_lifetime */
OM_uint32 *, /* acceptor_lifetime */
@@ -621,7 +621,7 @@
/* New for V2 */
GSS_DLLIMP OM_uint32 gss_import_sec_context(
OM_uint32 *, /* minor_status */
- const gss_buffer_t, /* interprocess_token */
+ gss_const_buffer_t, /* interprocess_token */
gss_ctx_id_t * /* context_handle */
);
@@ -640,22 +640,22 @@
/* New for V2 */
GSS_DLLIMP OM_uint32 gss_add_oid_set_member(
OM_uint32 *, /* minor_status */
- const gss_OID, /* member_oid */
+ gss_const_OID, /* member_oid */
gss_OID_set * /* oid_set */
);
/* New for V2 */
GSS_DLLIMP OM_uint32 gss_test_oid_set_member(
OM_uint32 *, /* minor_status */
- const gss_OID, /* member */
- const gss_OID_set, /* set */
+ gss_const_OID, /* member */
+ gss_const_OID_set, /* set */
int * /* present */
);
/* New for V2 */
GSS_DLLIMP OM_uint32 gss_str_to_oid(
OM_uint32 *, /* minor_status */
- const gss_buffer_t, /* oid_str */
+ gss_const_buffer_t, /* oid_str */
gss_OID * /* oid */
);
@@ -669,7 +669,7 @@
/* New for V2 */
GSS_DLLIMP OM_uint32 gss_inquire_names_for_mech(
OM_uint32 *, /* minor_status */
- const gss_OID, /* mechanism */
+ gss_const_OID, /* mechanism */
gss_OID_set * /* name_types */
);
@@ -691,7 +691,7 @@
GSS_DLLIMP OM_uint32 gss_canonicalize_name(
OM_uint32 *, /* minor_status */
gss_const_name_t, /* input_name */
- const gss_OID, /* mech_type */
+ gss_const_OID, /* mech_type */
gss_name_t * /* output_name */
);
--- a/src/java.security.jgss/windows/native/libsspi_bridge/sspi.cpp Tue Jul 09 15:42:44 2019 -0700
+++ b/src/java.security.jgss/windows/native/libsspi_bridge/sspi.cpp Wed Jul 10 09:43:34 2019 +0800
@@ -209,14 +209,14 @@
}
static BOOLEAN
-is_same_oid(gss_OID o2, gss_OID o1)
+is_same_oid(gss_const_OID o2, gss_const_OID o1)
{
return o1 && o2 && o1->length == o2->length
&& !memcmp(o1->elements, o2->elements, o2->length);
}
static BOOLEAN
-has_oid(gss_OID_set set, gss_OID oid)
+has_oid(gss_const_OID_set set, gss_const_OID oid)
{
for (int i = 0; i < set->count; i++) {
if (is_same_oid(&set->elements[i], oid)) {
@@ -227,7 +227,7 @@
}
static void
-get_oid_desc(gss_OID mech)
+show_oid(gss_const_OID mech)
{
if (trace) {
if (is_same_oid(mech, &KRB5_OID)) {
@@ -249,7 +249,7 @@
}
static void
-get_oid_set_desc(gss_OID_set mechs)
+show_oid_set(gss_const_OID_set mechs)
{
if (trace) {
if (mechs == NULL) {
@@ -258,7 +258,7 @@
}
PP("gss_OID_set.count is %d", (int)mechs->count);
for (int i = 0; i < mechs->count; i++) {
- get_oid_desc(&mechs->elements[i]);
+ show_oid(&mechs->elements[i]);
}
}
}
@@ -332,8 +332,8 @@
__declspec(dllexport) OM_uint32
gss_import_name(OM_uint32 *minor_status,
- const gss_buffer_t input_name_buffer,
- const gss_OID input_name_type,
+ gss_const_buffer_t input_name_buffer,
+ gss_const_OID input_name_type,
gss_name_t *output_name)
{
PP(">>>> Calling gss_import_name...");
@@ -344,6 +344,9 @@
LPSTR input = (LPSTR)input_name_buffer->value;
if (input_name_type != NULL
&& is_same_oid(input_name_type, &EXPORT_NAME_OID)) {
+ if (len < 4 || input[0] != 4 || input[1] != 1 || input[2] != 0) {
+ return GSS_S_FAILURE;
+ }
int mechLen = (int)input[3]; /* including 06 len */
len -= mechLen + 8; /* 4 header bytes, and an int32 length after OID */
if (len <= 0) {
@@ -429,15 +432,50 @@
SEC_WCHAR* n1 = name1->name;
SEC_WCHAR* n2 = name2->name;
PP("Comparing %ls and %ls", n1, n2);
+
int l1 = lstrlen(n1);
int l2 = lstrlen(n2);
- if (l1 < l2 && n2[l1] != L'@'
- || l2 < l1 && n1[l2] != L'@') {
+ int r1 = l1; // position of @ or the end if none
+ int r2 = l2;
+ int i;
+
+ for (i = 0; i < l1; i++) {
+ if (n1[i] == L'\\') {
+ i++;
+ continue;
+ }
+ if (n1[i] == L'@') {
+ r1 = i;
+ break;
+ }
+ }
+
+ for (i = 0; i < l2; i++) {
+ if (n2[i] == L'\\') {
+ i++;
+ continue;
+ }
+ if (n2[i] == L'@') {
+ r2 = i;
+ break;
+ }
+ }
+
+ if (l1 < l2 && l1 != r2
+ || l2 < l1 && l2 != l1) {
return GSS_S_COMPLETE; // different
}
+
if (l1 > l2) {
l1 = l2; // choose the smaller one. longer=smaller @ ...
}
+
+ // Two names are equal if they are the same or one has no realm and
+ // one has realm but they have the same name. If both have realm but
+ // different, they are treated different even if the names are the same.
+ // Note: the default name concept is not used here.
+ // Principal names on Windows are case-insensitive, both user name
+ // and service principal name.
if (CompareStringEx(LOCALE_NAME_SYSTEM_DEFAULT, NORM_IGNORECASE,
n1, l1, n2, l1, NULL, NULL, 0) == CSTR_EQUAL) {
*name_equal = 1;
@@ -448,7 +486,7 @@
__declspec(dllexport) OM_uint32
gss_canonicalize_name(OM_uint32 *minor_status,
gss_const_name_t input_name,
- const gss_OID mech_type,
+ gss_const_OID mech_type,
gss_name_t *output_name)
{
PP(">>>> Calling gss_canonicalize_name...");
@@ -456,6 +494,10 @@
CHECK_OID(mech_type)
CHECK_OUTPUT(output_name)
+ if (!is_same_oid(mech_type, &KRB5_OID)) {
+ PP("Cannot canonicalize to non-krb5 OID");
+ return GSS_S_BAD_MECH;
+ }
gss_name_t names2 = new gss_name_struct;
if (names2 == NULL) {
return GSS_S_FAILURE;
@@ -558,7 +600,7 @@
gss_acquire_cred(OM_uint32 *minor_status,
gss_const_name_t desired_name,
OM_uint32 time_req,
- const gss_OID_set desired_mechs,
+ gss_const_OID_set desired_mechs,
gss_cred_usage_t cred_usage,
gss_cred_id_t *output_cred_handle,
gss_OID_set *actual_mechs,
@@ -572,7 +614,7 @@
ts.QuadPart = 0;
cred_usage = 0;
PP("AcquireCredentialsHandle with %d %p", cred_usage, desired_mechs);
- get_oid_set_desc(desired_mechs);
+ show_oid_set(desired_mechs);
BOOLEAN reqKerberos, reqSPNEGO;
@@ -787,7 +829,7 @@
__declspec(dllexport) OM_uint32
gss_import_sec_context(OM_uint32 *minor_status,
- const gss_buffer_t interprocess_token,
+ gss_const_buffer_t interprocess_token,
gss_ctx_id_t *context_handle)
{
// Not transferable, return FAILURE
@@ -801,11 +843,11 @@
gss_const_cred_id_t initiator_cred_handle,
gss_ctx_id_t *context_handle,
gss_const_name_t target_name,
- const gss_OID mech_type,
+ gss_const_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
- const gss_channel_bindings_t input_chan_bindings,
- const gss_buffer_t input_token,
+ gss_const_channel_bindings_t input_chan_bindings,
+ gss_const_buffer_t input_token,
gss_OID *actual_mech_type,
gss_buffer_t output_token,
OM_uint32 *ret_flags,
@@ -927,7 +969,6 @@
&lifeTime);
if (!SEC_SUCCESS(ss)) {
- // TODO: seems NativeGSSContext has not failed here.
PP("InitializeSecurityContext failed");
goto err;
}
@@ -983,8 +1024,8 @@
gss_accept_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
gss_const_cred_id_t acceptor_cred_handle,
- const gss_buffer_t input_token,
- const gss_channel_bindings_t input_chan_bindings,
+ gss_const_buffer_t input_token,
+ gss_const_channel_bindings_t input_chan_bindings,
gss_name_t *src_name,
gss_OID *mech_type,
gss_buffer_t output_token,
@@ -1168,13 +1209,13 @@
gss_get_mic(OM_uint32 *minor_status,
gss_const_ctx_id_t context_handle,
gss_qop_t qop_req,
- const gss_buffer_t message_buffer,
+ gss_const_buffer_t message_buffer,
gss_buffer_t msg_token)
{
PP(">>>> Calling gss_get_mic...");
- CHECK_CONTEXT(context_handle);
- CHECK_BUFFER(message_buffer);
- CHECK_OUTPUT(msg_token);
+ CHECK_CONTEXT(context_handle)
+ CHECK_BUFFER(message_buffer)
+ CHECK_OUTPUT(msg_token)
SECURITY_STATUS ss;
SecBufferDesc buffDesc;
@@ -1208,14 +1249,14 @@
__declspec(dllexport) OM_uint32
gss_verify_mic(OM_uint32 *minor_status,
gss_const_ctx_id_t context_handle,
- const gss_buffer_t message_buffer,
- const gss_buffer_t token_buffer,
+ gss_const_buffer_t message_buffer,
+ gss_const_buffer_t token_buffer,
gss_qop_t *qop_state)
{
PP(">>>> Calling gss_verify_mic...");
- CHECK_CONTEXT(context_handle);
- CHECK_BUFFER(message_buffer);
- CHECK_BUFFER(token_buffer);
+ CHECK_CONTEXT(context_handle)
+ CHECK_BUFFER(message_buffer)
+ CHECK_BUFFER(token_buffer)
SECURITY_STATUS ss;
SecBufferDesc buffDesc;
@@ -1253,14 +1294,14 @@
gss_const_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
- const gss_buffer_t input_message_buffer,
+ gss_const_buffer_t input_message_buffer,
int *conf_state,
gss_buffer_t output_message_buffer)
{
PP(">>>> Calling gss_wrap...");
- CHECK_CONTEXT(context_handle);
- CHECK_BUFFER(input_message_buffer);
- CHECK_OUTPUT(output_message_buffer);
+ CHECK_CONTEXT(context_handle)
+ CHECK_BUFFER(input_message_buffer)
+ CHECK_OUTPUT(output_message_buffer)
SECURITY_STATUS ss;
SecBufferDesc buffDesc;
@@ -1323,15 +1364,15 @@
__declspec(dllexport) OM_uint32
gss_unwrap(OM_uint32 *minor_status,
gss_const_ctx_id_t context_handle,
- const gss_buffer_t input_message_buffer,
+ gss_const_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int *conf_state,
gss_qop_t *qop_state)
{
PP(">>>> Calling gss_unwrap...");
- CHECK_CONTEXT(context_handle);
- CHECK_BUFFER(input_message_buffer);
- CHECK_OUTPUT(output_message_buffer);
+ CHECK_CONTEXT(context_handle)
+ CHECK_BUFFER(input_message_buffer)
+ CHECK_OUTPUT(output_message_buffer)
SECURITY_STATUS ss;
SecBufferDesc buffDesc;
@@ -1417,11 +1458,11 @@
__declspec(dllexport) OM_uint32
gss_inquire_names_for_mech(OM_uint32 *minor_status,
- const gss_OID mechanism,
+ gss_const_OID mechanism,
gss_OID_set *name_types)
{
PP(">>>> Calling gss_inquire_names_for_mech...");
- CHECK_OID(mechanism);
+ CHECK_OID(mechanism)
if (gss_create_empty_oid_set(minor_status, name_types)) {
return GSS_S_FAILURE;
@@ -1445,12 +1486,12 @@
__declspec(dllexport) OM_uint32
gss_add_oid_set_member(OM_uint32 *minor_status,
- const gss_OID member_oid,
+ gss_const_OID member_oid,
gss_OID_set *oid_set)
{
PP(">>>> Calling gss_add_oid_set_member...");
- CHECK_OID(member_oid);
- CHECK_OUTPUT(oid_set);
+ CHECK_OID(member_oid)
+ CHECK_OUTPUT(oid_set)
int count = (int)(*oid_set)->count;
@@ -1490,7 +1531,7 @@
gss_display_status(OM_uint32 *minor_status,
OM_uint32 status_value,
int status_type,
- const gss_OID mech_type,
+ gss_const_OID mech_type,
OM_uint32 *message_context,
gss_buffer_t status_string)
{
@@ -1526,7 +1567,7 @@
gss_OID_set *oid_set)
{
PP(">>>> Calling gss_create_empty_oid_set...");
- CHECK_OUTPUT(oid_set);
+ CHECK_OUTPUT(oid_set)
if (*oid_set = new gss_OID_set_desc) {
memset(*oid_set, 0, sizeof(gss_OID_set_desc));