8228659: Record which Java methods are called by native codes in JGSS and JAAS
Reviewed-by: mullan
--- a/src/java.security.jgss/macosx/native/libosxkrb5/nativeccache.c Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/macosx/native/libosxkrb5/nativeccache.c Wed Sep 25 17:54:21 2019 +0800
@@ -43,7 +43,6 @@
* Statics for this module
*/
-static jclass derValueClass = NULL;
static jclass ticketClass = NULL;
static jclass principalNameClass = NULL;
static jclass encryptionKeyClass = NULL;
@@ -54,7 +53,6 @@
static jclass hostAddressClass = NULL;
static jclass hostAddressesClass = NULL;
-static jmethodID derValueConstructor = 0;
static jmethodID ticketConstructor = 0;
static jmethodID principalNameConstructor = 0;
static jmethodID encryptionKeyConstructor = 0;
@@ -108,9 +106,6 @@
principalNameClass = FindClass(env, "sun/security/krb5/PrincipalName");
if (principalNameClass == NULL) return JNI_ERR;
- derValueClass = FindClass(env, "sun/security/util/DerValue");
- if (derValueClass == NULL) return JNI_ERR;
-
encryptionKeyClass = FindClass(env, "sun/security/krb5/EncryptionKey");
if (encryptionKeyClass == NULL) return JNI_ERR;
@@ -132,13 +127,7 @@
hostAddressesClass = FindClass(env,"sun/security/krb5/internal/HostAddresses");
if (hostAddressesClass == NULL) return JNI_ERR;
- derValueConstructor = (*env)->GetMethodID(env, derValueClass, "<init>", "([B)V");
- if (derValueConstructor == 0) {
- printf("Couldn't find DerValue constructor\n");
- return JNI_ERR;
- }
-
- ticketConstructor = (*env)->GetMethodID(env, ticketClass, "<init>", "(Lsun/security/util/DerValue;)V");
+ ticketConstructor = (*env)->GetMethodID(env, ticketClass, "<init>", "([B)V");
if (ticketConstructor == 0) {
printf("Couldn't find Ticket constructor\n");
return JNI_ERR;
@@ -204,9 +193,6 @@
if (ticketClass != NULL) {
(*env)->DeleteWeakGlobalRef(env,ticketClass);
}
- if (derValueClass != NULL) {
- (*env)->DeleteWeakGlobalRef(env,derValueClass);
- }
if (principalNameClass != NULL) {
(*env)->DeleteWeakGlobalRef(env,principalNameClass);
}
@@ -421,11 +407,9 @@
jobject BuildTicket(JNIEnv *env, krb5_data *encodedTicket)
{
- /* To build a Ticket, we first need to build a DerValue out of the EncodedTicket.
- * But before we can do that, we need to make a byte array out of the ET.
- */
+ // To build a Ticket, we need to make a byte array out of the EncodedTicket.
- jobject derValue, ticket;
+ jobject ticket;
jbyteArray ary;
ary = (*env)->NewByteArray(env, encodedTicket->length);
@@ -439,19 +423,12 @@
return (jobject) NULL;
}
- derValue = (*env)->NewObject(env, derValueClass, derValueConstructor, ary);
+ ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, ary);
if ((*env)->ExceptionCheck(env)) {
(*env)->DeleteLocalRef(env, ary);
return (jobject) NULL;
}
-
(*env)->DeleteLocalRef(env, ary);
- ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, derValue);
- if ((*env)->ExceptionCheck(env)) {
- (*env)->DeleteLocalRef(env, derValue);
- return (jobject) NULL;
- }
- (*env)->DeleteLocalRef(env, derValue);
return ticket;
}
--- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSCredElement.java Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSCredElement.java Wed Sep 25 17:54:21 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -61,6 +61,7 @@
}
// Construct delegation cred using the actual context mech and srcName
+ // Warning: called by NativeUtil.c
GSSCredElement(long pCredentials, GSSNameElement srcName, Oid mech)
throws GSSException {
pCred = pCredentials;
--- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSLibStub.java Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSLibStub.java Wed Sep 25 17:54:21 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -43,7 +43,7 @@
class GSSLibStub {
private Oid mech;
- private long pMech;
+ private long pMech; // Warning: used by NativeUtil.c
/**
* Initialization routine to dynamically load function pointers.
--- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java Wed Sep 25 17:54:21 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -97,6 +97,7 @@
printableName = "<DEFAULT ACCEPTOR>";
}
+ // Warning: called by NativeUtil.c
GSSNameElement(long pNativeName, GSSLibStub stub) throws GSSException {
assert(stub != null);
if (pNativeName == 0) {
--- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java Wed Sep 25 17:54:21 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -59,20 +59,22 @@
private static final int NUM_OF_INQUIRE_VALUES = 6;
+ // Warning: The following 9 fields are used by NativeUtil.c
private long pContext = 0; // Pointer to the gss_ctx_id_t structure
private GSSNameElement srcName;
private GSSNameElement targetName;
- private GSSCredElement cred;
- private GSSCredElement disposeCred;
private boolean isInitiator;
private boolean isEstablished;
+ private GSSCredElement delegatedCred;
+ private int flags;
+ private int lifetime = GSSCredential.DEFAULT_LIFETIME;
private Oid actualMech; // Assigned during context establishment
+ private GSSCredElement cred;
+ private GSSCredElement disposeCred;
+
private ChannelBinding cb;
- private GSSCredElement delegatedCred;
private GSSCredElement disposeDelegatedCred;
- private int flags;
- private int lifetime = GSSCredential.DEFAULT_LIFETIME;
private final GSSLibStub cStub;
private boolean skipDelegPermCheck;
@@ -231,6 +233,7 @@
}
// Constructor for imported context
+ // Warning: called by NativeUtil.c
NativeGSSContext(long pCtxt, GSSLibStub stub) throws GSSException {
assert(pContext != 0);
pContext = pCtxt;
--- a/src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java Wed Sep 25 17:54:21 2019 +0800
@@ -88,6 +88,7 @@
this.authzData = authzData;
}
+ // Warning: called by NativeCreds.c and nativeccache.c
public Credentials(Ticket new_ticket,
PrincipalName new_client,
PrincipalName new_client_alias,
--- a/src/java.security.jgss/share/classes/sun/security/krb5/EncryptionKey.java Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/EncryptionKey.java Wed Sep 25 17:54:21 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -218,8 +218,8 @@
* credential cache file.
*
*/
- // Used in JSSE (KerberosWrapper), Credentials,
- // javax.security.auth.kerberos.KeyImpl
+ // Used in Credentials, and javax.security.auth.kerberos.KeyImpl
+ // Warning: called by NativeCreds.c and nativeccache.c
public EncryptionKey(int keyType,
byte[] keyValue) {
this(keyValue, keyType, null);
--- a/src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java Wed Sep 25 17:54:21 2019 +0800
@@ -158,7 +158,7 @@
this.realmDeduced = false;
}
- // This method is called by Windows NativeCred.c
+ // Warning: called by NativeCreds.c
public PrincipalName(String[] nameParts, String realm) throws RealmException {
this(KRB_NT_UNKNOWN, nameParts, new Realm(realm));
}
@@ -484,6 +484,7 @@
}
}
+ // Warning: called by nativeccache.c
public PrincipalName(String name, int type) throws RealmException {
this(name, type, (String)null);
}
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddress.java Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddress.java Wed Sep 25 17:54:21 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -165,6 +165,8 @@
/**
* Creates a HostAddress from the specified address and address type.
*
+ * Warning: called by nativeccache.c.
+ *
* @param new_addrType the value of the address type which matches the defined
* address family constants in the Berkeley Standard
* Distributions of Unix.
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddresses.java Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddresses.java Wed Sep 25 17:54:21 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -68,6 +68,7 @@
private HostAddress[] addresses = null;
private volatile int hashCode = 0;
+ // Warning: called by nativeccache.c
public HostAddresses(HostAddress[] new_addresses) throws IOException {
if (new_addresses != null) {
addresses = new HostAddress[new_addresses.length];
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/KerberosTime.java Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/KerberosTime.java Wed Sep 25 17:54:21 2019 +0800
@@ -88,8 +88,7 @@
this(time, 0);
}
- // This constructor is used in the native code
- // src/windows/native/sun/security/krb5/NativeCreds.c
+ // Warning: called by NativeCreds.c and nativeccache.c
public KerberosTime(String time) throws Asn1Exception {
this(toKerberosTime(time), 0);
}
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/Krb5.java Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/Krb5.java Wed Sep 25 17:54:21 2019 +0800
@@ -309,7 +309,7 @@
return errMsgList.get(i);
}
-
+ // Warning: used by NativeCreds.c
public static final boolean DEBUG = GetBooleanAction
.privilegedGetProperty("sun.security.krb5.debug");
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/Ticket.java Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/Ticket.java Wed Sep 25 17:54:21 2019 +0800
@@ -83,6 +83,7 @@
encPart = new_encPart;
}
+ // Warning: called by NativeCreds.c and nativeccache.c
public Ticket(byte[] data) throws Asn1Exception,
RealmException, KrbApErrException, IOException {
init(new DerValue(data));
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/TicketFlags.java Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/TicketFlags.java Wed Sep 25 17:54:21 2019 +0800
@@ -67,6 +67,7 @@
}
}
+ // Warning: called by NativeCreds.c and nativeccache.c
public TicketFlags(int size, byte[] data) throws Asn1Exception {
super(size, data);
if ((size > data.length * BITS_PER_UNIT) || (size > Krb5.TKT_OPTS_MAX + 1))
--- a/src/java.security.jgss/windows/native/libw2k_lsa_auth/NativeCreds.c Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/windows/native/libw2k_lsa_auth/NativeCreds.c Wed Sep 25 17:54:21 2019 +0800
@@ -54,7 +54,6 @@
* Library-wide static references
*/
-jclass derValueClass = NULL;
jclass ticketClass = NULL;
jclass principalNameClass = NULL;
jclass encryptionKeyClass = NULL;
@@ -62,7 +61,6 @@
jclass kerberosTimeClass = NULL;
jclass javaLangStringClass = NULL;
-jmethodID derValueConstructor = 0;
jmethodID ticketConstructor = 0;
jmethodID principalNameConstructor = 0;
jmethodID encryptionKeyConstructor = 0;
@@ -172,24 +170,6 @@
printf("LSA: Made NewWeakGlobalRef\n");
}
- cls = (*env)->FindClass(env,"sun/security/util/DerValue");
-
- if (cls == NULL) {
- printf("LSA: Couldn't find DerValue\n");
- return JNI_ERR;
- }
- if (native_debug) {
- printf("LSA: Found DerValue\n");
- }
-
- derValueClass = (*env)->NewWeakGlobalRef(env,cls);
- if (derValueClass == NULL) {
- return JNI_ERR;
- }
- if (native_debug) {
- printf("LSA: Made NewWeakGlobalRef\n");
- }
-
cls = (*env)->FindClass(env,"sun/security/krb5/EncryptionKey");
if (cls == NULL) {
@@ -262,18 +242,8 @@
printf("LSA: Made NewWeakGlobalRef\n");
}
- derValueConstructor = (*env)->GetMethodID(env, derValueClass,
- "<init>", "([B)V");
- if (derValueConstructor == 0) {
- printf("LSA: Couldn't find DerValue constructor\n");
- return JNI_ERR;
- }
- if (native_debug) {
- printf("LSA: Found DerValue constructor\n");
- }
-
ticketConstructor = (*env)->GetMethodID(env, ticketClass,
- "<init>", "(Lsun/security/util/DerValue;)V");
+ "<init>", "([B)V");
if (ticketConstructor == 0) {
printf("LSA: Couldn't find Ticket constructor\n");
return JNI_ERR;
@@ -347,9 +317,6 @@
if (ticketClass != NULL) {
(*env)->DeleteWeakGlobalRef(env,ticketClass);
}
- if (derValueClass != NULL) {
- (*env)->DeleteWeakGlobalRef(env,derValueClass);
- }
if (principalNameClass != NULL) {
(*env)->DeleteWeakGlobalRef(env,principalNameClass);
}
@@ -897,11 +864,9 @@
jobject BuildTicket(JNIEnv *env, PUCHAR encodedTicket, ULONG encodedTicketSize) {
- /* To build a Ticket, we first need to build a DerValue out of the EncodedTicket.
- * But before we can do that, we need to make a byte array out of the ET.
- */
+ // To build a Ticket, we need to make a byte array out of the EncodedTicket.
- jobject derValue, ticket;
+ jobject ticket;
jbyteArray ary;
ary = (*env)->NewByteArray(env,encodedTicketSize);
@@ -916,19 +881,12 @@
return (jobject) NULL;
}
- derValue = (*env)->NewObject(env, derValueClass, derValueConstructor, ary);
+ ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, ary);
if ((*env)->ExceptionOccurred(env)) {
(*env)->DeleteLocalRef(env, ary);
return (jobject) NULL;
}
-
(*env)->DeleteLocalRef(env, ary);
- ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, derValue);
- if ((*env)->ExceptionOccurred(env)) {
- (*env)->DeleteLocalRef(env, derValue);
- return (jobject) NULL;
- }
- (*env)->DeleteLocalRef(env, derValue);
return ticket;
}
--- a/src/jdk.security.auth/share/classes/com/sun/security/auth/module/NTSystem.java Wed Sep 25 14:48:39 2019 +0530
+++ b/src/jdk.security.auth/share/classes/com/sun/security/auth/module/NTSystem.java Wed Sep 25 17:54:21 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -35,12 +35,14 @@
private native void getCurrent(boolean debug);
private native long getImpersonationToken0();
+ // Warning: the next 6 fields are used by nt.c
private String userName;
private String domain;
private String domainSID;
private String userSID;
private String[] groupIDs;
private String primaryGroupID;
+
private long impersonationToken;
/**
--- a/src/jdk.security.auth/share/classes/com/sun/security/auth/module/UnixSystem.java Wed Sep 25 14:48:39 2019 +0530
+++ b/src/jdk.security.auth/share/classes/com/sun/security/auth/module/UnixSystem.java Wed Sep 25 17:54:21 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,7 @@
private native void getUnixInfo();
+ // Warning: the following 4 fields are used by Unix.c
protected String username;
protected long uid;
protected long gid;