mirror of
https://github.com/openjdk/jdk.git
synced 2025-08-28 07:14:30 +02:00
8327818: Implement Kerberos debug with sun.security.util.Debug
Reviewed-by: coffeys, ssahoo
This commit is contained in:
parent
dec68d7e36
commit
569b05addf
62 changed files with 855 additions and 816 deletions
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -159,6 +159,33 @@ public class Debug {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get a Debug object corresponding to the given option on the given
|
||||||
|
* property value.
|
||||||
|
* <p>
|
||||||
|
* Note: unlike other {@code getInstance} methods, this method does not
|
||||||
|
* use the {@code java.security.debug} system property.
|
||||||
|
* <p>
|
||||||
|
* Usually, this method is used by other individual area-specific debug
|
||||||
|
* settings. For example,
|
||||||
|
* {@snippet lang=java:
|
||||||
|
* Map<String, String> settings = loadLoginSettings();
|
||||||
|
* String property = settings.get("login");
|
||||||
|
* Debug debug = Debug.of("login", property);
|
||||||
|
* }
|
||||||
|
* @param option the debug option name
|
||||||
|
* @param property debug setting for this option
|
||||||
|
* @return a new Debug object if the property is true
|
||||||
|
*/
|
||||||
|
public static Debug of(String option, String property) {
|
||||||
|
if ("true".equalsIgnoreCase(property)) {
|
||||||
|
Debug d = new Debug();
|
||||||
|
d.prefix = option;
|
||||||
|
return d;
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* True if the system property "security.debug" contains the
|
* True if the system property "security.debug" contains the
|
||||||
* string "option".
|
* string "option".
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2011, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -81,7 +81,7 @@ static jclass FindClass(JNIEnv *env, char *className)
|
||||||
jclass cls = (*env)->FindClass(env, className);
|
jclass cls = (*env)->FindClass(env, className);
|
||||||
|
|
||||||
if (cls == NULL) {
|
if (cls == NULL) {
|
||||||
printf("Couldn't find %s\n", className);
|
fprintf(stderr, "Couldn't find %s\n", className);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -129,49 +129,49 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(JavaVM *jvm, void *reserved)
|
||||||
|
|
||||||
ticketConstructor = (*env)->GetMethodID(env, ticketClass, "<init>", "([B)V");
|
ticketConstructor = (*env)->GetMethodID(env, ticketClass, "<init>", "([B)V");
|
||||||
if (ticketConstructor == 0) {
|
if (ticketConstructor == 0) {
|
||||||
printf("Couldn't find Ticket constructor\n");
|
fprintf(stderr, "Couldn't find Ticket constructor\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
|
|
||||||
principalNameConstructor = (*env)->GetMethodID(env, principalNameClass, "<init>", "(Ljava/lang/String;I)V");
|
principalNameConstructor = (*env)->GetMethodID(env, principalNameClass, "<init>", "(Ljava/lang/String;I)V");
|
||||||
if (principalNameConstructor == 0) {
|
if (principalNameConstructor == 0) {
|
||||||
printf("Couldn't find PrincipalName constructor\n");
|
fprintf(stderr, "Couldn't find PrincipalName constructor\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
|
|
||||||
encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass, "<init>", "(I[B)V");
|
encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass, "<init>", "(I[B)V");
|
||||||
if (encryptionKeyConstructor == 0) {
|
if (encryptionKeyConstructor == 0) {
|
||||||
printf("Couldn't find EncryptionKey constructor\n");
|
fprintf(stderr, "Couldn't find EncryptionKey constructor\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
|
|
||||||
ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass, "<init>", "(I[B)V");
|
ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass, "<init>", "(I[B)V");
|
||||||
if (ticketFlagsConstructor == 0) {
|
if (ticketFlagsConstructor == 0) {
|
||||||
printf("Couldn't find TicketFlags constructor\n");
|
fprintf(stderr, "Couldn't find TicketFlags constructor\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
|
|
||||||
kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass, "<init>", "(J)V");
|
kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass, "<init>", "(J)V");
|
||||||
if (kerberosTimeConstructor == 0) {
|
if (kerberosTimeConstructor == 0) {
|
||||||
printf("Couldn't find KerberosTime constructor\n");
|
fprintf(stderr, "Couldn't find KerberosTime constructor\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
|
|
||||||
integerConstructor = (*env)->GetMethodID(env, javaLangIntegerClass, "<init>", "(I)V");
|
integerConstructor = (*env)->GetMethodID(env, javaLangIntegerClass, "<init>", "(I)V");
|
||||||
if (integerConstructor == 0) {
|
if (integerConstructor == 0) {
|
||||||
printf("Couldn't find Integer constructor\n");
|
fprintf(stderr, "Couldn't find Integer constructor\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
|
|
||||||
hostAddressConstructor = (*env)->GetMethodID(env, hostAddressClass, "<init>", "(I[B)V");
|
hostAddressConstructor = (*env)->GetMethodID(env, hostAddressClass, "<init>", "(I[B)V");
|
||||||
if (hostAddressConstructor == 0) {
|
if (hostAddressConstructor == 0) {
|
||||||
printf("Couldn't find HostAddress constructor\n");
|
fprintf(stderr, "Couldn't find HostAddress constructor\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
|
|
||||||
hostAddressesConstructor = (*env)->GetMethodID(env, hostAddressesClass, "<init>", "([Lsun/security/krb5/internal/HostAddress;)V");
|
hostAddressesConstructor = (*env)->GetMethodID(env, hostAddressesClass, "<init>", "([Lsun/security/krb5/internal/HostAddress;)V");
|
||||||
if (hostAddressesConstructor == 0) {
|
if (hostAddressesConstructor == 0) {
|
||||||
printf("Couldn't find HostAddresses constructor\n");
|
fprintf(stderr, "Couldn't find HostAddresses constructor\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -376,7 +376,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
|
||||||
krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "<init>",
|
krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "<init>",
|
||||||
"(Lsun/security/krb5/internal/Ticket;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/EncryptionKey;Lsun/security/krb5/internal/TicketFlags;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/HostAddresses;)V");
|
"(Lsun/security/krb5/internal/Ticket;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/EncryptionKey;Lsun/security/krb5/internal/TicketFlags;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/HostAddresses;)V");
|
||||||
if (krbcredsConstructor == 0) {
|
if (krbcredsConstructor == 0) {
|
||||||
printf("Couldn't find sun.security.krb5.internal.Ticket constructor\n");
|
fprintf(stderr, "Couldn't find sun.security.krb5.internal.Ticket constructor\n");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -447,43 +447,6 @@ public final class ServicePermission extends Permission
|
||||||
s.defaultReadObject();
|
s.defaultReadObject();
|
||||||
init(getName(),getMask(actions));
|
init(getName(),getMask(actions));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
|
||||||
public static void main(String[] args) throws Exception {
|
|
||||||
ServicePermission this_ =
|
|
||||||
new ServicePermission(args[0], "accept");
|
|
||||||
ServicePermission that_ =
|
|
||||||
new ServicePermission(args[1], "accept,initiate");
|
|
||||||
System.out.println("-----\n");
|
|
||||||
System.out.println("this.implies(that) = " + this_.implies(that_));
|
|
||||||
System.out.println("-----\n");
|
|
||||||
System.out.println("this = "+this_);
|
|
||||||
System.out.println("-----\n");
|
|
||||||
System.out.println("that = "+that_);
|
|
||||||
System.out.println("-----\n");
|
|
||||||
|
|
||||||
KrbServicePermissionCollection nps =
|
|
||||||
new KrbServicePermissionCollection();
|
|
||||||
nps.add(this_);
|
|
||||||
nps.add(new ServicePermission("nfs/example.com@EXAMPLE.COM",
|
|
||||||
"accept"));
|
|
||||||
nps.add(new ServicePermission("host/example.com@EXAMPLE.COM",
|
|
||||||
"initiate"));
|
|
||||||
System.out.println("nps.implies(that) = " + nps.implies(that_));
|
|
||||||
System.out.println("-----\n");
|
|
||||||
|
|
||||||
Enumeration e = nps.elements();
|
|
||||||
|
|
||||||
while (e.hasMoreElements()) {
|
|
||||||
ServicePermission x =
|
|
||||||
(ServicePermission) e.nextElement();
|
|
||||||
System.out.println("nps.e = " + x);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -35,7 +35,6 @@ import org.ietf.jgss.Oid;
|
||||||
|
|
||||||
import sun.net.www.protocol.http.HttpCallerInfo;
|
import sun.net.www.protocol.http.HttpCallerInfo;
|
||||||
import sun.net.www.protocol.http.Negotiator;
|
import sun.net.www.protocol.http.Negotiator;
|
||||||
import sun.security.action.GetBooleanAction;
|
|
||||||
import sun.security.action.GetPropertyAction;
|
import sun.security.action.GetPropertyAction;
|
||||||
import sun.security.jgss.GSSManagerImpl;
|
import sun.security.jgss.GSSManagerImpl;
|
||||||
import sun.security.jgss.GSSContextImpl;
|
import sun.security.jgss.GSSContextImpl;
|
||||||
|
@ -45,6 +44,8 @@ import sun.security.jgss.krb5.internal.TlsChannelBindingImpl;
|
||||||
import sun.security.util.ChannelBindingException;
|
import sun.security.util.ChannelBindingException;
|
||||||
import sun.security.util.TlsChannelBinding;
|
import sun.security.util.TlsChannelBinding;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class encapsulates all JAAS and JGSS API calls in a separate class
|
* This class encapsulates all JAAS and JGSS API calls in a separate class
|
||||||
* outside NegotiateAuthentication.java so that J2SE build can go smoothly
|
* outside NegotiateAuthentication.java so that J2SE build can go smoothly
|
||||||
|
@ -55,9 +56,6 @@ import sun.security.util.TlsChannelBinding;
|
||||||
*/
|
*/
|
||||||
public class NegotiatorImpl extends Negotiator {
|
public class NegotiatorImpl extends Negotiator {
|
||||||
|
|
||||||
private static final boolean DEBUG =
|
|
||||||
GetBooleanAction.privilegedGetProperty("sun.security.krb5.debug");
|
|
||||||
|
|
||||||
private GSSContext context;
|
private GSSContext context;
|
||||||
private byte[] oneToken;
|
private byte[] oneToken;
|
||||||
|
|
||||||
|
@ -105,8 +103,8 @@ public class NegotiatorImpl extends Negotiator {
|
||||||
((GSSContextImpl)context).requestDelegPolicy(true);
|
((GSSContextImpl)context).requestDelegPolicy(true);
|
||||||
}
|
}
|
||||||
if (hci.serverCert != null) {
|
if (hci.serverCert != null) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Negotiate: Setting CBT");
|
DEBUG.println("Negotiate: Setting CBT");
|
||||||
}
|
}
|
||||||
// set the channel binding token
|
// set the channel binding token
|
||||||
TlsChannelBinding b = TlsChannelBinding.create(hci.serverCert);
|
TlsChannelBinding b = TlsChannelBinding.create(hci.serverCert);
|
||||||
|
@ -123,8 +121,8 @@ public class NegotiatorImpl extends Negotiator {
|
||||||
try {
|
try {
|
||||||
init(hci);
|
init(hci);
|
||||||
} catch (GSSException | ChannelBindingException e) {
|
} catch (GSSException | ChannelBindingException e) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Negotiate support not initiated, will " +
|
DEBUG.println("Negotiate support not initiated, will " +
|
||||||
"fallback to other scheme if allowed. Reason:");
|
"fallback to other scheme if allowed. Reason:");
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
}
|
}
|
||||||
|
@ -160,9 +158,9 @@ public class NegotiatorImpl extends Negotiator {
|
||||||
}
|
}
|
||||||
return context.initSecContext(token, 0, token.length);
|
return context.initSecContext(token, 0, token.length);
|
||||||
} catch (GSSException e) {
|
} catch (GSSException e) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Negotiate support cannot continue. Reason:");
|
DEBUG.println("Negotiate support cannot continue. Reason:");
|
||||||
e.printStackTrace();
|
e.printStackTrace(DEBUG.getPrintStream());
|
||||||
}
|
}
|
||||||
throw new IOException("Negotiate support cannot continue", e);
|
throw new IOException("Negotiate support cannot continue", e);
|
||||||
}
|
}
|
||||||
|
@ -181,9 +179,9 @@ public class NegotiatorImpl extends Negotiator {
|
||||||
context.dispose();
|
context.dispose();
|
||||||
}
|
}
|
||||||
} catch (GSSException e) {
|
} catch (GSSException e) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Cannot release resources. Reason:");
|
DEBUG.println("Cannot release resources. Reason:");
|
||||||
e.printStackTrace();
|
e.printStackTrace(DEBUG.getPrintStream());
|
||||||
}
|
}
|
||||||
throw new IOException("Cannot release resources", e);
|
throw new IOException("Cannot release resources", e);
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -90,7 +90,7 @@ public class GSSCredentialImpl implements GSSCredential {
|
||||||
} catch (GSSException e) {
|
} catch (GSSException e) {
|
||||||
if (defaultList) {
|
if (defaultList) {
|
||||||
// Try the next mechanism
|
// Try the next mechanism
|
||||||
if (GSSUtil.DEBUG) {
|
if (GSSUtil.DEBUG != null) {
|
||||||
GSSUtil.debug("Ignore " + e + " while acquiring cred for "
|
GSSUtil.debug("Ignore " + e + " while acquiring cred for "
|
||||||
+ mechs[i]);
|
+ mechs[i]);
|
||||||
// e.printStackTrace();
|
// e.printStackTrace();
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -317,25 +317,4 @@ public class GSSHeader {
|
||||||
|
|
||||||
return retVal;
|
return retVal;
|
||||||
}
|
}
|
||||||
|
|
||||||
// XXX Call these two in some central class
|
|
||||||
private void debug(String str) {
|
|
||||||
System.err.print(str);
|
|
||||||
}
|
|
||||||
|
|
||||||
private String getHexBytes(byte[] bytes, int len)
|
|
||||||
throws IOException {
|
|
||||||
|
|
||||||
StringBuilder sb = new StringBuilder();
|
|
||||||
for (int i = 0; i < len; i++) {
|
|
||||||
|
|
||||||
int b1 = (bytes[i] >> 4) & 0x0f;
|
|
||||||
int b2 = bytes[i] & 0x0f;
|
|
||||||
|
|
||||||
sb.append(Integer.toHexString(b1));
|
|
||||||
sb.append(Integer.toHexString(b2));
|
|
||||||
sb.append(' ');
|
|
||||||
}
|
|
||||||
return sb.toString();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -88,7 +88,7 @@ public class GSSManagerImpl extends GSSManager {
|
||||||
}
|
}
|
||||||
} catch (GSSException e) {
|
} catch (GSSException e) {
|
||||||
// Squelch it and just skip over this mechanism
|
// Squelch it and just skip over this mechanism
|
||||||
if (GSSUtil.DEBUG) {
|
if (GSSUtil.DEBUG != null) {
|
||||||
GSSUtil.debug("Skip " + mech +
|
GSSUtil.debug("Skip " + mech +
|
||||||
": error retrieving supported name types");
|
": error retrieving supported name types");
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -45,8 +45,8 @@ import java.security.PrivilegedActionException;
|
||||||
import javax.security.auth.callback.CallbackHandler;
|
import javax.security.auth.callback.CallbackHandler;
|
||||||
import javax.security.auth.login.LoginContext;
|
import javax.security.auth.login.LoginContext;
|
||||||
import javax.security.auth.login.LoginException;
|
import javax.security.auth.login.LoginException;
|
||||||
import sun.security.action.GetBooleanAction;
|
|
||||||
import sun.security.util.ConsoleCallbackHandler;
|
import sun.security.util.ConsoleCallbackHandler;
|
||||||
|
import sun.security.util.Debug;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The GSSUtilImplementation that knows how to work with the internals of
|
* The GSSUtilImplementation that knows how to work with the internals of
|
||||||
|
@ -67,12 +67,12 @@ public class GSSUtil {
|
||||||
public static final Oid NT_GSS_KRB5_PRINCIPAL =
|
public static final Oid NT_GSS_KRB5_PRINCIPAL =
|
||||||
GSSUtil.createOid("1.2.840.113554.1.2.2.1");
|
GSSUtil.createOid("1.2.840.113554.1.2.2.1");
|
||||||
|
|
||||||
static final boolean DEBUG =
|
static final Debug DEBUG = Debug.of("jgss", GetPropertyAction
|
||||||
GetBooleanAction.privilegedGetProperty("sun.security.jgss.debug");
|
.privilegedGetProperty("sun.security.jgss.debug"));
|
||||||
|
|
||||||
static void debug(String message) {
|
static void debug(String message) {
|
||||||
assert(message != null);
|
assert(message != null);
|
||||||
System.out.println(message);
|
DEBUG.println(message);
|
||||||
}
|
}
|
||||||
|
|
||||||
// NOTE: this method is only for creating Oid objects with
|
// NOTE: this method is only for creating Oid objects with
|
||||||
|
@ -82,7 +82,7 @@ public class GSSUtil {
|
||||||
try {
|
try {
|
||||||
return new Oid(oidStr);
|
return new Oid(oidStr);
|
||||||
} catch (GSSException e) {
|
} catch (GSSException e) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
debug("Ignored invalid OID: " + oidStr);
|
debug("Ignored invalid OID: " + oidStr);
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
|
@ -138,7 +138,7 @@ public class GSSUtil {
|
||||||
KerberosPrincipal krbPrinc = new KerberosPrincipal(krbName);
|
KerberosPrincipal krbPrinc = new KerberosPrincipal(krbName);
|
||||||
krb5Principals.add(krbPrinc);
|
krb5Principals.add(krbPrinc);
|
||||||
} catch (GSSException ge) {
|
} catch (GSSException ge) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
debug("Skipped name " + name + " due to " + ge);
|
debug("Skipped name " + name + " due to " + ge);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -151,7 +151,7 @@ public class GSSUtil {
|
||||||
} else {
|
} else {
|
||||||
privCredentials = new HashSet<>(); // empty Set
|
privCredentials = new HashSet<>(); // empty Set
|
||||||
}
|
}
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
debug("Created Subject with the following");
|
debug("Created Subject with the following");
|
||||||
debug("principals=" + krb5Principals);
|
debug("principals=" + krb5Principals);
|
||||||
debug("public creds=" + pubCredentials);
|
debug("public creds=" + pubCredentials);
|
||||||
|
@ -216,7 +216,7 @@ public class GSSUtil {
|
||||||
credentials.add(cred);
|
credentials.add(cred);
|
||||||
} else {
|
} else {
|
||||||
// Ignore non-KerberosTicket and non-KerberosKey elements
|
// Ignore non-KerberosTicket and non-KerberosKey elements
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
debug("Skipped cred element: " + cred);
|
debug("Skipped cred element: " + cred);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -314,7 +314,7 @@ public class GSSUtil {
|
||||||
final Oid mech,
|
final Oid mech,
|
||||||
final boolean initiate,
|
final boolean initiate,
|
||||||
final Class<? extends T> credCls) {
|
final Class<? extends T> credCls) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
debug("Search Subject for " + getMechStr(mech) +
|
debug("Search Subject for " + getMechStr(mech) +
|
||||||
(initiate ? " INIT" : " ACCEPT") + " cred (" +
|
(initiate ? " INIT" : " ACCEPT") + " cred (" +
|
||||||
(name == null ? "<<DEF>>" : name.toString()) + ", " +
|
(name == null ? "<<DEF>>" : name.toString()) + ", " +
|
||||||
|
@ -334,13 +334,13 @@ public class GSSUtil {
|
||||||
(GSSCredentialImpl.class).iterator();
|
(GSSCredentialImpl.class).iterator();
|
||||||
while (iterator.hasNext()) {
|
while (iterator.hasNext()) {
|
||||||
GSSCredentialImpl cred = iterator.next();
|
GSSCredentialImpl cred = iterator.next();
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
debug("...Found cred" + cred);
|
debug("...Found cred" + cred);
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
GSSCredentialSpi ce =
|
GSSCredentialSpi ce =
|
||||||
cred.getElement(mech, initiate);
|
cred.getElement(mech, initiate);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
debug("......Found element: " + ce);
|
debug("......Found element: " + ce);
|
||||||
}
|
}
|
||||||
if (ce.getClass().equals(credCls) &&
|
if (ce.getClass().equals(credCls) &&
|
||||||
|
@ -348,24 +348,24 @@ public class GSSUtil {
|
||||||
name.equals((Object) ce.getName()))) {
|
name.equals((Object) ce.getName()))) {
|
||||||
result.add(credCls.cast(ce));
|
result.add(credCls.cast(ce));
|
||||||
} else {
|
} else {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
debug("......Discard element");
|
debug("......Discard element");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} catch (GSSException ge) {
|
} catch (GSSException ge) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
debug("...Discard cred (" + ge + ")");
|
debug("...Discard cred (" + ge + ")");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else if (DEBUG) {
|
} else if (DEBUG != null) {
|
||||||
debug("No Subject");
|
debug("No Subject");
|
||||||
}
|
}
|
||||||
return result;
|
return result;
|
||||||
});
|
});
|
||||||
return creds;
|
return creds;
|
||||||
} catch (PrivilegedActionException pae) {
|
} catch (PrivilegedActionException pae) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
debug("Unexpected exception when searching Subject:");
|
debug("Unexpected exception when searching Subject:");
|
||||||
pae.printStackTrace();
|
pae.printStackTrace();
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -135,7 +135,7 @@ public final class ProviderList {
|
||||||
addProviderAtEnd(prov, null);
|
addProviderAtEnd(prov, null);
|
||||||
} catch (GSSException ge) {
|
} catch (GSSException ge) {
|
||||||
// Move on to the next provider
|
// Move on to the next provider
|
||||||
if (GSSUtil.DEBUG) {
|
if (GSSUtil.DEBUG != null) {
|
||||||
GSSUtil.debug("Error in adding provider " +
|
GSSUtil.debug("Error in adding provider " +
|
||||||
prov.getName() + ": " + ge);
|
prov.getName() + ": " + ge);
|
||||||
}
|
}
|
||||||
|
@ -420,7 +420,7 @@ public final class ProviderList {
|
||||||
retVal = true;
|
retVal = true;
|
||||||
} catch (GSSException e) {
|
} catch (GSSException e) {
|
||||||
// Skip to next property
|
// Skip to next property
|
||||||
if (GSSUtil.DEBUG) {
|
if (GSSUtil.DEBUG != null) {
|
||||||
GSSUtil.debug("Ignore the invalid property " +
|
GSSUtil.debug("Ignore the invalid property " +
|
||||||
prop + " from provider " + p.getName());
|
prop + " from provider " + p.getName());
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2004, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -66,9 +66,6 @@ class CipherHelper {
|
||||||
// key usage for MIC tokens used by MS
|
// key usage for MIC tokens used by MS
|
||||||
private static final int KG_USAGE_SIGN_MS = 15;
|
private static final int KG_USAGE_SIGN_MS = 15;
|
||||||
|
|
||||||
// debug flag
|
|
||||||
private static final boolean DEBUG = Krb5Util.DEBUG;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A zero initial vector to be used for checksum calculation and for
|
* A zero initial vector to be used for checksum calculation and for
|
||||||
* DesCbc application data encryption/decryption.
|
* DesCbc application data encryption/decryption.
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -43,6 +43,8 @@ import javax.security.auth.kerberos.KerberosPrincipal;
|
||||||
import javax.security.auth.kerberos.KerberosTicket;
|
import javax.security.auth.kerberos.KerberosTicket;
|
||||||
import sun.security.krb5.internal.AuthorizationData;
|
import sun.security.krb5.internal.AuthorizationData;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Implements the mechanism specific context class for the Kerberos v5
|
* Implements the mechanism specific context class for the Kerberos v5
|
||||||
* GSS-API mechanism.
|
* GSS-API mechanism.
|
||||||
|
@ -121,7 +123,6 @@ class Krb5Context implements GSSContextSpi {
|
||||||
private Credentials serviceCreds;
|
private Credentials serviceCreds;
|
||||||
private KrbApReq apReq;
|
private KrbApReq apReq;
|
||||||
private final GSSCaller caller;
|
private final GSSCaller caller;
|
||||||
private static final boolean DEBUG = Krb5Util.DEBUG;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructor for Krb5Context to be called on the context initiator's
|
* Constructor for Krb5Context to be called on the context initiator's
|
||||||
|
@ -379,8 +380,8 @@ class Krb5Context implements GSSContextSpi {
|
||||||
}
|
}
|
||||||
|
|
||||||
final void resetMySequenceNumber(int seqNumber) {
|
final void resetMySequenceNumber(int seqNumber) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Krb5Context setting mySeqNumber to: "
|
DEBUG.println("Krb5Context setting mySeqNumber to: "
|
||||||
+ seqNumber);
|
+ seqNumber);
|
||||||
}
|
}
|
||||||
synchronized (mySeqNumberLock) {
|
synchronized (mySeqNumberLock) {
|
||||||
|
@ -389,8 +390,8 @@ class Krb5Context implements GSSContextSpi {
|
||||||
}
|
}
|
||||||
|
|
||||||
final void resetPeerSequenceNumber(int seqNumber) {
|
final void resetPeerSequenceNumber(int seqNumber) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Krb5Context setting peerSeqNumber to: "
|
DEBUG.println("Krb5Context setting peerSeqNumber to: "
|
||||||
+ seqNumber);
|
+ seqNumber);
|
||||||
}
|
}
|
||||||
synchronized (peerSeqNumberLock) {
|
synchronized (peerSeqNumberLock) {
|
||||||
|
@ -534,8 +535,8 @@ class Krb5Context implements GSSContextSpi {
|
||||||
// We will only try constrained delegation once (if necessary).
|
// We will only try constrained delegation once (if necessary).
|
||||||
if (!isConstrainedDelegationTried) {
|
if (!isConstrainedDelegationTried) {
|
||||||
if (delegatedCred == null) {
|
if (delegatedCred == null) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> Constrained deleg from " + caller);
|
DEBUG.println(">>> Constrained deleg from " + caller);
|
||||||
}
|
}
|
||||||
// The constrained delegation part. The acceptor needs to have
|
// The constrained delegation part. The acceptor needs to have
|
||||||
// isInitiator=true in order to get a TGT, either earlier at
|
// isInitiator=true in order to get a TGT, either earlier at
|
||||||
|
@ -593,8 +594,8 @@ class Krb5Context implements GSSContextSpi {
|
||||||
byte[] retVal = null;
|
byte[] retVal = null;
|
||||||
InitialToken token = null;
|
InitialToken token = null;
|
||||||
int errorCode = GSSException.FAILURE;
|
int errorCode = GSSException.FAILURE;
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Entered Krb5Context.initSecContext with " +
|
DEBUG.println("Entered Krb5Context.initSecContext with " +
|
||||||
"state=" + printState(state));
|
"state=" + printState(state));
|
||||||
}
|
}
|
||||||
if (!isInitiator()) {
|
if (!isInitiator()) {
|
||||||
|
@ -660,14 +661,14 @@ class Krb5Context implements GSSContextSpi {
|
||||||
}});
|
}});
|
||||||
kerbTicket = tmp;
|
kerbTicket = tmp;
|
||||||
} catch (PrivilegedActionException e) {
|
} catch (PrivilegedActionException e) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Attempt to obtain service"
|
DEBUG.println("Attempt to obtain service"
|
||||||
+ " ticket from the subject failed!");
|
+ " ticket from the subject failed!");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (kerbTicket != null) {
|
if (kerbTicket != null) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Found service ticket in " +
|
DEBUG.println("Found service ticket in " +
|
||||||
"the subject" +
|
"the subject" +
|
||||||
kerbTicket);
|
kerbTicket);
|
||||||
}
|
}
|
||||||
|
@ -681,8 +682,8 @@ class Krb5Context implements GSSContextSpi {
|
||||||
if (serviceCreds == null) {
|
if (serviceCreds == null) {
|
||||||
// either we did not find the serviceCreds in the
|
// either we did not find the serviceCreds in the
|
||||||
// Subject or useSubjectCreds is false
|
// Subject or useSubjectCreds is false
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Service ticket not found in " +
|
DEBUG.println("Service ticket not found in " +
|
||||||
"the subject");
|
"the subject");
|
||||||
}
|
}
|
||||||
// Get Service ticket using the Kerberos protocols
|
// Get Service ticket using the Kerberos protocols
|
||||||
|
@ -721,8 +722,8 @@ class Krb5Context implements GSSContextSpi {
|
||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
// log it for debugging purpose
|
// log it for debugging purpose
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Subject is " +
|
DEBUG.println("Subject is " +
|
||||||
"readOnly;Kerberos Service "+
|
"readOnly;Kerberos Service "+
|
||||||
"ticket not stored");
|
"ticket not stored");
|
||||||
}
|
}
|
||||||
|
@ -738,8 +739,8 @@ class Krb5Context implements GSSContextSpi {
|
||||||
if (!getMutualAuthState()) {
|
if (!getMutualAuthState()) {
|
||||||
state = STATE_DONE;
|
state = STATE_DONE;
|
||||||
}
|
}
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Created InitSecContextToken:\n"+
|
DEBUG.println("Created InitSecContextToken:\n"+
|
||||||
new HexDumpEncoder().encodeBuffer(retVal));
|
new HexDumpEncoder().encodeBuffer(retVal));
|
||||||
}
|
}
|
||||||
} else if (state == STATE_IN_PROCESS) {
|
} else if (state == STATE_IN_PROCESS) {
|
||||||
|
@ -750,12 +751,12 @@ class Krb5Context implements GSSContextSpi {
|
||||||
state = STATE_DONE;
|
state = STATE_DONE;
|
||||||
} else {
|
} else {
|
||||||
// XXX Use logging API?
|
// XXX Use logging API?
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(state);
|
DEBUG.println("state is " + state);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} catch (KrbException e) {
|
} catch (KrbException e) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
}
|
}
|
||||||
GSSException gssException =
|
GSSException gssException =
|
||||||
|
@ -792,8 +793,8 @@ class Krb5Context implements GSSContextSpi {
|
||||||
|
|
||||||
byte[] retVal = null;
|
byte[] retVal = null;
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Entered Krb5Context.acceptSecContext with " +
|
DEBUG.println("Entered Krb5Context.acceptSecContext with " +
|
||||||
"state=" + printState(state));
|
"state=" + printState(state));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -839,8 +840,8 @@ class Krb5Context implements GSSContextSpi {
|
||||||
state = STATE_DONE;
|
state = STATE_DONE;
|
||||||
} else {
|
} else {
|
||||||
// XXX Use logging API?
|
// XXX Use logging API?
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(state);
|
DEBUG.println("state is " + state);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} catch (KrbException e) {
|
} catch (KrbException e) {
|
||||||
|
@ -849,8 +850,8 @@ class Krb5Context implements GSSContextSpi {
|
||||||
gssException.initCause(e);
|
gssException.initCause(e);
|
||||||
throw gssException;
|
throw gssException;
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
e.printStackTrace();
|
e.printStackTrace(DEBUG.getPrintStream());
|
||||||
}
|
}
|
||||||
GSSException gssException =
|
GSSException gssException =
|
||||||
new GSSException(GSSException.FAILURE, -1, e.getMessage());
|
new GSSException(GSSException.FAILURE, -1, e.getMessage());
|
||||||
|
@ -898,8 +899,8 @@ class Krb5Context implements GSSContextSpi {
|
||||||
|
|
||||||
public final byte[] wrap(byte[] inBuf, int offset, int len,
|
public final byte[] wrap(byte[] inBuf, int offset, int len,
|
||||||
MessageProp msgProp) throws GSSException {
|
MessageProp msgProp) throws GSSException {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Krb5Context.wrap: data=["
|
DEBUG.println("Krb5Context.wrap: data=["
|
||||||
+ getHexBytes(inBuf, offset, len)
|
+ getHexBytes(inBuf, offset, len)
|
||||||
+ "]");
|
+ "]");
|
||||||
}
|
}
|
||||||
|
@ -919,8 +920,8 @@ class Krb5Context implements GSSContextSpi {
|
||||||
new WrapToken_v2(this, msgProp, inBuf, offset, len);
|
new WrapToken_v2(this, msgProp, inBuf, offset, len);
|
||||||
encToken = token.encode();
|
encToken = token.encode();
|
||||||
}
|
}
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Krb5Context.wrap: token=["
|
DEBUG.println("Krb5Context.wrap: token=["
|
||||||
+ getHexBytes(encToken, 0, encToken.length)
|
+ getHexBytes(encToken, 0, encToken.length)
|
||||||
+ "]");
|
+ "]");
|
||||||
}
|
}
|
||||||
|
@ -952,8 +953,8 @@ class Krb5Context implements GSSContextSpi {
|
||||||
new WrapToken_v2(this, msgProp, inBuf, inOffset, len);
|
new WrapToken_v2(this, msgProp, inBuf, inOffset, len);
|
||||||
retVal = token.encode(outBuf, outOffset);
|
retVal = token.encode(outBuf, outOffset);
|
||||||
}
|
}
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Krb5Context.wrap: token=["
|
DEBUG.println("Krb5Context.wrap: token=["
|
||||||
+ getHexBytes(outBuf, outOffset, retVal)
|
+ getHexBytes(outBuf, outOffset, retVal)
|
||||||
+ "]");
|
+ "]");
|
||||||
}
|
}
|
||||||
|
@ -980,14 +981,14 @@ class Krb5Context implements GSSContextSpi {
|
||||||
WrapToken token =
|
WrapToken token =
|
||||||
new WrapToken(this, msgProp, inBuf, offset, len);
|
new WrapToken(this, msgProp, inBuf, offset, len);
|
||||||
token.encode(os);
|
token.encode(os);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
encToken = token.encode();
|
encToken = token.encode();
|
||||||
}
|
}
|
||||||
} else if (cipherHelper.getProto() == 1) {
|
} else if (cipherHelper.getProto() == 1) {
|
||||||
WrapToken_v2 token =
|
WrapToken_v2 token =
|
||||||
new WrapToken_v2(this, msgProp, inBuf, offset, len);
|
new WrapToken_v2(this, msgProp, inBuf, offset, len);
|
||||||
token.encode(os);
|
token.encode(os);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
encToken = token.encode();
|
encToken = token.encode();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -998,8 +999,8 @@ class Krb5Context implements GSSContextSpi {
|
||||||
throw gssException;
|
throw gssException;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Krb5Context.wrap: token=["
|
DEBUG.println("Krb5Context.wrap: token=["
|
||||||
+ getHexBytes(encToken, 0, encToken.length)
|
+ getHexBytes(encToken, 0, encToken.length)
|
||||||
+ "]");
|
+ "]");
|
||||||
}
|
}
|
||||||
|
@ -1025,8 +1026,8 @@ class Krb5Context implements GSSContextSpi {
|
||||||
MessageProp msgProp)
|
MessageProp msgProp)
|
||||||
throws GSSException {
|
throws GSSException {
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Krb5Context.unwrap: token=["
|
DEBUG.println("Krb5Context.unwrap: token=["
|
||||||
+ getHexBytes(inBuf, offset, len)
|
+ getHexBytes(inBuf, offset, len)
|
||||||
+ "]");
|
+ "]");
|
||||||
}
|
}
|
||||||
|
@ -1049,8 +1050,8 @@ class Krb5Context implements GSSContextSpi {
|
||||||
setSequencingAndReplayProps(token, msgProp);
|
setSequencingAndReplayProps(token, msgProp);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Krb5Context.unwrap: data=["
|
DEBUG.println("Krb5Context.unwrap: data=["
|
||||||
+ getHexBytes(data, 0, data.length)
|
+ getHexBytes(data, 0, data.length)
|
||||||
+ "]");
|
+ "]");
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -33,6 +33,8 @@ import javax.security.auth.kerberos.ServicePermission;
|
||||||
import java.security.Provider;
|
import java.security.Provider;
|
||||||
import java.util.Vector;
|
import java.util.Vector;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Krb5 Mechanism plug in for JGSS
|
* Krb5 Mechanism plug in for JGSS
|
||||||
* This is the properties object required by the JGSS framework.
|
* This is the properties object required by the JGSS framework.
|
||||||
|
@ -43,8 +45,6 @@ import java.util.Vector;
|
||||||
|
|
||||||
public final class Krb5MechFactory implements MechanismFactory {
|
public final class Krb5MechFactory implements MechanismFactory {
|
||||||
|
|
||||||
private static final boolean DEBUG = Krb5Util.DEBUG;
|
|
||||||
|
|
||||||
static final Provider PROVIDER =
|
static final Provider PROVIDER =
|
||||||
new sun.security.jgss.SunProvider();
|
new sun.security.jgss.SunProvider();
|
||||||
|
|
||||||
|
@ -152,8 +152,8 @@ public final class Krb5MechFactory implements MechanismFactory {
|
||||||
try {
|
try {
|
||||||
sm.checkPermission(perm);
|
sm.checkPermission(perm);
|
||||||
} catch (SecurityException e) {
|
} catch (SecurityException e) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Permission to initiate " +
|
DEBUG.println("Permission to initiate " +
|
||||||
"kerberos init credential" + e.getMessage());
|
"kerberos init credential" + e.getMessage());
|
||||||
}
|
}
|
||||||
throw e;
|
throw e;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -31,7 +31,6 @@ import javax.security.auth.kerberos.KeyTab;
|
||||||
import javax.security.auth.Subject;
|
import javax.security.auth.Subject;
|
||||||
import javax.security.auth.login.LoginException;
|
import javax.security.auth.login.LoginException;
|
||||||
|
|
||||||
import sun.security.action.GetBooleanAction;
|
|
||||||
import sun.security.jgss.GSSUtil;
|
import sun.security.jgss.GSSUtil;
|
||||||
import sun.security.jgss.GSSCaller;
|
import sun.security.jgss.GSSCaller;
|
||||||
|
|
||||||
|
@ -47,9 +46,6 @@ import sun.security.krb5.PrincipalName;
|
||||||
*/
|
*/
|
||||||
public class Krb5Util {
|
public class Krb5Util {
|
||||||
|
|
||||||
static final boolean DEBUG = GetBooleanAction
|
|
||||||
.privilegedGetProperty("sun.security.krb5.debug");
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Default constructor
|
* Default constructor
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -39,6 +39,8 @@ import java.util.Set;
|
||||||
import javax.security.auth.kerberos.KerberosPrincipal;
|
import javax.security.auth.kerberos.KerberosPrincipal;
|
||||||
import javax.security.auth.kerberos.KeyTab;
|
import javax.security.auth.kerberos.KeyTab;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This utility looks through the current Subject and retrieves private
|
* This utility looks through the current Subject and retrieves private
|
||||||
* credentials for the desired client/server principals.
|
* credentials for the desired client/server principals.
|
||||||
|
@ -49,8 +51,6 @@ import javax.security.auth.kerberos.KeyTab;
|
||||||
|
|
||||||
class SubjectComber {
|
class SubjectComber {
|
||||||
|
|
||||||
private static final boolean DEBUG = Krb5Util.DEBUG;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Default constructor
|
* Default constructor
|
||||||
*/
|
*/
|
||||||
|
@ -114,8 +114,8 @@ class SubjectComber {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// Check passed, we can add now
|
// Check passed, we can add now
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Found " + credClass.getSimpleName()
|
DEBUG.println("Found " + credClass.getSimpleName()
|
||||||
+ " " + t);
|
+ " " + t);
|
||||||
}
|
}
|
||||||
if (oneOnly) {
|
if (oneOnly) {
|
||||||
|
@ -132,8 +132,8 @@ class SubjectComber {
|
||||||
KerberosKey t = iterator.next();
|
KerberosKey t = iterator.next();
|
||||||
String name = t.getPrincipal().getName();
|
String name = t.getPrincipal().getName();
|
||||||
if (serverPrincipal == null || serverPrincipal.equals(name)) {
|
if (serverPrincipal == null || serverPrincipal.equals(name)) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Found " +
|
DEBUG.println("Found " +
|
||||||
credClass.getSimpleName() + " for " + name);
|
credClass.getSimpleName() + " for " + name);
|
||||||
}
|
}
|
||||||
if (oneOnly) {
|
if (oneOnly) {
|
||||||
|
@ -155,8 +155,8 @@ class SubjectComber {
|
||||||
KerberosTicket ticket)) {
|
KerberosTicket ticket)) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Found ticket for "
|
DEBUG.println("Found ticket for "
|
||||||
+ ticket.getClient()
|
+ ticket.getClient()
|
||||||
+ " to go to "
|
+ " to go to "
|
||||||
+ ticket.getServer()
|
+ ticket.getServer()
|
||||||
|
@ -171,15 +171,15 @@ class SubjectComber {
|
||||||
iterator.remove();
|
iterator.remove();
|
||||||
try {
|
try {
|
||||||
ticket.destroy();
|
ticket.destroy();
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Removed and destroyed "
|
DEBUG.println("Removed and destroyed "
|
||||||
+ "the expired Ticket \n"
|
+ "the expired Ticket \n"
|
||||||
+ ticket);
|
+ ticket);
|
||||||
|
|
||||||
}
|
}
|
||||||
} catch (DestroyFailedException dfe) {
|
} catch (DestroyFailedException dfe) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Expired ticket not" +
|
DEBUG.println("Expired ticket not" +
|
||||||
" destroyed successfully. " + dfe);
|
" destroyed successfully. " + dfe);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -32,6 +32,8 @@ import sun.security.util.*;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
||||||
|
import static sun.security.jgss.spnego.SpNegoContext.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Implements the SPNEGO NegTokenInit token
|
* Implements the SPNEGO NegTokenInit token
|
||||||
* as specified in RFC 2478
|
* as specified in RFC 2478
|
||||||
|
@ -116,8 +118,8 @@ public class NegTokenInit extends SpNegoToken {
|
||||||
|
|
||||||
// mechListMIC with CONTEXT 03
|
// mechListMIC with CONTEXT 03
|
||||||
if (mechListMIC != null) {
|
if (mechListMIC != null) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoToken NegTokenInit: " +
|
DEBUG.println("SpNegoToken NegTokenInit: " +
|
||||||
"sending MechListMIC");
|
"sending MechListMIC");
|
||||||
}
|
}
|
||||||
DerOutputStream mic = new DerOutputStream();
|
DerOutputStream mic = new DerOutputStream();
|
||||||
|
@ -163,8 +165,8 @@ public class NegTokenInit extends SpNegoToken {
|
||||||
ObjectIdentifier mech;
|
ObjectIdentifier mech;
|
||||||
for (int i = 0; i < mList.length; i++) {
|
for (int i = 0; i < mList.length; i++) {
|
||||||
mech = mList[i].getOID();
|
mech = mList[i].getOID();
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoToken NegTokenInit: " +
|
DEBUG.println("SpNegoToken NegTokenInit: " +
|
||||||
"reading Mechanism Oid = " + mech);
|
"reading Mechanism Oid = " + mech);
|
||||||
}
|
}
|
||||||
mechTypeList[i] = new Oid(mech.toString());
|
mechTypeList[i] = new Oid(mech.toString());
|
||||||
|
@ -174,8 +176,8 @@ public class NegTokenInit extends SpNegoToken {
|
||||||
// received reqFlags, skip it
|
// received reqFlags, skip it
|
||||||
} else if (tmp2.isContextSpecific((byte)0x02)) {
|
} else if (tmp2.isContextSpecific((byte)0x02)) {
|
||||||
lastField = checkNextField(lastField, 2);
|
lastField = checkNextField(lastField, 2);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoToken NegTokenInit: " +
|
DEBUG.println("SpNegoToken NegTokenInit: " +
|
||||||
"reading Mech Token");
|
"reading Mech Token");
|
||||||
}
|
}
|
||||||
mechToken = tmp2.data.getOctetString();
|
mechToken = tmp2.data.getOctetString();
|
||||||
|
@ -183,8 +185,8 @@ public class NegTokenInit extends SpNegoToken {
|
||||||
lastField = checkNextField(lastField, 3);
|
lastField = checkNextField(lastField, 3);
|
||||||
if (!GSSUtil.useMSInterop()) {
|
if (!GSSUtil.useMSInterop()) {
|
||||||
mechListMIC = tmp2.data.getOctetString();
|
mechListMIC = tmp2.data.getOctetString();
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoToken NegTokenInit: " +
|
DEBUG.println("SpNegoToken NegTokenInit: " +
|
||||||
"MechListMIC Token = " +
|
"MechListMIC Token = " +
|
||||||
getHexBytes(mechListMIC));
|
getHexBytes(mechListMIC));
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -30,6 +30,8 @@ import org.ietf.jgss.*;
|
||||||
import sun.security.jgss.*;
|
import sun.security.jgss.*;
|
||||||
import sun.security.util.*;
|
import sun.security.util.*;
|
||||||
|
|
||||||
|
import static sun.security.jgss.spnego.SpNegoContext.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Implements the SPNEGO NegTokenTarg token
|
* Implements the SPNEGO NegTokenTarg token
|
||||||
* as specified in RFC 2478
|
* as specified in RFC 2478
|
||||||
|
@ -103,8 +105,8 @@ public class NegTokenTarg extends SpNegoToken {
|
||||||
|
|
||||||
// mechListMIC with CONTEXT 03
|
// mechListMIC with CONTEXT 03
|
||||||
if (mechListMIC != null) {
|
if (mechListMIC != null) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoToken NegTokenTarg: " +
|
DEBUG.println("SpNegoToken NegTokenTarg: " +
|
||||||
"sending MechListMIC");
|
"sending MechListMIC");
|
||||||
}
|
}
|
||||||
DerOutputStream mic = new DerOutputStream();
|
DerOutputStream mic = new DerOutputStream();
|
||||||
|
@ -141,16 +143,16 @@ public class NegTokenTarg extends SpNegoToken {
|
||||||
if (tmp2.isContextSpecific((byte)0x00)) {
|
if (tmp2.isContextSpecific((byte)0x00)) {
|
||||||
lastField = checkNextField(lastField, 0);
|
lastField = checkNextField(lastField, 0);
|
||||||
negResult = tmp2.data.getEnumerated();
|
negResult = tmp2.data.getEnumerated();
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoToken NegTokenTarg: negotiated" +
|
DEBUG.println("SpNegoToken NegTokenTarg: negotiated" +
|
||||||
" result = " + getNegoResultString(negResult));
|
" result = " + getNegoResultString(negResult));
|
||||||
}
|
}
|
||||||
} else if (tmp2.isContextSpecific((byte)0x01)) {
|
} else if (tmp2.isContextSpecific((byte)0x01)) {
|
||||||
lastField = checkNextField(lastField, 1);
|
lastField = checkNextField(lastField, 1);
|
||||||
ObjectIdentifier mech = tmp2.data.getOID();
|
ObjectIdentifier mech = tmp2.data.getOID();
|
||||||
supportedMech = new Oid(mech.toString());
|
supportedMech = new Oid(mech.toString());
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoToken NegTokenTarg: " +
|
DEBUG.println("SpNegoToken NegTokenTarg: " +
|
||||||
"supported mechanism = " + supportedMech);
|
"supported mechanism = " + supportedMech);
|
||||||
}
|
}
|
||||||
} else if (tmp2.isContextSpecific((byte)0x02)) {
|
} else if (tmp2.isContextSpecific((byte)0x02)) {
|
||||||
|
@ -160,8 +162,8 @@ public class NegTokenTarg extends SpNegoToken {
|
||||||
lastField = checkNextField(lastField, 3);
|
lastField = checkNextField(lastField, 3);
|
||||||
if (!GSSUtil.useMSInterop()) {
|
if (!GSSUtil.useMSInterop()) {
|
||||||
mechListMIC = tmp2.data.getOctetString();
|
mechListMIC = tmp2.data.getOctetString();
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoToken NegTokenTarg: " +
|
DEBUG.println("SpNegoToken NegTokenTarg: " +
|
||||||
"MechListMIC Token = " +
|
"MechListMIC Token = " +
|
||||||
getHexBytes(mechListMIC));
|
getHexBytes(mechListMIC));
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -31,6 +31,7 @@ import java.util.Objects;
|
||||||
|
|
||||||
import org.ietf.jgss.*;
|
import org.ietf.jgss.*;
|
||||||
import sun.security.action.GetBooleanAction;
|
import sun.security.action.GetBooleanAction;
|
||||||
|
import sun.security.action.GetPropertyAction;
|
||||||
import sun.security.jgss.*;
|
import sun.security.jgss.*;
|
||||||
import sun.security.jgss.spi.*;
|
import sun.security.jgss.spi.*;
|
||||||
import sun.security.util.*;
|
import sun.security.util.*;
|
||||||
|
@ -84,8 +85,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
private final SpNegoMechFactory factory;
|
private final SpNegoMechFactory factory;
|
||||||
|
|
||||||
// debug property
|
// debug property
|
||||||
static final boolean DEBUG = GetBooleanAction
|
static final Debug DEBUG = Debug.of("spnego", GetPropertyAction
|
||||||
.privilegedGetProperty("sun.security.spnego.debug");
|
.privilegedGetProperty("sun.security.spnego.debug"));
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructor for SpNegoContext to be called on the context initiator's
|
* Constructor for SpNegoContext to be called on the context initiator's
|
||||||
|
@ -294,8 +295,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
byte[] mechToken = null;
|
byte[] mechToken = null;
|
||||||
int errorCode = GSSException.FAILURE;
|
int errorCode = GSSException.FAILURE;
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Entered SpNego.initSecContext with " +
|
DEBUG.println("Entered SpNego.initSecContext with " +
|
||||||
"state=" + printState(state));
|
"state=" + printState(state));
|
||||||
}
|
}
|
||||||
if (!isInitiator()) {
|
if (!isInitiator()) {
|
||||||
|
@ -323,8 +324,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
// generate SPNEGO token
|
// generate SPNEGO token
|
||||||
initToken = new NegTokenInit(DER_mechTypes, getContextFlags(),
|
initToken = new NegTokenInit(DER_mechTypes, getContextFlags(),
|
||||||
mechToken, null);
|
mechToken, null);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoContext.initSecContext: " +
|
DEBUG.println("SpNegoContext.initSecContext: " +
|
||||||
"sending token of type = " +
|
"sending token of type = " +
|
||||||
SpNegoToken.getTokenName(initToken.getType()));
|
SpNegoToken.getTokenName(initToken.getType()));
|
||||||
}
|
}
|
||||||
|
@ -342,8 +343,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
errorCode = GSSException.DEFECTIVE_TOKEN;
|
errorCode = GSSException.DEFECTIVE_TOKEN;
|
||||||
byte[] server_token = new byte[is.available()];
|
byte[] server_token = new byte[is.available()];
|
||||||
SpNegoToken.readFully(is, server_token);
|
SpNegoToken.readFully(is, server_token);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoContext.initSecContext: " +
|
DEBUG.println("SpNegoContext.initSecContext: " +
|
||||||
"process received token = " +
|
"process received token = " +
|
||||||
SpNegoToken.getHexBytes(server_token));
|
SpNegoToken.getHexBytes(server_token));
|
||||||
}
|
}
|
||||||
|
@ -352,8 +353,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
// token will be validated when parsing
|
// token will be validated when parsing
|
||||||
NegTokenTarg targToken = new NegTokenTarg(server_token);
|
NegTokenTarg targToken = new NegTokenTarg(server_token);
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoContext.initSecContext: " +
|
DEBUG.println("SpNegoContext.initSecContext: " +
|
||||||
"received token of type = " +
|
"received token of type = " +
|
||||||
SpNegoToken.getTokenName(targToken.getType()));
|
SpNegoToken.getTokenName(targToken.getType()));
|
||||||
}
|
}
|
||||||
|
@ -421,8 +422,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
if (isMechContextEstablished()) {
|
if (isMechContextEstablished()) {
|
||||||
state = STATE_DONE;
|
state = STATE_DONE;
|
||||||
retVal = mechToken;
|
retVal = mechToken;
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SPNEGO Negotiated Mechanism = "
|
DEBUG.println("SPNEGO Negotiated Mechanism = "
|
||||||
+ internal_mech + " " +
|
+ internal_mech + " " +
|
||||||
GSSUtil.getMechStr(internal_mech));
|
GSSUtil.getMechStr(internal_mech));
|
||||||
}
|
}
|
||||||
|
@ -430,8 +431,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
// generate SPNEGO token
|
// generate SPNEGO token
|
||||||
initToken = new NegTokenInit(null, null,
|
initToken = new NegTokenInit(null, null,
|
||||||
mechToken, null);
|
mechToken, null);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoContext.initSecContext:" +
|
DEBUG.println("SpNegoContext.initSecContext:" +
|
||||||
" continue sending token of type = " +
|
" continue sending token of type = " +
|
||||||
SpNegoToken.getTokenName(initToken.getType()));
|
SpNegoToken.getTokenName(initToken.getType()));
|
||||||
}
|
}
|
||||||
|
@ -442,13 +443,13 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
// XXX Use logging API
|
// XXX Use logging API
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(state);
|
DEBUG.println("state is " + state);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
if (retVal != null) {
|
if (retVal != null) {
|
||||||
System.out.println("SNegoContext.initSecContext: " +
|
DEBUG.println("SNegoContext.initSecContext: " +
|
||||||
"sending token = " + SpNegoToken.getHexBytes(retVal));
|
"sending token = " + SpNegoToken.getHexBytes(retVal));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -488,8 +489,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
SpNegoToken.NegoResult negoResult;
|
SpNegoToken.NegoResult negoResult;
|
||||||
boolean valid = true;
|
boolean valid = true;
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Entered SpNegoContext.acceptSecContext with " +
|
DEBUG.println("Entered SpNegoContext.acceptSecContext with " +
|
||||||
"state=" + printState(state));
|
"state=" + printState(state));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -505,8 +506,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
// read data
|
// read data
|
||||||
byte[] token = new byte[is.available()];
|
byte[] token = new byte[is.available()];
|
||||||
SpNegoToken.readFully(is, token);
|
SpNegoToken.readFully(is, token);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoContext.acceptSecContext: " +
|
DEBUG.println("SpNegoContext.acceptSecContext: " +
|
||||||
"receiving token = " +
|
"receiving token = " +
|
||||||
SpNegoToken.getHexBytes(token));
|
SpNegoToken.getHexBytes(token));
|
||||||
}
|
}
|
||||||
|
@ -515,8 +516,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
// token will be validated when parsing
|
// token will be validated when parsing
|
||||||
NegTokenInit initToken = new NegTokenInit(token);
|
NegTokenInit initToken = new NegTokenInit(token);
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoContext.acceptSecContext: " +
|
DEBUG.println("SpNegoContext.acceptSecContext: " +
|
||||||
"received token of type = " +
|
"received token of type = " +
|
||||||
SpNegoToken.getTokenName(initToken.getType()));
|
SpNegoToken.getTokenName(initToken.getType()));
|
||||||
}
|
}
|
||||||
|
@ -548,8 +549,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
(GSSUtil.isKerberosMech(mechList[0]) &&
|
(GSSUtil.isKerberosMech(mechList[0]) &&
|
||||||
GSSUtil.isKerberosMech(mech_wanted))) {
|
GSSUtil.isKerberosMech(mech_wanted))) {
|
||||||
// get the mechanism token
|
// get the mechanism token
|
||||||
if (DEBUG && !mech_wanted.equals(mechList[0])) {
|
if (DEBUG != null && !mech_wanted.equals(mechList[0])) {
|
||||||
System.out.println("SpNegoContext.acceptSecContext: " +
|
DEBUG.println("SpNegoContext.acceptSecContext: " +
|
||||||
"negotiated mech adjusted to " + mechList[0]);
|
"negotiated mech adjusted to " + mechList[0]);
|
||||||
}
|
}
|
||||||
byte[] mechToken = initToken.getMechToken();
|
byte[] mechToken = initToken.getMechToken();
|
||||||
|
@ -577,8 +578,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
// now set the context flags for acceptor
|
// now set the context flags for acceptor
|
||||||
setContextFlags();
|
setContextFlags();
|
||||||
// print the negotiated mech info
|
// print the negotiated mech info
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SPNEGO Negotiated Mechanism = "
|
DEBUG.println("SPNEGO Negotiated Mechanism = "
|
||||||
+ internal_mech + " " +
|
+ internal_mech + " " +
|
||||||
GSSUtil.getMechStr(internal_mech));
|
GSSUtil.getMechStr(internal_mech));
|
||||||
}
|
}
|
||||||
|
@ -591,18 +592,18 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
throw new GSSException(GSSException.FAILURE);
|
throw new GSSException(GSSException.FAILURE);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoContext.acceptSecContext: " +
|
DEBUG.println("SpNegoContext.acceptSecContext: " +
|
||||||
"mechanism wanted = " + mech_wanted);
|
"mechanism wanted = " + mech_wanted);
|
||||||
System.out.println("SpNegoContext.acceptSecContext: " +
|
DEBUG.println("SpNegoContext.acceptSecContext: " +
|
||||||
"negotiated result = " + negoResult);
|
"negotiated result = " + negoResult);
|
||||||
}
|
}
|
||||||
|
|
||||||
// generate SPNEGO token
|
// generate SPNEGO token
|
||||||
NegTokenTarg targToken = new NegTokenTarg(negoResult.ordinal(),
|
NegTokenTarg targToken = new NegTokenTarg(negoResult.ordinal(),
|
||||||
mech_wanted, accept_token, null);
|
mech_wanted, accept_token, null);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoContext.acceptSecContext: " +
|
DEBUG.println("SpNegoContext.acceptSecContext: " +
|
||||||
"sending token of type = " +
|
"sending token of type = " +
|
||||||
SpNegoToken.getTokenName(targToken.getType()));
|
SpNegoToken.getTokenName(targToken.getType()));
|
||||||
}
|
}
|
||||||
|
@ -613,8 +614,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
// read data
|
// read data
|
||||||
byte[] token = new byte[is.available()];
|
byte[] token = new byte[is.available()];
|
||||||
SpNegoToken.readFully(is, token);
|
SpNegoToken.readFully(is, token);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoContext.acceptSecContext: " +
|
DEBUG.println("SpNegoContext.acceptSecContext: " +
|
||||||
"receiving token = " +
|
"receiving token = " +
|
||||||
SpNegoToken.getHexBytes(token));
|
SpNegoToken.getHexBytes(token));
|
||||||
}
|
}
|
||||||
|
@ -623,8 +624,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
// token will be validated when parsing
|
// token will be validated when parsing
|
||||||
NegTokenTarg inputToken = new NegTokenTarg(token);
|
NegTokenTarg inputToken = new NegTokenTarg(token);
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoContext.acceptSecContext: " +
|
DEBUG.println("SpNegoContext.acceptSecContext: " +
|
||||||
"received token of type = " +
|
"received token of type = " +
|
||||||
SpNegoToken.getTokenName(inputToken.getType()));
|
SpNegoToken.getTokenName(inputToken.getType()));
|
||||||
}
|
}
|
||||||
|
@ -653,8 +654,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
// generate SPNEGO token
|
// generate SPNEGO token
|
||||||
NegTokenTarg targToken = new NegTokenTarg(negoResult.ordinal(),
|
NegTokenTarg targToken = new NegTokenTarg(negoResult.ordinal(),
|
||||||
null, accept_token, null);
|
null, accept_token, null);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoContext.acceptSecContext: " +
|
DEBUG.println("SpNegoContext.acceptSecContext: " +
|
||||||
"sending token of type = " +
|
"sending token of type = " +
|
||||||
SpNegoToken.getTokenName(targToken.getType()));
|
SpNegoToken.getTokenName(targToken.getType()));
|
||||||
}
|
}
|
||||||
|
@ -663,12 +664,12 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
// XXX Use logging API
|
// XXX Use logging API
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("AcceptSecContext: state = " + state);
|
DEBUG.println("AcceptSecContext: state = " + state);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoContext.acceptSecContext: " +
|
DEBUG.println("SpNegoContext.acceptSecContext: " +
|
||||||
"sending token = " + SpNegoToken.getHexBytes(retVal));
|
"sending token = " + SpNegoToken.getHexBytes(retVal));
|
||||||
}
|
}
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
|
@ -768,16 +769,16 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
|
|
||||||
// sanity check the required input
|
// sanity check the required input
|
||||||
if (mechTypes == null) {
|
if (mechTypes == null) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoContext: no MIC token included");
|
DEBUG.println("SpNegoContext: no MIC token included");
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
// check if mechanism supports integrity
|
// check if mechanism supports integrity
|
||||||
if (!mechContext.getIntegState()) {
|
if (!mechContext.getIntegState()) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoContext: no MIC token included" +
|
DEBUG.println("SpNegoContext: no MIC token included" +
|
||||||
" - mechanism does not support integrity");
|
" - mechanism does not support integrity");
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
|
@ -788,14 +789,14 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
try {
|
try {
|
||||||
MessageProp prop = new MessageProp(0, true);
|
MessageProp prop = new MessageProp(0, true);
|
||||||
mic = getMIC(mechTypes, 0, mechTypes.length, prop);
|
mic = getMIC(mechTypes, 0, mechTypes.length, prop);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoContext: getMIC = " +
|
DEBUG.println("SpNegoContext: getMIC = " +
|
||||||
SpNegoToken.getHexBytes(mic));
|
SpNegoToken.getHexBytes(mic));
|
||||||
}
|
}
|
||||||
} catch (GSSException e) {
|
} catch (GSSException e) {
|
||||||
mic = null;
|
mic = null;
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoContext: no MIC token included" +
|
DEBUG.println("SpNegoContext: no MIC token included" +
|
||||||
" - getMIC failed : " + e.getMessage());
|
" - getMIC failed : " + e.getMessage());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -810,16 +811,16 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
|
|
||||||
// sanity check the input
|
// sanity check the input
|
||||||
if (token == null) {
|
if (token == null) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoContext: no MIC token validation");
|
DEBUG.println("SpNegoContext: no MIC token validation");
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// check if mechanism supports integrity
|
// check if mechanism supports integrity
|
||||||
if (!mechContext.getIntegState()) {
|
if (!mechContext.getIntegState()) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoContext: no MIC token validation" +
|
DEBUG.println("SpNegoContext: no MIC token validation" +
|
||||||
" - mechanism does not support integrity");
|
" - mechanism does not support integrity");
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
|
@ -834,8 +835,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
valid = true;
|
valid = true;
|
||||||
} catch (GSSException e) {
|
} catch (GSSException e) {
|
||||||
valid = false;
|
valid = false;
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoContext: MIC validation failed! " +
|
DEBUG.println("SpNegoContext: MIC validation failed! " +
|
||||||
e.getMessage());
|
e.getMessage());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -921,8 +922,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
for (int i = 0; i < supported_mechSet.length; i++) {
|
for (int i = 0; i < supported_mechSet.length; i++) {
|
||||||
for (int j = 0; j < mechSet.length; j++) {
|
for (int j = 0; j < mechSet.length; j++) {
|
||||||
if (mechSet[j].equals(supported_mechSet[i])) {
|
if (mechSet[j].equals(supported_mechSet[i])) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("SpNegoContext: " +
|
DEBUG.println("SpNegoContext: " +
|
||||||
"negotiated mechanism = " + mechSet[j]);
|
"negotiated mechanism = " + mechSet[j]);
|
||||||
}
|
}
|
||||||
return (mechSet[j]);
|
return (mechSet[j]);
|
||||||
|
@ -940,8 +941,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
if (mechContext != null) {
|
if (mechContext != null) {
|
||||||
return mechContext.isEstablished();
|
return mechContext.isEstablished();
|
||||||
} else {
|
} else {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("The underlying mechanism context has " +
|
DEBUG.println("The underlying mechanism context has " +
|
||||||
"not been initialized");
|
"not been initialized");
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
|
@ -1053,8 +1054,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
peerName = targName.getElement(internal_mech);
|
peerName = targName.getElement(internal_mech);
|
||||||
return peerName;
|
return peerName;
|
||||||
} else {
|
} else {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("The underlying mechanism context has " +
|
DEBUG.println("The underlying mechanism context has " +
|
||||||
"not been initialized");
|
"not been initialized");
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
|
@ -1069,8 +1070,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||||
myName = srcName.getElement(internal_mech);
|
myName = srcName.getElement(internal_mech);
|
||||||
return myName;
|
return myName;
|
||||||
} else {
|
} else {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("The underlying mechanism context has " +
|
DEBUG.println("The underlying mechanism context has " +
|
||||||
"not been initialized");
|
"not been initialized");
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -59,9 +59,6 @@ abstract class SpNegoToken extends GSSToken {
|
||||||
|
|
||||||
private final int tokenType;
|
private final int tokenType;
|
||||||
|
|
||||||
// property
|
|
||||||
static final boolean DEBUG = SpNegoContext.DEBUG;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The object identifier corresponding to the SPNEGO GSS-API
|
* The object identifier corresponding to the SPNEGO GSS-API
|
||||||
* mechanism.
|
* mechanism.
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -65,7 +65,7 @@ public final class SunNativeProvider extends Provider {
|
||||||
if (message == null) {
|
if (message == null) {
|
||||||
throw new NullPointerException();
|
throw new NullPointerException();
|
||||||
}
|
}
|
||||||
System.out.println(NAME + ": " + message);
|
System.err.println(NAME + ": " + message);
|
||||||
}
|
}
|
||||||
|
|
||||||
@SuppressWarnings("removal")
|
@SuppressWarnings("removal")
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -73,8 +73,6 @@ public class Checksum {
|
||||||
// draft-brezak-win2k-krb-rc4-hmac-04.txt
|
// draft-brezak-win2k-krb-rc4-hmac-04.txt
|
||||||
public static final int CKSUMTYPE_HMAC_MD5_ARCFOUR = -138;
|
public static final int CKSUMTYPE_HMAC_MD5_ARCFOUR = -138;
|
||||||
|
|
||||||
private static boolean DEBUG = Krb5.DEBUG;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructs a new Checksum using the raw data and type.
|
* Constructs a new Checksum using the raw data and type.
|
||||||
*
|
*
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -51,6 +51,8 @@ import sun.security.krb5.internal.crypto.EType;
|
||||||
import sun.security.krb5.internal.Krb5;
|
import sun.security.krb5.internal.Krb5;
|
||||||
import sun.security.util.SecurityProperties;
|
import sun.security.util.SecurityProperties;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class maintains key-value pairs of Kerberos configurable constants
|
* This class maintains key-value pairs of Kerberos configurable constants
|
||||||
* from configuration file or from user specified system properties.
|
* from configuration file or from user specified system properties.
|
||||||
|
@ -103,8 +105,6 @@ public class Config {
|
||||||
*/
|
*/
|
||||||
private Hashtable<String,Object> stanzaTable = new Hashtable<>();
|
private Hashtable<String,Object> stanzaTable = new Hashtable<>();
|
||||||
|
|
||||||
private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
|
|
||||||
|
|
||||||
// these are used for hexadecimal calculation.
|
// these are used for hexadecimal calculation.
|
||||||
private static final int BASE16_0 = 1;
|
private static final int BASE16_0 = 1;
|
||||||
private static final int BASE16_1 = 16;
|
private static final int BASE16_1 = 16;
|
||||||
|
@ -213,16 +213,16 @@ public class Config {
|
||||||
if (fileName != null) {
|
if (fileName != null) {
|
||||||
configFile = loadConfigFile(fileName);
|
configFile = loadConfigFile(fileName);
|
||||||
stanzaTable = parseStanzaTable(configFile);
|
stanzaTable = parseStanzaTable(configFile);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Loaded from Java config");
|
DEBUG.println("Loaded from Java config");
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
boolean found = false;
|
boolean found = false;
|
||||||
if (isMacosLionOrBetter()) {
|
if (isMacosLionOrBetter()) {
|
||||||
try {
|
try {
|
||||||
stanzaTable = SCDynamicStoreConfig.getConfig();
|
stanzaTable = SCDynamicStoreConfig.getConfig();
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Loaded from SCDynamicStoreConfig");
|
DEBUG.println("Loaded from SCDynamicStoreConfig");
|
||||||
}
|
}
|
||||||
found = true;
|
found = true;
|
||||||
} catch (IOException ioe) {
|
} catch (IOException ioe) {
|
||||||
|
@ -233,15 +233,15 @@ public class Config {
|
||||||
fileName = getNativeFileName();
|
fileName = getNativeFileName();
|
||||||
configFile = loadConfigFile(fileName);
|
configFile = loadConfigFile(fileName);
|
||||||
stanzaTable = parseStanzaTable(configFile);
|
stanzaTable = parseStanzaTable(configFile);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Loaded from native config");
|
DEBUG.println("Loaded from native config");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} catch (IOException ioe) {
|
} catch (IOException ioe) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Exception thrown in loading config:");
|
DEBUG.println("Exception thrown in loading config:");
|
||||||
ioe.printStackTrace(System.out);
|
ioe.printStackTrace(DEBUG.getPrintStream());
|
||||||
}
|
}
|
||||||
throw new KrbException("krb5.conf loading failed");
|
throw new KrbException("krb5.conf loading failed");
|
||||||
}
|
}
|
||||||
|
@ -440,11 +440,11 @@ public class Config {
|
||||||
try {
|
try {
|
||||||
value = parseIntValue(result);
|
value = parseIntValue(result);
|
||||||
} catch (NumberFormatException e) {
|
} catch (NumberFormatException e) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Exception in getting value of " +
|
DEBUG.println("Exception in getting value of " +
|
||||||
Arrays.toString(keys) + ": " +
|
Arrays.toString(keys) + ": " +
|
||||||
e.getMessage());
|
e.getMessage());
|
||||||
System.out.println("Setting " + Arrays.toString(keys) +
|
DEBUG.println("Setting " + Arrays.toString(keys) +
|
||||||
" to minimum value");
|
" to minimum value");
|
||||||
}
|
}
|
||||||
value = Integer.MIN_VALUE;
|
value = Integer.MIN_VALUE;
|
||||||
|
@ -584,8 +584,8 @@ public class Config {
|
||||||
Path file, List<String> content, Set<Path> dups)
|
Path file, List<String> content, Set<Path> dups)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Loading krb5 profile at " + file);
|
DEBUG.println("Loading krb5 profile at " + file);
|
||||||
}
|
}
|
||||||
if (!file.isAbsolute()) {
|
if (!file.isAbsolute()) {
|
||||||
throw new IOException("Profile path not absolute");
|
throw new IOException("Profile path not absolute");
|
||||||
|
@ -628,8 +628,8 @@ public class Config {
|
||||||
content, dups);
|
content, dups);
|
||||||
} else {
|
} else {
|
||||||
// Unsupported directives
|
// Unsupported directives
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Unknown directive: " + line);
|
DEBUG.println("Unknown directive: " + line);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
@ -670,8 +670,8 @@ public class Config {
|
||||||
private List<String> loadConfigFile(final String fileName)
|
private List<String> loadConfigFile(final String fileName)
|
||||||
throws IOException, KrbException {
|
throws IOException, KrbException {
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Loading config file from " + fileName);
|
DEBUG.println("Loading config file from " + fileName);
|
||||||
}
|
}
|
||||||
List<String> result = new ArrayList<>();
|
List<String> result = new ArrayList<>();
|
||||||
List<String> raw = new ArrayList<>();
|
List<String> raw = new ArrayList<>();
|
||||||
|
@ -783,8 +783,8 @@ public class Config {
|
||||||
throws KrbException {
|
throws KrbException {
|
||||||
Hashtable<String,Object> current = stanzaTable;
|
Hashtable<String,Object> current = stanzaTable;
|
||||||
for (String line: v) {
|
for (String line: v) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(line);
|
DEBUG.println(line);
|
||||||
}
|
}
|
||||||
// There are only 3 kinds of lines
|
// There are only 3 kinds of lines
|
||||||
// 1. a = b
|
// 1. a = b
|
||||||
|
@ -872,8 +872,8 @@ public class Config {
|
||||||
name = null;
|
name = null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Java config name: " + name);
|
DEBUG.println("Java config name: " + name);
|
||||||
}
|
}
|
||||||
return name;
|
return name;
|
||||||
}
|
}
|
||||||
|
@ -935,8 +935,8 @@ public class Config {
|
||||||
} else {
|
} else {
|
||||||
name = "/etc/krb5.conf";
|
name = "/etc/krb5.conf";
|
||||||
}
|
}
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Native config name: " + name);
|
DEBUG.println("Native config name: " + name);
|
||||||
}
|
}
|
||||||
return name;
|
return name;
|
||||||
}
|
}
|
||||||
|
@ -984,21 +984,21 @@ public class Config {
|
||||||
String default_enctypes;
|
String default_enctypes;
|
||||||
default_enctypes = get("libdefaults", configName);
|
default_enctypes = get("libdefaults", configName);
|
||||||
if (default_enctypes == null && !configName.equals("permitted_enctypes")) {
|
if (default_enctypes == null && !configName.equals("permitted_enctypes")) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Getting permitted_enctypes from libdefaults");
|
DEBUG.println("Getting permitted_enctypes from libdefaults");
|
||||||
}
|
}
|
||||||
default_enctypes = get("libdefaults", "permitted_enctypes");
|
default_enctypes = get("libdefaults", "permitted_enctypes");
|
||||||
}
|
}
|
||||||
int[] etype;
|
int[] etype;
|
||||||
if (default_enctypes == null) {
|
if (default_enctypes == null) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("default_enctypes were null, using builtin default etypes for configuration " +
|
DEBUG.println("default_enctypes were null, using builtin default etypes for configuration " +
|
||||||
configName);
|
configName);
|
||||||
}
|
}
|
||||||
etype = EType.getBuiltInDefaults();
|
etype = EType.getBuiltInDefaults();
|
||||||
} else {
|
} else {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("default_enctypes:" + default_enctypes);
|
DEBUG.println("default_enctypes:" + default_enctypes);
|
||||||
}
|
}
|
||||||
String delim = " ";
|
String delim = " ";
|
||||||
StringTokenizer st;
|
StringTokenizer st;
|
||||||
|
@ -1032,12 +1032,13 @@ public class Config {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.print("default etypes for " + configName + ":");
|
String s = "default etypes for " + configName + ":";
|
||||||
for (int i = 0; i < etype.length; i++) {
|
for (int i = 0; i < etype.length; i++) {
|
||||||
System.out.print(" " + etype[i]);
|
s += " " + etype[i];
|
||||||
}
|
}
|
||||||
System.out.println(".");
|
s += ".";
|
||||||
|
DEBUG.println(s);
|
||||||
}
|
}
|
||||||
return etype;
|
return etype;
|
||||||
}
|
}
|
||||||
|
@ -1135,8 +1136,8 @@ public class Config {
|
||||||
* This method was useless. Kept here in case some class still calls it.
|
* This method was useless. Kept here in case some class still calls it.
|
||||||
*/
|
*/
|
||||||
public void resetDefaultRealm(String realm) {
|
public void resetDefaultRealm(String realm) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> Config try resetting default kdc " + realm);
|
DEBUG.println(">>> Config try resetting default kdc " + realm);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1319,8 +1320,8 @@ public class Config {
|
||||||
* @return the realm if correct, or null otherwise
|
* @return the realm if correct, or null otherwise
|
||||||
*/
|
*/
|
||||||
private static String checkRealm(String mapRealm) {
|
private static String checkRealm(String mapRealm) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("getRealmFromDNS: trying " + mapRealm);
|
DEBUG.println("getRealmFromDNS: trying " + mapRealm);
|
||||||
}
|
}
|
||||||
String[] records = null;
|
String[] records = null;
|
||||||
String newRealm = mapRealm;
|
String newRealm = mapRealm;
|
||||||
|
@ -1351,14 +1352,14 @@ public class Config {
|
||||||
String kdcs = "";
|
String kdcs = "";
|
||||||
String[] srvs = null;
|
String[] srvs = null;
|
||||||
// locate DNS SRV record using UDP
|
// locate DNS SRV record using UDP
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("getKDCFromDNS using UDP");
|
DEBUG.println("getKDCFromDNS using UDP");
|
||||||
}
|
}
|
||||||
srvs = KrbServiceLocator.getKerberosService(realm, "_udp");
|
srvs = KrbServiceLocator.getKerberosService(realm, "_udp");
|
||||||
if (srvs == null) {
|
if (srvs == null) {
|
||||||
// locate DNS SRV record using TCP
|
// locate DNS SRV record using TCP
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("getKDCFromDNS using TCP");
|
DEBUG.println("getKDCFromDNS using TCP");
|
||||||
}
|
}
|
||||||
srvs = KrbServiceLocator.getKerberosService(realm, "_tcp");
|
srvs = KrbServiceLocator.getKerberosService(realm, "_tcp");
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -41,6 +41,8 @@ import java.io.IOException;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
import java.net.InetAddress;
|
import java.net.InetAddress;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class encapsulates the concept of a Kerberos service
|
* This class encapsulates the concept of a Kerberos service
|
||||||
* credential. That includes a Kerberos ticket and an associated
|
* credential. That includes a Kerberos ticket and an associated
|
||||||
|
@ -61,7 +63,6 @@ public class Credentials {
|
||||||
KerberosTime renewTill;
|
KerberosTime renewTill;
|
||||||
HostAddresses cAddr;
|
HostAddresses cAddr;
|
||||||
AuthorizationData authzData;
|
AuthorizationData authzData;
|
||||||
private static boolean DEBUG = Krb5.DEBUG;
|
|
||||||
static boolean alreadyLoaded = false;
|
static boolean alreadyLoaded = false;
|
||||||
private static boolean alreadyTried = false;
|
private static boolean alreadyTried = false;
|
||||||
|
|
||||||
|
@ -240,8 +241,8 @@ public class Credentials {
|
||||||
try {
|
try {
|
||||||
retVal = ticket.asn1Encode();
|
retVal = ticket.asn1Encode();
|
||||||
} catch (Asn1Exception | IOException e) {
|
} catch (Asn1Exception | IOException e) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(e);
|
e.printStackTrace(DEBUG.getPrintStream());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return retVal;
|
return retVal;
|
||||||
|
@ -330,21 +331,21 @@ public class Credentials {
|
||||||
OperatingSystem.isMacOS()) {
|
OperatingSystem.isMacOS()) {
|
||||||
Credentials creds = acquireDefaultCreds();
|
Credentials creds = acquireDefaultCreds();
|
||||||
if (creds == null) {
|
if (creds == null) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> Found no TGT's in native ccache");
|
DEBUG.println(">>> Found no TGT's in native ccache");
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
if (princ != null) {
|
if (princ != null) {
|
||||||
if (creds.getClient().equals(princ)) {
|
if (creds.getClient().equals(princ)) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> Obtained TGT from native ccache: "
|
DEBUG.println(">>> Obtained TGT from native ccache: "
|
||||||
+ creds);
|
+ creds);
|
||||||
}
|
}
|
||||||
return creds;
|
return creds;
|
||||||
} else {
|
} else {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> native ccache contains TGT for "
|
DEBUG.println(">>> native ccache contains TGT for "
|
||||||
+ creds.getClient()
|
+ creds.getClient()
|
||||||
+ " not "
|
+ " not "
|
||||||
+ princ);
|
+ princ);
|
||||||
|
@ -352,8 +353,8 @@ public class Credentials {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> Obtained TGT from native ccache: "
|
DEBUG.println(">>> Obtained TGT from native ccache: "
|
||||||
+ creds);
|
+ creds);
|
||||||
}
|
}
|
||||||
return creds;
|
return creds;
|
||||||
|
@ -381,8 +382,8 @@ public class Credentials {
|
||||||
if (EType.isSupported(tgtCred.key.getEType())) {
|
if (EType.isSupported(tgtCred.key.getEType())) {
|
||||||
return tgtCred;
|
return tgtCred;
|
||||||
} else {
|
} else {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(
|
DEBUG.println(
|
||||||
">>> unsupported key type found the default TGT: " +
|
">>> unsupported key type found the default TGT: " +
|
||||||
tgtCred.key.getEType());
|
tgtCred.key.getEType());
|
||||||
}
|
}
|
||||||
|
@ -420,15 +421,15 @@ public class Credentials {
|
||||||
if (cache != null) {
|
if (cache != null) {
|
||||||
Credentials temp = cache.getInitialCreds();
|
Credentials temp = cache.getInitialCreds();
|
||||||
if (temp != null) {
|
if (temp != null) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> KrbCreds found the default ticket"
|
DEBUG.println(">>> KrbCreds found the default ticket"
|
||||||
+ " granting ticket in credential cache.");
|
+ " granting ticket in credential cache.");
|
||||||
}
|
}
|
||||||
if (EType.isSupported(temp.key.getEType())) {
|
if (EType.isSupported(temp.key.getEType())) {
|
||||||
result = temp;
|
result = temp;
|
||||||
} else {
|
} else {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(
|
DEBUG.println(
|
||||||
">>> unsupported key type found the default TGT: " +
|
">>> unsupported key type found the default TGT: " +
|
||||||
temp.key.getEType());
|
temp.key.getEType());
|
||||||
}
|
}
|
||||||
|
@ -444,8 +445,8 @@ public class Credentials {
|
||||||
try {
|
try {
|
||||||
ensureLoaded();
|
ensureLoaded();
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Can not load native ccache library");
|
DEBUG.println("Can not load native ccache library");
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
}
|
}
|
||||||
alreadyTried = true;
|
alreadyTried = true;
|
||||||
|
@ -453,8 +454,8 @@ public class Credentials {
|
||||||
}
|
}
|
||||||
if (alreadyLoaded) {
|
if (alreadyLoaded) {
|
||||||
// There is some native code
|
// There is some native code
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">> Acquire default native Credentials");
|
DEBUG.println(">> Acquire default native Credentials");
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
result = acquireDefaultNativeCreds(
|
result = acquireDefaultNativeCreds(
|
||||||
|
@ -507,19 +508,19 @@ public class Credentials {
|
||||||
* Prints out debug info.
|
* Prints out debug info.
|
||||||
*/
|
*/
|
||||||
public static void printDebug(Credentials c) {
|
public static void printDebug(Credentials c) {
|
||||||
System.out.println(">>> DEBUG: ----Credentials----");
|
DEBUG.println(">>> DEBUG: ----Credentials----");
|
||||||
System.out.println("\tclient: " + c.client.toString());
|
DEBUG.println("\tclient: " + c.client.toString());
|
||||||
if (c.clientAlias != null)
|
if (c.clientAlias != null)
|
||||||
System.out.println("\tclient alias: " + c.clientAlias.toString());
|
DEBUG.println("\tclient alias: " + c.clientAlias.toString());
|
||||||
System.out.println("\tserver: " + c.server.toString());
|
DEBUG.println("\tserver: " + c.server.toString());
|
||||||
if (c.serverAlias != null)
|
if (c.serverAlias != null)
|
||||||
System.out.println("\tserver alias: " + c.serverAlias.toString());
|
DEBUG.println("\tserver alias: " + c.serverAlias.toString());
|
||||||
System.out.println("\tticket: sname: " + c.ticket.sname.toString());
|
DEBUG.println("\tticket: sname: " + c.ticket.sname.toString());
|
||||||
if (c.startTime != null) {
|
if (c.startTime != null) {
|
||||||
System.out.println("\tstartTime: " + c.startTime.getTime());
|
DEBUG.println("\tstartTime: " + c.startTime.getTime());
|
||||||
}
|
}
|
||||||
System.out.println("\tendTime: " + c.endTime.getTime());
|
DEBUG.println("\tendTime: " + c.endTime.getTime());
|
||||||
System.out.println(" ----Credentials end----");
|
DEBUG.println(" ----Credentials end----");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -42,6 +42,8 @@ import sun.security.krb5.internal.ccache.CCacheOutputStream;
|
||||||
import javax.crypto.spec.DESKeySpec;
|
import javax.crypto.spec.DESKeySpec;
|
||||||
import javax.crypto.spec.DESedeKeySpec;
|
import javax.crypto.spec.DESedeKeySpec;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class encapsulates the concept of an EncryptionKey. An encryption
|
* This class encapsulates the concept of an EncryptionKey. An encryption
|
||||||
* key is defined in RFC 4120 as:
|
* key is defined in RFC 4120 as:
|
||||||
|
@ -74,8 +76,6 @@ public class EncryptionKey
|
||||||
private byte[] keyValue;
|
private byte[] keyValue;
|
||||||
private Integer kvno; // not part of ASN1 encoding;
|
private Integer kvno; // not part of ASN1 encoding;
|
||||||
|
|
||||||
private static final boolean DEBUG = Krb5.DEBUG;
|
|
||||||
|
|
||||||
public synchronized int getEType() {
|
public synchronized int getEType() {
|
||||||
return keyType;
|
return keyType;
|
||||||
}
|
}
|
||||||
|
@ -186,8 +186,8 @@ public class EncryptionKey
|
||||||
stringToKey(password, salt, null, etypes[i]),
|
stringToKey(password, salt, null, etypes[i]),
|
||||||
etypes[i], null);
|
etypes[i], null);
|
||||||
} else {
|
} else {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Encryption Type " +
|
DEBUG.println("Encryption Type " +
|
||||||
EType.toString(etypes[i]) +
|
EType.toString(etypes[i]) +
|
||||||
" is not supported/enabled");
|
" is not supported/enabled");
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -49,6 +49,8 @@ import java.util.HashSet;
|
||||||
import java.util.Iterator;
|
import java.util.Iterator;
|
||||||
import sun.security.krb5.internal.KRBError;
|
import sun.security.krb5.internal.KRBError;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* KDC-REQ/KDC-REP communication. No more base class for KrbAsReq and
|
* KDC-REQ/KDC-REP communication. No more base class for KrbAsReq and
|
||||||
* KrbTgsReq. This class is now communication only.
|
* KrbTgsReq. This class is now communication only.
|
||||||
|
@ -72,8 +74,6 @@ public final class KdcComm {
|
||||||
*/
|
*/
|
||||||
private static int defaultUdpPrefLimit;
|
private static int defaultUdpPrefLimit;
|
||||||
|
|
||||||
private static final boolean DEBUG = Krb5.DEBUG;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* What to do when a KDC is unavailable, specified in the
|
* What to do when a KDC is unavailable, specified in the
|
||||||
* java.security file with key krb5.kdc.bad.policy.
|
* java.security file with key krb5.kdc.bad.policy.
|
||||||
|
@ -118,8 +118,8 @@ public final class KdcComm {
|
||||||
} catch (NumberFormatException nfe) {
|
} catch (NumberFormatException nfe) {
|
||||||
// Ignored. Please note that tryLess is recognized and
|
// Ignored. Please note that tryLess is recognized and
|
||||||
// used, parameters using default values
|
// used, parameters using default values
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Invalid krb5.kdc.bad.policy" +
|
DEBUG.println("Invalid krb5.kdc.bad.policy" +
|
||||||
" parameter for tryLess: " +
|
" parameter for tryLess: " +
|
||||||
value + ", use default");
|
value + ", use default");
|
||||||
}
|
}
|
||||||
|
@ -151,8 +151,8 @@ public final class KdcComm {
|
||||||
udp_pref_limit = parsePositiveIntString(temp);
|
udp_pref_limit = parsePositiveIntString(temp);
|
||||||
} catch (Exception exc) {
|
} catch (Exception exc) {
|
||||||
// ignore any exceptions; use default values
|
// ignore any exceptions; use default values
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println ("Exception in getting KDC communication " +
|
DEBUG.println ("Exception in getting KDC communication " +
|
||||||
"settings, using default value " +
|
"settings, using default value " +
|
||||||
exc.getMessage());
|
exc.getMessage());
|
||||||
}
|
}
|
||||||
|
@ -276,10 +276,10 @@ public final class KdcComm {
|
||||||
KdcAccessibility.removeBad(tempKdc);
|
KdcAccessibility.removeBad(tempKdc);
|
||||||
return ibuf;
|
return ibuf;
|
||||||
} catch(Exception e) {
|
} catch(Exception e) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> KrbKdcReq send: error trying " +
|
DEBUG.println(">>> KrbKdcReq send: error trying " +
|
||||||
tempKdc);
|
tempKdc);
|
||||||
e.printStackTrace(System.out);
|
e.printStackTrace(DEBUG.getPrintStream());
|
||||||
}
|
}
|
||||||
KdcAccessibility.addBad(tempKdc);
|
KdcAccessibility.addBad(tempKdc);
|
||||||
throw e;
|
throw e;
|
||||||
|
@ -345,8 +345,8 @@ public final class KdcComm {
|
||||||
}
|
}
|
||||||
|
|
||||||
byte[] obuf = req.encoding();
|
byte[] obuf = req.encoding();
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> KrbKdcReq send: kdc=" + kdc
|
DEBUG.println(">>> KrbKdcReq send: kdc=" + kdc
|
||||||
+ (useTCP ? " TCP:":" UDP:")
|
+ (useTCP ? " TCP:":" UDP:")
|
||||||
+ port + ", timeout="
|
+ port + ", timeout="
|
||||||
+ timeout
|
+ timeout
|
||||||
|
@ -360,8 +360,8 @@ public final class KdcComm {
|
||||||
try {
|
try {
|
||||||
@SuppressWarnings("removal")
|
@SuppressWarnings("removal")
|
||||||
byte[] ibuf = AccessController.doPrivileged(kdcCommunication);
|
byte[] ibuf = AccessController.doPrivileged(kdcCommunication);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> KrbKdcReq send: #bytes read="
|
DEBUG.println(">>> KrbKdcReq send: #bytes read="
|
||||||
+ (ibuf != null ? ibuf.length : 0));
|
+ (ibuf != null ? ibuf.length : 0));
|
||||||
}
|
}
|
||||||
return ibuf;
|
return ibuf;
|
||||||
|
@ -404,8 +404,8 @@ public final class KdcComm {
|
||||||
|
|
||||||
for (int i=1; i <= retries; i++) {
|
for (int i=1; i <= retries; i++) {
|
||||||
String proto = useTCP?"TCP":"UDP";
|
String proto = useTCP?"TCP":"UDP";
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> KDCCommunication: kdc=" + kdc
|
DEBUG.println(">>> KDCCommunication: kdc=" + kdc
|
||||||
+ " " + proto + ":"
|
+ " " + proto + ":"
|
||||||
+ port + ", timeout="
|
+ port + ", timeout="
|
||||||
+ timeout
|
+ timeout
|
||||||
|
@ -418,8 +418,8 @@ public final class KdcComm {
|
||||||
ibuf = kdcClient.receive();
|
ibuf = kdcClient.receive();
|
||||||
break;
|
break;
|
||||||
} catch (SocketTimeoutException se) {
|
} catch (SocketTimeoutException se) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println ("SocketTimeOutException with " +
|
DEBUG.println ("SocketTimeOutException with " +
|
||||||
"attempt: " + i);
|
"attempt: " + i);
|
||||||
}
|
}
|
||||||
if (i == retries) {
|
if (i == retries) {
|
||||||
|
@ -518,15 +518,15 @@ public final class KdcComm {
|
||||||
private static Set<String> bads = new HashSet<>();
|
private static Set<String> bads = new HashSet<>();
|
||||||
|
|
||||||
private static synchronized void addBad(String kdc) {
|
private static synchronized void addBad(String kdc) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> KdcAccessibility: add " + kdc);
|
DEBUG.println(">>> KdcAccessibility: add " + kdc);
|
||||||
}
|
}
|
||||||
bads.add(kdc);
|
bads.add(kdc);
|
||||||
}
|
}
|
||||||
|
|
||||||
private static synchronized void removeBad(String kdc) {
|
private static synchronized void removeBad(String kdc) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> KdcAccessibility: remove " + kdc);
|
DEBUG.println(">>> KdcAccessibility: remove " + kdc);
|
||||||
}
|
}
|
||||||
bads.remove(kdc);
|
bads.remove(kdc);
|
||||||
}
|
}
|
||||||
|
@ -536,8 +536,8 @@ public final class KdcComm {
|
||||||
}
|
}
|
||||||
|
|
||||||
private static synchronized void reset() {
|
private static synchronized void reset() {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> KdcAccessibility: reset");
|
DEBUG.println(">>> KdcAccessibility: reset");
|
||||||
}
|
}
|
||||||
bads.clear();
|
bads.clear();
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -42,6 +42,8 @@ import java.security.MessageDigest;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import sun.security.krb5.internal.rcache.AuthTimeWithHash;
|
import sun.security.krb5.internal.rcache.AuthTimeWithHash;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class encapsulates a KRB-AP-REQ that a client sends to a
|
* This class encapsulates a KRB-AP-REQ that a client sends to a
|
||||||
* server for authentication.
|
* server for authentication.
|
||||||
|
@ -57,7 +59,6 @@ public class KrbApReq {
|
||||||
|
|
||||||
// Used by acceptor side
|
// Used by acceptor side
|
||||||
private static ReplayCache rcache = ReplayCache.getInstance();
|
private static ReplayCache rcache = ReplayCache.getInstance();
|
||||||
private static boolean DEBUG = Krb5.DEBUG;
|
|
||||||
private static final char[] hexConst = "0123456789ABCDEF".toCharArray();
|
private static final char[] hexConst = "0123456789ABCDEF".toCharArray();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -109,8 +110,8 @@ public class KrbApReq {
|
||||||
APOptions apOptions = (mutualRequired?
|
APOptions apOptions = (mutualRequired?
|
||||||
new APOptions(Krb5.AP_OPTS_MUTUAL_REQUIRED):
|
new APOptions(Krb5.AP_OPTS_MUTUAL_REQUIRED):
|
||||||
new APOptions());
|
new APOptions());
|
||||||
if (DEBUG)
|
if (DEBUG != null)
|
||||||
System.out.println(">>> KrbApReq: APOptions are " + apOptions);
|
DEBUG.println(">>> KrbApReq: APOptions are " + apOptions);
|
||||||
|
|
||||||
EncryptionKey subKey = (useSubKey?
|
EncryptionKey subKey = (useSubKey?
|
||||||
new EncryptionKey(tgsCred.getSessionKey()):
|
new EncryptionKey(tgsCred.getSessionKey()):
|
||||||
|
@ -329,8 +330,8 @@ public class KrbApReq {
|
||||||
HostAddress sender = new HostAddress(initiator);
|
HostAddress sender = new HostAddress(initiator);
|
||||||
if (enc_ticketPart.caddr != null
|
if (enc_ticketPart.caddr != null
|
||||||
&& !enc_ticketPart.caddr.inList(sender)) {
|
&& !enc_ticketPart.caddr.inList(sender)) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> KrbApReq: initiator is "
|
DEBUG.println(">>> KrbApReq: initiator is "
|
||||||
+ sender.getInetAddress()
|
+ sender.getInetAddress()
|
||||||
+ ", but caddr is "
|
+ ", but caddr is "
|
||||||
+ Arrays.toString(
|
+ Arrays.toString(
|
||||||
|
@ -374,8 +375,8 @@ public class KrbApReq {
|
||||||
enc_ticketPart.renewTill,
|
enc_ticketPart.renewTill,
|
||||||
enc_ticketPart.caddr,
|
enc_ticketPart.caddr,
|
||||||
enc_ticketPart.authorizationData);
|
enc_ticketPart.authorizationData);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> KrbApReq: authenticate succeed.");
|
DEBUG.println(">>> KrbApReq: authenticate succeed.");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -40,6 +40,8 @@ import java.util.Objects;
|
||||||
import javax.security.auth.kerberos.KeyTab;
|
import javax.security.auth.kerberos.KeyTab;
|
||||||
import sun.security.jgss.krb5.Krb5Util;
|
import sun.security.jgss.krb5.Krb5Util;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class encapsulates a AS-REP message that the KDC sends to the
|
* This class encapsulates a AS-REP message that the KDC sends to the
|
||||||
* client.
|
* client.
|
||||||
|
@ -51,8 +53,6 @@ final class KrbAsRep extends KrbKdcRep {
|
||||||
// message, created by initiator after calling
|
// message, created by initiator after calling
|
||||||
// the decrypt() method
|
// the decrypt() method
|
||||||
|
|
||||||
private boolean DEBUG = Krb5.DEBUG;
|
|
||||||
|
|
||||||
KrbAsRep(byte[] ibuf) throws
|
KrbAsRep(byte[] ibuf) throws
|
||||||
KrbException, Asn1Exception, IOException {
|
KrbException, Asn1Exception, IOException {
|
||||||
DerValue encoding = new DerValue(ibuf);
|
DerValue encoding = new DerValue(ibuf);
|
||||||
|
@ -75,8 +75,8 @@ final class KrbAsRep extends KrbKdcRep {
|
||||||
// no text sent from server
|
// no text sent from server
|
||||||
ke = new KrbException(err);
|
ke = new KrbException(err);
|
||||||
} else {
|
} else {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("KRBError received: " + eText);
|
DEBUG.println("KRBError received: " + eText);
|
||||||
}
|
}
|
||||||
// override default text with server text
|
// override default text with server text
|
||||||
ke = new KrbException(err, eText);
|
ke = new KrbException(err, eText);
|
||||||
|
@ -175,8 +175,8 @@ final class KrbAsRep extends KrbKdcRep {
|
||||||
enc_part.endtime,
|
enc_part.endtime,
|
||||||
enc_part.renewTill,
|
enc_part.renewTill,
|
||||||
enc_part.caddr);
|
enc_part.caddr);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> KrbAsRep cons in KrbAsReq.getReply " +
|
DEBUG.println(">>> KrbAsRep cons in KrbAsReq.getReply " +
|
||||||
req.reqBody.cname.getNameString());
|
req.reqBody.cname.getNameString());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -38,6 +38,8 @@ import java.io.IOException;
|
||||||
import java.time.Instant;
|
import java.time.Instant;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class encapsulates the KRB-AS-REQ message that the client
|
* This class encapsulates the KRB-AS-REQ message that the client
|
||||||
* sends to the KDC.
|
* sends to the KDC.
|
||||||
|
@ -45,8 +47,6 @@ import java.util.Arrays;
|
||||||
public class KrbAsReq extends KrbKdcReq {
|
public class KrbAsReq extends KrbKdcReq {
|
||||||
private ASReq asReqMessg;
|
private ASReq asReqMessg;
|
||||||
|
|
||||||
private boolean DEBUG = Krb5.DEBUG;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructs an AS-REQ message.
|
* Constructs an AS-REQ message.
|
||||||
*/
|
*/
|
||||||
|
@ -110,8 +110,8 @@ public class KrbAsReq extends KrbKdcReq {
|
||||||
"default realm not specified ");
|
"default realm not specified ");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> KrbAsReq creating message");
|
DEBUG.println(">>> KrbAsReq creating message");
|
||||||
}
|
}
|
||||||
|
|
||||||
Config cfg = Config.getInstance();
|
Config cfg = Config.getInstance();
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2010, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2010, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -37,6 +37,8 @@ import sun.security.krb5.internal.Krb5;
|
||||||
import sun.security.krb5.internal.PAData;
|
import sun.security.krb5.internal.PAData;
|
||||||
import sun.security.krb5.internal.crypto.EType;
|
import sun.security.krb5.internal.crypto.EType;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A manager class for AS-REQ communications.
|
* A manager class for AS-REQ communications.
|
||||||
*
|
*
|
||||||
|
@ -348,8 +350,8 @@ public final class KrbAsReqBuilder {
|
||||||
if (!preAuthFailedOnce && (
|
if (!preAuthFailedOnce && (
|
||||||
ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED ||
|
ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED ||
|
||||||
ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED)) {
|
ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED)) {
|
||||||
if (Krb5.DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("KrbAsReqBuilder: " +
|
DEBUG.println("KrbAsReqBuilder: " +
|
||||||
"PREAUTH FAILED/REQ, re-send AS-REQ");
|
"PREAUTH FAILED/REQ, re-send AS-REQ");
|
||||||
}
|
}
|
||||||
preAuthFailedOnce = true;
|
preAuthFailedOnce = true;
|
||||||
|
@ -403,8 +405,8 @@ public final class KrbAsReqBuilder {
|
||||||
.getBooleanObject("libdefaults", "canonicalize") ==
|
.getBooleanObject("libdefaults", "canonicalize") ==
|
||||||
Boolean.TRUE;
|
Boolean.TRUE;
|
||||||
} catch (KrbException e) {
|
} catch (KrbException e) {
|
||||||
if (Krb5.DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Exception in getting canonicalize," +
|
DEBUG.println("Exception in getting canonicalize," +
|
||||||
" using default value " +
|
" using default value " +
|
||||||
Boolean.valueOf(canonicalizeConfig) + ": " +
|
Boolean.valueOf(canonicalizeConfig) + ": " +
|
||||||
e.getMessage());
|
e.getMessage());
|
||||||
|
@ -450,8 +452,8 @@ public final class KrbAsReqBuilder {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (count < Config.MAX_REFERRALS && sendCanonicalize) {
|
if (count < Config.MAX_REFERRALS && sendCanonicalize) {
|
||||||
if (Krb5.DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("KrbAsReqBuilder: AS-REQ failed." +
|
DEBUG.println("KrbAsReqBuilder: AS-REQ failed." +
|
||||||
" Retrying with CANONICALIZE false.");
|
" Retrying with CANONICALIZE false.");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -37,6 +37,8 @@ import java.io.IOException;
|
||||||
|
|
||||||
import sun.security.util.DerValue;
|
import sun.security.util.DerValue;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class encapsulates the KRB-CRED message that a client uses to
|
* This class encapsulates the KRB-CRED message that a client uses to
|
||||||
* send its delegated credentials to a server.
|
* send its delegated credentials to a server.
|
||||||
|
@ -46,8 +48,6 @@ import sun.security.util.DerValue;
|
||||||
*/
|
*/
|
||||||
public class KrbCred {
|
public class KrbCred {
|
||||||
|
|
||||||
private static boolean DEBUG = Krb5.DEBUG;
|
|
||||||
|
|
||||||
private byte[] obuf = null;
|
private byte[] obuf = null;
|
||||||
private KRBCred credMessg = null;
|
private KRBCred credMessg = null;
|
||||||
private Ticket ticket = null;
|
private Ticket ticket = null;
|
||||||
|
@ -144,8 +144,8 @@ public class KrbCred {
|
||||||
PrincipalName sname = credInfo.sname;
|
PrincipalName sname = credInfo.sname;
|
||||||
HostAddresses caddr = credInfo.caddr;
|
HostAddresses caddr = credInfo.caddr;
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>>Delegated Creds have pname=" + pname
|
DEBUG.println(">>>Delegated Creds have pname=" + pname
|
||||||
+ " sname=" + sname
|
+ " sname=" + sname
|
||||||
+ " authtime=" + authtime
|
+ " authtime=" + authtime
|
||||||
+ " starttime=" + starttime
|
+ " starttime=" + starttime
|
||||||
|
|
|
@ -34,6 +34,8 @@ import sun.security.krb5.internal.*;
|
||||||
import sun.security.krb5.internal.crypto.KeyUsage;
|
import sun.security.krb5.internal.crypto.KeyUsage;
|
||||||
import sun.security.util.DerInputStream;
|
import sun.security.util.DerInputStream;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
abstract class KrbKdcRep {
|
abstract class KrbKdcRep {
|
||||||
|
|
||||||
static void check(
|
static void check(
|
||||||
|
@ -86,8 +88,8 @@ abstract class KrbKdcRep {
|
||||||
for (int i = 2; i < 6; i++) {
|
for (int i = 2; i < 6; i++) {
|
||||||
if (req.reqBody.kdcOptions.get(i) !=
|
if (req.reqBody.kdcOptions.get(i) !=
|
||||||
rep.encKDCRepPart.flags.get(i)) {
|
rep.encKDCRepPart.flags.get(i)) {
|
||||||
if (Krb5.DEBUG) {
|
if (DEBUG == null) {
|
||||||
System.out.println("> KrbKdcRep.check: at #" + i
|
DEBUG.println("> KrbKdcRep.check: at #" + i
|
||||||
+ ". request for " + req.reqBody.kdcOptions.get(i)
|
+ ". request for " + req.reqBody.kdcOptions.get(i)
|
||||||
+ ", received " + rep.encKDCRepPart.flags.get(i));
|
+ ", received " + rep.encKDCRepPart.flags.get(i));
|
||||||
}
|
}
|
||||||
|
@ -171,8 +173,8 @@ abstract class KrbKdcRep {
|
||||||
req.asn1Encode(), replyKey,
|
req.asn1Encode(), replyKey,
|
||||||
KeyUsage.KU_AS_REQ);
|
KeyUsage.KU_AS_REQ);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
if (Krb5.DEBUG) {
|
if (DEBUG != null) {
|
||||||
e.printStackTrace();
|
e.printStackTrace(DEBUG.getPrintStream());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2011, 2023, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2011, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -33,6 +33,7 @@ import java.util.Iterator;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Vector;
|
import java.util.Vector;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
public class SCDynamicStoreConfig {
|
public class SCDynamicStoreConfig {
|
||||||
private static native void installNotificationCallback();
|
private static native void installNotificationCallback();
|
||||||
|
@ -42,7 +43,6 @@ public class SCDynamicStoreConfig {
|
||||||
* (realm kdc* null) null (mapping-domain mapping-realm)*
|
* (realm kdc* null) null (mapping-domain mapping-realm)*
|
||||||
*/
|
*/
|
||||||
private static native List<String> getKerberosConfig();
|
private static native List<String> getKerberosConfig();
|
||||||
private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
|
|
||||||
|
|
||||||
static {
|
static {
|
||||||
@SuppressWarnings("removal")
|
@SuppressWarnings("removal")
|
||||||
|
@ -72,7 +72,7 @@ public class SCDynamicStoreConfig {
|
||||||
throw new IOException(
|
throw new IOException(
|
||||||
"Could not load configuration from SCDynamicStore");
|
"Could not load configuration from SCDynamicStore");
|
||||||
}
|
}
|
||||||
if (DEBUG) System.out.println("Raw map from JNI: " + list);
|
if (DEBUG != null) DEBUG.println("Raw map from JNI: " + list);
|
||||||
|
|
||||||
Hashtable<String,Object> v = new Hashtable<>();
|
Hashtable<String,Object> v = new Hashtable<>();
|
||||||
Hashtable<String,Object> realms = new Hashtable<>();
|
Hashtable<String,Object> realms = new Hashtable<>();
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2001, 2023, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2001, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -37,6 +37,8 @@ import java.io.IOException;
|
||||||
import java.util.LinkedList;
|
import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class is a utility that contains much of the TGS-Exchange
|
* This class is a utility that contains much of the TGS-Exchange
|
||||||
* protocol. It is used by ../Credentials.java for service ticket
|
* protocol. It is used by ../Credentials.java for service ticket
|
||||||
|
@ -44,8 +46,6 @@ import java.util.List;
|
||||||
*/
|
*/
|
||||||
public class CredentialsUtil {
|
public class CredentialsUtil {
|
||||||
|
|
||||||
private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
|
|
||||||
|
|
||||||
private static enum S4U2Type {
|
private static enum S4U2Type {
|
||||||
NONE, SELF, PROXY
|
NONE, SELF, PROXY
|
||||||
}
|
}
|
||||||
|
@ -193,8 +193,8 @@ public class CredentialsUtil {
|
||||||
for (cTgt = localTGT, i = 0; i < realms.length;) {
|
for (cTgt = localTGT, i = 0; i < realms.length;) {
|
||||||
tempService = PrincipalName.tgsService(serviceRealm, realms[i]);
|
tempService = PrincipalName.tgsService(serviceRealm, realms[i]);
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(
|
DEBUG.println(
|
||||||
">>> Credentials acquireServiceCreds: main loop: ["
|
">>> Credentials acquireServiceCreds: main loop: ["
|
||||||
+ i +"] tempService=" + tempService);
|
+ i +"] tempService=" + tempService);
|
||||||
}
|
}
|
||||||
|
@ -206,8 +206,8 @@ public class CredentialsUtil {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (newTgt == null) {
|
if (newTgt == null) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> Credentials acquireServiceCreds: "
|
DEBUG.println(">>> Credentials acquireServiceCreds: "
|
||||||
+ "no tgt; searching thru capath");
|
+ "no tgt; searching thru capath");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -217,8 +217,8 @@ public class CredentialsUtil {
|
||||||
for (newTgt = null, k = i+1;
|
for (newTgt = null, k = i+1;
|
||||||
newTgt == null && k < realms.length; k++) {
|
newTgt == null && k < realms.length; k++) {
|
||||||
tempService = PrincipalName.tgsService(realms[k], realms[i]);
|
tempService = PrincipalName.tgsService(realms[k], realms[i]);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(
|
DEBUG.println(
|
||||||
">>> Credentials acquireServiceCreds: "
|
">>> Credentials acquireServiceCreds: "
|
||||||
+ "inner loop: [" + k
|
+ "inner loop: [" + k
|
||||||
+ "] tempService=" + tempService);
|
+ "] tempService=" + tempService);
|
||||||
|
@ -232,8 +232,8 @@ public class CredentialsUtil {
|
||||||
} // Ends 'if (newTgt == null)'
|
} // Ends 'if (newTgt == null)'
|
||||||
|
|
||||||
if (newTgt == null) {
|
if (newTgt == null) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> Credentials acquireServiceCreds: "
|
DEBUG.println(">>> Credentials acquireServiceCreds: "
|
||||||
+ "no tgt; cannot get creds");
|
+ "no tgt; cannot get creds");
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
@ -245,16 +245,16 @@ public class CredentialsUtil {
|
||||||
*/
|
*/
|
||||||
newTgtRealm = newTgt.getServer().getInstanceComponent();
|
newTgtRealm = newTgt.getServer().getInstanceComponent();
|
||||||
if (okAsDelegate[0] && !newTgt.checkDelegate()) {
|
if (okAsDelegate[0] && !newTgt.checkDelegate()) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> Credentials acquireServiceCreds: " +
|
DEBUG.println(">>> Credentials acquireServiceCreds: " +
|
||||||
"global OK-AS-DELEGATE turned off at " +
|
"global OK-AS-DELEGATE turned off at " +
|
||||||
newTgt.getServer());
|
newTgt.getServer());
|
||||||
}
|
}
|
||||||
okAsDelegate[0] = false;
|
okAsDelegate[0] = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> Credentials acquireServiceCreds: "
|
DEBUG.println(">>> Credentials acquireServiceCreds: "
|
||||||
+ "got tgt");
|
+ "got tgt");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -283,8 +283,8 @@ public class CredentialsUtil {
|
||||||
i = k;
|
i = k;
|
||||||
cTgt = newTgt;
|
cTgt = newTgt;
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> Credentials acquireServiceCreds: "
|
DEBUG.println(">>> Credentials acquireServiceCreds: "
|
||||||
+ "continuing with main loop counter reset to " + i);
|
+ "continuing with main loop counter reset to " + i);
|
||||||
}
|
}
|
||||||
continue;
|
continue;
|
||||||
|
@ -453,10 +453,10 @@ public class CredentialsUtil {
|
||||||
String serviceRealm = refSname.getRealmString();
|
String serviceRealm = refSname.getRealmString();
|
||||||
if (!serviceRealm.equals(tgtRealm)) {
|
if (!serviceRealm.equals(tgtRealm)) {
|
||||||
// This is a cross-realm service request
|
// This is a cross-realm service request
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> serviceCredsSingle:" +
|
DEBUG.println(">>> serviceCredsSingle:" +
|
||||||
" cross-realm authentication");
|
" cross-realm authentication");
|
||||||
System.out.println(">>> serviceCredsSingle:" +
|
DEBUG.println(">>> serviceCredsSingle:" +
|
||||||
" obtaining credentials from " + tgtRealm +
|
" obtaining credentials from " + tgtRealm +
|
||||||
" to " + serviceRealm);
|
" to " + serviceRealm);
|
||||||
}
|
}
|
||||||
|
@ -465,8 +465,8 @@ public class CredentialsUtil {
|
||||||
if (newTgt == null) {
|
if (newTgt == null) {
|
||||||
throw new KrbException("No service creds");
|
throw new KrbException("No service creds");
|
||||||
}
|
}
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> Cross-realm TGT Credentials" +
|
DEBUG.println(">>> Cross-realm TGT Credentials" +
|
||||||
" serviceCredsSingle: ");
|
" serviceCredsSingle: ");
|
||||||
Credentials.printDebug(newTgt);
|
Credentials.printDebug(newTgt);
|
||||||
}
|
}
|
||||||
|
@ -475,16 +475,16 @@ public class CredentialsUtil {
|
||||||
}
|
}
|
||||||
asCreds = newTgt;
|
asCreds = newTgt;
|
||||||
cname = asCreds.getClient();
|
cname = asCreds.getClient();
|
||||||
} else if (DEBUG) {
|
} else if (DEBUG != null) {
|
||||||
System.out.println(">>> Credentials serviceCredsSingle:" +
|
DEBUG.println(">>> Credentials serviceCredsSingle:" +
|
||||||
" same realm");
|
" same realm");
|
||||||
}
|
}
|
||||||
KrbTgsReq req = new KrbTgsReq(options, asCreds, cname, clientAlias,
|
KrbTgsReq req = new KrbTgsReq(options, asCreds, cname, clientAlias,
|
||||||
refSname, sname, additionalCreds, extraPAs);
|
refSname, sname, additionalCreds, extraPAs);
|
||||||
theCreds = req.sendAndGetCreds();
|
theCreds = req.sendAndGetCreds();
|
||||||
if (theCreds != null) {
|
if (theCreds != null) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> TGS credentials serviceCredsSingle:");
|
DEBUG.println(">>> TGS credentials serviceCredsSingle:");
|
||||||
Credentials.printDebug(theCreds);
|
Credentials.printDebug(theCreds);
|
||||||
}
|
}
|
||||||
if (!okAsDelegate[0]) {
|
if (!okAsDelegate[0]) {
|
||||||
|
@ -502,8 +502,8 @@ public class CredentialsUtil {
|
||||||
private static void handleS4U2SelfReferral(PAData[] pas,
|
private static void handleS4U2SelfReferral(PAData[] pas,
|
||||||
PrincipalName user, Credentials newCreds)
|
PrincipalName user, Credentials newCreds)
|
||||||
throws Asn1Exception, KrbException, IOException {
|
throws Asn1Exception, KrbException, IOException {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> Handling S4U2Self referral");
|
DEBUG.println(">>> Handling S4U2Self referral");
|
||||||
}
|
}
|
||||||
for (int i = 0; i < pas.length; i++) {
|
for (int i = 0; i < pas.length; i++) {
|
||||||
PAData pa = pas[i];
|
PAData pa = pas[i];
|
||||||
|
@ -539,8 +539,8 @@ public class CredentialsUtil {
|
||||||
private static String handleS4U2ProxyReferral(Credentials asCreds,
|
private static String handleS4U2ProxyReferral(Credentials asCreds,
|
||||||
Credentials[] credsInOut, PrincipalName sname)
|
Credentials[] credsInOut, PrincipalName sname)
|
||||||
throws KrbException, IOException {
|
throws KrbException, IOException {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> Handling S4U2Proxy referral");
|
DEBUG.println(">>> Handling S4U2Proxy referral");
|
||||||
}
|
}
|
||||||
Credentials refTGT = null;
|
Credentials refTGT = null;
|
||||||
// Get a credential for the middle service to the backend so we know
|
// Get a credential for the middle service to the backend so we know
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -31,7 +31,6 @@
|
||||||
|
|
||||||
package sun.security.krb5.internal;
|
package sun.security.krb5.internal;
|
||||||
|
|
||||||
import sun.security.krb5.Config;
|
|
||||||
import sun.security.krb5.Asn1Exception;
|
import sun.security.krb5.Asn1Exception;
|
||||||
import sun.security.util.*;
|
import sun.security.util.*;
|
||||||
import java.net.InetAddress;
|
import java.net.InetAddress;
|
||||||
|
@ -41,6 +40,7 @@ import java.net.UnknownHostException;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
/**
|
/**
|
||||||
* Implements the ASN.1 HostAddress type.
|
* Implements the ASN.1 HostAddress type.
|
||||||
*
|
*
|
||||||
|
@ -63,7 +63,6 @@ public class HostAddress implements Cloneable {
|
||||||
byte[] address = null;
|
byte[] address = null;
|
||||||
|
|
||||||
private static InetAddress localInetAddress; //caches local inet address
|
private static InetAddress localInetAddress; //caches local inet address
|
||||||
private static final boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
|
|
||||||
private volatile int hashCode = 0;
|
private volatile int hashCode = 0;
|
||||||
|
|
||||||
private HostAddress(int dummy) {}
|
private HostAddress(int dummy) {}
|
||||||
|
@ -191,10 +190,10 @@ public class HostAddress implements Cloneable {
|
||||||
if (new_address != null) {
|
if (new_address != null) {
|
||||||
address = new_address.clone();
|
address = new_address.clone();
|
||||||
}
|
}
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
if (addrType == Krb5.ADDRTYPE_INET ||
|
if (addrType == Krb5.ADDRTYPE_INET ||
|
||||||
addrType == Krb5.ADDRTYPE_INET6) {
|
addrType == Krb5.ADDRTYPE_INET6) {
|
||||||
System.out.println("Host address is " +
|
DEBUG.println("Host address is " +
|
||||||
InetAddress.getByAddress(address));
|
InetAddress.getByAddress(address));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -42,6 +42,8 @@ import java.util.*;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import sun.security.krb5.internal.ccache.CCacheOutputStream;
|
import sun.security.krb5.internal.ccache.CCacheOutputStream;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Implements the ASN.1 HostAddresses type.
|
* Implements the ASN.1 HostAddresses type.
|
||||||
*
|
*
|
||||||
|
@ -64,7 +66,6 @@ import sun.security.krb5.internal.ccache.CCacheOutputStream;
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public class HostAddresses implements Cloneable {
|
public class HostAddresses implements Cloneable {
|
||||||
private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
|
|
||||||
private HostAddress[] addresses = null;
|
private HostAddress[] addresses = null;
|
||||||
private volatile int hashCode = 0;
|
private volatile int hashCode = 0;
|
||||||
|
|
||||||
|
@ -276,25 +277,25 @@ public class HostAddresses implements Cloneable {
|
||||||
{
|
{
|
||||||
Set<InetAddress> all = new LinkedHashSet<>();
|
Set<InetAddress> all = new LinkedHashSet<>();
|
||||||
try {
|
try {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> KrbKdcReq local addresses are:");
|
DEBUG.println(">>> KrbKdcReq local addresses are:");
|
||||||
}
|
}
|
||||||
String extra = Config.getInstance().getAll(
|
String extra = Config.getInstance().getAll(
|
||||||
"libdefaults", "extra_addresses");
|
"libdefaults", "extra_addresses");
|
||||||
if (extra != null) {
|
if (extra != null) {
|
||||||
for (String s: extra.split("\\s+")) {
|
for (String s: extra.split("\\s+")) {
|
||||||
all.add(InetAddress.getByName(s));
|
all.add(InetAddress.getByName(s));
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(" extra_addresses: "
|
DEBUG.println(" extra_addresses: "
|
||||||
+ InetAddress.getByName(s));
|
+ InetAddress.getByName(s));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
for (NetworkInterface ni:
|
for (NetworkInterface ni:
|
||||||
Collections.list(NetworkInterface.getNetworkInterfaces())) {
|
Collections.list(NetworkInterface.getNetworkInterfaces())) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(" NetworkInterface " + ni + ":");
|
DEBUG.println(" NetworkInterface " + ni + ":");
|
||||||
System.out.println(" "
|
DEBUG.println(" "
|
||||||
+ Collections.list(ni.getInetAddresses()));
|
+ Collections.list(ni.getInetAddresses()));
|
||||||
}
|
}
|
||||||
all.addAll(Collections.list(ni.getInetAddresses()));
|
all.addAll(Collections.list(ni.getInetAddresses()));
|
||||||
|
|
|
@ -37,6 +37,8 @@ import sun.security.krb5.internal.util.KerberosFlags;
|
||||||
import sun.security.util.*;
|
import sun.security.util.*;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Implements the ASN.1 KDCOptions type.
|
* Implements the ASN.1 KDCOptions type.
|
||||||
*
|
*
|
||||||
|
@ -170,8 +172,6 @@ public class KDCOptions extends KerberosFlags {
|
||||||
"VALIDATE", //31;
|
"VALIDATE", //31;
|
||||||
};
|
};
|
||||||
|
|
||||||
private boolean DEBUG = Krb5.DEBUG;
|
|
||||||
|
|
||||||
public static KDCOptions with(int... flags) {
|
public static KDCOptions with(int... flags) {
|
||||||
KDCOptions options = new KDCOptions();
|
KDCOptions options = new KDCOptions();
|
||||||
for (int flag: flags) {
|
for (int flag: flags) {
|
||||||
|
@ -321,8 +321,8 @@ public class KDCOptions extends KerberosFlags {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} catch (KrbException e) {
|
} catch (KrbException e) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Exception in getting default values for " +
|
DEBUG.println("Exception in getting default values for " +
|
||||||
"KDC Options from the configuration ");
|
"KDC Options from the configuration ");
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
|
|
||||||
|
|
|
@ -35,6 +35,8 @@ import sun.security.util.*;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.math.BigInteger;
|
import java.math.BigInteger;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Implements the ASN.1 KDC-REP type.
|
* Implements the ASN.1 KDC-REP type.
|
||||||
*
|
*
|
||||||
|
@ -68,7 +70,6 @@ public class KDCRep {
|
||||||
private int pvno;
|
private int pvno;
|
||||||
private int msgType;
|
private int msgType;
|
||||||
public PAData[] pAData = null; //optional
|
public PAData[] pAData = null; //optional
|
||||||
private boolean DEBUG = Krb5.DEBUG;
|
|
||||||
|
|
||||||
public KDCRep(
|
public KDCRep(
|
||||||
PAData[] new_pAData,
|
PAData[] new_pAData,
|
||||||
|
@ -131,8 +132,8 @@ public class KDCRep {
|
||||||
KrbApErrException {
|
KrbApErrException {
|
||||||
DerValue der, subDer;
|
DerValue der, subDer;
|
||||||
if ((encoding.getTag() & 0x1F) != req_type) {
|
if ((encoding.getTag() & 0x1F) != req_type) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> KDCRep: init() " +
|
DEBUG.println(">>> KDCRep: init() " +
|
||||||
"encoding tag is " +
|
"encoding tag is " +
|
||||||
encoding.getTag() +
|
encoding.getTag() +
|
||||||
" req type is " + req_type);
|
" req type is " + req_type);
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -47,6 +47,8 @@ import java.util.List;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
|
|
||||||
import sun.security.krb5.internal.util.KerberosString;
|
import sun.security.krb5.internal.util.KerberosString;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
/**
|
/**
|
||||||
* Implements the ASN.1 KRBError type.
|
* Implements the ASN.1 KRBError type.
|
||||||
*
|
*
|
||||||
|
@ -103,8 +105,6 @@ public class KRBError implements java.io.Serializable {
|
||||||
|
|
||||||
private PAData[] pa; // PA-DATA in eData
|
private PAData[] pa; // PA-DATA in eData
|
||||||
|
|
||||||
private static boolean DEBUG = Krb5.DEBUG;
|
|
||||||
|
|
||||||
private void readObject(ObjectInputStream is)
|
private void readObject(ObjectInputStream is)
|
||||||
throws IOException, ClassNotFoundException {
|
throws IOException, ClassNotFoundException {
|
||||||
try {
|
try {
|
||||||
|
@ -232,16 +232,16 @@ public class KRBError implements java.io.Serializable {
|
||||||
// may fail.
|
// may fail.
|
||||||
parsePAData(data);
|
parsePAData(data);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Unable to parse eData field of KRB-ERROR:\n" +
|
DEBUG.println("Unable to parse eData field of KRB-ERROR:\n" +
|
||||||
new sun.security.util.HexDumpEncoder().encodeBuffer(data));
|
new sun.security.util.HexDumpEncoder().encodeBuffer(data));
|
||||||
}
|
}
|
||||||
throw new IOException(
|
throw new IOException(
|
||||||
"Unable to parse eData field of KRB-ERROR", e);
|
"Unable to parse eData field of KRB-ERROR", e);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Unknown eData field of KRB-ERROR:\n" +
|
DEBUG.println("Unknown eData field of KRB-ERROR:\n" +
|
||||||
new sun.security.util.HexDumpEncoder().encodeBuffer(data));
|
new sun.security.util.HexDumpEncoder().encodeBuffer(data));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -260,8 +260,8 @@ public class KRBError implements java.io.Serializable {
|
||||||
DerValue tmp = derPA.data.getDerValue();
|
DerValue tmp = derPA.data.getDerValue();
|
||||||
PAData pa_data = new PAData(tmp);
|
PAData pa_data = new PAData(tmp);
|
||||||
paList.add(pa_data);
|
paList.add(pa_data);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(pa_data);
|
DEBUG.println(pa_data.toString());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
pa = paList.toArray(new PAData[paList.size()]);
|
pa = paList.toArray(new PAData[paList.size()]);
|
||||||
|
@ -389,35 +389,35 @@ public class KRBError implements java.io.Serializable {
|
||||||
* For debug use only
|
* For debug use only
|
||||||
*/
|
*/
|
||||||
private void showDebug() {
|
private void showDebug() {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>>KRBError:");
|
DEBUG.println(">>>KRBError:");
|
||||||
if (cTime != null)
|
if (cTime != null)
|
||||||
System.out.println("\t cTime is " + cTime.toDate().toString() + " " + cTime.toDate().getTime());
|
DEBUG.println("\t cTime is " + cTime.toDate().toString() + " " + cTime.toDate().getTime());
|
||||||
if (cuSec != null) {
|
if (cuSec != null) {
|
||||||
System.out.println("\t cuSec is " + cuSec.intValue());
|
DEBUG.println("\t cuSec is " + cuSec.intValue());
|
||||||
}
|
}
|
||||||
|
|
||||||
System.out.println("\t sTime is " + sTime.toDate().toString
|
DEBUG.println("\t sTime is " + sTime.toDate().toString
|
||||||
() + " " + sTime.toDate().getTime());
|
() + " " + sTime.toDate().getTime());
|
||||||
System.out.println("\t suSec is " + suSec);
|
DEBUG.println("\t suSec is " + suSec);
|
||||||
System.out.println("\t error code is " + errorCode);
|
DEBUG.println("\t error code is " + errorCode);
|
||||||
System.out.println("\t error Message is " + Krb5.getErrorMessage(errorCode));
|
DEBUG.println("\t error Message is " + Krb5.getErrorMessage(errorCode));
|
||||||
if (crealm != null) {
|
if (crealm != null) {
|
||||||
System.out.println("\t crealm is " + crealm.toString());
|
DEBUG.println("\t crealm is " + crealm.toString());
|
||||||
}
|
}
|
||||||
if (cname != null) {
|
if (cname != null) {
|
||||||
System.out.println("\t cname is " + cname.toString());
|
DEBUG.println("\t cname is " + cname.toString());
|
||||||
}
|
}
|
||||||
if (sname != null) {
|
if (sname != null) {
|
||||||
System.out.println("\t sname is " + sname.toString());
|
DEBUG.println("\t sname is " + sname.toString());
|
||||||
}
|
}
|
||||||
if (eData != null) {
|
if (eData != null) {
|
||||||
System.out.println("\t eData provided.");
|
DEBUG.println("\t eData provided.");
|
||||||
}
|
}
|
||||||
if (eCksum != null) {
|
if (eCksum != null) {
|
||||||
System.out.println("\t checksum provided.");
|
DEBUG.println("\t checksum provided.");
|
||||||
}
|
}
|
||||||
System.out.println("\t msgType is " + msgType);
|
DEBUG.println("\t msgType is " + msgType);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -43,6 +43,8 @@ import java.util.Calendar;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
import java.util.TimeZone;
|
import java.util.TimeZone;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Implements the ASN.1 KerberosTime type. This is an immutable class.
|
* Implements the ASN.1 KerberosTime type. This is an immutable class.
|
||||||
*
|
*
|
||||||
|
@ -72,8 +74,6 @@ public class KerberosTime {
|
||||||
private static long initMilli = System.currentTimeMillis();
|
private static long initMilli = System.currentTimeMillis();
|
||||||
private static long initMicro = System.nanoTime() / 1000;
|
private static long initMicro = System.nanoTime() / 1000;
|
||||||
|
|
||||||
private static boolean DEBUG = Krb5.DEBUG;
|
|
||||||
|
|
||||||
// Do not make this public. It's a little confusing that micro
|
// Do not make this public. It's a little confusing that micro
|
||||||
// is only the last 3 digits of microsecond.
|
// is only the last 3 digits of microsecond.
|
||||||
private KerberosTime(long time, int micro) {
|
private KerberosTime(long time, int micro) {
|
||||||
|
@ -144,8 +144,8 @@ public class KerberosTime {
|
||||||
long microElapsed = newMicro - initMicro;
|
long microElapsed = newMicro - initMicro;
|
||||||
long calcMilli = initMilli + microElapsed/1000;
|
long calcMilli = initMilli + microElapsed/1000;
|
||||||
if (calcMilli - newMilli > 100 || newMilli - calcMilli > 100) {
|
if (calcMilli - newMilli > 100 || newMilli - calcMilli > 100) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("System time adjusted");
|
DEBUG.println("System time adjusted");
|
||||||
}
|
}
|
||||||
initMilli = newMilli;
|
initMilli = newMilli;
|
||||||
initMicro = newMicro;
|
initMicro = newMicro;
|
||||||
|
@ -297,8 +297,8 @@ public class KerberosTime {
|
||||||
tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
|
tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
|
||||||
}
|
}
|
||||||
} catch (KrbException e) {
|
} catch (KrbException e) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Exception in getting clockskew from " +
|
DEBUG.println("Exception in getting clockskew from " +
|
||||||
"Configuration " +
|
"Configuration " +
|
||||||
"using default value: " +
|
"using default value: " +
|
||||||
e.getMessage());
|
e.getMessage());
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -31,7 +31,8 @@
|
||||||
|
|
||||||
package sun.security.krb5.internal;
|
package sun.security.krb5.internal;
|
||||||
|
|
||||||
import sun.security.action.GetBooleanAction;
|
import sun.security.action.GetPropertyAction;
|
||||||
|
import sun.security.util.Debug;
|
||||||
|
|
||||||
import java.util.Hashtable;
|
import java.util.Hashtable;
|
||||||
|
|
||||||
|
@ -315,8 +316,8 @@ public class Krb5 {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Warning: used by NativeCreds.c
|
// Warning: used by NativeCreds.c
|
||||||
public static final boolean DEBUG = GetBooleanAction
|
public static final Debug DEBUG = Debug.of("krb5", GetPropertyAction
|
||||||
.privilegedGetProperty("sun.security.krb5.debug");
|
.privilegedGetProperty("sun.security.krb5.debug"));
|
||||||
|
|
||||||
public static final sun.security.util.HexDumpEncoder hexDumper =
|
public static final sun.security.util.HexDumpEncoder hexDumper =
|
||||||
new sun.security.util.HexDumpEncoder();
|
new sun.security.util.HexDumpEncoder();
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -35,6 +35,8 @@ import java.io.*;
|
||||||
import java.net.*;
|
import java.net.*;
|
||||||
import sun.security.util.IOUtils;
|
import sun.security.util.IOUtils;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
public abstract class NetClient implements AutoCloseable {
|
public abstract class NetClient implements AutoCloseable {
|
||||||
public static NetClient getInstance(String protocol, String hostname, int port,
|
public static NetClient getInstance(String protocol, String hostname, int port,
|
||||||
int timeout) throws IOException {
|
int timeout) throws IOException {
|
||||||
|
@ -81,21 +83,21 @@ class TCPClient extends NetClient {
|
||||||
int count = readFully(lenField, 4);
|
int count = readFully(lenField, 4);
|
||||||
|
|
||||||
if (count != 4) {
|
if (count != 4) {
|
||||||
if (Krb5.DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(
|
DEBUG.println(
|
||||||
">>>DEBUG: TCPClient could not read length field");
|
">>>DEBUG: TCPClient could not read length field");
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
int len = networkByteOrderToInt(lenField, 0, 4);
|
int len = networkByteOrderToInt(lenField, 0, 4);
|
||||||
if (Krb5.DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(
|
DEBUG.println(
|
||||||
">>>DEBUG: TCPClient reading " + len + " bytes");
|
">>>DEBUG: TCPClient reading " + len + " bytes");
|
||||||
}
|
}
|
||||||
if (len <= 0) {
|
if (len <= 0) {
|
||||||
if (Krb5.DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(
|
DEBUG.println(
|
||||||
">>>DEBUG: TCPClient zero or negative length field: "+len);
|
">>>DEBUG: TCPClient zero or negative length field: "+len);
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
|
@ -104,8 +106,8 @@ class TCPClient extends NetClient {
|
||||||
try {
|
try {
|
||||||
return IOUtils.readExactlyNBytes(in, len);
|
return IOUtils.readExactlyNBytes(in, len);
|
||||||
} catch (IOException ioe) {
|
} catch (IOException ioe) {
|
||||||
if (Krb5.DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(
|
DEBUG.println(
|
||||||
">>>DEBUG: TCPClient could not read complete packet (" +
|
">>>DEBUG: TCPClient could not read complete packet (" +
|
||||||
len + "/" + count + ")");
|
len + "/" + count + ")");
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2022, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -42,6 +42,8 @@ import sun.security.krb5.internal.*;
|
||||||
import sun.security.krb5.internal.util.KrbDataInputStream;
|
import sun.security.krb5.internal.util.KrbDataInputStream;
|
||||||
import sun.security.util.IOUtils;
|
import sun.security.util.IOUtils;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class extends KrbDataInputStream. It is used for parsing FCC-format
|
* This class extends KrbDataInputStream. It is used for parsing FCC-format
|
||||||
* data from file to memory.
|
* data from file to memory.
|
||||||
|
@ -67,8 +69,6 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||||
*/
|
*/
|
||||||
/* V4 of the credentials cache format allows for header tags */
|
/* V4 of the credentials cache format allows for header tags */
|
||||||
|
|
||||||
private static final boolean DEBUG = Krb5.DEBUG;
|
|
||||||
|
|
||||||
public CCacheInputStream(InputStream is){
|
public CCacheInputStream(InputStream is){
|
||||||
super(is);
|
super(is);
|
||||||
}
|
}
|
||||||
|
@ -212,8 +212,8 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||||
addrType = read(2);
|
addrType = read(2);
|
||||||
addrLength = readLength4();
|
addrLength = readLength4();
|
||||||
if (!(addrLength == 4 || addrLength == 16)) {
|
if (!(addrLength == 4 || addrLength == 16)) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Incorrect address format.");
|
DEBUG.println("Incorrect address format.");
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -280,7 +280,7 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||||
flags[10] = true;
|
flags[10] = true;
|
||||||
if ((ticketFlags & 0x00100000) == TKT_FLG_HW_AUTH)
|
if ((ticketFlags & 0x00100000) == TKT_FLG_HW_AUTH)
|
||||||
flags[11] = true;
|
flags[11] = true;
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
String msg = ">>> CCacheInputStream: readFlags() ";
|
String msg = ">>> CCacheInputStream: readFlags() ";
|
||||||
if (flags[1] == true) {
|
if (flags[1] == true) {
|
||||||
msg += " FORWARDABLE;";
|
msg += " FORWARDABLE;";
|
||||||
|
@ -316,7 +316,7 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||||
if (flags[11] == true) {
|
if (flags[11] == true) {
|
||||||
msg += " HW_AUTH;";
|
msg += " HW_AUTH;";
|
||||||
}
|
}
|
||||||
System.out.println(msg);
|
DEBUG.println(msg);
|
||||||
}
|
}
|
||||||
return flags;
|
return flags;
|
||||||
}
|
}
|
||||||
|
@ -336,8 +336,8 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||||
// Do not return here. All data for this cred should be fully
|
// Do not return here. All data for this cred should be fully
|
||||||
// consumed so that we can read the next one.
|
// consumed so that we can read the next one.
|
||||||
}
|
}
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>>DEBUG <CCacheInputStream> client principal is " + cpname);
|
DEBUG.println(">>>DEBUG <CCacheInputStream> client principal is " + cpname);
|
||||||
}
|
}
|
||||||
PrincipalName spname = null;
|
PrincipalName spname = null;
|
||||||
try {
|
try {
|
||||||
|
@ -345,12 +345,12 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
// same as above
|
// same as above
|
||||||
}
|
}
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>>DEBUG <CCacheInputStream> server principal is " + spname);
|
DEBUG.println(">>>DEBUG <CCacheInputStream> server principal is " + spname);
|
||||||
}
|
}
|
||||||
EncryptionKey key = readKey(version);
|
EncryptionKey key = readKey(version);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>>DEBUG <CCacheInputStream> key type: " + key.getEType());
|
DEBUG.println(">>>DEBUG <CCacheInputStream> key type: " + key.getEType());
|
||||||
}
|
}
|
||||||
long[] times = readTimes();
|
long[] times = readTimes();
|
||||||
KerberosTime authtime = new KerberosTime(times[0]);
|
KerberosTime authtime = new KerberosTime(times[0]);
|
||||||
|
@ -360,12 +360,12 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||||
KerberosTime renewTill =
|
KerberosTime renewTill =
|
||||||
(times[3]==0) ? null : new KerberosTime(times[3]);
|
(times[3]==0) ? null : new KerberosTime(times[3]);
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>>DEBUG <CCacheInputStream> auth time: " + authtime.toDate().toString());
|
DEBUG.println(">>>DEBUG <CCacheInputStream> auth time: " + authtime.toDate().toString());
|
||||||
System.out.println(">>>DEBUG <CCacheInputStream> start time: " +
|
DEBUG.println(">>>DEBUG <CCacheInputStream> start time: " +
|
||||||
((starttime==null)?"null":starttime.toDate().toString()));
|
((starttime==null)?"null":starttime.toDate().toString()));
|
||||||
System.out.println(">>>DEBUG <CCacheInputStream> end time: " + endtime.toDate().toString());
|
DEBUG.println(">>>DEBUG <CCacheInputStream> end time: " + endtime.toDate().toString());
|
||||||
System.out.println(">>>DEBUG <CCacheInputStream> renew_till time: " +
|
DEBUG.println(">>>DEBUG <CCacheInputStream> renew_till time: " +
|
||||||
((renewTill==null)?"null":renewTill.toDate().toString()));
|
((renewTill==null)?"null":renewTill.toDate().toString()));
|
||||||
}
|
}
|
||||||
boolean skey = readskey();
|
boolean skey = readskey();
|
||||||
|
@ -404,8 +404,8 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||||
ticketData != null ? new Ticket(ticketData) : null,
|
ticketData != null ? new Ticket(ticketData) : null,
|
||||||
ticketData2 != null ? new Ticket(ticketData2) : null);
|
ticketData2 != null ? new Ticket(ticketData2) : null);
|
||||||
} catch (Exception e) { // If any of new Ticket(*) fails.
|
} catch (Exception e) { // If any of new Ticket(*) fails.
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
e.printStackTrace(System.out);
|
e.printStackTrace(DEBUG.getPrintStream());
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -54,6 +54,7 @@ import java.io.BufferedReader;
|
||||||
import java.io.InputStreamReader;
|
import java.io.InputStreamReader;
|
||||||
|
|
||||||
import static java.nio.charset.StandardCharsets.ISO_8859_1;
|
import static java.nio.charset.StandardCharsets.ISO_8859_1;
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* CredentialsCache stores credentials(tickets, session keys, etc.) in a
|
* CredentialsCache stores credentials(tickets, session keys, etc.) in a
|
||||||
|
@ -70,7 +71,6 @@ public class FileCredentialsCache extends CredentialsCache
|
||||||
public Tag tag; // optional
|
public Tag tag; // optional
|
||||||
public PrincipalName primaryPrincipal;
|
public PrincipalName primaryPrincipal;
|
||||||
private Vector<Credentials> credentialsList;
|
private Vector<Credentials> credentialsList;
|
||||||
private static final boolean DEBUG = Krb5.DEBUG;
|
|
||||||
|
|
||||||
public static synchronized FileCredentialsCache acquireInstance(
|
public static synchronized FileCredentialsCache acquireInstance(
|
||||||
PrincipalName principal, String cache) {
|
PrincipalName principal, String cache) {
|
||||||
|
@ -92,8 +92,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||||
return fcc;
|
return fcc;
|
||||||
} catch (IOException | KrbException e) {
|
} catch (IOException | KrbException e) {
|
||||||
// we don't handle it now, instead we return a null at the end.
|
// we don't handle it now, instead we return a null at the end.
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
e.printStackTrace();
|
e.printStackTrace(DEBUG.getPrintStream());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
|
@ -128,8 +128,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||||
return fcc;
|
return fcc;
|
||||||
}
|
}
|
||||||
catch (IOException | KrbException e) {
|
catch (IOException | KrbException e) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
e.printStackTrace();
|
e.printStackTrace(DEBUG.getPrintStream());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
|
@ -213,8 +213,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||||
tmp.sname.getRealmString()))) {
|
tmp.sname.getRealmString()))) {
|
||||||
matched = true;
|
matched = true;
|
||||||
if (c.endtime.getTime() >= tmp.endtime.getTime()) {
|
if (c.endtime.getTime() >= tmp.endtime.getTime()) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(" >>> FileCredentialsCache "
|
DEBUG.println(" >>> FileCredentialsCache "
|
||||||
+ "Ticket matched, overwrite "
|
+ "Ticket matched, overwrite "
|
||||||
+ "the old one.");
|
+ "the old one.");
|
||||||
}
|
}
|
||||||
|
@ -224,8 +224,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!matched) {
|
if (!matched) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(" >>> FileCredentialsCache Ticket "
|
DEBUG.println(" >>> FileCredentialsCache Ticket "
|
||||||
+ "not exactly matched, "
|
+ "not exactly matched, "
|
||||||
+ "add new one into cache.");
|
+ "add new one into cache.");
|
||||||
}
|
}
|
||||||
|
@ -349,8 +349,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||||
|
|
||||||
CredentialsCache.ConfigEntry entry = getConfigEntry("proxy_impersonator");
|
CredentialsCache.ConfigEntry entry = getConfigEntry("proxy_impersonator");
|
||||||
if (entry == null) {
|
if (entry == null) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("get normal credential");
|
DEBUG.println("get normal credential");
|
||||||
}
|
}
|
||||||
return tgt;
|
return tgt;
|
||||||
}
|
}
|
||||||
|
@ -363,8 +363,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||||
}
|
}
|
||||||
switch (prop) {
|
switch (prop) {
|
||||||
case "no-impersonate": // never try impersonation
|
case "no-impersonate": // never try impersonation
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("get normal credential");
|
DEBUG.println("get normal credential");
|
||||||
}
|
}
|
||||||
return tgt;
|
return tgt;
|
||||||
case "try-impersonate":
|
case "try-impersonate":
|
||||||
|
@ -382,8 +382,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||||
PrincipalName service = new PrincipalName(
|
PrincipalName service = new PrincipalName(
|
||||||
new String(entry.getData(), StandardCharsets.UTF_8));
|
new String(entry.getData(), StandardCharsets.UTF_8));
|
||||||
if (!tgt.getClient().equals(service)) {
|
if (!tgt.getClient().equals(service)) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("proxy_impersonator does not match service name");
|
DEBUG.println("proxy_impersonator does not match service name");
|
||||||
}
|
}
|
||||||
return force ? null : tgt;
|
return force ? null : tgt;
|
||||||
}
|
}
|
||||||
|
@ -397,18 +397,18 @@ public class FileCredentialsCache extends CredentialsCache
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (proxy == null) {
|
if (proxy == null) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Cannot find evidence ticket in ccache");
|
DEBUG.println("Cannot find evidence ticket in ccache");
|
||||||
}
|
}
|
||||||
return force ? null : tgt;
|
return force ? null : tgt;
|
||||||
}
|
}
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Get proxied credential");
|
DEBUG.println("Get proxied credential");
|
||||||
}
|
}
|
||||||
return tgt.setProxy(proxy.setKrbCreds());
|
return tgt.setProxy(proxy.setKrbCreds());
|
||||||
} catch (KrbException e) {
|
} catch (KrbException e) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Impersonation with ccache failed");
|
DEBUG.println("Impersonation with ccache failed");
|
||||||
}
|
}
|
||||||
return force ? null : tgt;
|
return force ? null : tgt;
|
||||||
}
|
}
|
||||||
|
@ -460,8 +460,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||||
return cache;
|
return cache;
|
||||||
});
|
});
|
||||||
if (name != null) {
|
if (name != null) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>>KinitOptions cache name is " + name);
|
DEBUG.println(">>>KinitOptions cache name is " + name);
|
||||||
}
|
}
|
||||||
return name;
|
return name;
|
||||||
}
|
}
|
||||||
|
@ -482,14 +482,14 @@ public class FileCredentialsCache extends CredentialsCache
|
||||||
if (uid != -1) {
|
if (uid != -1) {
|
||||||
name = File.separator + "tmp" +
|
name = File.separator + "tmp" +
|
||||||
File.separator + stdCacheNameComponent + "_" + uid;
|
File.separator + stdCacheNameComponent + "_" + uid;
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>>KinitOptions cache name is " +
|
DEBUG.println(">>>KinitOptions cache name is " +
|
||||||
name);
|
name);
|
||||||
}
|
}
|
||||||
return name;
|
return name;
|
||||||
} else {
|
} else {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Error in obtaining uid " +
|
DEBUG.println("Error in obtaining uid " +
|
||||||
"for Unix platforms " +
|
"for Unix platforms " +
|
||||||
"Using user's home directory");
|
"Using user's home directory");
|
||||||
}
|
}
|
||||||
|
@ -513,8 +513,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||||
name = user_home + File.separator + stdCacheNameComponent;
|
name = user_home + File.separator + stdCacheNameComponent;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>>KinitOptions cache name is " + name);
|
DEBUG.println(">>>KinitOptions cache name is " + name);
|
||||||
}
|
}
|
||||||
|
|
||||||
return name;
|
return name;
|
||||||
|
@ -562,8 +562,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||||
try {
|
try {
|
||||||
return (Runtime.getRuntime().exec(command));
|
return (Runtime.getRuntime().exec(command));
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
e.printStackTrace();
|
e.printStackTrace(DEBUG.getPrintStream());
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -592,8 +592,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||||
commandResult.close();
|
commandResult.close();
|
||||||
return s1;
|
return s1;
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
e.printStackTrace();
|
e.printStackTrace(DEBUG.getPrintStream());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -35,9 +35,9 @@ import sun.security.krb5.Checksum;
|
||||||
import sun.security.krb5.KrbCryptoException;
|
import sun.security.krb5.KrbCryptoException;
|
||||||
import sun.security.krb5.internal.*;
|
import sun.security.krb5.internal.*;
|
||||||
|
|
||||||
public abstract class CksumType {
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
private static boolean DEBUG = Krb5.DEBUG;
|
public abstract class CksumType {
|
||||||
|
|
||||||
public static CksumType getInstance(int cksumTypeConst)
|
public static CksumType getInstance(int cksumTypeConst)
|
||||||
throws KdcErrException {
|
throws KdcErrException {
|
||||||
|
@ -121,8 +121,8 @@ public abstract class CksumType {
|
||||||
default:
|
default:
|
||||||
throw new KdcErrException(Krb5.KDC_ERR_SUMTYPE_NOSUPP);
|
throw new KdcErrException(Krb5.KDC_ERR_SUMTYPE_NOSUPP);
|
||||||
}
|
}
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> CksumType: " + cksumTypeName);
|
DEBUG.println(">>> CksumType: " + cksumTypeName);
|
||||||
}
|
}
|
||||||
return cksumType;
|
return cksumType;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -42,13 +42,13 @@ import java.util.Arrays;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
//only needed if dataSize() implementation changes back to spec;
|
//only needed if dataSize() implementation changes back to spec;
|
||||||
//see dataSize() below
|
//see dataSize() below
|
||||||
|
|
||||||
public abstract class EType {
|
public abstract class EType {
|
||||||
|
|
||||||
private static final boolean DEBUG = Krb5.DEBUG;
|
|
||||||
|
|
||||||
// etypes supported by JDK, including weak ones
|
// etypes supported by JDK, including weak ones
|
||||||
private static int[] supportedETypes;
|
private static int[] supportedETypes;
|
||||||
// common default etypes if not defined in krb5.conf
|
// common default etypes if not defined in krb5.conf
|
||||||
|
@ -83,8 +83,8 @@ public abstract class EType {
|
||||||
allowWeakCrypto = cfg.getBooleanObject("libdefaults", "allow_weak_crypto")
|
allowWeakCrypto = cfg.getBooleanObject("libdefaults", "allow_weak_crypto")
|
||||||
== Boolean.TRUE;
|
== Boolean.TRUE;
|
||||||
} catch (Exception exc) {
|
} catch (Exception exc) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println ("Exception in getting allow_weak_crypto, " +
|
DEBUG.println ("Exception in getting allow_weak_crypto, " +
|
||||||
"using default value: " +
|
"using default value: " +
|
||||||
exc.getMessage());
|
exc.getMessage());
|
||||||
}
|
}
|
||||||
|
@ -160,8 +160,8 @@ public abstract class EType {
|
||||||
+ " (" + eTypeConst + ")";
|
+ " (" + eTypeConst + ")";
|
||||||
throw new KdcErrException(Krb5.KDC_ERR_ETYPE_NOSUPP, msg);
|
throw new KdcErrException(Krb5.KDC_ERR_ETYPE_NOSUPP, msg);
|
||||||
}
|
}
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> EType: " + eTypeName);
|
DEBUG.println(">>> EType: " + eTypeName);
|
||||||
}
|
}
|
||||||
return eType;
|
return eType;
|
||||||
}
|
}
|
||||||
|
@ -245,10 +245,10 @@ public abstract class EType {
|
||||||
try {
|
try {
|
||||||
config = Config.getInstance();
|
config = Config.getInstance();
|
||||||
} catch (KrbException exc) {
|
} catch (KrbException exc) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Exception while getting " +
|
DEBUG.println("Exception while getting " +
|
||||||
configName + ": " + exc.getMessage());
|
configName + ": " + exc.getMessage());
|
||||||
System.out.println("Using default builtin etypes");
|
DEBUG.println("Using default builtin etypes");
|
||||||
}
|
}
|
||||||
return getBuiltInDefaults();
|
return getBuiltInDefaults();
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,10 +33,11 @@ package sun.security.krb5.internal.crypto;
|
||||||
import java.security.MessageDigestSpi;
|
import java.security.MessageDigestSpi;
|
||||||
import java.security.DigestException;
|
import java.security.DigestException;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
public final class crc32 extends MessageDigestSpi implements Cloneable {
|
public final class crc32 extends MessageDigestSpi implements Cloneable {
|
||||||
private static final int CRC32_LENGTH = 4; //32-bit
|
private static final int CRC32_LENGTH = 4; //32-bit
|
||||||
private int seed;
|
private int seed;
|
||||||
private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
|
|
||||||
// buffer;
|
// buffer;
|
||||||
// private int bufferIndex, bufferLeft;
|
// private int bufferIndex, bufferLeft;
|
||||||
|
|
||||||
|
@ -259,9 +260,9 @@ public final class crc32 extends MessageDigestSpi implements Cloneable {
|
||||||
|
|
||||||
public static byte[] byte2crc32sum_bytes(byte[] data, int size) {
|
public static byte[] byte2crc32sum_bytes(byte[] data, int size) {
|
||||||
int temp = byte2crc32sum(0, data, size);
|
int temp = byte2crc32sum(0, data, size);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>>crc32: " + Integer.toHexString(temp));
|
DEBUG.println(">>>crc32: " + Integer.toHexString(temp));
|
||||||
System.out.println(">>>crc32: " + Integer.toBinaryString(temp));
|
DEBUG.println(">>>crc32: " + Integer.toBinaryString(temp));
|
||||||
}
|
}
|
||||||
return int2quad(temp);
|
return int2quad(temp);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -140,7 +140,7 @@ public class ArcFourCrypto extends DkCrypto {
|
||||||
int start, int len) throws GeneralSecurityException {
|
int start, int len) throws GeneralSecurityException {
|
||||||
|
|
||||||
if (debug) {
|
if (debug) {
|
||||||
System.out.println("ARCFOUR: calculateChecksum with usage = " +
|
System.err.println("ARCFOUR: calculateChecksum with usage = " +
|
||||||
usage);
|
usage);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -258,7 +258,7 @@ public class ArcFourCrypto extends DkCrypto {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (debug) {
|
if (debug) {
|
||||||
System.out.println("ArcFour: ENCRYPT with key usage = " + usage);
|
System.err.println("ArcFour: ENCRYPT with key usage = " + usage);
|
||||||
}
|
}
|
||||||
|
|
||||||
// get the confounder
|
// get the confounder
|
||||||
|
@ -313,7 +313,7 @@ public class ArcFourCrypto extends DkCrypto {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (debug) {
|
if (debug) {
|
||||||
System.out.println("\nARCFOUR: encryptRaw with usage = " + usage);
|
System.err.println("\nARCFOUR: encryptRaw with usage = " + usage);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Derive encryption key for data
|
// Derive encryption key for data
|
||||||
|
@ -352,7 +352,7 @@ public class ArcFourCrypto extends DkCrypto {
|
||||||
+ usage);
|
+ usage);
|
||||||
}
|
}
|
||||||
if (debug) {
|
if (debug) {
|
||||||
System.out.println("\nARCFOUR: DECRYPT using key usage = " + usage);
|
System.err.println("\nARCFOUR: DECRYPT using key usage = " + usage);
|
||||||
}
|
}
|
||||||
|
|
||||||
// compute K1
|
// compute K1
|
||||||
|
@ -424,7 +424,7 @@ public class ArcFourCrypto extends DkCrypto {
|
||||||
+ usage);
|
+ usage);
|
||||||
}
|
}
|
||||||
if (debug) {
|
if (debug) {
|
||||||
System.out.println("\nARCFOUR: decryptRaw with usage = " + usage);
|
System.err.println("\nARCFOUR: decryptRaw with usage = " + usage);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Derive encryption key for data
|
// Derive encryption key for data
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -49,6 +49,8 @@ import java.util.StringTokenizer;
|
||||||
import java.util.Vector;
|
import java.util.Vector;
|
||||||
import sun.security.jgss.krb5.ServiceCreds;
|
import sun.security.jgss.krb5.ServiceCreds;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class represents key table. The key table functions deal with storing
|
* This class represents key table. The key table functions deal with storing
|
||||||
* and retrieving service keys for use in authentication exchanges.
|
* and retrieving service keys for use in authentication exchanges.
|
||||||
|
@ -64,7 +66,6 @@ import sun.security.jgss.krb5.ServiceCreds;
|
||||||
*/
|
*/
|
||||||
public class KeyTab implements KeyTabConstants {
|
public class KeyTab implements KeyTabConstants {
|
||||||
|
|
||||||
private static final boolean DEBUG = Krb5.DEBUG;
|
|
||||||
private static String defaultTabName = null;
|
private static String defaultTabName = null;
|
||||||
|
|
||||||
// Attention: Currently there is no way to remove a keytab from this map,
|
// Attention: Currently there is no way to remove a keytab from this map,
|
||||||
|
@ -101,14 +102,14 @@ public class KeyTab implements KeyTabConstants {
|
||||||
} catch (FileNotFoundException e) {
|
} catch (FileNotFoundException e) {
|
||||||
entries.clear();
|
entries.clear();
|
||||||
isMissing = true;
|
isMissing = true;
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Cannot load keytab " + tabName + ": " + e);
|
DEBUG.println("Cannot load keytab " + tabName + ": " + e);
|
||||||
}
|
}
|
||||||
} catch (Exception ioe) {
|
} catch (Exception ioe) {
|
||||||
entries.clear();
|
entries.clear();
|
||||||
isValid = false;
|
isValid = false;
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Cannot load keytab " + tabName + ": " + ioe);
|
DEBUG.println("Cannot load keytab " + tabName + ": " + ioe);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -263,8 +264,8 @@ public class KeyTab implements KeyTabConstants {
|
||||||
while (kis.available() > 0) {
|
while (kis.available() > 0) {
|
||||||
entryLength = kis.readEntryLength();
|
entryLength = kis.readEntryLength();
|
||||||
entry = kis.readEntry(entryLength, kt_vno);
|
entry = kis.readEntry(entryLength, kt_vno);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> KeyTab: load() entry length: " +
|
DEBUG.println(">>> KeyTab: load() entry length: " +
|
||||||
entryLength + "; type: " +
|
entryLength + "; type: " +
|
||||||
(entry != null? entry.keyType : 0));
|
(entry != null? entry.keyType : 0));
|
||||||
}
|
}
|
||||||
|
@ -293,8 +294,8 @@ public class KeyTab implements KeyTabConstants {
|
||||||
EncryptionKey key;
|
EncryptionKey key;
|
||||||
int size = entries.size();
|
int size = entries.size();
|
||||||
ArrayList<EncryptionKey> keys = new ArrayList<>(size);
|
ArrayList<EncryptionKey> keys = new ArrayList<>(size);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Looking for keys for: " + service);
|
DEBUG.println("Looking for keys for: " + service);
|
||||||
}
|
}
|
||||||
for (int i = size-1; i >= 0; i--) {
|
for (int i = size-1; i >= 0; i--) {
|
||||||
entry = entries.elementAt(i);
|
entry = entries.elementAt(i);
|
||||||
|
@ -304,12 +305,12 @@ public class KeyTab implements KeyTabConstants {
|
||||||
entry.keyType,
|
entry.keyType,
|
||||||
entry.keyVersion);
|
entry.keyVersion);
|
||||||
keys.add(key);
|
keys.add(key);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Added key: " + entry.keyType +
|
DEBUG.println("Added key: " + entry.keyType +
|
||||||
", version: " + entry.keyVersion);
|
", version: " + entry.keyVersion);
|
||||||
}
|
}
|
||||||
} else if (DEBUG) {
|
} else if (DEBUG != null) {
|
||||||
System.out.println("Found unsupported keytype (" +
|
DEBUG.println("Found unsupported keytype (" +
|
||||||
entry.keyType + ") for " + service);
|
entry.keyType + ") for " + service);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -347,8 +348,8 @@ public class KeyTab implements KeyTabConstants {
|
||||||
if (entry.service.match(service)) {
|
if (entry.service.match(service)) {
|
||||||
if (EType.isSupported(entry.keyType)) {
|
if (EType.isSupported(entry.keyType)) {
|
||||||
return true;
|
return true;
|
||||||
} else if (DEBUG) {
|
} else if (DEBUG != null) {
|
||||||
System.out.println("Found unsupported keytype (" +
|
DEBUG.println("Found unsupported keytype (" +
|
||||||
entry.keyType + ") for " + service);
|
entry.keyType + ") for " + service);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -35,6 +35,7 @@ import sun.security.krb5.*;
|
||||||
import sun.security.krb5.internal.*;
|
import sun.security.krb5.internal.*;
|
||||||
|
|
||||||
import static java.nio.charset.StandardCharsets.ISO_8859_1;
|
import static java.nio.charset.StandardCharsets.ISO_8859_1;
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class represents a Key Table entry. Each entry contains the service principal of
|
* This class represents a Key Table entry. Each entry contains the service principal of
|
||||||
|
@ -49,7 +50,6 @@ public class KeyTabEntry implements KeyTabConstants {
|
||||||
int keyVersion;
|
int keyVersion;
|
||||||
int keyType;
|
int keyType;
|
||||||
byte[] keyblock = null;
|
byte[] keyblock = null;
|
||||||
boolean DEBUG = Krb5.DEBUG;
|
|
||||||
|
|
||||||
public KeyTabEntry (PrincipalName new_service, Realm new_realm, KerberosTime new_time,
|
public KeyTabEntry (PrincipalName new_service, Realm new_realm, KerberosTime new_time,
|
||||||
int new_keyVersion, int new_keyType, byte[] new_keyblock) {
|
int new_keyVersion, int new_keyType, byte[] new_keyblock) {
|
||||||
|
@ -95,8 +95,8 @@ public class KeyTabEntry implements KeyTabConstants {
|
||||||
+ timestampSize + keyVersionSize
|
+ timestampSize + keyVersionSize
|
||||||
+ keyTypeSize + keySize + keyblock.length;
|
+ keyTypeSize + keySize + keyblock.length;
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> KeyTabEntry: key tab entry size is " + size);
|
DEBUG.println(">>> KeyTabEntry: key tab entry size is " + size);
|
||||||
}
|
}
|
||||||
return size;
|
return size;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -39,6 +39,8 @@ import sun.security.krb5.internal.util.KrbDataInputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class implements a buffered input stream. It is used for parsing key table
|
* This class implements a buffered input stream. It is used for parsing key table
|
||||||
* data to memory.
|
* data to memory.
|
||||||
|
@ -48,7 +50,6 @@ import java.io.InputStream;
|
||||||
*/
|
*/
|
||||||
public class KeyTabInputStream extends KrbDataInputStream implements KeyTabConstants {
|
public class KeyTabInputStream extends KrbDataInputStream implements KeyTabConstants {
|
||||||
|
|
||||||
boolean DEBUG = Krb5.DEBUG;
|
|
||||||
int index;
|
int index;
|
||||||
|
|
||||||
public KeyTabInputStream(InputStream is) {
|
public KeyTabInputStream(InputStream is) {
|
||||||
|
@ -151,8 +152,8 @@ public class KeyTabInputStream extends KrbDataInputStream implements KeyTabConst
|
||||||
read(bytes, 0, length);
|
read(bytes, 0, length);
|
||||||
index -= length;
|
index -= length;
|
||||||
name = new String(bytes);
|
name = new String(bytes);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> KeyTabInputStream, readName(): " + name);
|
DEBUG.println(">>> KeyTabInputStream, readName(): " + name);
|
||||||
}
|
}
|
||||||
return name;
|
return name;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2013, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -38,6 +38,8 @@ import sun.security.krb5.internal.KerberosTime;
|
||||||
import sun.security.krb5.internal.KrbApErrException;
|
import sun.security.krb5.internal.KrbApErrException;
|
||||||
import sun.security.krb5.internal.ReplayCache;
|
import sun.security.krb5.internal.ReplayCache;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class stores replay caches. AuthTimeWithHash objects are categorized
|
* This class stores replay caches. AuthTimeWithHash objects are categorized
|
||||||
* into AuthLists keyed by the names of client and server.
|
* into AuthLists keyed by the names of client and server.
|
||||||
|
@ -48,7 +50,6 @@ public class MemoryCache extends ReplayCache {
|
||||||
|
|
||||||
// TODO: One day we'll need to read dynamic krb5.conf.
|
// TODO: One day we'll need to read dynamic krb5.conf.
|
||||||
private static final int lifespan = KerberosTime.getDefaultSkew();
|
private static final int lifespan = KerberosTime.getDefaultSkew();
|
||||||
private static final boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
|
|
||||||
|
|
||||||
private final Map<String,AuthList> content = new ConcurrentHashMap<>();
|
private final Map<String,AuthList> content = new ConcurrentHashMap<>();
|
||||||
|
|
||||||
|
@ -58,8 +59,8 @@ public class MemoryCache extends ReplayCache {
|
||||||
String key = time.client + "|" + time.server;
|
String key = time.client + "|" + time.server;
|
||||||
content.computeIfAbsent(key, k -> new AuthList(lifespan))
|
content.computeIfAbsent(key, k -> new AuthList(lifespan))
|
||||||
.put(time, currTime);
|
.put(time, currTime);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("MemoryCache: add " + time + " to " + key);
|
DEBUG.println("MemoryCache: add " + time + " to " + key);
|
||||||
}
|
}
|
||||||
// TODO: clean up AuthList entries with only expired AuthTimeWithHash objects.
|
// TODO: clean up AuthList entries with only expired AuthTimeWithHash objects.
|
||||||
}
|
}
|
||||||
|
|
|
@ -99,9 +99,9 @@ Java_sun_security_jgss_wrapper_GSSLibStub_init(JNIEnv *env,
|
||||||
MAX_MSG_SIZE,
|
MAX_MSG_SIZE,
|
||||||
NULL);
|
NULL);
|
||||||
if (0 == dwRes) {
|
if (0 == dwRes) {
|
||||||
printf("GSS-API: Unknown failure %d\n", dwError);
|
TRACE1("GSS-API: Unknown failure %d", dwError);
|
||||||
} else {
|
} else {
|
||||||
printf("GSS-API: %s\n",szMsgBuf);
|
TRACE1("GSS-API: %s",szMsgBuf);
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
char* error = dlerror();
|
char* error = dlerror();
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -106,7 +106,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
|
||||||
/* Retrieve and store the classes in global ref */
|
/* Retrieve and store the classes in global ref */
|
||||||
cls = (*env)->FindClass(env, "java/lang/Object");
|
cls = (*env)->FindClass(env, "java/lang/Object");
|
||||||
if (cls == NULL) {
|
if (cls == NULL) {
|
||||||
printf("Couldn't find Object class\n");
|
fprintf(stderr, "Couldn't find Object class\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
CLS_Object = (*env)->NewGlobalRef(env, cls);
|
CLS_Object = (*env)->NewGlobalRef(env, cls);
|
||||||
|
@ -115,7 +115,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
|
||||||
}
|
}
|
||||||
cls = (*env)->FindClass(env, "java/lang/String");
|
cls = (*env)->FindClass(env, "java/lang/String");
|
||||||
if (cls == NULL) {
|
if (cls == NULL) {
|
||||||
printf("Couldn't find String class\n");
|
fprintf(stderr, "Couldn't find String class\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
CLS_String = (*env)->NewGlobalRef(env, cls);
|
CLS_String = (*env)->NewGlobalRef(env, cls);
|
||||||
|
@ -124,7 +124,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
|
||||||
}
|
}
|
||||||
cls = (*env)->FindClass(env, "org/ietf/jgss/Oid");
|
cls = (*env)->FindClass(env, "org/ietf/jgss/Oid");
|
||||||
if (cls == NULL) {
|
if (cls == NULL) {
|
||||||
printf("Couldn't find org.ietf.jgss.Oid class\n");
|
fprintf(stderr, "Couldn't find org.ietf.jgss.Oid class\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
CLS_Oid = (*env)->NewGlobalRef(env, cls);
|
CLS_Oid = (*env)->NewGlobalRef(env, cls);
|
||||||
|
@ -133,7 +133,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
|
||||||
}
|
}
|
||||||
cls = (*env)->FindClass(env, "org/ietf/jgss/GSSException");
|
cls = (*env)->FindClass(env, "org/ietf/jgss/GSSException");
|
||||||
if (cls == NULL) {
|
if (cls == NULL) {
|
||||||
printf("Couldn't find org.ietf.jgss.GSSException class\n");
|
fprintf(stderr, "Couldn't find org.ietf.jgss.GSSException class\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
CLS_GSSException = (*env)->NewGlobalRef(env, cls);
|
CLS_GSSException = (*env)->NewGlobalRef(env, cls);
|
||||||
|
@ -142,7 +142,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
|
||||||
}
|
}
|
||||||
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/GSSNameElement");
|
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/GSSNameElement");
|
||||||
if (cls == NULL) {
|
if (cls == NULL) {
|
||||||
printf("Couldn't find sun.security.jgss.wrapper.GSSNameElement class\n");
|
fprintf(stderr, "Couldn't find sun.security.jgss.wrapper.GSSNameElement class\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
CLS_GSSNameElement = (*env)->NewGlobalRef(env, cls);
|
CLS_GSSNameElement = (*env)->NewGlobalRef(env, cls);
|
||||||
|
@ -151,7 +151,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
|
||||||
}
|
}
|
||||||
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/GSSCredElement");
|
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/GSSCredElement");
|
||||||
if (cls == NULL) {
|
if (cls == NULL) {
|
||||||
printf("Couldn't find sun.security.jgss.wrapper.GSSCredElement class\n");
|
fprintf(stderr, "Couldn't find sun.security.jgss.wrapper.GSSCredElement class\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
CLS_GSSCredElement = (*env)->NewGlobalRef(env, cls);
|
CLS_GSSCredElement = (*env)->NewGlobalRef(env, cls);
|
||||||
|
@ -160,7 +160,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
|
||||||
}
|
}
|
||||||
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/NativeGSSContext");
|
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/NativeGSSContext");
|
||||||
if (cls == NULL) {
|
if (cls == NULL) {
|
||||||
printf("Couldn't find sun.security.jgss.wrapper.NativeGSSContext class\n");
|
fprintf(stderr, "Couldn't find sun.security.jgss.wrapper.NativeGSSContext class\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
CLS_NativeGSSContext = (*env)->NewGlobalRef(env, cls);
|
CLS_NativeGSSContext = (*env)->NewGlobalRef(env, cls);
|
||||||
|
@ -169,7 +169,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
|
||||||
}
|
}
|
||||||
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/SunNativeProvider");
|
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/SunNativeProvider");
|
||||||
if (cls == NULL) {
|
if (cls == NULL) {
|
||||||
printf("Couldn't find sun.security.jgss.wrapper.SunNativeProvider class\n");
|
fprintf(stderr, "Couldn't find sun.security.jgss.wrapper.SunNativeProvider class\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
CLS_SunNativeProvider = (*env)->NewGlobalRef(env, cls);
|
CLS_SunNativeProvider = (*env)->NewGlobalRef(env, cls);
|
||||||
|
@ -180,115 +180,115 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
|
||||||
MID_String_ctor = (*env)->GetMethodID(env, CLS_String,
|
MID_String_ctor = (*env)->GetMethodID(env, CLS_String,
|
||||||
"<init>", "([B)V");
|
"<init>", "([B)V");
|
||||||
if (MID_String_ctor == NULL) {
|
if (MID_String_ctor == NULL) {
|
||||||
printf("Couldn't find String(byte[]) constructor\n");
|
fprintf(stderr, "Couldn't find String(byte[]) constructor\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
MID_Oid_ctor1 =
|
MID_Oid_ctor1 =
|
||||||
(*env)->GetMethodID(env, CLS_Oid, "<init>", "([B)V");
|
(*env)->GetMethodID(env, CLS_Oid, "<init>", "([B)V");
|
||||||
if (MID_Oid_ctor1 == NULL) {
|
if (MID_Oid_ctor1 == NULL) {
|
||||||
printf("Couldn't find Oid(byte[]) constructor\n");
|
fprintf(stderr, "Couldn't find Oid(byte[]) constructor\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
MID_Oid_getDER = (*env)->GetMethodID(env, CLS_Oid, "getDER", "()[B");
|
MID_Oid_getDER = (*env)->GetMethodID(env, CLS_Oid, "getDER", "()[B");
|
||||||
if (MID_Oid_getDER == NULL) {
|
if (MID_Oid_getDER == NULL) {
|
||||||
printf("Couldn't find Oid.getDER() method\n");
|
fprintf(stderr, "Couldn't find Oid.getDER() method\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
cls = (*env)->FindClass(env, "org/ietf/jgss/MessageProp");
|
cls = (*env)->FindClass(env, "org/ietf/jgss/MessageProp");
|
||||||
if (cls == NULL) {
|
if (cls == NULL) {
|
||||||
printf("Couldn't find org.ietf.jgss.MessageProp class\n");
|
fprintf(stderr, "Couldn't find org.ietf.jgss.MessageProp class\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
MID_MessageProp_getPrivacy =
|
MID_MessageProp_getPrivacy =
|
||||||
(*env)->GetMethodID(env, cls, "getPrivacy", "()Z");
|
(*env)->GetMethodID(env, cls, "getPrivacy", "()Z");
|
||||||
if (MID_MessageProp_getPrivacy == NULL) {
|
if (MID_MessageProp_getPrivacy == NULL) {
|
||||||
printf("Couldn't find MessageProp.getPrivacy() method\n");
|
fprintf(stderr, "Couldn't find MessageProp.getPrivacy() method\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
MID_MessageProp_getQOP = (*env)->GetMethodID(env, cls, "getQOP", "()I");
|
MID_MessageProp_getQOP = (*env)->GetMethodID(env, cls, "getQOP", "()I");
|
||||||
if (MID_MessageProp_getQOP == NULL) {
|
if (MID_MessageProp_getQOP == NULL) {
|
||||||
printf("Couldn't find MessageProp.getQOP() method\n");
|
fprintf(stderr, "Couldn't find MessageProp.getQOP() method\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
MID_MessageProp_setPrivacy =
|
MID_MessageProp_setPrivacy =
|
||||||
(*env)->GetMethodID(env, cls, "setPrivacy", "(Z)V");
|
(*env)->GetMethodID(env, cls, "setPrivacy", "(Z)V");
|
||||||
if (MID_MessageProp_setPrivacy == NULL) {
|
if (MID_MessageProp_setPrivacy == NULL) {
|
||||||
printf("Couldn't find MessageProp.setPrivacy(boolean) method\n");
|
fprintf(stderr, "Couldn't find MessageProp.setPrivacy(boolean) method\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
MID_MessageProp_setQOP = (*env)->GetMethodID(env, cls, "setQOP", "(I)V");
|
MID_MessageProp_setQOP = (*env)->GetMethodID(env, cls, "setQOP", "(I)V");
|
||||||
if (MID_MessageProp_setQOP == NULL) {
|
if (MID_MessageProp_setQOP == NULL) {
|
||||||
printf("Couldn't find MessageProp.setQOP(int) method\n");
|
fprintf(stderr, "Couldn't find MessageProp.setQOP(int) method\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
MID_MessageProp_setSupplementaryStates =
|
MID_MessageProp_setSupplementaryStates =
|
||||||
(*env)->GetMethodID(env, cls, "setSupplementaryStates",
|
(*env)->GetMethodID(env, cls, "setSupplementaryStates",
|
||||||
"(ZZZZILjava/lang/String;)V");
|
"(ZZZZILjava/lang/String;)V");
|
||||||
if (MID_MessageProp_setSupplementaryStates == NULL) {
|
if (MID_MessageProp_setSupplementaryStates == NULL) {
|
||||||
printf("Couldn't find MessageProp.setSupplementaryStates(...) method\n");
|
fprintf(stderr, "Couldn't find MessageProp.setSupplementaryStates(...) method\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
MID_GSSException_ctor3 = (*env)->GetMethodID
|
MID_GSSException_ctor3 = (*env)->GetMethodID
|
||||||
(env, CLS_GSSException, "<init>", "(IILjava/lang/String;)V");
|
(env, CLS_GSSException, "<init>", "(IILjava/lang/String;)V");
|
||||||
if (MID_GSSException_ctor3 == NULL) {
|
if (MID_GSSException_ctor3 == NULL) {
|
||||||
printf("Couldn't find GSSException(int, int, String) constructor\n");
|
fprintf(stderr, "Couldn't find GSSException(int, int, String) constructor\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
cls = (*env)->FindClass(env, "org/ietf/jgss/ChannelBinding");
|
cls = (*env)->FindClass(env, "org/ietf/jgss/ChannelBinding");
|
||||||
if (cls == NULL) {
|
if (cls == NULL) {
|
||||||
printf("Couldn't find org.ietf.jgss.ChannelBinding class\n");
|
fprintf(stderr, "Couldn't find org.ietf.jgss.ChannelBinding class\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
MID_ChannelBinding_getInitiatorAddr =
|
MID_ChannelBinding_getInitiatorAddr =
|
||||||
(*env)->GetMethodID(env, cls, "getInitiatorAddress",
|
(*env)->GetMethodID(env, cls, "getInitiatorAddress",
|
||||||
"()Ljava/net/InetAddress;");
|
"()Ljava/net/InetAddress;");
|
||||||
if (MID_ChannelBinding_getInitiatorAddr == NULL) {
|
if (MID_ChannelBinding_getInitiatorAddr == NULL) {
|
||||||
printf("Couldn't find ChannelBinding.getInitiatorAddress() method\n");
|
fprintf(stderr, "Couldn't find ChannelBinding.getInitiatorAddress() method\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
MID_ChannelBinding_getAcceptorAddr =
|
MID_ChannelBinding_getAcceptorAddr =
|
||||||
(*env)->GetMethodID(env, cls, "getAcceptorAddress",
|
(*env)->GetMethodID(env, cls, "getAcceptorAddress",
|
||||||
"()Ljava/net/InetAddress;");
|
"()Ljava/net/InetAddress;");
|
||||||
if (MID_ChannelBinding_getAcceptorAddr == NULL) {
|
if (MID_ChannelBinding_getAcceptorAddr == NULL) {
|
||||||
printf("Couldn't find ChannelBinding.getAcceptorAddress() method\n");
|
fprintf(stderr, "Couldn't find ChannelBinding.getAcceptorAddress() method\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
MID_ChannelBinding_getAppData =
|
MID_ChannelBinding_getAppData =
|
||||||
(*env)->GetMethodID(env, cls, "getApplicationData", "()[B");
|
(*env)->GetMethodID(env, cls, "getApplicationData", "()[B");
|
||||||
if (MID_ChannelBinding_getAppData == NULL) {
|
if (MID_ChannelBinding_getAppData == NULL) {
|
||||||
printf("Couldn't find ChannelBinding.getApplicationData() method\n");
|
fprintf(stderr, "Couldn't find ChannelBinding.getApplicationData() method\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
cls = (*env)->FindClass(env, "java/net/InetAddress");
|
cls = (*env)->FindClass(env, "java/net/InetAddress");
|
||||||
if (cls == NULL) {
|
if (cls == NULL) {
|
||||||
printf("Couldn't find java.net.InetAddress class\n");
|
fprintf(stderr, "Couldn't find java.net.InetAddress class\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
MID_InetAddress_getAddr = (*env)->GetMethodID(env, cls, "getAddress",
|
MID_InetAddress_getAddr = (*env)->GetMethodID(env, cls, "getAddress",
|
||||||
"()[B");
|
"()[B");
|
||||||
if (MID_InetAddress_getAddr == NULL) {
|
if (MID_InetAddress_getAddr == NULL) {
|
||||||
printf("Couldn't find InetAddress.getAddress() method\n");
|
fprintf(stderr, "Couldn't find InetAddress.getAddress() method\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
MID_GSSNameElement_ctor =
|
MID_GSSNameElement_ctor =
|
||||||
(*env)->GetMethodID(env, CLS_GSSNameElement,
|
(*env)->GetMethodID(env, CLS_GSSNameElement,
|
||||||
"<init>", "(JLsun/security/jgss/wrapper/GSSLibStub;)V");
|
"<init>", "(JLsun/security/jgss/wrapper/GSSLibStub;)V");
|
||||||
if (MID_GSSNameElement_ctor == NULL) {
|
if (MID_GSSNameElement_ctor == NULL) {
|
||||||
printf("Couldn't find GSSNameElement(long, GSSLibStub) constructor\n");
|
fprintf(stderr, "Couldn't find GSSNameElement(long, GSSLibStub) constructor\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
MID_GSSCredElement_ctor =
|
MID_GSSCredElement_ctor =
|
||||||
(*env)->GetMethodID(env, CLS_GSSCredElement, "<init>",
|
(*env)->GetMethodID(env, CLS_GSSCredElement, "<init>",
|
||||||
"(JLsun/security/jgss/wrapper/GSSNameElement;Lorg/ietf/jgss/Oid;)V");
|
"(JLsun/security/jgss/wrapper/GSSNameElement;Lorg/ietf/jgss/Oid;)V");
|
||||||
if (MID_GSSCredElement_ctor == NULL) {
|
if (MID_GSSCredElement_ctor == NULL) {
|
||||||
printf("Couldn't find GSSCredElement(long, GSSLibStub) constructor\n");
|
fprintf(stderr, "Couldn't find GSSCredElement(long, GSSLibStub) constructor\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
MID_NativeGSSContext_ctor =
|
MID_NativeGSSContext_ctor =
|
||||||
(*env)->GetMethodID(env, CLS_NativeGSSContext, "<init>",
|
(*env)->GetMethodID(env, CLS_NativeGSSContext, "<init>",
|
||||||
"(JLsun/security/jgss/wrapper/GSSLibStub;)V");
|
"(JLsun/security/jgss/wrapper/GSSLibStub;)V");
|
||||||
if (MID_NativeGSSContext_ctor == NULL) {
|
if (MID_NativeGSSContext_ctor == NULL) {
|
||||||
printf("Couldn't find NativeGSSContext(long, GSSLibStub) constructor\n");
|
fprintf(stderr, "Couldn't find NativeGSSContext(long, GSSLibStub) constructor\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -296,78 +296,78 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
|
||||||
(*env)->GetMethodID(env, CLS_NativeGSSContext, "setContext",
|
(*env)->GetMethodID(env, CLS_NativeGSSContext, "setContext",
|
||||||
"(J)V");
|
"(J)V");
|
||||||
if (MID_NativeGSSContext_setContext == NULL) {
|
if (MID_NativeGSSContext_setContext == NULL) {
|
||||||
printf("Couldn't find NativeGSSContext.setContext(long) method\n");
|
fprintf(stderr, "Couldn't find NativeGSSContext.setContext(long) method\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Compute and cache the field ID */
|
/* Compute and cache the field ID */
|
||||||
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/GSSLibStub");
|
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/GSSLibStub");
|
||||||
if (cls == NULL) {
|
if (cls == NULL) {
|
||||||
printf("Couldn't find sun.security.jgss.wrapper.GSSLibStub class\n");
|
fprintf(stderr, "Couldn't find sun.security.jgss.wrapper.GSSLibStub class\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
FID_GSSLibStub_pMech =
|
FID_GSSLibStub_pMech =
|
||||||
(*env)->GetFieldID(env, cls, "pMech", "J");
|
(*env)->GetFieldID(env, cls, "pMech", "J");
|
||||||
if (FID_GSSLibStub_pMech == NULL) {
|
if (FID_GSSLibStub_pMech == NULL) {
|
||||||
printf("Couldn't find GSSLibStub.pMech field\n");
|
fprintf(stderr, "Couldn't find GSSLibStub.pMech field\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
FID_NativeGSSContext_pContext =
|
FID_NativeGSSContext_pContext =
|
||||||
(*env)->GetFieldID(env, CLS_NativeGSSContext, "pContext", "J");
|
(*env)->GetFieldID(env, CLS_NativeGSSContext, "pContext", "J");
|
||||||
if (FID_NativeGSSContext_pContext == NULL) {
|
if (FID_NativeGSSContext_pContext == NULL) {
|
||||||
printf("Couldn't find NativeGSSContext.pContext field\n");
|
fprintf(stderr, "Couldn't find NativeGSSContext.pContext field\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
FID_NativeGSSContext_srcName =
|
FID_NativeGSSContext_srcName =
|
||||||
(*env)->GetFieldID(env, CLS_NativeGSSContext, "srcName",
|
(*env)->GetFieldID(env, CLS_NativeGSSContext, "srcName",
|
||||||
"Lsun/security/jgss/wrapper/GSSNameElement;");
|
"Lsun/security/jgss/wrapper/GSSNameElement;");
|
||||||
if (FID_NativeGSSContext_srcName == NULL) {
|
if (FID_NativeGSSContext_srcName == NULL) {
|
||||||
printf("Couldn't find NativeGSSContext.srcName field\n");
|
fprintf(stderr, "Couldn't find NativeGSSContext.srcName field\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
FID_NativeGSSContext_targetName =
|
FID_NativeGSSContext_targetName =
|
||||||
(*env)->GetFieldID(env, CLS_NativeGSSContext, "targetName",
|
(*env)->GetFieldID(env, CLS_NativeGSSContext, "targetName",
|
||||||
"Lsun/security/jgss/wrapper/GSSNameElement;");
|
"Lsun/security/jgss/wrapper/GSSNameElement;");
|
||||||
if (FID_NativeGSSContext_targetName == NULL) {
|
if (FID_NativeGSSContext_targetName == NULL) {
|
||||||
printf("Couldn't find NativeGSSContext.targetName field\n");
|
fprintf(stderr, "Couldn't find NativeGSSContext.targetName field\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
FID_NativeGSSContext_isInitiator =
|
FID_NativeGSSContext_isInitiator =
|
||||||
(*env)->GetFieldID(env, CLS_NativeGSSContext, "isInitiator", "Z");
|
(*env)->GetFieldID(env, CLS_NativeGSSContext, "isInitiator", "Z");
|
||||||
if (FID_NativeGSSContext_isInitiator == NULL) {
|
if (FID_NativeGSSContext_isInitiator == NULL) {
|
||||||
printf("Couldn't find NativeGSSContext.isInitiator field\n");
|
fprintf(stderr, "Couldn't find NativeGSSContext.isInitiator field\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
FID_NativeGSSContext_isEstablished =
|
FID_NativeGSSContext_isEstablished =
|
||||||
(*env)->GetFieldID(env, CLS_NativeGSSContext, "isEstablished", "Z");
|
(*env)->GetFieldID(env, CLS_NativeGSSContext, "isEstablished", "Z");
|
||||||
if (FID_NativeGSSContext_isEstablished == NULL) {
|
if (FID_NativeGSSContext_isEstablished == NULL) {
|
||||||
printf("Couldn't find NativeGSSContext.isEstablished field\n");
|
fprintf(stderr, "Couldn't find NativeGSSContext.isEstablished field\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
FID_NativeGSSContext_delegatedCred =
|
FID_NativeGSSContext_delegatedCred =
|
||||||
(*env)->GetFieldID(env, CLS_NativeGSSContext, "delegatedCred",
|
(*env)->GetFieldID(env, CLS_NativeGSSContext, "delegatedCred",
|
||||||
"Lsun/security/jgss/wrapper/GSSCredElement;");
|
"Lsun/security/jgss/wrapper/GSSCredElement;");
|
||||||
if (FID_NativeGSSContext_delegatedCred == NULL) {
|
if (FID_NativeGSSContext_delegatedCred == NULL) {
|
||||||
printf("Couldn't find NativeGSSContext.delegatedCred field\n");
|
fprintf(stderr, "Couldn't find NativeGSSContext.delegatedCred field\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
FID_NativeGSSContext_flags =
|
FID_NativeGSSContext_flags =
|
||||||
(*env)->GetFieldID(env, CLS_NativeGSSContext, "flags", "I");
|
(*env)->GetFieldID(env, CLS_NativeGSSContext, "flags", "I");
|
||||||
if (FID_NativeGSSContext_flags == NULL) {
|
if (FID_NativeGSSContext_flags == NULL) {
|
||||||
printf("Couldn't find NativeGSSContext.flags field\n");
|
fprintf(stderr, "Couldn't find NativeGSSContext.flags field\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
FID_NativeGSSContext_lifetime =
|
FID_NativeGSSContext_lifetime =
|
||||||
(*env)->GetFieldID(env, CLS_NativeGSSContext, "lifetime", "I");
|
(*env)->GetFieldID(env, CLS_NativeGSSContext, "lifetime", "I");
|
||||||
if (FID_NativeGSSContext_lifetime == NULL) {
|
if (FID_NativeGSSContext_lifetime == NULL) {
|
||||||
printf("Couldn't find NativeGSSContext.lifetime field\n");
|
fprintf(stderr, "Couldn't find NativeGSSContext.lifetime field\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
FID_NativeGSSContext_actualMech =
|
FID_NativeGSSContext_actualMech =
|
||||||
(*env)->GetFieldID(env, CLS_NativeGSSContext, "actualMech",
|
(*env)->GetFieldID(env, CLS_NativeGSSContext, "actualMech",
|
||||||
"Lorg/ietf/jgss/Oid;");
|
"Lorg/ietf/jgss/Oid;");
|
||||||
if (FID_NativeGSSContext_actualMech == NULL) {
|
if (FID_NativeGSSContext_actualMech == NULL) {
|
||||||
printf("Couldn't find NativeGSSContext.actualMech field\n");
|
fprintf(stderr, "Couldn't find NativeGSSContext.actualMech field\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
return JNI_VERSION_1_2;
|
return JNI_VERSION_1_2;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -84,10 +84,10 @@ extern "C" {
|
||||||
extern jfieldID FID_NativeGSSContext_flags;
|
extern jfieldID FID_NativeGSSContext_flags;
|
||||||
extern jfieldID FID_NativeGSSContext_lifetime;
|
extern jfieldID FID_NativeGSSContext_lifetime;
|
||||||
extern jfieldID FID_NativeGSSContext_actualMech;
|
extern jfieldID FID_NativeGSSContext_actualMech;
|
||||||
#define TRACE0(s) { if (JGSS_DEBUG) { printf("[GSSLibStub:%d] %s\n", __LINE__, s); fflush(stdout); }}
|
#define TRACE0(s) { if (JGSS_DEBUG) { fprintf(stderr, "[GSSLibStub:%d] %s\n", __LINE__, s); fflush(stderr); }}
|
||||||
#define TRACE1(s, p1) { if (JGSS_DEBUG) { printf("[GSSLibStub:%d] "s"\n", __LINE__, p1); fflush(stdout); }}
|
#define TRACE1(s, p1) { if (JGSS_DEBUG) { fprintf(stderr, "[GSSLibStub:%d] "s"\n", __LINE__, p1); fflush(stderr); }}
|
||||||
#define TRACE2(s, p1, p2) { if (JGSS_DEBUG) { printf("[GSSLibStub:%d] "s"\n", __LINE__, p1, p2); fflush(stdout); }}
|
#define TRACE2(s, p1, p2) { if (JGSS_DEBUG) { fprintf(stderr, "[GSSLibStub:%d] "s"\n", __LINE__, p1, p2); fflush(stderr); }}
|
||||||
#define TRACE3(s, p1, p2, p3) { if (JGSS_DEBUG) { printf("[GSSLibStub:%d] "s"\n", __LINE__, p1, p2, p3); fflush(stdout); }}
|
#define TRACE3(s, p1, p2, p3) { if (JGSS_DEBUG) { fprintf(stderr, "[GSSLibStub:%d] "s"\n", __LINE__, p1, p2, p3); fflush(stderr); }}
|
||||||
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -39,6 +39,8 @@ import java.util.Arrays;
|
||||||
import sun.security.util.Password;
|
import sun.security.util.Password;
|
||||||
import javax.security.auth.kerberos.KeyTab;
|
import javax.security.auth.kerberos.KeyTab;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Kinit tool for obtaining Kerberos v5 tickets.
|
* Kinit tool for obtaining Kerberos v5 tickets.
|
||||||
*
|
*
|
||||||
|
@ -48,7 +50,6 @@ import javax.security.auth.kerberos.KeyTab;
|
||||||
public class Kinit {
|
public class Kinit {
|
||||||
|
|
||||||
private KinitOptions options;
|
private KinitOptions options;
|
||||||
private static final boolean DEBUG = Krb5.DEBUG;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The main method is used to accept user command line input for ticket
|
* The main method is used to accept user command line input for ticket
|
||||||
|
@ -180,8 +181,8 @@ public class Kinit {
|
||||||
princName = principal.toString();
|
princName = principal.toString();
|
||||||
}
|
}
|
||||||
KrbAsReqBuilder builder;
|
KrbAsReqBuilder builder;
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println("Principal is " + principal);
|
DEBUG.println("Principal is " + principal);
|
||||||
}
|
}
|
||||||
char[] psswd = options.password;
|
char[] psswd = options.password;
|
||||||
boolean useKeytab = options.useKeytabFile();
|
boolean useKeytab = options.useKeytabFile();
|
||||||
|
@ -194,15 +195,15 @@ public class Kinit {
|
||||||
System.out.print("Password for " + princName + ":");
|
System.out.print("Password for " + princName + ":");
|
||||||
System.out.flush();
|
System.out.flush();
|
||||||
psswd = Password.readPassword(System.in);
|
psswd = Password.readPassword(System.in);
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> Kinit console input " +
|
DEBUG.println(">>> Kinit console input " +
|
||||||
new String(psswd));
|
new String(psswd));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
builder = new KrbAsReqBuilder(principal, psswd);
|
builder = new KrbAsReqBuilder(principal, psswd);
|
||||||
} else {
|
} else {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> Kinit using keytab");
|
DEBUG.println(">>> Kinit using keytab");
|
||||||
}
|
}
|
||||||
if (princName == null) {
|
if (princName == null) {
|
||||||
throw new IllegalArgumentException
|
throw new IllegalArgumentException
|
||||||
|
@ -210,8 +211,8 @@ public class Kinit {
|
||||||
}
|
}
|
||||||
String ktabName = options.keytabFileName();
|
String ktabName = options.keytabFileName();
|
||||||
if (ktabName != null) {
|
if (ktabName != null) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(
|
DEBUG.println(
|
||||||
">>> Kinit keytab file name: " + ktabName);
|
">>> Kinit keytab file name: " + ktabName);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -230,15 +231,15 @@ public class Kinit {
|
||||||
realm = Config.getInstance().getDefaultRealm();
|
realm = Config.getInstance().getDefaultRealm();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> Kinit realm name is " + realm);
|
DEBUG.println(">>> Kinit realm name is " + realm);
|
||||||
}
|
}
|
||||||
|
|
||||||
PrincipalName sname = PrincipalName.tgsService(realm, realm);
|
PrincipalName sname = PrincipalName.tgsService(realm, realm);
|
||||||
builder.setTarget(sname);
|
builder.setTarget(sname);
|
||||||
|
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>> Creating KrbAsReq");
|
DEBUG.println(">>> Creating KrbAsReq");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (options.getAddressOption())
|
if (options.getAddressOption())
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -37,6 +37,8 @@ import java.io.IOException;
|
||||||
import java.time.Instant;
|
import java.time.Instant;
|
||||||
import java.io.FileInputStream;
|
import java.io.FileInputStream;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Maintains user-specific options or default settings when the user requests
|
* Maintains user-specific options or default settings when the user requests
|
||||||
* a KDC ticket using Kinit.
|
* a KDC ticket using Kinit.
|
||||||
|
@ -63,7 +65,6 @@ class KinitOptions {
|
||||||
public String realm;
|
public String realm;
|
||||||
char[] password = null;
|
char[] password = null;
|
||||||
public boolean keytab;
|
public boolean keytab;
|
||||||
private boolean DEBUG = Krb5.DEBUG;
|
|
||||||
private boolean includeAddresses = true; // default.
|
private boolean includeAddresses = true; // default.
|
||||||
private boolean useKeytab = false; // default = false.
|
private boolean useKeytab = false; // default = false.
|
||||||
private String ktabName; // keytab file name
|
private String ktabName; // keytab file name
|
||||||
|
@ -193,26 +194,26 @@ class KinitOptions {
|
||||||
}
|
}
|
||||||
PrincipalName p = cis.readPrincipal(version);
|
PrincipalName p = cis.readPrincipal(version);
|
||||||
cis.close();
|
cis.close();
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>>KinitOptions principal name from " +
|
DEBUG.println(">>>KinitOptions principal name from " +
|
||||||
"the cache is: " + p);
|
"the cache is: " + p);
|
||||||
}
|
}
|
||||||
return p;
|
return p;
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
// ignore any exceptions; we will use the user name as the
|
// ignore any exceptions; we will use the user name as the
|
||||||
// principal name
|
// principal name
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
e.printStackTrace();
|
e.printStackTrace(DEBUG.getPrintStream());
|
||||||
}
|
}
|
||||||
} catch (RealmException e) {
|
} catch (RealmException e) {
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
e.printStackTrace();
|
e.printStackTrace(DEBUG.getPrintStream());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
String username = System.getProperty("user.name");
|
String username = System.getProperty("user.name");
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println(">>>KinitOptions default username is: "
|
DEBUG.println(">>>KinitOptions default username is: "
|
||||||
+ username);
|
+ username);
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
|
@ -220,10 +221,10 @@ class KinitOptions {
|
||||||
return p;
|
return p;
|
||||||
} catch (RealmException e) {
|
} catch (RealmException e) {
|
||||||
// ignore exception , return null
|
// ignore exception , return null
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
System.out.println ("Exception in getting principal " +
|
DEBUG.println ("Exception in getting principal " +
|
||||||
"name " + e.getMessage());
|
"name " + e.getMessage());
|
||||||
e.printStackTrace();
|
e.printStackTrace(DEBUG.getPrintStream());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -39,6 +39,8 @@ import sun.security.krb5.internal.ccache.*;
|
||||||
import sun.security.krb5.internal.ktab.*;
|
import sun.security.krb5.internal.ktab.*;
|
||||||
import sun.security.krb5.internal.crypto.EType;
|
import sun.security.krb5.internal.crypto.EType;
|
||||||
|
|
||||||
|
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class can execute as a command-line tool to list entries in
|
* This class can execute as a command-line tool to list entries in
|
||||||
* credential cache and key tab.
|
* credential cache and key tab.
|
||||||
|
@ -54,7 +56,6 @@ public class Klist {
|
||||||
String name; // the name of credentials cache and keytable.
|
String name; // the name of credentials cache and keytable.
|
||||||
char action; // actions would be 'c' for credentials cache
|
char action; // actions would be 'c' for credentials cache
|
||||||
// and 'k' for keytable.
|
// and 'k' for keytable.
|
||||||
private static boolean DEBUG = Krb5.DEBUG;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The main program that can be invoked at command line.
|
* The main program that can be invoked at command line.
|
||||||
|
@ -321,8 +322,8 @@ public class Klist {
|
||||||
} catch (RealmException e) {
|
} catch (RealmException e) {
|
||||||
System.out.println("Error reading principal from "+
|
System.out.println("Error reading principal from "+
|
||||||
"the entry.");
|
"the entry.");
|
||||||
if (DEBUG) {
|
if (DEBUG != null) {
|
||||||
e.printStackTrace();
|
e.printStackTrace(DEBUG.getPrintStream());
|
||||||
}
|
}
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -124,24 +124,24 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
|
||||||
|
|
||||||
cls = (*env)->FindClass(env,"sun/security/krb5/internal/Krb5");
|
cls = (*env)->FindClass(env,"sun/security/krb5/internal/Krb5");
|
||||||
if (cls == NULL) {
|
if (cls == NULL) {
|
||||||
printf("LSA: Couldn't find Krb5\n");
|
fprintf(stderr, "LSA: Couldn't find Krb5\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
fldDEBUG = (*env)->GetStaticFieldID(env, cls, "DEBUG", "Z");
|
fldDEBUG = (*env)->GetStaticFieldID(env, cls, "DEBUG", "Lsun/security/util/Debug;");
|
||||||
if (fldDEBUG == NULL) {
|
if (fldDEBUG == NULL) {
|
||||||
printf("LSA: Krb5 has no DEBUG field\n");
|
fprintf(stderr, "LSA: Krb5 has no DEBUG field\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
native_debug = (*env)->GetStaticBooleanField(env, cls, fldDEBUG);
|
native_debug = (*env)->GetStaticObjectField(env, cls, fldDEBUG) != NULL;
|
||||||
|
|
||||||
cls = (*env)->FindClass(env,"sun/security/krb5/internal/Ticket");
|
cls = (*env)->FindClass(env,"sun/security/krb5/internal/Ticket");
|
||||||
|
|
||||||
if (cls == NULL) {
|
if (cls == NULL) {
|
||||||
printf("LSA: Couldn't find Ticket\n");
|
fprintf(stderr, "LSA: Couldn't find Ticket\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Found Ticket\n");
|
fprintf(stderr, "LSA: Found Ticket\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
ticketClass = (*env)->NewWeakGlobalRef(env,cls);
|
ticketClass = (*env)->NewWeakGlobalRef(env,cls);
|
||||||
|
@ -149,17 +149,17 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Made NewWeakGlobalRef\n");
|
fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
cls = (*env)->FindClass(env, "sun/security/krb5/PrincipalName");
|
cls = (*env)->FindClass(env, "sun/security/krb5/PrincipalName");
|
||||||
|
|
||||||
if (cls == NULL) {
|
if (cls == NULL) {
|
||||||
printf("LSA: Couldn't find PrincipalName\n");
|
fprintf(stderr, "LSA: Couldn't find PrincipalName\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Found PrincipalName\n");
|
fprintf(stderr, "LSA: Found PrincipalName\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
principalNameClass = (*env)->NewWeakGlobalRef(env,cls);
|
principalNameClass = (*env)->NewWeakGlobalRef(env,cls);
|
||||||
|
@ -167,17 +167,17 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Made NewWeakGlobalRef\n");
|
fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
cls = (*env)->FindClass(env,"sun/security/krb5/EncryptionKey");
|
cls = (*env)->FindClass(env,"sun/security/krb5/EncryptionKey");
|
||||||
|
|
||||||
if (cls == NULL) {
|
if (cls == NULL) {
|
||||||
printf("LSA: Couldn't find EncryptionKey\n");
|
fprintf(stderr, "LSA: Couldn't find EncryptionKey\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Found EncryptionKey\n");
|
fprintf(stderr, "LSA: Found EncryptionKey\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
encryptionKeyClass = (*env)->NewWeakGlobalRef(env,cls);
|
encryptionKeyClass = (*env)->NewWeakGlobalRef(env,cls);
|
||||||
|
@ -185,17 +185,17 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Made NewWeakGlobalRef\n");
|
fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
cls = (*env)->FindClass(env,"sun/security/krb5/internal/TicketFlags");
|
cls = (*env)->FindClass(env,"sun/security/krb5/internal/TicketFlags");
|
||||||
|
|
||||||
if (cls == NULL) {
|
if (cls == NULL) {
|
||||||
printf("LSA: Couldn't find TicketFlags\n");
|
fprintf(stderr, "LSA: Couldn't find TicketFlags\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Found TicketFlags\n");
|
fprintf(stderr, "LSA: Found TicketFlags\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
ticketFlagsClass = (*env)->NewWeakGlobalRef(env,cls);
|
ticketFlagsClass = (*env)->NewWeakGlobalRef(env,cls);
|
||||||
|
@ -203,17 +203,17 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Made NewWeakGlobalRef\n");
|
fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
cls = (*env)->FindClass(env,"sun/security/krb5/internal/KerberosTime");
|
cls = (*env)->FindClass(env,"sun/security/krb5/internal/KerberosTime");
|
||||||
|
|
||||||
if (cls == NULL) {
|
if (cls == NULL) {
|
||||||
printf("LSA: Couldn't find KerberosTime\n");
|
fprintf(stderr, "LSA: Couldn't find KerberosTime\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Found KerberosTime\n");
|
fprintf(stderr, "LSA: Found KerberosTime\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
kerberosTimeClass = (*env)->NewWeakGlobalRef(env,cls);
|
kerberosTimeClass = (*env)->NewWeakGlobalRef(env,cls);
|
||||||
|
@ -221,17 +221,17 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Made NewWeakGlobalRef\n");
|
fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
cls = (*env)->FindClass(env,"java/lang/String");
|
cls = (*env)->FindClass(env,"java/lang/String");
|
||||||
|
|
||||||
if (cls == NULL) {
|
if (cls == NULL) {
|
||||||
printf("LSA: Couldn't find String\n");
|
fprintf(stderr, "LSA: Couldn't find String\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Found String\n");
|
fprintf(stderr, "LSA: Found String\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
javaLangStringClass = (*env)->NewWeakGlobalRef(env,cls);
|
javaLangStringClass = (*env)->NewWeakGlobalRef(env,cls);
|
||||||
|
@ -239,61 +239,61 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Made NewWeakGlobalRef\n");
|
fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
ticketConstructor = (*env)->GetMethodID(env, ticketClass,
|
ticketConstructor = (*env)->GetMethodID(env, ticketClass,
|
||||||
"<init>", "([B)V");
|
"<init>", "([B)V");
|
||||||
if (ticketConstructor == 0) {
|
if (ticketConstructor == 0) {
|
||||||
printf("LSA: Couldn't find Ticket constructor\n");
|
fprintf(stderr, "LSA: Couldn't find Ticket constructor\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Found Ticket constructor\n");
|
fprintf(stderr, "LSA: Found Ticket constructor\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
principalNameConstructor = (*env)->GetMethodID(env, principalNameClass,
|
principalNameConstructor = (*env)->GetMethodID(env, principalNameClass,
|
||||||
"<init>", "([Ljava/lang/String;Ljava/lang/String;)V");
|
"<init>", "([Ljava/lang/String;Ljava/lang/String;)V");
|
||||||
if (principalNameConstructor == 0) {
|
if (principalNameConstructor == 0) {
|
||||||
printf("LSA: Couldn't find PrincipalName constructor\n");
|
fprintf(stderr, "LSA: Couldn't find PrincipalName constructor\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Found PrincipalName constructor\n");
|
fprintf(stderr, "LSA: Found PrincipalName constructor\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass,
|
encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass,
|
||||||
"<init>", "(I[B)V");
|
"<init>", "(I[B)V");
|
||||||
if (encryptionKeyConstructor == 0) {
|
if (encryptionKeyConstructor == 0) {
|
||||||
printf("LSA: Couldn't find EncryptionKey constructor\n");
|
fprintf(stderr, "LSA: Couldn't find EncryptionKey constructor\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Found EncryptionKey constructor\n");
|
fprintf(stderr, "LSA: Found EncryptionKey constructor\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass,
|
ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass,
|
||||||
"<init>", "(I[B)V");
|
"<init>", "(I[B)V");
|
||||||
if (ticketFlagsConstructor == 0) {
|
if (ticketFlagsConstructor == 0) {
|
||||||
printf("LSA: Couldn't find TicketFlags constructor\n");
|
fprintf(stderr, "LSA: Couldn't find TicketFlags constructor\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Found TicketFlags constructor\n");
|
fprintf(stderr, "LSA: Found TicketFlags constructor\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass,
|
kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass,
|
||||||
"<init>", "(Ljava/lang/String;)V");
|
"<init>", "(Ljava/lang/String;)V");
|
||||||
if (kerberosTimeConstructor == 0) {
|
if (kerberosTimeConstructor == 0) {
|
||||||
printf("LSA: Couldn't find KerberosTime constructor\n");
|
fprintf(stderr, "LSA: Couldn't find KerberosTime constructor\n");
|
||||||
return JNI_ERR;
|
return JNI_ERR;
|
||||||
}
|
}
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Found KerberosTime constructor\n");
|
fprintf(stderr, "LSA: Found KerberosTime constructor\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Finished OnLoad processing\n");
|
fprintf(stderr, "LSA: Finished OnLoad processing\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
return JNI_VERSION_1_2;
|
return JNI_VERSION_1_2;
|
||||||
|
@ -383,13 +383,13 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
|
||||||
"Lsun/security/krb5/internal/KerberosTime;"
|
"Lsun/security/krb5/internal/KerberosTime;"
|
||||||
"Lsun/security/krb5/internal/HostAddresses;)V");
|
"Lsun/security/krb5/internal/HostAddresses;)V");
|
||||||
if (krbcredsConstructor == 0) {
|
if (krbcredsConstructor == 0) {
|
||||||
printf("LSA: Couldn't find sun.security.krb5.Credentials constructor\n");
|
fprintf(stderr, "LSA: Couldn't find sun.security.krb5.Credentials constructor\n");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Found KrbCreds constructor\n");
|
fprintf(stderr, "LSA: Found KrbCreds constructor\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
|
@ -400,7 +400,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
|
||||||
break;
|
break;
|
||||||
|
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Got handle to Kerberos package\n");
|
fprintf(stderr, "LSA: Got handle to Kerberos package\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the MS TGT from cache
|
// Get the MS TGT from cache
|
||||||
|
@ -419,7 +419,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
|
||||||
);
|
);
|
||||||
|
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Response size is %d\n", rspSize);
|
fprintf(stderr, "LSA: Response size is %d\n", rspSize);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) {
|
if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) {
|
||||||
|
@ -443,7 +443,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
|
||||||
|
|
||||||
// check TGT validity
|
// check TGT validity
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: TICKET SessionKey KeyType is %d\n", msticket->SessionKey.KeyType);
|
fprintf(stderr, "LSA: TICKET SessionKey KeyType is %d\n", msticket->SessionKey.KeyType);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((msticket->TicketFlags & KERB_TICKET_FLAGS_invalid) == 0) {
|
if ((msticket->TicketFlags & KERB_TICKET_FLAGS_invalid) == 0) {
|
||||||
|
@ -455,7 +455,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
|
||||||
if (etypes[i] == msticket->SessionKey.KeyType) {
|
if (etypes[i] == msticket->SessionKey.KeyType) {
|
||||||
found = 1;
|
found = 1;
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Valid etype found: %d\n", etypes[i]);
|
fprintf(stderr, "LSA: Valid etype found: %d\n", etypes[i]);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -465,7 +465,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
|
||||||
|
|
||||||
if (!found) {
|
if (!found) {
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: MS TGT in cache is invalid/not supported; request new ticket\n");
|
fprintf(stderr, "LSA: MS TGT in cache is invalid/not supported; request new ticket\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
// use domain to request Ticket
|
// use domain to request Ticket
|
||||||
|
@ -492,7 +492,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
|
||||||
);
|
);
|
||||||
|
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Response size is %d for %d\n", responseSize, etypes[i]);
|
fprintf(stderr, "LSA: Response size is %d for %d\n", responseSize, etypes[i]);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) {
|
if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) {
|
||||||
|
@ -509,7 +509,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
|
||||||
|
|
||||||
if (msticket->SessionKey.KeyType != etypes[i]) {
|
if (msticket->SessionKey.KeyType != etypes[i]) {
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Response etype is %d for %d. Retry.\n", msticket->SessionKey.KeyType, etypes[i]);
|
fprintf(stderr, "LSA: Response etype is %d for %d. Retry.\n", msticket->SessionKey.KeyType, etypes[i]);
|
||||||
}
|
}
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
@ -809,7 +809,7 @@ ShowLastError(
|
||||||
DWORD dwRes;
|
DWORD dwRes;
|
||||||
|
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Error calling function %s: %lu\n", szAPI, dwError);
|
fprintf(stderr, "LSA: Error calling function %s: %lu\n", szAPI, dwError);
|
||||||
}
|
}
|
||||||
|
|
||||||
dwRes = FormatMessage (
|
dwRes = FormatMessage (
|
||||||
|
@ -822,11 +822,11 @@ ShowLastError(
|
||||||
NULL);
|
NULL);
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
if (0 == dwRes) {
|
if (0 == dwRes) {
|
||||||
printf("LSA: FormatMessage failed with %d\n", GetLastError());
|
fprintf(stderr, "LSA: FormatMessage failed with %d\n", GetLastError());
|
||||||
// #define EXIT_FAILURE -1 // mdu
|
// #define EXIT_FAILURE -1 // mdu
|
||||||
// ExitProcess(EXIT_FAILURE);
|
// ExitProcess(EXIT_FAILURE);
|
||||||
} else {
|
} else {
|
||||||
printf("LSA: %S",szMsgBuf);
|
fprintf(stderr, "LSA: %S",szMsgBuf);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -917,9 +917,9 @@ jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName,
|
||||||
wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR));
|
wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR));
|
||||||
|
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Principal domain is %S\n", realm);
|
fprintf(stderr, "LSA: Principal domain is %S\n", realm);
|
||||||
printf("LSA: Name type is %x\n", principalName->NameType);
|
fprintf(stderr, "LSA: Name type is %x\n", principalName->NameType);
|
||||||
printf("LSA: Name count is %x\n", principalName->NameCount);
|
fprintf(stderr, "LSA: Name count is %x\n", principalName->NameCount);
|
||||||
}
|
}
|
||||||
|
|
||||||
nameCount = principalName->NameCount;
|
nameCount = principalName->NameCount;
|
||||||
|
@ -927,7 +927,7 @@ jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName,
|
||||||
javaLangStringClass, NULL);
|
javaLangStringClass, NULL);
|
||||||
if (stringArray == NULL) {
|
if (stringArray == NULL) {
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Can't allocate String array for Principal\n");
|
fprintf(stderr, "LSA: Can't allocate String array for Principal\n");
|
||||||
}
|
}
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
@ -982,7 +982,7 @@ jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey) {
|
||||||
}
|
}
|
||||||
if (i == cryptoKey->Length) {
|
if (i == cryptoKey->Length) {
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: Session key all zero. Stop.\n");
|
fprintf(stderr, "LSA: Session key all zero. Stop.\n");
|
||||||
}
|
}
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -1057,7 +1057,7 @@ jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime) {
|
||||||
minute,
|
minute,
|
||||||
second );
|
second );
|
||||||
if (native_debug) {
|
if (native_debug) {
|
||||||
printf("LSA: %S\n", (wchar_t *)timeString);
|
fprintf(stderr, "LSA: %S\n", (wchar_t *)timeString);
|
||||||
}
|
}
|
||||||
stringTime = (*env)->NewString(env, timeString,
|
stringTime = (*env)->NewString(env, timeString,
|
||||||
(sizeof(timeString)/sizeof(WCHAR))-1);
|
(sizeof(timeString)/sizeof(WCHAR))-1);
|
||||||
|
|
|
@ -42,6 +42,7 @@ import javax.security.auth.spi.*;
|
||||||
import sun.security.krb5.*;
|
import sun.security.krb5.*;
|
||||||
import sun.security.jgss.krb5.Krb5Util;
|
import sun.security.jgss.krb5.Krb5Util;
|
||||||
import sun.security.krb5.Credentials;
|
import sun.security.krb5.Credentials;
|
||||||
|
import sun.security.util.Debug;
|
||||||
import sun.security.util.HexDumpEncoder;
|
import sun.security.util.HexDumpEncoder;
|
||||||
import static sun.security.util.ResourcesMgr.getAuthResourceString;
|
import static sun.security.util.ResourcesMgr.getAuthResourceString;
|
||||||
|
|
||||||
|
@ -377,7 +378,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||||
private Map<String, ?> options;
|
private Map<String, ?> options;
|
||||||
|
|
||||||
// configurable option
|
// configurable option
|
||||||
private boolean debug = false;
|
private Debug debug = null;
|
||||||
|
|
||||||
private boolean storeKey = false;
|
private boolean storeKey = false;
|
||||||
private boolean doNotPrompt = false;
|
private boolean doNotPrompt = false;
|
||||||
private boolean useTicketCache = false;
|
private boolean useTicketCache = false;
|
||||||
|
@ -458,7 +460,7 @@ public class Krb5LoginModule implements LoginModule {
|
||||||
|
|
||||||
// initialize any configured options
|
// initialize any configured options
|
||||||
|
|
||||||
debug = "true".equalsIgnoreCase((String)options.get("debug"));
|
debug = Debug.of("krb5loginmodule", (String)options.get("debug"));
|
||||||
storeKey = "true".equalsIgnoreCase((String)options.get("storeKey"));
|
storeKey = "true".equalsIgnoreCase((String)options.get("storeKey"));
|
||||||
doNotPrompt = "true".equalsIgnoreCase((String)options.get
|
doNotPrompt = "true".equalsIgnoreCase((String)options.get
|
||||||
("doNotPrompt"));
|
("doNotPrompt"));
|
||||||
|
@ -495,8 +497,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||||
"true".equalsIgnoreCase((String)options.get("storePass"));
|
"true".equalsIgnoreCase((String)options.get("storePass"));
|
||||||
clearPass =
|
clearPass =
|
||||||
"true".equalsIgnoreCase((String)options.get("clearPass"));
|
"true".equalsIgnoreCase((String)options.get("clearPass"));
|
||||||
if (debug) {
|
if (debug != null) {
|
||||||
System.out.print("Debug is " + debug
|
debug.println("Debug is " + (debug != null)
|
||||||
+ " storeKey " + storeKey
|
+ " storeKey " + storeKey
|
||||||
+ " useTicketCache " + useTicketCache
|
+ " useTicketCache " + useTicketCache
|
||||||
+ " useKeyTab " + useKeyTab
|
+ " useKeyTab " + useKeyTab
|
||||||
|
@ -529,8 +531,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||||
|
|
||||||
if (refreshKrb5Config) {
|
if (refreshKrb5Config) {
|
||||||
try {
|
try {
|
||||||
if (debug) {
|
if (debug != null) {
|
||||||
System.out.println("Refreshing Kerberos configuration");
|
debug.println("Refreshing Kerberos configuration");
|
||||||
}
|
}
|
||||||
sun.security.krb5.Config.refresh();
|
sun.security.krb5.Config.refresh();
|
||||||
} catch (KrbException ke) {
|
} catch (KrbException ke) {
|
||||||
|
@ -558,8 +560,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||||
if (tryFirstPass) {
|
if (tryFirstPass) {
|
||||||
try {
|
try {
|
||||||
attemptAuthentication(true);
|
attemptAuthentication(true);
|
||||||
if (debug)
|
if (debug != null)
|
||||||
System.out.println("\t\t[Krb5LoginModule] " +
|
debug.println("\t\t[Krb5LoginModule] " +
|
||||||
"authentication succeeded");
|
"authentication succeeded");
|
||||||
succeeded = true;
|
succeeded = true;
|
||||||
cleanState();
|
cleanState();
|
||||||
|
@ -567,8 +569,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||||
} catch (LoginException le) {
|
} catch (LoginException le) {
|
||||||
// authentication failed -- try again below by prompting
|
// authentication failed -- try again below by prompting
|
||||||
cleanState();
|
cleanState();
|
||||||
if (debug) {
|
if (debug != null) {
|
||||||
System.out.println("\t\t[Krb5LoginModule] " +
|
debug.println("\t\t[Krb5LoginModule] " +
|
||||||
"tryFirstPass failed with:" +
|
"tryFirstPass failed with:" +
|
||||||
le.getMessage());
|
le.getMessage());
|
||||||
}
|
}
|
||||||
|
@ -581,8 +583,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||||
return true;
|
return true;
|
||||||
} catch (LoginException e) {
|
} catch (LoginException e) {
|
||||||
// authentication failed -- clean out state
|
// authentication failed -- clean out state
|
||||||
if (debug) {
|
if (debug != null) {
|
||||||
System.out.println("\t\t[Krb5LoginModule] " +
|
debug.println("\t\t[Krb5LoginModule] " +
|
||||||
"authentication failed \n" +
|
"authentication failed \n" +
|
||||||
e.getMessage());
|
e.getMessage());
|
||||||
}
|
}
|
||||||
|
@ -602,8 +604,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||||
return true;
|
return true;
|
||||||
} catch (LoginException e) {
|
} catch (LoginException e) {
|
||||||
// authentication failed -- clean out state
|
// authentication failed -- clean out state
|
||||||
if (debug) {
|
if (debug != null) {
|
||||||
System.out.println("\t\t[Krb5LoginModule] " +
|
debug.println("\t\t[Krb5LoginModule] " +
|
||||||
"authentication failed \n" +
|
"authentication failed \n" +
|
||||||
e.getMessage());
|
e.getMessage());
|
||||||
}
|
}
|
||||||
|
@ -641,8 +643,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||||
try {
|
try {
|
||||||
if (useTicketCache) {
|
if (useTicketCache) {
|
||||||
// ticketCacheName == null implies the default cache
|
// ticketCacheName == null implies the default cache
|
||||||
if (debug)
|
if (debug != null)
|
||||||
System.out.println("Acquire TGT from Cache");
|
debug.println("Acquire TGT from Cache");
|
||||||
cred = Credentials.acquireTGTFromCache
|
cred = Credentials.acquireTGTFromCache
|
||||||
(principal, ticketCacheName);
|
(principal, ticketCacheName);
|
||||||
|
|
||||||
|
@ -658,8 +660,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||||
if (!isCurrent(cred)) {
|
if (!isCurrent(cred)) {
|
||||||
// credentials have expired
|
// credentials have expired
|
||||||
cred = null;
|
cred = null;
|
||||||
if (debug)
|
if (debug != null)
|
||||||
System.out.println("Credentials are" +
|
debug.println("Credentials are" +
|
||||||
" no longer valid");
|
" no longer valid");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -672,10 +674,10 @@ public class Krb5LoginModule implements LoginModule {
|
||||||
: cred.getClient();
|
: cred.getClient();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (debug) {
|
if (debug != null) {
|
||||||
System.out.println("Principal is " + principal);
|
debug.println("Principal is " + principal);
|
||||||
if (cred == null) {
|
if (cred == null) {
|
||||||
System.out.println
|
debug.println
|
||||||
("null credentials from Ticket Cache");
|
("null credentials from Ticket Cache");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -729,8 +731,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||||
if (Krb5Util.keysFromJavaxKeyTab(ktab, principal).length
|
if (Krb5Util.keysFromJavaxKeyTab(ktab, principal).length
|
||||||
== 0) {
|
== 0) {
|
||||||
ktab = null;
|
ktab = null;
|
||||||
if (debug) {
|
if (debug != null) {
|
||||||
System.out.println
|
debug.println
|
||||||
("Key for the principal " +
|
("Key for the principal " +
|
||||||
principal +
|
principal +
|
||||||
" not available in " +
|
" not available in " +
|
||||||
|
@ -765,14 +767,14 @@ public class Krb5LoginModule implements LoginModule {
|
||||||
}
|
}
|
||||||
builder.destroy();
|
builder.destroy();
|
||||||
|
|
||||||
if (debug) {
|
if (debug != null) {
|
||||||
System.out.println("principal is " + principal);
|
debug.println("principal is " + principal);
|
||||||
HexDumpEncoder hd = new HexDumpEncoder();
|
HexDumpEncoder hd = new HexDumpEncoder();
|
||||||
if (ktab != null) {
|
if (ktab != null) {
|
||||||
System.out.println("Will use keytab");
|
debug.println("Will use keytab");
|
||||||
} else if (storeKey) {
|
} else if (storeKey) {
|
||||||
for (int i = 0; i < encKeys.length; i++) {
|
for (int i = 0; i < encKeys.length; i++) {
|
||||||
System.out.println("EncryptionKey: keyType=" +
|
debug.println("EncryptionKey: keyType=" +
|
||||||
encKeys[i].getEType() +
|
encKeys[i].getEType() +
|
||||||
" keyBytes (hex dump)=" +
|
" keyBytes (hex dump)=" +
|
||||||
hd.encodeBuffer(encKeys[i].getBytes()));
|
hd.encodeBuffer(encKeys[i].getBytes()));
|
||||||
|
@ -800,20 +802,14 @@ public class Krb5LoginModule implements LoginModule {
|
||||||
if (getPasswdFromSharedState) {
|
if (getPasswdFromSharedState) {
|
||||||
// use the name saved by the first module in the stack
|
// use the name saved by the first module in the stack
|
||||||
username = (String)sharedState.get(NAME);
|
username = (String)sharedState.get(NAME);
|
||||||
if (debug) {
|
if (debug != null) {
|
||||||
System.out.println
|
debug.println
|
||||||
("username from shared state is " + username + "\n");
|
("username from shared state is " + username + "\n");
|
||||||
}
|
}
|
||||||
if (username == null) {
|
if (username == null) {
|
||||||
System.out.println
|
|
||||||
("username from shared state is null\n");
|
|
||||||
throw new LoginException
|
throw new LoginException
|
||||||
("Username can not be obtained from sharedstate ");
|
("Username can not be obtained from sharedstate ");
|
||||||
}
|
}
|
||||||
if (debug) {
|
|
||||||
System.out.println
|
|
||||||
("username from shared state is " + username + "\n");
|
|
||||||
}
|
|
||||||
if (username != null && username.length() > 0) {
|
if (username != null && username.length() > 0) {
|
||||||
krb5PrincName.insert(0, username);
|
krb5PrincName.insert(0, username);
|
||||||
return;
|
return;
|
||||||
|
@ -863,15 +859,15 @@ public class Krb5LoginModule implements LoginModule {
|
||||||
// use the password saved by the first module in the stack
|
// use the password saved by the first module in the stack
|
||||||
password = (char[])sharedState.get(PWD);
|
password = (char[])sharedState.get(PWD);
|
||||||
if (password == null) {
|
if (password == null) {
|
||||||
if (debug) {
|
if (debug != null) {
|
||||||
System.out.println
|
debug.println
|
||||||
("Password from shared state is null");
|
("Password from shared state is null");
|
||||||
}
|
}
|
||||||
throw new LoginException
|
throw new LoginException
|
||||||
("Password can not be obtained from sharedstate ");
|
("Password can not be obtained from sharedstate ");
|
||||||
}
|
}
|
||||||
if (debug) {
|
if (debug != null) {
|
||||||
System.out.println
|
debug.println
|
||||||
("password is " + new String(password));
|
("password is " + new String(password));
|
||||||
}
|
}
|
||||||
return;
|
return;
|
||||||
|
@ -911,11 +907,11 @@ public class Krb5LoginModule implements LoginModule {
|
||||||
for (int i = 0; i < tmpPassword.length; i++)
|
for (int i = 0; i < tmpPassword.length; i++)
|
||||||
tmpPassword[i] = ' ';
|
tmpPassword[i] = ' ';
|
||||||
tmpPassword = null;
|
tmpPassword = null;
|
||||||
if (debug) {
|
if (debug != null) {
|
||||||
System.out.println("\t\t[Krb5LoginModule] " +
|
debug.println("\t\t[Krb5LoginModule] " +
|
||||||
"user entered username: " +
|
"user entered username: " +
|
||||||
krb5PrincName);
|
krb5PrincName);
|
||||||
System.out.println();
|
debug.println();
|
||||||
}
|
}
|
||||||
} catch (java.io.IOException ioe) {
|
} catch (java.io.IOException ioe) {
|
||||||
throw new LoginException(ioe.getMessage());
|
throw new LoginException(ioe.getMessage());
|
||||||
|
@ -1008,12 +1004,12 @@ public class Krb5LoginModule implements LoginModule {
|
||||||
throw new RefreshFailedException("This ticket is past "
|
throw new RefreshFailedException("This ticket is past "
|
||||||
+ "its last renewal time.");
|
+ "its last renewal time.");
|
||||||
lcreds = creds.renew();
|
lcreds = creds.renew();
|
||||||
if (debug)
|
if (debug != null)
|
||||||
System.out.println("Renewed Kerberos Ticket");
|
debug.println("Renewed Kerberos Ticket");
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
lcreds = null;
|
lcreds = null;
|
||||||
if (debug)
|
if (debug != null)
|
||||||
System.out.println("Ticket could not be renewed : "
|
debug.println("Ticket could not be renewed : "
|
||||||
+ e.getMessage());
|
+ e.getMessage());
|
||||||
}
|
}
|
||||||
return lcreds;
|
return lcreds;
|
||||||
|
@ -1131,10 +1127,10 @@ public class Krb5LoginModule implements LoginModule {
|
||||||
}
|
}
|
||||||
encKeys[i].destroy();
|
encKeys[i].destroy();
|
||||||
encKeys[i] = null;
|
encKeys[i] = null;
|
||||||
if (debug) {
|
if (debug != null) {
|
||||||
System.out.println("Added server's key"
|
debug.println("Added server's key"
|
||||||
+ kerbKeys[i]);
|
+ kerbKeys[i]);
|
||||||
System.out.println("\t\t[Krb5LoginModule] " +
|
debug.println("\t\t[Krb5LoginModule] " +
|
||||||
"added Krb5Principal " +
|
"added Krb5Principal " +
|
||||||
kerbClientPrinc.toString()
|
kerbClientPrinc.toString()
|
||||||
+ " to Subject");
|
+ " to Subject");
|
||||||
|
@ -1144,8 +1140,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
commitSucceeded = true;
|
commitSucceeded = true;
|
||||||
if (debug)
|
if (debug != null)
|
||||||
System.out.println("Commit Succeeded \n");
|
debug.println("Commit Succeeded \n");
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1194,8 +1190,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||||
*/
|
*/
|
||||||
public boolean logout() throws LoginException {
|
public boolean logout() throws LoginException {
|
||||||
|
|
||||||
if (debug) {
|
if (debug != null) {
|
||||||
System.out.println("\t\t[Krb5LoginModule]: " +
|
debug.println("\t\t[Krb5LoginModule]: " +
|
||||||
"Entering logout");
|
"Entering logout");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1222,8 +1218,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||||
|
|
||||||
succeeded = false;
|
succeeded = false;
|
||||||
commitSucceeded = false;
|
commitSucceeded = false;
|
||||||
if (debug) {
|
if (debug != null) {
|
||||||
System.out.println("\t\t[Krb5LoginModule]: " +
|
debug.println("\t\t[Krb5LoginModule]: " +
|
||||||
"logged out Subject");
|
"logged out Subject");
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2009, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -78,8 +78,8 @@ public class IPv6 {
|
||||||
|
|
||||||
ByteArrayOutputStream bo = new ByteArrayOutputStream();
|
ByteArrayOutputStream bo = new ByteArrayOutputStream();
|
||||||
PrintStream po = new PrintStream(bo);
|
PrintStream po = new PrintStream(bo);
|
||||||
PrintStream oldout = System.out;
|
PrintStream oldErr = System.err;
|
||||||
System.setOut(po);
|
System.setErr(po);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
Subject subject = new Subject();
|
Subject subject = new Subject();
|
||||||
|
@ -101,7 +101,7 @@ public class IPv6 {
|
||||||
|
|
||||||
po.flush();
|
po.flush();
|
||||||
|
|
||||||
System.setOut(oldout);
|
System.setErr(oldErr);
|
||||||
BufferedReader br = new BufferedReader(new StringReader(
|
BufferedReader br = new BufferedReader(new StringReader(
|
||||||
new String(bo.toByteArray())));
|
new String(bo.toByteArray())));
|
||||||
int cc = 0;
|
int cc = 0;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2022, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -152,7 +152,7 @@ public class Cleaners {
|
||||||
Proc.binOut(b.getMic(MSG));
|
Proc.binOut(b.getMic(MSG));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
System.out.println("Prepare for GC");
|
System.err.println("Prepare for GC");
|
||||||
for (int i = 0; i < 10; i++) {
|
for (int i = 0; i < 10; i++) {
|
||||||
System.gc();
|
System.gc();
|
||||||
Thread.sleep(100);
|
Thread.sleep(100);
|
||||||
|
@ -162,9 +162,9 @@ public class Cleaners {
|
||||||
private static void ensureCleanersCalled(Proc p) throws Exception {
|
private static void ensureCleanersCalled(Proc p) throws Exception {
|
||||||
p.output()
|
p.output()
|
||||||
.shouldHaveExitValue(0)
|
.shouldHaveExitValue(0)
|
||||||
.stdoutShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_deleteContext")
|
.stderrShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_deleteContext")
|
||||||
.stdoutShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_releaseName")
|
.stderrShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_releaseName")
|
||||||
.stdoutShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_releaseCred");
|
.stderrShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_releaseCred");
|
||||||
}
|
}
|
||||||
|
|
||||||
private static Proc proc(String type) throws Exception {
|
private static Proc proc(String type) throws Exception {
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2016, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
@ -257,16 +257,16 @@ public class KdcPolicy {
|
||||||
static void test(String... expected) throws Exception {
|
static void test(String... expected) throws Exception {
|
||||||
|
|
||||||
System.out.println("------------------TEST----------------------");
|
System.out.println("------------------TEST----------------------");
|
||||||
PrintStream oldOut = System.out;
|
PrintStream oldErr = System.err;
|
||||||
boolean failed = false;
|
boolean failed = false;
|
||||||
ByteArrayOutputStream bo = new ByteArrayOutputStream();
|
ByteArrayOutputStream bo = new ByteArrayOutputStream();
|
||||||
System.setOut(new PrintStream(bo));
|
System.setErr(new PrintStream(bo));
|
||||||
try {
|
try {
|
||||||
Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
|
Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
failed = true;
|
failed = true;
|
||||||
} finally {
|
} finally {
|
||||||
System.setOut(oldOut);
|
System.setErr(oldErr);
|
||||||
}
|
}
|
||||||
|
|
||||||
String[] lines = new String(bo.toByteArray()).split("\n");
|
String[] lines = new String(bo.toByteArray()).split("\n");
|
||||||
|
|
64
test/jdk/sun/security/krb5/auto/LoginModuleDebug.java
Normal file
64
test/jdk/sun/security/krb5/auto/LoginModuleDebug.java
Normal file
|
@ -0,0 +1,64 @@
|
||||||
|
/*
|
||||||
|
* Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
|
*
|
||||||
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU General Public License version 2 only, as
|
||||||
|
* published by the Free Software Foundation.
|
||||||
|
*
|
||||||
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
* version 2 for more details (a copy is included in the LICENSE file that
|
||||||
|
* accompanied this code).
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License version
|
||||||
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||||
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*
|
||||||
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||||
|
* or visit www.oracle.com if you need additional information or have any
|
||||||
|
* questions.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @test
|
||||||
|
* @bug 8327818
|
||||||
|
* @summary reimplement debug option in Krb5LoginModule
|
||||||
|
* @library /test/lib
|
||||||
|
*/
|
||||||
|
import com.sun.security.auth.module.Krb5LoginModule;
|
||||||
|
import jdk.test.lib.process.ProcessTools;
|
||||||
|
|
||||||
|
import java.util.Map;
|
||||||
|
import javax.security.auth.Subject;
|
||||||
|
|
||||||
|
public class LoginModuleDebug {
|
||||||
|
public static void main(String[] args) throws Exception {
|
||||||
|
if (args.length == 0) {
|
||||||
|
// debug option set to true
|
||||||
|
ProcessTools.executeTestJava("LoginModuleDebug",
|
||||||
|
"debug", "true")
|
||||||
|
.stdoutShouldBeEmpty()
|
||||||
|
.stderrShouldContain("krb5loginmodule:");
|
||||||
|
// debug option set to false
|
||||||
|
ProcessTools.executeTestJava("LoginModuleDebug",
|
||||||
|
"debug", "false")
|
||||||
|
.stdoutShouldBeEmpty()
|
||||||
|
.stderrShouldNotContain("krb5loginmodule:");
|
||||||
|
// no debug option
|
||||||
|
ProcessTools.executeTestJava("LoginModuleDebug",
|
||||||
|
"foo", "bar")
|
||||||
|
.stdoutShouldBeEmpty()
|
||||||
|
.stderrShouldNotContain("krb5loginmodule:");
|
||||||
|
} else {
|
||||||
|
test(args[0], args[1]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static void test(String key, String prop)
|
||||||
|
throws Exception {
|
||||||
|
new Krb5LoginModule().initialize(
|
||||||
|
new Subject(), null, Map.of(), Map.of(key, prop));
|
||||||
|
}
|
||||||
|
}
|
Loading…
Add table
Add a link
Reference in a new issue