archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-09-22 12:04:39 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8231134: Improved credential support

Browse source 
Reviewed-by: ahgross, valeriep
This commit is contained in:
Weijun Wang 2019-09-26 18:13:20 +08:00
parent bda0fba56b
commit 7c32a6aeae
1 changed files with 79 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

96
src/java.security.jgss/windows/native/libsspi_bridge/sspi.cpp
View file

@ -132,8 +132,9 @@ seconds_until(int inputIsUTC, TimeStamp *time)
return 0; return 0;
} }
ULONGLONG diff = (time->QuadPart - uiLocal.QuadPart) / 10000000; ULONGLONG diff = (time->QuadPart - uiLocal.QuadPart) / 10000000;
if (diff > (ULONGLONG)~(OM_uint32)0) if (diff > (ULONGLONG)~(OM_uint32)0) {
return GSS_C_INDEFINITE; return GSS_C_INDEFINITE;
}
return (OM_uint32)diff; return (OM_uint32)diff;
} }
@ -177,8 +178,10 @@ static gss_cred_id_t
new_cred() new_cred()
{ {
gss_cred_id_t out = new gss_cred_id_struct; gss_cred_id_t out = new gss_cred_id_struct;
if (out) {
out->phCredK = out->phCredS = NULL; out->phCredK = out->phCredS = NULL;
out->time = 0L; out->time = 0L;
}
return out; return out;
} }
@ -864,6 +867,7 @@ gss_init_sec_context(OM_uint32 *minor_status,
SecBufferDesc outBuffDesc; SecBufferDesc outBuffDesc;
SecBuffer outSecBuff; SecBuffer outSecBuff;
BOOLEAN isSPNEGO = is_same_oid(mech_type, &SPNEGO_OID); BOOLEAN isSPNEGO = is_same_oid(mech_type, &SPNEGO_OID);
CredHandle* newCred = NULL;
gss_ctx_id_t pc; gss_ctx_id_t pc;
@ -928,7 +932,10 @@ gss_init_sec_context(OM_uint32 *minor_status,
pc->isLocalCred = FALSE; pc->isLocalCred = FALSE;
} else { } else {
PP("No credentials provided, acquire myself"); PP("No credentials provided, acquire myself");
CredHandle* newCred = new CredHandle; newCred = new CredHandle;
if (!newCred) {
goto err;
}
SEC_WINNT_AUTH_IDENTITY_EX auth; SEC_WINNT_AUTH_IDENTITY_EX auth;
ZeroMemory(&auth, sizeof(auth)); ZeroMemory(&auth, sizeof(auth));
auth.Version = SEC_WINNT_AUTH_IDENTITY_VERSION; auth.Version = SEC_WINNT_AUTH_IDENTITY_VERSION;
@ -947,7 +954,6 @@ gss_init_sec_context(OM_uint32 *minor_status,
newCred, newCred,
&lifeTime); &lifeTime);
if (!(SEC_SUCCESS(ss))) { if (!(SEC_SUCCESS(ss))) {
delete newCred;
goto err; goto err;
} }
pc->phCred = newCred; pc->phCred = newCred;
@ -989,7 +995,6 @@ gss_init_sec_context(OM_uint32 *minor_status,
output_token->value = new char[outSecBuff.cbBuffer]; output_token->value = new char[outSecBuff.cbBuffer];
if (!output_token->value) { if (!output_token->value) {
FreeContextBuffer(outSecBuff.pvBuffer); FreeContextBuffer(outSecBuff.pvBuffer);
output_token->length = 0;
goto err; goto err;
} }
memcpy(output_token->value, outSecBuff.pvBuffer, outSecBuff.cbBuffer); memcpy(output_token->value, outSecBuff.pvBuffer, outSecBuff.cbBuffer);
@ -1009,14 +1014,17 @@ gss_init_sec_context(OM_uint32 *minor_status,
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
} }
err: err:
if (newCred) {
delete newCred;
}
if (firstTime) { if (firstTime) {
OM_uint32 dummy; OM_uint32 dummy;
gss_delete_sec_context(&dummy, context_handle, GSS_C_NO_BUFFER); gss_delete_sec_context(&dummy, context_handle, GSS_C_NO_BUFFER);
} }
if (output_token->value) { if (output_token->value) {
gss_release_buffer(NULL, output_token); gss_release_buffer(NULL, output_token);
output_token = GSS_C_NO_BUFFER;
} }
output_token = GSS_C_NO_BUFFER;
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }
@ -1233,17 +1241,26 @@ gss_get_mic(OM_uint32 *minor_status,
secBuff[1].cbBuffer = context_handle->SecPkgContextSizes.cbMaxSignature; secBuff[1].cbBuffer = context_handle->SecPkgContextSizes.cbMaxSignature;
secBuff[1].pvBuffer = msg_token->value = new char[secBuff[1].cbBuffer]; secBuff[1].pvBuffer = msg_token->value = new char[secBuff[1].cbBuffer];
if (!secBuff[1].pvBuffer) {
goto err;
}
ss = MakeSignature((PCtxtHandle)&context_handle->hCtxt, 0, &buffDesc, 0); ss = MakeSignature((PCtxtHandle)&context_handle->hCtxt, 0, &buffDesc, 0);
if (!SEC_SUCCESS(ss)) { if (!SEC_SUCCESS(ss)) {
msg_token->length = 0; goto err;
msg_token->value = NULL;
delete[] secBuff[1].pvBuffer;
return GSS_S_FAILURE;
} }
msg_token->length = secBuff[1].cbBuffer; msg_token->length = secBuff[1].cbBuffer;
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
err:
msg_token->length = 0;
msg_token->value = NULL;
if (secBuff[1].pvBuffer) {
delete[] secBuff[1].pvBuffer;
}
return GSS_S_FAILURE;
} }
__declspec(dllexport) OM_uint32 __declspec(dllexport) OM_uint32
@ -1317,16 +1334,25 @@ gss_wrap(OM_uint32 *minor_status,
context_handle->SecPkgContextSizes.cbSecurityTrailer context_handle->SecPkgContextSizes.cbSecurityTrailer
+ input_message_buffer->length + input_message_buffer->length
+ context_handle->SecPkgContextSizes.cbBlockSize);; + context_handle->SecPkgContextSizes.cbBlockSize);;
if (!output_message_buffer->value) {
goto err;
}
secBuff[1].BufferType = SECBUFFER_DATA; secBuff[1].BufferType = SECBUFFER_DATA;
secBuff[1].cbBuffer = (ULONG)input_message_buffer->length; secBuff[1].cbBuffer = (ULONG)input_message_buffer->length;
secBuff[1].pvBuffer = malloc(secBuff[1].cbBuffer); secBuff[1].pvBuffer = malloc(secBuff[1].cbBuffer);
if (!secBuff[1].pvBuffer) {
goto err;
}
memcpy_s(secBuff[1].pvBuffer, secBuff[1].cbBuffer, memcpy_s(secBuff[1].pvBuffer, secBuff[1].cbBuffer,
input_message_buffer->value, input_message_buffer->length); input_message_buffer->value, input_message_buffer->length);
secBuff[2].BufferType = SECBUFFER_PADDING; secBuff[2].BufferType = SECBUFFER_PADDING;
secBuff[2].cbBuffer = context_handle->SecPkgContextSizes.cbBlockSize; secBuff[2].cbBuffer = context_handle->SecPkgContextSizes.cbBlockSize;
secBuff[2].pvBuffer = malloc(secBuff[2].cbBuffer); secBuff[2].pvBuffer = malloc(secBuff[2].cbBuffer);
if (!secBuff[2].pvBuffer) {
goto err;
}
ss = EncryptMessage((PCtxtHandle)&context_handle->hCtxt, ss = EncryptMessage((PCtxtHandle)&context_handle->hCtxt,
conf_req_flag ? 0 : SECQOP_WRAP_NO_ENCRYPT, conf_req_flag ? 0 : SECQOP_WRAP_NO_ENCRYPT,
@ -1336,12 +1362,7 @@ gss_wrap(OM_uint32 *minor_status,
} }
if (!SEC_SUCCESS(ss)) { if (!SEC_SUCCESS(ss)) {
free(secBuff[0].pvBuffer); goto err;
free(secBuff[1].pvBuffer);
free(secBuff[2].pvBuffer);
output_message_buffer->length = 0;
output_message_buffer->value = NULL;
return GSS_S_FAILURE;
} }
memcpy_s((PBYTE)secBuff[0].pvBuffer + secBuff[0].cbBuffer, memcpy_s((PBYTE)secBuff[0].pvBuffer + secBuff[0].cbBuffer,
@ -1359,6 +1380,20 @@ gss_wrap(OM_uint32 *minor_status,
free(secBuff[2].pvBuffer); free(secBuff[2].pvBuffer);
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
err:
if (secBuff[0].pvBuffer) {
free(secBuff[0].pvBuffer);
}
if (secBuff[1].pvBuffer) {
free(secBuff[1].pvBuffer);
}
if (secBuff[2].pvBuffer) {
free(secBuff[2].pvBuffer);
}
output_message_buffer->length = 0;
output_message_buffer->value = NULL;
return GSS_S_FAILURE;
} }
__declspec(dllexport) OM_uint32 __declspec(dllexport) OM_uint32
@ -1386,6 +1421,11 @@ gss_unwrap(OM_uint32 *minor_status,
secBuff[0].BufferType = SECBUFFER_STREAM; secBuff[0].BufferType = SECBUFFER_STREAM;
secBuff[0].cbBuffer = (ULONG)input_message_buffer->length; secBuff[0].cbBuffer = (ULONG)input_message_buffer->length;
secBuff[0].pvBuffer = malloc(input_message_buffer->length); secBuff[0].pvBuffer = malloc(input_message_buffer->length);
if (!secBuff[0].pvBuffer) {
goto err;
}
memcpy_s(secBuff[0].pvBuffer, input_message_buffer->length, memcpy_s(secBuff[0].pvBuffer, input_message_buffer->length,
input_message_buffer->value, input_message_buffer->length); input_message_buffer->value, input_message_buffer->length);
@ -1398,21 +1438,31 @@ gss_unwrap(OM_uint32 *minor_status,
*qop_state = ulQop; *qop_state = ulQop;
} }
if (!SEC_SUCCESS(ss)) { if (!SEC_SUCCESS(ss)) {
free(secBuff[0].pvBuffer); goto err;
output_message_buffer->length = 0;
output_message_buffer->value = NULL;
return GSS_S_FAILURE;
} }
// Must allocate a new memory block so client can release it correctly // Must allocate a new memory block so client can release it correctly
output_message_buffer->length = secBuff[1].cbBuffer; output_message_buffer->length = secBuff[1].cbBuffer;
output_message_buffer->value = new char[secBuff[1].cbBuffer]; output_message_buffer->value = new char[secBuff[1].cbBuffer];
if (!output_message_buffer->value) {
goto err;
}
memcpy_s(output_message_buffer->value, secBuff[1].cbBuffer, memcpy_s(output_message_buffer->value, secBuff[1].cbBuffer,
secBuff[1].pvBuffer, secBuff[1].cbBuffer); secBuff[1].pvBuffer, secBuff[1].cbBuffer);
*conf_state = ulQop == SECQOP_WRAP_NO_ENCRYPT ? 0 : 1; *conf_state = ulQop == SECQOP_WRAP_NO_ENCRYPT ? 0 : 1;
free(secBuff[0].pvBuffer); free(secBuff[0].pvBuffer);
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
err:
if (secBuff[0].pvBuffer) {
free(secBuff[0].pvBuffer);
}
output_message_buffer->length = 0;
output_message_buffer->value = NULL;
return GSS_S_FAILURE;
} }
__declspec(dllexport) OM_uint32 __declspec(dllexport) OM_uint32
@ -1544,11 +1594,19 @@ gss_display_status(OM_uint32 *minor_status,
msg, 256, 0); msg, 256, 0);
if (len > 0) { if (len > 0) {
status_string->value = new char[len + 20]; status_string->value = new char[len + 20];
if (!status_string->value) {
status_string = GSS_C_NO_BUFFER;
return GSS_S_FAILURE;
}
status_string->length = sprintf_s( status_string->length = sprintf_s(
(LPSTR)status_string->value, len + 19, (LPSTR)status_string->value, len + 19,
"(%lx) %ls", status_value, msg); "(%lx) %ls", status_value, msg);
} else { } else {
status_string->value = new char[33]; status_string->value = new char[33];
if (!status_string->value) {
status_string = GSS_C_NO_BUFFER;
return GSS_S_FAILURE;
}
status_string->length = sprintf_s( status_string->length = sprintf_s(
(LPSTR)status_string->value, 32, (LPSTR)status_string->value, 32,
"status is %lx", status_value); "status is %lx", status_value);