Merge

2025-08-27 23:04:50 +02:00 · 2019-01-15 22:54:09 +01:00 · 2019-01-15 22:54:09 +01:00 · a8c5f1e59a
commit a8c5f1e59a
parent d1c7bfeb4b 7a046a24ea
64 changed files with 1781 additions and 378 deletions
--- a/src/java.base/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
+++ b/src/java.base/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
@ -32,6 +32,7 @@ import java.net.UnknownHostException;
 import java.net.URL;
 import java.util.Objects;
 import java.util.Properties;
+import sun.net.NetProperties;
 import sun.net.www.HeaderParser;
 import sun.net.www.protocol.http.AuthenticationInfo;
 import sun.net.www.protocol.http.AuthScheme;
@ -56,11 +57,33 @@ public class NTLMAuthentication extends AuthenticationInfo {
    private static final String defaultDomain;
    /* Whether cache is enabled for NTLM */
    private static final boolean ntlmCache;
+
+    enum TransparentAuth {
+        DISABLED,      // disable for all hosts (default)
+        TRUSTED_HOSTS, // use Windows trusted hosts settings
+        ALL_HOSTS      // attempt for all hosts
+    }
+
+    private static final TransparentAuth authMode;
+
    static {
        Properties props = GetPropertyAction.privilegedGetProperties();
        defaultDomain = props.getProperty("http.auth.ntlm.domain", "domain");
        String ntlmCacheProp = props.getProperty("jdk.ntlm.cache", "true");
        ntlmCache = Boolean.parseBoolean(ntlmCacheProp);
+        String modeProp = java.security.AccessController.doPrivileged(
+            new java.security.PrivilegedAction<String>() {
+                public String run() {
+                    return NetProperties.get("jdk.http.ntlm.transparentAuth");
+                }
+            });
+
+        if ("trustedHosts".equalsIgnoreCase(modeProp))
+            authMode = TransparentAuth.TRUSTED_HOSTS;
+        else if ("allHosts".equalsIgnoreCase(modeProp))
+            authMode = TransparentAuth.ALL_HOSTS;
+        else
+            authMode = TransparentAuth.DISABLED;
    }

    private void init0() {
@ -166,9 +189,21 @@ public class NTLMAuthentication extends AuthenticationInfo {
     * transparent Authentication.
     */
    public static boolean isTrustedSite(URL url) {
-        return NTLMAuthCallback.isTrustedSite(url);
+        if (NTLMAuthCallback != null)
+            return NTLMAuthCallback.isTrustedSite(url);
+
+        switch (authMode) {
+            case TRUSTED_HOSTS:
+                return isTrustedSite(url.toString());
+            case ALL_HOSTS:
+                return true;
+            default:
+                return false;
+        }
    }

+    static native boolean isTrustedSite(String url);
+
    /**
     * Not supported. Must use the setHeaders() method
     */
@ -218,5 +253,4 @@ public class NTLMAuthentication extends AuthenticationInfo {
            return false;
        }
    }
-
 }
--- a/src/java.base/windows/native/libnet/NTLMAuthentication.c
+++ b/src/java.base/windows/native/libnet/NTLMAuthentication.c
@ -0,0 +1,106 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#include <jni.h>
+#include <windows.h>
+#include "jni_util.h"
+#include <urlmon.h>
+
+JNIEXPORT jboolean JNICALL Java_sun_net_www_protocol_http_ntlm_NTLMAuthentication_isTrustedSite(JNIEnv *env, jclass clazz, jstring url )
+{
+
+    HRESULT hr;
+    DWORD dwZone;
+    DWORD  pPolicy = 0;
+    IInternetSecurityManager *spSecurityManager;
+    jboolean ret;
+
+    // Create IInternetSecurityManager
+    hr = CoInternetCreateSecurityManager(NULL, &spSecurityManager, (DWORD)0);
+    if (FAILED(hr)) {
+        return JNI_FALSE;
+    }
+
+    const LPCWSTR bstrURL = (LPCWSTR)((*env)->GetStringChars(env, url, NULL));
+    if (bstrURL == NULL) {
+        if (!(*env)->ExceptionCheck(env))
+            JNU_ThrowOutOfMemoryError(env, NULL);
+        spSecurityManager->lpVtbl->Release(spSecurityManager);
+        return JNI_FALSE;
+    }
+
+    // Determines the policy for the URLACTION_CREDENTIALS_USE action and display
+    // a user interface, if the policy indicates that the user should be queried
+    hr = spSecurityManager->lpVtbl->ProcessUrlAction(
+        spSecurityManager,
+        bstrURL,
+        URLACTION_CREDENTIALS_USE,
+        (LPBYTE)&pPolicy,
+        sizeof(DWORD), 0, 0, 0, 0);
+
+    if (FAILED(hr)) {
+        ret = JNI_FALSE;
+        goto cleanupAndReturn;
+    }
+
+    // If these two User Authentication Logon options is selected
+    // Anonymous logon
+    // Prompt for user name and password
+    if (pPolicy == URLPOLICY_CREDENTIALS_ANONYMOUS_ONLY ||
+        pPolicy == URLPOLICY_CREDENTIALS_MUST_PROMPT_USER) {
+        ret = JNI_FALSE;
+        goto cleanupAndReturn;
+    }
+
+    // Option "Automatic logon with current user name and password" is selected
+    if (pPolicy == URLPOLICY_CREDENTIALS_SILENT_LOGON_OK) {
+        ret = JNI_TRUE;
+        goto cleanupAndReturn;
+    }
+
+    // Option "Automatic logon only in intranet zone" is selected
+    if (pPolicy == URLPOLICY_CREDENTIALS_CONDITIONAL_PROMPT) {
+
+        // Gets the zone index from the specified URL
+        hr = spSecurityManager->lpVtbl->MapUrlToZone(
+                spSecurityManager, bstrURL, &dwZone, 0);
+        if (FAILED(hr)) {
+            ret = JNI_FALSE;
+            goto cleanupAndReturn;
+        }
+
+        // Check if the URL is in Local or Intranet zone
+        if (dwZone == URLZONE_INTRANET || dwZone == URLZONE_LOCAL_MACHINE) {
+            ret = JNI_TRUE;
+            goto cleanupAndReturn;
+        }
+    }
+    ret = JNI_FALSE;
+
+cleanupAndReturn:
+    (*env)->ReleaseStringChars(env, url, bstrURL);
+    spSecurityManager->lpVtbl->Release(spSecurityManager);
+    return ret;
+}
--- a/src/java.base/windows/native/libnet/NetworkInterface.c
+++ b/src/java.base/windows/native/libnet/NetworkInterface.c
@ -273,7 +273,7 @@ int enumInterfaces(JNIEnv *env, netif **netifPP)
                // But in rare case it fails, we allow 'char' to be displayed
                curr->displayName = (char *)malloc(ifrowP->dwDescrLen + 1);
            } else {
-                curr->displayName = (wchar_t *)malloc(wlen*(sizeof(wchar_t))+1);
+                curr->displayName = (wchar_t *)malloc((wlen+1)*sizeof(wchar_t));
            }

            curr->name = (char *)malloc(strlen(dev_name) + 1);
@ -316,7 +316,7 @@ int enumInterfaces(JNIEnv *env, netif **netifPP)
                free(curr);
                return -1;
            } else {
-                curr->displayName[wlen*(sizeof(wchar_t))] = '\0';
+                ((wchar_t *)curr->displayName)[wlen] = L'\0';
                curr->dNameIsUnicode = TRUE;
            }
        }
--- a/src/java.base/windows/native/libnio/ch/DatagramDispatcher.c
+++ b/src/java.base/windows/native/libnio/ch/DatagramDispatcher.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -95,6 +95,10 @@ Java_sun_nio_ch_DatagramDispatcher_readv0(JNIEnv *env, jclass clazz,
    jint fd = fdval(env, fdo);
    struct iovec *iovp = (struct iovec *)address;
    WSABUF *bufs = malloc(len * sizeof(WSABUF));
+    if (bufs == NULL) {
+        JNU_ThrowOutOfMemoryError(env, NULL);
+        return IOS_THROWN;
+    }

    /* copy iovec into WSABUF */
    for(i=0; i<len; i++) {
@ -182,6 +186,10 @@ Java_sun_nio_ch_DatagramDispatcher_writev0(JNIEnv *env, jclass clazz,
    jint fd = fdval(env, fdo);
    struct iovec *iovp = (struct iovec *)address;
    WSABUF *bufs = malloc(len * sizeof(WSABUF));
+    if (bufs == NULL) {
+        JNU_ThrowOutOfMemoryError(env, NULL);
+        return IOS_THROWN;
+    }

    /* copy iovec into WSABUF */
    for(i=0; i<len; i++) {
--- a/src/java.base/windows/native/libnio/ch/WindowsSelectorImpl.c
+++ b/src/java.base/windows/native/libnio/ch/WindowsSelectorImpl.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -219,6 +219,10 @@ Java_sun_nio_ch_WindowsSelectorImpl_resetWakeupSocket0(JNIEnv *env, jclass this,
    /* Prepare corresponding buffer if needed, and then read */
    if (bytesToRead > WAKEUP_SOCKET_BUF_SIZE) {
        char* buf = (char*)malloc(bytesToRead);
+        if (buf == NULL) {
+            JNU_ThrowOutOfMemoryError(env, NULL);
+            return;
+        }
        recv(scinFd, buf, bytesToRead, 0);
        free(buf);
    } else {