archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-09-16 09:04:41 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8210610: Improved LSA authentication

Browse source 
Reviewed-by: valeriep, mschoene, rhalade
This commit is contained in:
Weijun Wang 2018-09-29 10:08:42 +08:00
parent 9a9b3e9ac5
commit d2590ffc9d
1 changed files with 27 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

32
src/java.security.jgss/windows/native/libw2k_lsa_auth/NativeCreds.c
View file

@ -78,7 +78,8 @@ BOOL native_debug = 0;
BOOL PackageConnectLookup(PHANDLE,PULONG); BOOL PackageConnectLookup(PHANDLE,PULONG);
NTSTATUS ConstructTicketRequest(UNICODE_STRING DomainName, NTSTATUS ConstructTicketRequest(JNIEnv *env,
UNICODE_STRING DomainName,
PKERB_RETRIEVE_TKT_REQUEST *outRequest, PKERB_RETRIEVE_TKT_REQUEST *outRequest,
ULONG *outSize); ULONG *outSize);
@ -104,6 +105,8 @@ jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey);
jobject BuildTicketFlags(JNIEnv *env, PULONG flags); jobject BuildTicketFlags(JNIEnv *env, PULONG flags);
jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime); jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime);
void ThrowOOME(JNIEnv *env, const char *szMessage);
/* /*
* Class: sun_security_krb5_KrbCreds * Class: sun_security_krb5_KrbCreds
* Method: JNI_OnLoad * Method: JNI_OnLoad
@ -497,7 +500,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
} }
// use domain to request Ticket // use domain to request Ticket
Status = ConstructTicketRequest(msticket->TargetDomainName, Status = ConstructTicketRequest(env, msticket->TargetDomainName,
&pTicketRequest, &requestSize); &pTicketRequest, &requestSize);
if (!LSA_SUCCESS(Status)) { if (!LSA_SUCCESS(Status)) {
ShowNTError("ConstructTicketRequest status", Status); ShowNTError("ConstructTicketRequest status", Status);
@ -691,7 +694,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
} }
static NTSTATUS static NTSTATUS
ConstructTicketRequest(UNICODE_STRING DomainName, ConstructTicketRequest(JNIEnv *env, UNICODE_STRING DomainName,
PKERB_RETRIEVE_TKT_REQUEST *outRequest, ULONG *outSize) PKERB_RETRIEVE_TKT_REQUEST *outRequest, ULONG *outSize)
{ {
NTSTATUS Status; NTSTATUS Status;
@ -738,8 +741,10 @@ ConstructTicketRequest(UNICODE_STRING DomainName,
pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST) pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST)
LocalAlloc(LMEM_ZEROINIT, RequestSize); LocalAlloc(LMEM_ZEROINIT, RequestSize);
if (!pTicketRequest) if (!pTicketRequest) {
ThrowOOME(env, "Can't allocate memory for ticket");
return GetLastError(); return GetLastError();
}
// //
// Concatenate the target prefix with the previous response's // Concatenate the target prefix with the previous response's
@ -896,7 +901,7 @@ jobject BuildTicket(JNIEnv *env, PUCHAR encodedTicket, ULONG encodedTicketSize)
jbyteArray ary; jbyteArray ary;
ary = (*env)->NewByteArray(env,encodedTicketSize); ary = (*env)->NewByteArray(env,encodedTicketSize);
if ((*env)->ExceptionOccurred(env)) { if (ary == NULL) {
return (jobject) NULL; return (jobject) NULL;
} }
@ -942,6 +947,10 @@ jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName,
realm = (WCHAR *) LocalAlloc(LMEM_ZEROINIT, realm = (WCHAR *) LocalAlloc(LMEM_ZEROINIT,
((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL))); ((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL)));
if (realm == NULL) {
ThrowOOME(env, "Can't allocate memory for realm");
return NULL;
}
wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR)); wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR));
if (native_debug) { if (native_debug) {
@ -1016,6 +1025,9 @@ jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey) {
} }
ary = (*env)->NewByteArray(env,cryptoKey->Length); ary = (*env)->NewByteArray(env,cryptoKey->Length);
if (ary == NULL) {
return (jobject) NULL;
}
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length, (*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length,
(jbyte *)cryptoKey->Value); (jbyte *)cryptoKey->Value);
if ((*env)->ExceptionOccurred(env)) { if ((*env)->ExceptionOccurred(env)) {
@ -1038,6 +1050,9 @@ jobject BuildTicketFlags(JNIEnv *env, PULONG flags) {
ULONG nlflags = htonl(*flags); ULONG nlflags = htonl(*flags);
ary = (*env)->NewByteArray(env, sizeof(*flags)); ary = (*env)->NewByteArray(env, sizeof(*flags));
if (ary == NULL) {
return (jobject) NULL;
}
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(*flags), (*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(*flags),
(jbyte *)&nlflags); (jbyte *)&nlflags);
if ((*env)->ExceptionOccurred(env)) { if ((*env)->ExceptionOccurred(env)) {
@ -1090,3 +1105,10 @@ jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime) {
} }
return kerberosTime; return kerberosTime;
} }
void ThrowOOME(JNIEnv *env, const char *szMessage) {
jclass exceptionClazz = (*env)->FindClass(env, "java/lang/OutOfMemoryError");
if (exceptionClazz != NULL) {
(*env)->ThrowNew(env, exceptionClazz, szMessage);
}
}