Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 0c6092d8 编写于 作者: C coffeys
浏览文件
操作

7049079: NTSYSTEM CLASS IS LEAKING WINDOWS TOKENS 

Reviewed-by: weijun
上级 dba16f93
显示空白变更内容
内联 并排
Showing with 25 addition and 23 deletion
src/share/classes/com/sun/security/auth/module/NTSystem.java
浏览文件 @ 0c6092d8
/* /*
* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -33,6 +33,7 @@ package com.sun.security.auth.module; ...@@ -33,6 +33,7 @@ package com.sun.security.auth.module;
public class NTSystem { public class NTSystem {
private native void getCurrent(boolean debug); private native void getCurrent(boolean debug);
private native long getImpersonationToken0();
private String userName; private String userName;
private String domain; private String domain;
...@@ -132,10 +133,14 @@ public class NTSystem { ...@@ -132,10 +133,14 @@ public class NTSystem {
* *
* @return an impersonation token for the current NT user. * @return an impersonation token for the current NT user.
*/ */
public long getImpersonationToken() { public synchronized long getImpersonationToken() {
if (impersonationToken == 0) {
impersonationToken = getImpersonationToken0();
}
return impersonationToken; return impersonationToken;
} }
private void loadNative() { private void loadNative() {
System.loadLibrary("jaas_nt"); System.loadLibrary("jaas_nt");
} }
......
src/windows/native/com/sun/security/auth/module/nt.c
浏览文件 @ 0c6092d8
/* /*
* Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -43,6 +43,19 @@ BOOL getImpersonationToken(PHANDLE impersonationToken); ...@@ -43,6 +43,19 @@ BOOL getImpersonationToken(PHANDLE impersonationToken);
BOOL getTextualSid(PSID pSid, LPTSTR TextualSid, LPDWORD lpdwBufferLen); BOOL getTextualSid(PSID pSid, LPTSTR TextualSid, LPDWORD lpdwBufferLen);
void DisplayErrorText(DWORD dwLastError); void DisplayErrorText(DWORD dwLastError);
JNIEXPORT jlong JNICALL
Java_com_sun_security_auth_module_NTSystem_getImpersonationToken0
(JNIEnv *env, jobject obj) {
HANDLE impersonationToken = 0; // impersonation token
if (debug) {
printf("getting impersonation token\n");
}
if (getImpersonationToken(&impersonationToken) == FALSE) {
return 0;
}
return (jlong)impersonationToken;
}
JNIEXPORT void JNICALL JNIEXPORT void JNICALL
Java_com_sun_security_auth_module_NTSystem_getCurrent Java_com_sun_security_auth_module_NTSystem_getCurrent
(JNIEnv *env, jobject obj, jboolean debugNative) { (JNIEnv *env, jobject obj, jboolean debugNative) {
...@@ -59,7 +72,6 @@ Java_com_sun_security_auth_module_NTSystem_getCurrent ...@@ -59,7 +72,6 @@ Java_com_sun_security_auth_module_NTSystem_getCurrent
DWORD numGroups = 0; // num groups DWORD numGroups = 0; // num groups
LPTSTR *groups = NULL; // groups array LPTSTR *groups = NULL; // groups array
long pIndex = -1; // index of primaryGroup in groups array long pIndex = -1; // index of primaryGroup in groups array
HANDLE impersonationToken = 0; // impersonation token
jfieldID fid; jfieldID fid;
jstring jstr; jstring jstr;
...@@ -100,13 +112,6 @@ Java_com_sun_security_auth_module_NTSystem_getCurrent ...@@ -100,13 +112,6 @@ Java_com_sun_security_auth_module_NTSystem_getCurrent
return; return;
} }
if (debug) {
printf("getting impersonation token\n");
}
if (getImpersonationToken(&impersonationToken) == FALSE) {
return;
}
// then set values into NTSystem // then set values into NTSystem
fid = (*env)->GetFieldID(env, cls, "userName", "Ljava/lang/String;"); fid = (*env)->GetFieldID(env, cls, "userName", "Ljava/lang/String;");
...@@ -233,18 +238,6 @@ Java_com_sun_security_auth_module_NTSystem_getCurrent ...@@ -233,18 +238,6 @@ Java_com_sun_security_auth_module_NTSystem_getCurrent
(*env)->SetObjectField(env, obj, fid, jgroups); (*env)->SetObjectField(env, obj, fid, jgroups);
} }
fid = (*env)->GetFieldID(env, cls, "impersonationToken", "J");
if (fid == 0) {
jclass newExcCls =
(*env)->FindClass(env, "java/lang/IllegalArgumentException");
if (newExcCls == 0) {
systemError = TRUE;
goto out;
}
(*env)->ThrowNew(env, newExcCls, "invalid field: impersonationToken");
}
(*env)->SetLongField(env, obj, fid, (jlong)impersonationToken);
out: out:
if (userName != NULL) { if (userName != NULL) {
HeapFree(GetProcessHeap(), 0, userName); HeapFree(GetProcessHeap(), 0, userName);
...@@ -269,6 +262,7 @@ out: ...@@ -269,6 +262,7 @@ out:
} }
HeapFree(GetProcessHeap(), 0, groups); HeapFree(GetProcessHeap(), 0, groups);
} }
CloseHandle(tokenHandle);
if (systemError && debug) { if (systemError && debug) {
printf(" [getCurrent] System Error: "); printf(" [getCurrent] System Error: ");
...@@ -592,6 +586,7 @@ BOOL getImpersonationToken(PHANDLE impersonationToken) { ...@@ -592,6 +586,7 @@ BOOL getImpersonationToken(PHANDLE impersonationToken) {
} }
return FALSE; return FALSE;
} }
CloseHandle(dupToken);
if (debug) { if (debug) {
printf(" [getImpersonationToken] token = %d\n", *impersonationToken); printf(" [getImpersonationToken] token = %d\n", *impersonationToken);
...@@ -802,6 +797,8 @@ void main(int argc, char *argv[]) { ...@@ -802,6 +797,8 @@ void main(int argc, char *argv[]) {
} }
HeapFree(GetProcessHeap(), 0, groups); HeapFree(GetProcessHeap(), 0, groups);
} }
CloseHandle(impersonationToken);
CloseHandle(tokenHandle);
} }
*/ */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册