From 465c6dd2ad1e433e03f018bb1a087d5fc3273f57 Mon Sep 17 00:00:00 2001 From: weijun Date: Fri, 10 Apr 2009 11:21:31 +0800 Subject: [PATCH] 6587676: Krb5LoginModule failure if useTicketCache=true on Vista Reviewed-by: valeriep --- .../native/sun/security/krb5/NativeCreds.c | 258 ++++++++++-------- 1 file changed, 149 insertions(+), 109 deletions(-) diff --git a/src/windows/native/sun/security/krb5/NativeCreds.c b/src/windows/native/sun/security/krb5/NativeCreds.c index e112b86e9..968ff1191 100644 --- a/src/windows/native/sun/security/krb5/NativeCreds.c +++ b/src/windows/native/sun/security/krb5/NativeCreds.c @@ -73,6 +73,7 @@ jmethodID setRealmMethod = 0; * Function prototypes for internal routines * */ +BOOL DEBUG = 0; BOOL PackageConnectLookup(PHANDLE,PULONG); @@ -113,208 +114,221 @@ JNIEXPORT jint JNICALL JNI_OnLoad( jclass cls; JNIEnv *env; + jfieldID fldDEBUG; if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) { return JNI_EVERSION; /* JNI version not supported */ } + cls = (*env)->FindClass(env,"sun/security/krb5/internal/Krb5"); + if (cls == NULL) { + printf("LSA: Couldn't find Krb5\n"); + return JNI_ERR; + } + fldDEBUG = (*env)->GetStaticFieldID(env, cls, "DEBUG", "Z"); + if (fldDEBUG == NULL) { + printf("LSA: Krb5 has no DEBUG field\n"); + return JNI_ERR; + } + DEBUG = (*env)->GetStaticBooleanField(env, cls, fldDEBUG); + cls = (*env)->FindClass(env,"sun/security/krb5/internal/Ticket"); if (cls == NULL) { - printf("Couldn't find Ticket\n"); + printf("LSA: Couldn't find Ticket\n"); return JNI_ERR; } - #ifdef DEBUG - printf("Found Ticket\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Found Ticket\n"); + } /* DEBUG */ ticketClass = (*env)->NewWeakGlobalRef(env,cls); if (ticketClass == NULL) { return JNI_ERR; } - #ifdef DEBUG - printf("Made NewWeakGlobalRef\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Made NewWeakGlobalRef\n"); + } /* DEBUG */ cls = (*env)->FindClass(env, "sun/security/krb5/PrincipalName"); if (cls == NULL) { - printf("Couldn't find PrincipalName\n"); + printf("LSA: Couldn't find PrincipalName\n"); return JNI_ERR; } - #ifdef DEBUG - printf("Found PrincipalName\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Found PrincipalName\n"); + } /* DEBUG */ principalNameClass = (*env)->NewWeakGlobalRef(env,cls); if (principalNameClass == NULL) { return JNI_ERR; } - #ifdef DEBUG - printf("Made NewWeakGlobalRef\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Made NewWeakGlobalRef\n"); + } /* DEBUG */ cls = (*env)->FindClass(env,"sun/security/util/DerValue"); if (cls == NULL) { - printf("Couldn't find DerValue\n"); + printf("LSA: Couldn't find DerValue\n"); return JNI_ERR; } - #ifdef DEBUG - printf("Found DerValue\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Found DerValue\n"); + } /* DEBUG */ derValueClass = (*env)->NewWeakGlobalRef(env,cls); if (derValueClass == NULL) { return JNI_ERR; } - #ifdef DEBUG - printf("Made NewWeakGlobalRef\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Made NewWeakGlobalRef\n"); + } /* DEBUG */ cls = (*env)->FindClass(env,"sun/security/krb5/EncryptionKey"); if (cls == NULL) { - printf("Couldn't find EncryptionKey\n"); + printf("LSA: Couldn't find EncryptionKey\n"); return JNI_ERR; } - #ifdef DEBUG - printf("Found EncryptionKey\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Found EncryptionKey\n"); + } /* DEBUG */ encryptionKeyClass = (*env)->NewWeakGlobalRef(env,cls); if (encryptionKeyClass == NULL) { return JNI_ERR; } - #ifdef DEBUG - printf("Made NewWeakGlobalRef\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Made NewWeakGlobalRef\n"); + } /* DEBUG */ cls = (*env)->FindClass(env,"sun/security/krb5/internal/TicketFlags"); if (cls == NULL) { - printf("Couldn't find TicketFlags\n"); + printf("LSA: Couldn't find TicketFlags\n"); return JNI_ERR; } - #ifdef DEBUG - printf("Found TicketFlags\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Found TicketFlags\n"); + } /* DEBUG */ ticketFlagsClass = (*env)->NewWeakGlobalRef(env,cls); if (ticketFlagsClass == NULL) { return JNI_ERR; } - #ifdef DEBUG - printf("Made NewWeakGlobalRef\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Made NewWeakGlobalRef\n"); + } /* DEBUG */ cls = (*env)->FindClass(env,"sun/security/krb5/internal/KerberosTime"); if (cls == NULL) { - printf("Couldn't find KerberosTime\n"); + printf("LSA: Couldn't find KerberosTime\n"); return JNI_ERR; } - #ifdef DEBUG - printf("Found KerberosTime\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Found KerberosTime\n"); + } /* DEBUG */ kerberosTimeClass = (*env)->NewWeakGlobalRef(env,cls); if (kerberosTimeClass == NULL) { return JNI_ERR; } - #ifdef DEBUG - printf("Made NewWeakGlobalRef\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Made NewWeakGlobalRef\n"); + } /* DEBUG */ cls = (*env)->FindClass(env,"java/lang/String"); if (cls == NULL) { - printf("Couldn't find String\n"); + printf("LSA: Couldn't find String\n"); return JNI_ERR; } - #ifdef DEBUG - printf("Found String\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Found String\n"); + } /* DEBUG */ javaLangStringClass = (*env)->NewWeakGlobalRef(env,cls); if (javaLangStringClass == NULL) { return JNI_ERR; } - #ifdef DEBUG - printf("Made NewWeakGlobalRef\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Made NewWeakGlobalRef\n"); + } /* DEBUG */ derValueConstructor = (*env)->GetMethodID(env, derValueClass, "", "([B)V"); if (derValueConstructor == 0) { - printf("Couldn't find DerValue constructor\n"); + printf("LSA: Couldn't find DerValue constructor\n"); return JNI_ERR; } - #ifdef DEBUG - printf("Found DerValue constructor\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Found DerValue constructor\n"); + } /* DEBUG */ ticketConstructor = (*env)->GetMethodID(env, ticketClass, "", "(Lsun/security/util/DerValue;)V"); if (ticketConstructor == 0) { - printf("Couldn't find Ticket constructor\n"); + printf("LSA: Couldn't find Ticket constructor\n"); return JNI_ERR; } - #ifdef DEBUG - printf("Found Ticket constructor\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Found Ticket constructor\n"); + } /* DEBUG */ principalNameConstructor = (*env)->GetMethodID(env, principalNameClass, "", "([Ljava/lang/String;)V"); if (principalNameConstructor == 0) { - printf("Couldn't find PrincipalName constructor\n"); + printf("LSA: Couldn't find PrincipalName constructor\n"); return JNI_ERR; } - #ifdef DEBUG - printf("Found PrincipalName constructor\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Found PrincipalName constructor\n"); + } /* DEBUG */ encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass, "", "(I[B)V"); if (encryptionKeyConstructor == 0) { - printf("Couldn't find EncryptionKey constructor\n"); + printf("LSA: Couldn't find EncryptionKey constructor\n"); return JNI_ERR; } - #ifdef DEBUG - printf("Found EncryptionKey constructor\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Found EncryptionKey constructor\n"); + } /* DEBUG */ ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass, "", "(I[B)V"); if (ticketFlagsConstructor == 0) { - printf("Couldn't find TicketFlags constructor\n"); + printf("LSA: Couldn't find TicketFlags constructor\n"); return JNI_ERR; } - #ifdef DEBUG - printf("Found TicketFlags constructor\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Found TicketFlags constructor\n"); + } /* DEBUG */ kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass, "", "(Ljava/lang/String;)V"); if (kerberosTimeConstructor == 0) { - printf("Couldn't find KerberosTime constructor\n"); + printf("LSA: Couldn't find KerberosTime constructor\n"); return JNI_ERR; } - #ifdef DEBUG - printf("Found KerberosTime constructor\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Found KerberosTime constructor\n"); + } /* DEBUG */ // load the setRealm method in PrincipalName setRealmMethod = (*env)->GetMethodID(env, principalNameClass, "setRealm", "(Ljava/lang/String;)V"); if (setRealmMethod == 0) { - printf("Couldn't find setRealm in PrincipalName\n"); + printf("LSA: Couldn't find setRealm in PrincipalName\n"); return JNI_ERR; } - #ifdef DEBUG - printf("Finished OnLoad processing\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Finished OnLoad processing\n"); + } /* DEBUG */ return JNI_VERSION_1_2; } @@ -389,16 +403,25 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ if (krbcredsConstructor == 0) { krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "", - "(Lsun/security/krb5/internal/Ticket;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/EncryptionKey;Lsun/security/krb5/internal/TicketFlags;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/HostAddresses;)V"); + "(Lsun/security/krb5/internal/Ticket;" + "Lsun/security/krb5/PrincipalName;" + "Lsun/security/krb5/PrincipalName;" + "Lsun/security/krb5/EncryptionKey;" + "Lsun/security/krb5/internal/TicketFlags;" + "Lsun/security/krb5/internal/KerberosTime;" + "Lsun/security/krb5/internal/KerberosTime;" + "Lsun/security/krb5/internal/KerberosTime;" + "Lsun/security/krb5/internal/KerberosTime;" + "Lsun/security/krb5/internal/HostAddresses;)V"); if (krbcredsConstructor == 0) { - printf("Couldn't find sun.security.krb5.Credentials constructor\n"); + printf("LSA: Couldn't find sun.security.krb5.Credentials constructor\n"); break; } } - #ifdef DEBUG - printf("Found KrbCreds constructor\n"); - #endif + if (DEBUG) { + printf("LSA: Found KrbCreds constructor\n"); + } // // Get the logon handle and package ID from the @@ -407,9 +430,9 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ if (!PackageConnectLookup(&LogonHandle, &PackageId)) break; - #ifdef DEBUG - printf("Got handle to Kerberos package\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Got handle to Kerberos package\n"); + } /* DEBUG */ // Get the MS TGT from cache CacheRequest.MessageType = KerbRetrieveTicketMessage; @@ -426,9 +449,9 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ &SubStatus ); - #ifdef DEBUG - printf("Response size is %d\n", rspSize); - #endif + if (DEBUG) { + printf("LSA: Response size is %d\n", rspSize); + } if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) { if (!LSA_SUCCESS(Status)) { @@ -467,9 +490,9 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ } if (ignore_cache) { - #ifdef DEBUG - printf("MS TGT in cache is invalid/not supported; request new ticket\n"); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: MS TGT in cache is invalid/not supported; request new ticket\n"); + } /* DEBUG */ // use domain to request Ticket Status = ConstructTicketRequest(msticket->TargetDomainName, @@ -493,9 +516,9 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ &SubStatus ); - #ifdef DEBUG - printf("Response size is %d\n", responseSize); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: Response size is %d\n", responseSize); + } /* DEBUG */ if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) { if (!LSA_SUCCESS(Status)) { @@ -788,7 +811,9 @@ ShowLastError( static WCHAR szMsgBuf[MAX_MSG_SIZE]; DWORD dwRes; - printf("Error calling function %s: %lu\n", szAPI, dwError); + if (DEBUG) { + printf("LSA: Error calling function %s: %lu\n", szAPI, dwError); + } dwRes = FormatMessage ( FORMAT_MESSAGE_FROM_SYSTEM, @@ -798,11 +823,13 @@ ShowLastError( szMsgBuf, MAX_MSG_SIZE, NULL); - if (0 == dwRes) { - printf("FormatMessage failed with %d\n", GetLastError()); - // ExitProcess(EXIT_FAILURE); - } else { - printf("%S",szMsgBuf); + if (DEBUG) { + if (0 == dwRes) { + printf("LSA: FormatMessage failed with %d\n", GetLastError()); + // ExitProcess(EXIT_FAILURE); + } else { + printf("LSA: %S",szMsgBuf); + } } } @@ -896,17 +923,19 @@ jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName, ((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL))); wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR)); - #ifdef DEBUG - printf("Principal domain is %S\n", realm); - printf("Name type is %x\n", principalName->NameType); - printf("Name count is %x\n", principalName->NameCount); - #endif + if (DEBUG) { + printf("LSA: Principal domain is %S\n", realm); + printf("LSA: Name type is %x\n", principalName->NameType); + printf("LSA: Name count is %x\n", principalName->NameCount); + } nameCount = principalName->NameCount; stringArray = (*env)->NewObjectArray(env, nameCount, javaLangStringClass, NULL); if (stringArray == NULL) { - printf("Can't allocate String array for Principal\n"); + if (DEBUG) { + printf("LSA: Can't allocate String array for Principal\n"); + } LocalFree(realm); return principal; } @@ -941,6 +970,17 @@ jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey) { // First, need to build a byte array jbyteArray ary; jobject encryptionKey = NULL; + unsigned int i; + + for (i=0; iLength; i++) { + if (cryptoKey->Value[i]) break; + } + if (i == cryptoKey->Length) { + if (DEBUG) { + printf("LSA: Session key all zero. Stop.\n"); + } + return NULL; + } ary = (*env)->NewByteArray(env,cryptoKey->Length); (*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length, @@ -1005,9 +1045,9 @@ jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime) { hour, minute, second ); - #ifdef DEBUG - printf("%S\n", (wchar_t *)timeString); - #endif /* DEBUG */ + if (DEBUG) { + printf("LSA: %S\n", (wchar_t *)timeString); + } /* DEBUG */ stringTime = (*env)->NewString(env, timeString, (sizeof(timeString)/sizeof(WCHAR))-1); if (stringTime != NULL) { // everything's OK so far -- GitLab