Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
c63c8533
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
c63c8533
编写于
8月 08, 2013
作者:
W
weijun
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8016594: Native Windows ccache still reads DES tickets
Reviewed-by: dsamersoff, xuelei
上级
191f5068
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
97 addition
and
56 deletion
+97
-56
src/share/classes/sun/security/krb5/Credentials.java
src/share/classes/sun/security/krb5/Credentials.java
+14
-5
src/share/native/sun/security/krb5/nativeccache.c
src/share/native/sun/security/krb5/nativeccache.c
+24
-5
src/windows/native/sun/security/krb5/NativeCreds.c
src/windows/native/sun/security/krb5/NativeCreds.c
+59
-46
未找到文件。
src/share/classes/sun/security/krb5/Credentials.java
浏览文件 @
c63c8533
...
...
@@ -62,7 +62,9 @@ public class Credentials {
private
static
CredentialsCache
cache
;
static
boolean
alreadyLoaded
=
false
;
private
static
boolean
alreadyTried
=
false
;
private
static
native
Credentials
acquireDefaultNativeCreds
();
// Read native ticket with session key type in the given list
private
static
native
Credentials
acquireDefaultNativeCreds
(
int
[]
eTypes
);
public
Credentials
(
Ticket
new_ticket
,
PrincipalName
new_client
,
...
...
@@ -373,6 +375,8 @@ public class Credentials {
// It assumes that the GSS call has
// the privilege to access the default cache file.
// This method is only called on Windows and Mac OS X, the native
// acquireDefaultNativeCreds is also available on these platforms.
public
static
synchronized
Credentials
acquireDefaultCreds
()
{
Credentials
result
=
null
;
...
...
@@ -416,10 +420,15 @@ public class Credentials {
}
if
(
alreadyLoaded
)
{
// There is some native code
if
(
DEBUG
)
System
.
out
.
println
(
">> Acquire default native Credentials"
);
result
=
acquireDefaultNativeCreds
();
// only TGT with DES key will be returned by native method
if
(
DEBUG
)
{
System
.
out
.
println
(
">> Acquire default native Credentials"
);
}
try
{
result
=
acquireDefaultNativeCreds
(
EType
.
getDefaults
(
"default_tkt_enctypes"
));
}
catch
(
KrbException
ke
)
{
// when there is no default_tkt_enctypes.
}
}
}
return
result
;
...
...
src/share/native/sun/security/krb5/nativeccache.c
浏览文件 @
c63c8533
...
...
@@ -264,13 +264,21 @@ JNIEXPORT void JNICALL JNI_OnUnload(JavaVM *jvm, void *reserved)
}
int
isIn
(
krb5_enctype
e
,
int
n
,
jint
*
etypes
)
{
int
i
;
for
(
i
=
0
;
i
<
n
;
i
++
)
{
if
(
e
==
etypes
[
i
])
return
1
;
}
return
0
;
}
/*
* Class: sun_security_krb5_Credentials
* Method: acquireDefaultNativeCreds
* Signature: ()Lsun/security/krb5/Credentials;
* Signature: (
[I]
)Lsun/security/krb5/Credentials;
*/
JNIEXPORT
jobject
JNICALL
Java_sun_security_krb5_Credentials_acquireDefaultNativeCreds
(
JNIEnv
*
env
,
jclass
krbcredsClass
)
(
JNIEnv
*
env
,
jclass
krbcredsClass
,
jintArray
jetypes
)
{
jobject
krbCreds
=
NULL
;
krb5_error_code
err
=
0
;
...
...
@@ -280,6 +288,9 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
krb5_flags
flags
=
0
;
krb5_context
kcontext
=
NULL
;
int
netypes
;
jint
*
etypes
=
NULL
;
/* Initialize the Kerberos 5 context */
err
=
krb5_init_context
(
&
kcontext
);
...
...
@@ -295,6 +306,9 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
err
=
krb5_cc_start_seq_get
(
kcontext
,
ccache
,
&
cursor
);
}
netypes
=
(
*
env
)
->
GetArrayLength
(
env
,
jetypes
);
etypes
=
(
jint
*
)
(
*
env
)
->
GetIntArrayElements
(
env
,
jetypes
,
NULL
);
if
(
!
err
)
{
while
((
err
=
krb5_cc_next_cred
(
kcontext
,
ccache
,
&
cursor
,
&
creds
))
==
0
)
{
char
*
serverName
=
NULL
;
...
...
@@ -305,7 +319,8 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
}
if
(
!
err
)
{
if
(
strncmp
(
serverName
,
"krbtgt"
,
strlen
(
"krbtgt"
))
==
0
)
{
if
(
strncmp
(
serverName
,
"krbtgt"
,
sizeof
(
"krbtgt"
)
-
1
)
==
0
&&
isIn
(
creds
.
keyblock
.
enctype
,
netypes
,
etypes
))
{
jobject
ticket
,
clientPrincipal
,
targetPrincipal
,
encryptionKey
;
jobject
ticketFlags
,
startTime
,
endTime
;
jobject
authTime
,
renewTillTime
,
hostAddresses
;
...
...
@@ -321,7 +336,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
targetPrincipal
=
BuildClientPrincipal
(
env
,
kcontext
,
creds
.
server
);
if
(
targetPrincipal
==
NULL
)
goto
cleanup
;
// Build a
com.ibm.security.krb5.
Ticket
// Build a
sun/security/krb5/internal/
Ticket
ticket
=
BuildTicket
(
env
,
&
creds
.
ticket
);
if
(
ticket
==
NULL
)
goto
cleanup
;
...
...
@@ -353,7 +368,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
krbcredsConstructor
=
(
*
env
)
->
GetMethodID
(
env
,
krbcredsClass
,
"<init>"
,
"(Lsun/security/krb5/internal/Ticket;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/EncryptionKey;Lsun/security/krb5/internal/TicketFlags;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/HostAddresses;)V"
);
if
(
krbcredsConstructor
==
0
)
{
printf
(
"Couldn't find
com.ibm.security.krb5.Credentials
constructor
\n
"
);
printf
(
"Couldn't find
sun.security.krb5.internal.Ticket
constructor
\n
"
);
break
;
}
}
...
...
@@ -409,6 +424,10 @@ cleanup:
printiferr
(
err
,
"while finishing ticket retrieval"
);
}
if
(
etypes
!=
NULL
)
{
(
*
env
)
->
ReleaseIntArrayElements
(
env
,
jetypes
,
etypes
,
0
);
}
krb5_free_context
(
kcontext
);
return
krbCreds
;
}
...
...
src/windows/native/sun/security/krb5/NativeCreds.c
浏览文件 @
c63c8533
...
...
@@ -367,11 +367,12 @@ JNIEXPORT void JNICALL JNI_OnUnload(
/*
* Class: sun_security_krb5_Credentials
* Method: acquireDefaultNativeCreds
* Signature: ()Lsun/security/krb5/Credentials;
* Signature: (
[I]
)Lsun/security/krb5/Credentials;
*/
JNIEXPORT
jobject
JNICALL
Java_sun_security_krb5_Credentials_acquireDefaultNativeCreds
(
JNIEnv
*
env
,
jclass
krbcredsClass
)
{
jclass
krbcredsClass
,
jintArray
jetypes
)
{
KERB_QUERY_TKT_CACHE_REQUEST
CacheRequest
;
PKERB_RETRIEVE_TKT_RESPONSE
TktCacheResponse
=
NULL
;
...
...
@@ -387,9 +388,12 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
jobject
ticketFlags
,
startTime
,
endTime
,
krbCreds
=
NULL
;
jobject
authTime
,
renewTillTime
,
hostAddresses
=
NULL
;
KERB_EXTERNAL_TICKET
*
msticket
;
int
ignore
_cache
=
0
;
int
found_in
_cache
=
0
;
FILETIME
Now
,
EndTime
,
LocalEndTime
;
int
i
,
netypes
;
jint
*
etypes
=
NULL
;
while
(
TRUE
)
{
if
(
krbcredsConstructor
==
0
)
{
...
...
@@ -456,31 +460,33 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
// got the native MS TGT
msticket
=
&
(
TktCacheResponse
->
Ticket
);
netypes
=
(
*
env
)
->
GetArrayLength
(
env
,
jetypes
);
etypes
=
(
jint
*
)
(
*
env
)
->
GetIntArrayElements
(
env
,
jetypes
,
NULL
);
// check TGT validity
switch
(
msticket
->
SessionKey
.
KeyType
)
{
case
KERB_ETYPE_DES_CBC_CRC
:
case
KERB_ETYPE_DES_CBC_MD5
:
case
KERB_ETYPE_NULL
:
case
KERB_ETYPE_RC4_HMAC_NT
:
GetSystemTimeAsFileTime
(
&
Now
);
EndTime
.
dwLowDateTime
=
msticket
->
EndTime
.
LowPart
;
EndTime
.
dwHighDateTime
=
msticket
->
EndTime
.
HighPart
;
FileTimeToLocalFileTime
(
&
EndTime
,
&
LocalEndTime
);
if
(
CompareFileTime
(
&
Now
,
&
LocalEndTime
)
>=
0
)
{
ignore_cache
=
1
;
}
if
(
msticket
->
TicketFlags
&
KERB_TICKET_FLAGS_invalid
)
{
ignore_cache
=
1
;
if
(
native_debug
)
{
printf
(
"LSA: TICKET SessionKey KeyType is %d
\n
"
,
msticket
->
SessionKey
.
KeyType
);
}
if
((
msticket
->
TicketFlags
&
KERB_TICKET_FLAGS_invalid
)
==
0
)
{
GetSystemTimeAsFileTime
(
&
Now
);
EndTime
.
dwLowDateTime
=
msticket
->
EndTime
.
LowPart
;
EndTime
.
dwHighDateTime
=
msticket
->
EndTime
.
HighPart
;
FileTimeToLocalFileTime
(
&
EndTime
,
&
LocalEndTime
);
if
(
CompareFileTime
(
&
Now
,
&
LocalEndTime
)
<
0
)
{
for
(
i
=
0
;
i
<
netypes
;
i
++
)
{
if
(
etypes
[
i
]
==
msticket
->
SessionKey
.
KeyType
)
{
found_in_cache
=
1
;
if
(
native_debug
)
{
printf
(
"LSA: Valid etype found: %d
\n
"
,
etypes
[
i
]);
}
break
;
}
}
break
;
case
KERB_ETYPE_RC4_MD4
:
default:
// not supported
ignore_cache
=
1
;
break
;
}
}
if
(
ignore
_cache
)
{
if
(
!
found_in
_cache
)
{
if
(
native_debug
)
{
printf
(
"LSA: MS TGT in cache is invalid/not supported; request new ticket
\n
"
);
}
...
...
@@ -494,34 +500,41 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
}
pTicketRequest
->
MessageType
=
KerbRetrieveEncodedTicketMessage
;
pTicketRequest
->
EncryptionType
=
KERB_ETYPE_DES_CBC_MD5
;
pTicketRequest
->
CacheOptions
=
KERB_RETRIEVE_TICKET_DONT_USE_CACHE
;
Status
=
LsaCallAuthenticationPackage
(
LogonHandle
,
PackageId
,
pTicketRequest
,
requestSize
,
&
pTicketResponse
,
&
responseSize
,
&
SubStatus
);
if
(
native_debug
)
{
printf
(
"LSA: Response size is %d
\n
"
,
responseSize
);
}
for
(
i
=
0
;
i
<
netypes
;
i
++
)
{
pTicketRequest
->
EncryptionType
=
etypes
[
i
];
Status
=
LsaCallAuthenticationPackage
(
LogonHandle
,
PackageId
,
pTicketRequest
,
requestSize
,
&
pTicketResponse
,
&
responseSize
,
&
SubStatus
);
if
(
native_debug
)
{
printf
(
"LSA: Response size is %d for %d
\n
"
,
responseSize
,
etypes
[
i
]);
}
if
(
!
LSA_SUCCESS
(
Status
)
||
!
LSA_SUCCESS
(
SubStatus
))
{
if
(
!
LSA_SUCCESS
(
Status
))
{
ShowNTError
(
"LsaCallAuthenticationPackage"
,
Status
);
}
else
{
ShowNTError
(
"Protocol status"
,
SubStatus
);
if
(
!
LSA_SUCCESS
(
Status
)
||
!
LSA_SUCCESS
(
SubStatus
))
{
if
(
!
LSA_SUCCESS
(
Status
))
{
ShowNTError
(
"LsaCallAuthenticationPackage"
,
Status
);
}
else
{
ShowNTError
(
"Protocol status"
,
SubStatus
);
}
continue
;
}
// got the native MS Kerberos TGT
msticket
=
&
(
pTicketResponse
->
Ticket
);
break
;
}
}
// got the native MS Kerberos TGT
msticket
=
&
(
pTicketResponse
->
Ticket
);
if
(
etypes
!=
NULL
)
{
(
*
env
)
->
ReleaseIntArrayElements
(
env
,
jetypes
,
etypes
,
0
);
}
/*
...
...
@@ -644,7 +657,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
hostAddresses
);
break
;
}
// end of WHILE
}
// end of WHILE
. This WHILE will never loop.
// clean up resources
if
(
TktCacheResponse
!=
NULL
)
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录