6587676: Krb5LoginModule failure if useTicketCache=true on Vista

Reviewed-by: valeriep
This commit is contained in:
Weijun Wang 2009-04-10 11:21:31 +08:00
parent 2827ff39e5
commit 23d8c5ddc1

View File

@ -73,6 +73,7 @@ jmethodID setRealmMethod = 0;
* Function prototypes for internal routines * Function prototypes for internal routines
* *
*/ */
BOOL DEBUG = 0;
BOOL PackageConnectLookup(PHANDLE,PULONG); BOOL PackageConnectLookup(PHANDLE,PULONG);
@ -113,208 +114,221 @@ JNIEXPORT jint JNICALL JNI_OnLoad(
jclass cls; jclass cls;
JNIEnv *env; JNIEnv *env;
jfieldID fldDEBUG;
if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) { if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) {
return JNI_EVERSION; /* JNI version not supported */ return JNI_EVERSION; /* JNI version not supported */
} }
cls = (*env)->FindClass(env,"sun/security/krb5/internal/Krb5");
if (cls == NULL) {
printf("LSA: Couldn't find Krb5\n");
return JNI_ERR;
}
fldDEBUG = (*env)->GetStaticFieldID(env, cls, "DEBUG", "Z");
if (fldDEBUG == NULL) {
printf("LSA: Krb5 has no DEBUG field\n");
return JNI_ERR;
}
DEBUG = (*env)->GetStaticBooleanField(env, cls, fldDEBUG);
cls = (*env)->FindClass(env,"sun/security/krb5/internal/Ticket"); cls = (*env)->FindClass(env,"sun/security/krb5/internal/Ticket");
if (cls == NULL) { if (cls == NULL) {
printf("Couldn't find Ticket\n"); printf("LSA: Couldn't find Ticket\n");
return JNI_ERR; return JNI_ERR;
} }
#ifdef DEBUG if (DEBUG) {
printf("Found Ticket\n"); printf("LSA: Found Ticket\n");
#endif /* DEBUG */ } /* DEBUG */
ticketClass = (*env)->NewWeakGlobalRef(env,cls); ticketClass = (*env)->NewWeakGlobalRef(env,cls);
if (ticketClass == NULL) { if (ticketClass == NULL) {
return JNI_ERR; return JNI_ERR;
} }
#ifdef DEBUG if (DEBUG) {
printf("Made NewWeakGlobalRef\n"); printf("LSA: Made NewWeakGlobalRef\n");
#endif /* DEBUG */ } /* DEBUG */
cls = (*env)->FindClass(env, "sun/security/krb5/PrincipalName"); cls = (*env)->FindClass(env, "sun/security/krb5/PrincipalName");
if (cls == NULL) { if (cls == NULL) {
printf("Couldn't find PrincipalName\n"); printf("LSA: Couldn't find PrincipalName\n");
return JNI_ERR; return JNI_ERR;
} }
#ifdef DEBUG if (DEBUG) {
printf("Found PrincipalName\n"); printf("LSA: Found PrincipalName\n");
#endif /* DEBUG */ } /* DEBUG */
principalNameClass = (*env)->NewWeakGlobalRef(env,cls); principalNameClass = (*env)->NewWeakGlobalRef(env,cls);
if (principalNameClass == NULL) { if (principalNameClass == NULL) {
return JNI_ERR; return JNI_ERR;
} }
#ifdef DEBUG if (DEBUG) {
printf("Made NewWeakGlobalRef\n"); printf("LSA: Made NewWeakGlobalRef\n");
#endif /* DEBUG */ } /* DEBUG */
cls = (*env)->FindClass(env,"sun/security/util/DerValue"); cls = (*env)->FindClass(env,"sun/security/util/DerValue");
if (cls == NULL) { if (cls == NULL) {
printf("Couldn't find DerValue\n"); printf("LSA: Couldn't find DerValue\n");
return JNI_ERR; return JNI_ERR;
} }
#ifdef DEBUG if (DEBUG) {
printf("Found DerValue\n"); printf("LSA: Found DerValue\n");
#endif /* DEBUG */ } /* DEBUG */
derValueClass = (*env)->NewWeakGlobalRef(env,cls); derValueClass = (*env)->NewWeakGlobalRef(env,cls);
if (derValueClass == NULL) { if (derValueClass == NULL) {
return JNI_ERR; return JNI_ERR;
} }
#ifdef DEBUG if (DEBUG) {
printf("Made NewWeakGlobalRef\n"); printf("LSA: Made NewWeakGlobalRef\n");
#endif /* DEBUG */ } /* DEBUG */
cls = (*env)->FindClass(env,"sun/security/krb5/EncryptionKey"); cls = (*env)->FindClass(env,"sun/security/krb5/EncryptionKey");
if (cls == NULL) { if (cls == NULL) {
printf("Couldn't find EncryptionKey\n"); printf("LSA: Couldn't find EncryptionKey\n");
return JNI_ERR; return JNI_ERR;
} }
#ifdef DEBUG if (DEBUG) {
printf("Found EncryptionKey\n"); printf("LSA: Found EncryptionKey\n");
#endif /* DEBUG */ } /* DEBUG */
encryptionKeyClass = (*env)->NewWeakGlobalRef(env,cls); encryptionKeyClass = (*env)->NewWeakGlobalRef(env,cls);
if (encryptionKeyClass == NULL) { if (encryptionKeyClass == NULL) {
return JNI_ERR; return JNI_ERR;
} }
#ifdef DEBUG if (DEBUG) {
printf("Made NewWeakGlobalRef\n"); printf("LSA: Made NewWeakGlobalRef\n");
#endif /* DEBUG */ } /* DEBUG */
cls = (*env)->FindClass(env,"sun/security/krb5/internal/TicketFlags"); cls = (*env)->FindClass(env,"sun/security/krb5/internal/TicketFlags");
if (cls == NULL) { if (cls == NULL) {
printf("Couldn't find TicketFlags\n"); printf("LSA: Couldn't find TicketFlags\n");
return JNI_ERR; return JNI_ERR;
} }
#ifdef DEBUG if (DEBUG) {
printf("Found TicketFlags\n"); printf("LSA: Found TicketFlags\n");
#endif /* DEBUG */ } /* DEBUG */
ticketFlagsClass = (*env)->NewWeakGlobalRef(env,cls); ticketFlagsClass = (*env)->NewWeakGlobalRef(env,cls);
if (ticketFlagsClass == NULL) { if (ticketFlagsClass == NULL) {
return JNI_ERR; return JNI_ERR;
} }
#ifdef DEBUG if (DEBUG) {
printf("Made NewWeakGlobalRef\n"); printf("LSA: Made NewWeakGlobalRef\n");
#endif /* DEBUG */ } /* DEBUG */
cls = (*env)->FindClass(env,"sun/security/krb5/internal/KerberosTime"); cls = (*env)->FindClass(env,"sun/security/krb5/internal/KerberosTime");
if (cls == NULL) { if (cls == NULL) {
printf("Couldn't find KerberosTime\n"); printf("LSA: Couldn't find KerberosTime\n");
return JNI_ERR; return JNI_ERR;
} }
#ifdef DEBUG if (DEBUG) {
printf("Found KerberosTime\n"); printf("LSA: Found KerberosTime\n");
#endif /* DEBUG */ } /* DEBUG */
kerberosTimeClass = (*env)->NewWeakGlobalRef(env,cls); kerberosTimeClass = (*env)->NewWeakGlobalRef(env,cls);
if (kerberosTimeClass == NULL) { if (kerberosTimeClass == NULL) {
return JNI_ERR; return JNI_ERR;
} }
#ifdef DEBUG if (DEBUG) {
printf("Made NewWeakGlobalRef\n"); printf("LSA: Made NewWeakGlobalRef\n");
#endif /* DEBUG */ } /* DEBUG */
cls = (*env)->FindClass(env,"java/lang/String"); cls = (*env)->FindClass(env,"java/lang/String");
if (cls == NULL) { if (cls == NULL) {
printf("Couldn't find String\n"); printf("LSA: Couldn't find String\n");
return JNI_ERR; return JNI_ERR;
} }
#ifdef DEBUG if (DEBUG) {
printf("Found String\n"); printf("LSA: Found String\n");
#endif /* DEBUG */ } /* DEBUG */
javaLangStringClass = (*env)->NewWeakGlobalRef(env,cls); javaLangStringClass = (*env)->NewWeakGlobalRef(env,cls);
if (javaLangStringClass == NULL) { if (javaLangStringClass == NULL) {
return JNI_ERR; return JNI_ERR;
} }
#ifdef DEBUG if (DEBUG) {
printf("Made NewWeakGlobalRef\n"); printf("LSA: Made NewWeakGlobalRef\n");
#endif /* DEBUG */ } /* DEBUG */
derValueConstructor = (*env)->GetMethodID(env, derValueClass, derValueConstructor = (*env)->GetMethodID(env, derValueClass,
"<init>", "([B)V"); "<init>", "([B)V");
if (derValueConstructor == 0) { if (derValueConstructor == 0) {
printf("Couldn't find DerValue constructor\n"); printf("LSA: Couldn't find DerValue constructor\n");
return JNI_ERR; return JNI_ERR;
} }
#ifdef DEBUG if (DEBUG) {
printf("Found DerValue constructor\n"); printf("LSA: Found DerValue constructor\n");
#endif /* DEBUG */ } /* DEBUG */
ticketConstructor = (*env)->GetMethodID(env, ticketClass, ticketConstructor = (*env)->GetMethodID(env, ticketClass,
"<init>", "(Lsun/security/util/DerValue;)V"); "<init>", "(Lsun/security/util/DerValue;)V");
if (ticketConstructor == 0) { if (ticketConstructor == 0) {
printf("Couldn't find Ticket constructor\n"); printf("LSA: Couldn't find Ticket constructor\n");
return JNI_ERR; return JNI_ERR;
} }
#ifdef DEBUG if (DEBUG) {
printf("Found Ticket constructor\n"); printf("LSA: Found Ticket constructor\n");
#endif /* DEBUG */ } /* DEBUG */
principalNameConstructor = (*env)->GetMethodID(env, principalNameClass, principalNameConstructor = (*env)->GetMethodID(env, principalNameClass,
"<init>", "([Ljava/lang/String;)V"); "<init>", "([Ljava/lang/String;)V");
if (principalNameConstructor == 0) { if (principalNameConstructor == 0) {
printf("Couldn't find PrincipalName constructor\n"); printf("LSA: Couldn't find PrincipalName constructor\n");
return JNI_ERR; return JNI_ERR;
} }
#ifdef DEBUG if (DEBUG) {
printf("Found PrincipalName constructor\n"); printf("LSA: Found PrincipalName constructor\n");
#endif /* DEBUG */ } /* DEBUG */
encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass, encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass,
"<init>", "(I[B)V"); "<init>", "(I[B)V");
if (encryptionKeyConstructor == 0) { if (encryptionKeyConstructor == 0) {
printf("Couldn't find EncryptionKey constructor\n"); printf("LSA: Couldn't find EncryptionKey constructor\n");
return JNI_ERR; return JNI_ERR;
} }
#ifdef DEBUG if (DEBUG) {
printf("Found EncryptionKey constructor\n"); printf("LSA: Found EncryptionKey constructor\n");
#endif /* DEBUG */ } /* DEBUG */
ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass, ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass,
"<init>", "(I[B)V"); "<init>", "(I[B)V");
if (ticketFlagsConstructor == 0) { if (ticketFlagsConstructor == 0) {
printf("Couldn't find TicketFlags constructor\n"); printf("LSA: Couldn't find TicketFlags constructor\n");
return JNI_ERR; return JNI_ERR;
} }
#ifdef DEBUG if (DEBUG) {
printf("Found TicketFlags constructor\n"); printf("LSA: Found TicketFlags constructor\n");
#endif /* DEBUG */ } /* DEBUG */
kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass, kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass,
"<init>", "(Ljava/lang/String;)V"); "<init>", "(Ljava/lang/String;)V");
if (kerberosTimeConstructor == 0) { if (kerberosTimeConstructor == 0) {
printf("Couldn't find KerberosTime constructor\n"); printf("LSA: Couldn't find KerberosTime constructor\n");
return JNI_ERR; return JNI_ERR;
} }
#ifdef DEBUG if (DEBUG) {
printf("Found KerberosTime constructor\n"); printf("LSA: Found KerberosTime constructor\n");
#endif /* DEBUG */ } /* DEBUG */
// load the setRealm method in PrincipalName // load the setRealm method in PrincipalName
setRealmMethod = (*env)->GetMethodID(env, principalNameClass, setRealmMethod = (*env)->GetMethodID(env, principalNameClass,
"setRealm", "(Ljava/lang/String;)V"); "setRealm", "(Ljava/lang/String;)V");
if (setRealmMethod == 0) { if (setRealmMethod == 0) {
printf("Couldn't find setRealm in PrincipalName\n"); printf("LSA: Couldn't find setRealm in PrincipalName\n");
return JNI_ERR; return JNI_ERR;
} }
#ifdef DEBUG if (DEBUG) {
printf("Finished OnLoad processing\n"); printf("LSA: Finished OnLoad processing\n");
#endif /* DEBUG */ } /* DEBUG */
return JNI_VERSION_1_2; return JNI_VERSION_1_2;
} }
@ -389,16 +403,25 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
if (krbcredsConstructor == 0) { if (krbcredsConstructor == 0) {
krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "<init>", krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "<init>",
"(Lsun/security/krb5/internal/Ticket;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/EncryptionKey;Lsun/security/krb5/internal/TicketFlags;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/HostAddresses;)V"); "(Lsun/security/krb5/internal/Ticket;"
"Lsun/security/krb5/PrincipalName;"
"Lsun/security/krb5/PrincipalName;"
"Lsun/security/krb5/EncryptionKey;"
"Lsun/security/krb5/internal/TicketFlags;"
"Lsun/security/krb5/internal/KerberosTime;"
"Lsun/security/krb5/internal/KerberosTime;"
"Lsun/security/krb5/internal/KerberosTime;"
"Lsun/security/krb5/internal/KerberosTime;"
"Lsun/security/krb5/internal/HostAddresses;)V");
if (krbcredsConstructor == 0) { if (krbcredsConstructor == 0) {
printf("Couldn't find sun.security.krb5.Credentials constructor\n"); printf("LSA: Couldn't find sun.security.krb5.Credentials constructor\n");
break; break;
} }
} }
#ifdef DEBUG if (DEBUG) {
printf("Found KrbCreds constructor\n"); printf("LSA: Found KrbCreds constructor\n");
#endif }
// //
// Get the logon handle and package ID from the // Get the logon handle and package ID from the
@ -407,9 +430,9 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
if (!PackageConnectLookup(&LogonHandle, &PackageId)) if (!PackageConnectLookup(&LogonHandle, &PackageId))
break; break;
#ifdef DEBUG if (DEBUG) {
printf("Got handle to Kerberos package\n"); printf("LSA: Got handle to Kerberos package\n");
#endif /* DEBUG */ } /* DEBUG */
// Get the MS TGT from cache // Get the MS TGT from cache
CacheRequest.MessageType = KerbRetrieveTicketMessage; CacheRequest.MessageType = KerbRetrieveTicketMessage;
@ -426,9 +449,9 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
&SubStatus &SubStatus
); );
#ifdef DEBUG if (DEBUG) {
printf("Response size is %d\n", rspSize); printf("LSA: Response size is %d\n", rspSize);
#endif }
if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) { if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) {
if (!LSA_SUCCESS(Status)) { if (!LSA_SUCCESS(Status)) {
@ -467,9 +490,9 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
} }
if (ignore_cache) { if (ignore_cache) {
#ifdef DEBUG if (DEBUG) {
printf("MS TGT in cache is invalid/not supported; request new ticket\n"); printf("LSA: MS TGT in cache is invalid/not supported; request new ticket\n");
#endif /* DEBUG */ } /* DEBUG */
// use domain to request Ticket // use domain to request Ticket
Status = ConstructTicketRequest(msticket->TargetDomainName, Status = ConstructTicketRequest(msticket->TargetDomainName,
@ -493,9 +516,9 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
&SubStatus &SubStatus
); );
#ifdef DEBUG if (DEBUG) {
printf("Response size is %d\n", responseSize); printf("LSA: Response size is %d\n", responseSize);
#endif /* DEBUG */ } /* DEBUG */
if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) { if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) {
if (!LSA_SUCCESS(Status)) { if (!LSA_SUCCESS(Status)) {
@ -788,7 +811,9 @@ ShowLastError(
static WCHAR szMsgBuf[MAX_MSG_SIZE]; static WCHAR szMsgBuf[MAX_MSG_SIZE];
DWORD dwRes; DWORD dwRes;
printf("Error calling function %s: %lu\n", szAPI, dwError); if (DEBUG) {
printf("LSA: Error calling function %s: %lu\n", szAPI, dwError);
}
dwRes = FormatMessage ( dwRes = FormatMessage (
FORMAT_MESSAGE_FROM_SYSTEM, FORMAT_MESSAGE_FROM_SYSTEM,
@ -798,11 +823,13 @@ ShowLastError(
szMsgBuf, szMsgBuf,
MAX_MSG_SIZE, MAX_MSG_SIZE,
NULL); NULL);
if (0 == dwRes) { if (DEBUG) {
printf("FormatMessage failed with %d\n", GetLastError()); if (0 == dwRes) {
// ExitProcess(EXIT_FAILURE); printf("LSA: FormatMessage failed with %d\n", GetLastError());
} else { // ExitProcess(EXIT_FAILURE);
printf("%S",szMsgBuf); } else {
printf("LSA: %S",szMsgBuf);
}
} }
} }
@ -896,17 +923,19 @@ jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName,
((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL))); ((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL)));
wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR)); wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR));
#ifdef DEBUG if (DEBUG) {
printf("Principal domain is %S\n", realm); printf("LSA: Principal domain is %S\n", realm);
printf("Name type is %x\n", principalName->NameType); printf("LSA: Name type is %x\n", principalName->NameType);
printf("Name count is %x\n", principalName->NameCount); printf("LSA: Name count is %x\n", principalName->NameCount);
#endif }
nameCount = principalName->NameCount; nameCount = principalName->NameCount;
stringArray = (*env)->NewObjectArray(env, nameCount, stringArray = (*env)->NewObjectArray(env, nameCount,
javaLangStringClass, NULL); javaLangStringClass, NULL);
if (stringArray == NULL) { if (stringArray == NULL) {
printf("Can't allocate String array for Principal\n"); if (DEBUG) {
printf("LSA: Can't allocate String array for Principal\n");
}
LocalFree(realm); LocalFree(realm);
return principal; return principal;
} }
@ -941,6 +970,17 @@ jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey) {
// First, need to build a byte array // First, need to build a byte array
jbyteArray ary; jbyteArray ary;
jobject encryptionKey = NULL; jobject encryptionKey = NULL;
unsigned int i;
for (i=0; i<cryptoKey->Length; i++) {
if (cryptoKey->Value[i]) break;
}
if (i == cryptoKey->Length) {
if (DEBUG) {
printf("LSA: Session key all zero. Stop.\n");
}
return NULL;
}
ary = (*env)->NewByteArray(env,cryptoKey->Length); ary = (*env)->NewByteArray(env,cryptoKey->Length);
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length, (*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length,
@ -1005,9 +1045,9 @@ jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime) {
hour, hour,
minute, minute,
second ); second );
#ifdef DEBUG if (DEBUG) {
printf("%S\n", (wchar_t *)timeString); printf("LSA: %S\n", (wchar_t *)timeString);
#endif /* DEBUG */ } /* DEBUG */
stringTime = (*env)->NewString(env, timeString, stringTime = (*env)->NewString(env, timeString,
(sizeof(timeString)/sizeof(WCHAR))-1); (sizeof(timeString)/sizeof(WCHAR))-1);
if (stringTime != NULL) { // everything's OK so far if (stringTime != NULL) { // everything's OK so far