6587676: Krb5LoginModule failure if useTicketCache=true on Vista

Reviewed-by: valeriep
This commit is contained in:
Weijun Wang 2009-04-10 11:21:31 +08:00
parent 2827ff39e5
commit 23d8c5ddc1

View File

@ -73,6 +73,7 @@ jmethodID setRealmMethod = 0;
* Function prototypes for internal routines
*
*/
BOOL DEBUG = 0;
BOOL PackageConnectLookup(PHANDLE,PULONG);
@ -113,208 +114,221 @@ JNIEXPORT jint JNICALL JNI_OnLoad(
jclass cls;
JNIEnv *env;
jfieldID fldDEBUG;
if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) {
return JNI_EVERSION; /* JNI version not supported */
}
cls = (*env)->FindClass(env,"sun/security/krb5/internal/Krb5");
if (cls == NULL) {
printf("LSA: Couldn't find Krb5\n");
return JNI_ERR;
}
fldDEBUG = (*env)->GetStaticFieldID(env, cls, "DEBUG", "Z");
if (fldDEBUG == NULL) {
printf("LSA: Krb5 has no DEBUG field\n");
return JNI_ERR;
}
DEBUG = (*env)->GetStaticBooleanField(env, cls, fldDEBUG);
cls = (*env)->FindClass(env,"sun/security/krb5/internal/Ticket");
if (cls == NULL) {
printf("Couldn't find Ticket\n");
printf("LSA: Couldn't find Ticket\n");
return JNI_ERR;
}
#ifdef DEBUG
printf("Found Ticket\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Found Ticket\n");
} /* DEBUG */
ticketClass = (*env)->NewWeakGlobalRef(env,cls);
if (ticketClass == NULL) {
return JNI_ERR;
}
#ifdef DEBUG
printf("Made NewWeakGlobalRef\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Made NewWeakGlobalRef\n");
} /* DEBUG */
cls = (*env)->FindClass(env, "sun/security/krb5/PrincipalName");
if (cls == NULL) {
printf("Couldn't find PrincipalName\n");
printf("LSA: Couldn't find PrincipalName\n");
return JNI_ERR;
}
#ifdef DEBUG
printf("Found PrincipalName\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Found PrincipalName\n");
} /* DEBUG */
principalNameClass = (*env)->NewWeakGlobalRef(env,cls);
if (principalNameClass == NULL) {
return JNI_ERR;
}
#ifdef DEBUG
printf("Made NewWeakGlobalRef\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Made NewWeakGlobalRef\n");
} /* DEBUG */
cls = (*env)->FindClass(env,"sun/security/util/DerValue");
if (cls == NULL) {
printf("Couldn't find DerValue\n");
printf("LSA: Couldn't find DerValue\n");
return JNI_ERR;
}
#ifdef DEBUG
printf("Found DerValue\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Found DerValue\n");
} /* DEBUG */
derValueClass = (*env)->NewWeakGlobalRef(env,cls);
if (derValueClass == NULL) {
return JNI_ERR;
}
#ifdef DEBUG
printf("Made NewWeakGlobalRef\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Made NewWeakGlobalRef\n");
} /* DEBUG */
cls = (*env)->FindClass(env,"sun/security/krb5/EncryptionKey");
if (cls == NULL) {
printf("Couldn't find EncryptionKey\n");
printf("LSA: Couldn't find EncryptionKey\n");
return JNI_ERR;
}
#ifdef DEBUG
printf("Found EncryptionKey\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Found EncryptionKey\n");
} /* DEBUG */
encryptionKeyClass = (*env)->NewWeakGlobalRef(env,cls);
if (encryptionKeyClass == NULL) {
return JNI_ERR;
}
#ifdef DEBUG
printf("Made NewWeakGlobalRef\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Made NewWeakGlobalRef\n");
} /* DEBUG */
cls = (*env)->FindClass(env,"sun/security/krb5/internal/TicketFlags");
if (cls == NULL) {
printf("Couldn't find TicketFlags\n");
printf("LSA: Couldn't find TicketFlags\n");
return JNI_ERR;
}
#ifdef DEBUG
printf("Found TicketFlags\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Found TicketFlags\n");
} /* DEBUG */
ticketFlagsClass = (*env)->NewWeakGlobalRef(env,cls);
if (ticketFlagsClass == NULL) {
return JNI_ERR;
}
#ifdef DEBUG
printf("Made NewWeakGlobalRef\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Made NewWeakGlobalRef\n");
} /* DEBUG */
cls = (*env)->FindClass(env,"sun/security/krb5/internal/KerberosTime");
if (cls == NULL) {
printf("Couldn't find KerberosTime\n");
printf("LSA: Couldn't find KerberosTime\n");
return JNI_ERR;
}
#ifdef DEBUG
printf("Found KerberosTime\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Found KerberosTime\n");
} /* DEBUG */
kerberosTimeClass = (*env)->NewWeakGlobalRef(env,cls);
if (kerberosTimeClass == NULL) {
return JNI_ERR;
}
#ifdef DEBUG
printf("Made NewWeakGlobalRef\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Made NewWeakGlobalRef\n");
} /* DEBUG */
cls = (*env)->FindClass(env,"java/lang/String");
if (cls == NULL) {
printf("Couldn't find String\n");
printf("LSA: Couldn't find String\n");
return JNI_ERR;
}
#ifdef DEBUG
printf("Found String\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Found String\n");
} /* DEBUG */
javaLangStringClass = (*env)->NewWeakGlobalRef(env,cls);
if (javaLangStringClass == NULL) {
return JNI_ERR;
}
#ifdef DEBUG
printf("Made NewWeakGlobalRef\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Made NewWeakGlobalRef\n");
} /* DEBUG */
derValueConstructor = (*env)->GetMethodID(env, derValueClass,
"<init>", "([B)V");
if (derValueConstructor == 0) {
printf("Couldn't find DerValue constructor\n");
printf("LSA: Couldn't find DerValue constructor\n");
return JNI_ERR;
}
#ifdef DEBUG
printf("Found DerValue constructor\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Found DerValue constructor\n");
} /* DEBUG */
ticketConstructor = (*env)->GetMethodID(env, ticketClass,
"<init>", "(Lsun/security/util/DerValue;)V");
if (ticketConstructor == 0) {
printf("Couldn't find Ticket constructor\n");
printf("LSA: Couldn't find Ticket constructor\n");
return JNI_ERR;
}
#ifdef DEBUG
printf("Found Ticket constructor\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Found Ticket constructor\n");
} /* DEBUG */
principalNameConstructor = (*env)->GetMethodID(env, principalNameClass,
"<init>", "([Ljava/lang/String;)V");
if (principalNameConstructor == 0) {
printf("Couldn't find PrincipalName constructor\n");
printf("LSA: Couldn't find PrincipalName constructor\n");
return JNI_ERR;
}
#ifdef DEBUG
printf("Found PrincipalName constructor\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Found PrincipalName constructor\n");
} /* DEBUG */
encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass,
"<init>", "(I[B)V");
if (encryptionKeyConstructor == 0) {
printf("Couldn't find EncryptionKey constructor\n");
printf("LSA: Couldn't find EncryptionKey constructor\n");
return JNI_ERR;
}
#ifdef DEBUG
printf("Found EncryptionKey constructor\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Found EncryptionKey constructor\n");
} /* DEBUG */
ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass,
"<init>", "(I[B)V");
if (ticketFlagsConstructor == 0) {
printf("Couldn't find TicketFlags constructor\n");
printf("LSA: Couldn't find TicketFlags constructor\n");
return JNI_ERR;
}
#ifdef DEBUG
printf("Found TicketFlags constructor\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Found TicketFlags constructor\n");
} /* DEBUG */
kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass,
"<init>", "(Ljava/lang/String;)V");
if (kerberosTimeConstructor == 0) {
printf("Couldn't find KerberosTime constructor\n");
printf("LSA: Couldn't find KerberosTime constructor\n");
return JNI_ERR;
}
#ifdef DEBUG
printf("Found KerberosTime constructor\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Found KerberosTime constructor\n");
} /* DEBUG */
// load the setRealm method in PrincipalName
setRealmMethod = (*env)->GetMethodID(env, principalNameClass,
"setRealm", "(Ljava/lang/String;)V");
if (setRealmMethod == 0) {
printf("Couldn't find setRealm in PrincipalName\n");
printf("LSA: Couldn't find setRealm in PrincipalName\n");
return JNI_ERR;
}
#ifdef DEBUG
printf("Finished OnLoad processing\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Finished OnLoad processing\n");
} /* DEBUG */
return JNI_VERSION_1_2;
}
@ -389,16 +403,25 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
if (krbcredsConstructor == 0) {
krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "<init>",
"(Lsun/security/krb5/internal/Ticket;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/EncryptionKey;Lsun/security/krb5/internal/TicketFlags;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/HostAddresses;)V");
"(Lsun/security/krb5/internal/Ticket;"
"Lsun/security/krb5/PrincipalName;"
"Lsun/security/krb5/PrincipalName;"
"Lsun/security/krb5/EncryptionKey;"
"Lsun/security/krb5/internal/TicketFlags;"
"Lsun/security/krb5/internal/KerberosTime;"
"Lsun/security/krb5/internal/KerberosTime;"
"Lsun/security/krb5/internal/KerberosTime;"
"Lsun/security/krb5/internal/KerberosTime;"
"Lsun/security/krb5/internal/HostAddresses;)V");
if (krbcredsConstructor == 0) {
printf("Couldn't find sun.security.krb5.Credentials constructor\n");
printf("LSA: Couldn't find sun.security.krb5.Credentials constructor\n");
break;
}
}
#ifdef DEBUG
printf("Found KrbCreds constructor\n");
#endif
if (DEBUG) {
printf("LSA: Found KrbCreds constructor\n");
}
//
// Get the logon handle and package ID from the
@ -407,9 +430,9 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
if (!PackageConnectLookup(&LogonHandle, &PackageId))
break;
#ifdef DEBUG
printf("Got handle to Kerberos package\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Got handle to Kerberos package\n");
} /* DEBUG */
// Get the MS TGT from cache
CacheRequest.MessageType = KerbRetrieveTicketMessage;
@ -426,9 +449,9 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
&SubStatus
);
#ifdef DEBUG
printf("Response size is %d\n", rspSize);
#endif
if (DEBUG) {
printf("LSA: Response size is %d\n", rspSize);
}
if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) {
if (!LSA_SUCCESS(Status)) {
@ -467,9 +490,9 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
}
if (ignore_cache) {
#ifdef DEBUG
printf("MS TGT in cache is invalid/not supported; request new ticket\n");
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: MS TGT in cache is invalid/not supported; request new ticket\n");
} /* DEBUG */
// use domain to request Ticket
Status = ConstructTicketRequest(msticket->TargetDomainName,
@ -493,9 +516,9 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
&SubStatus
);
#ifdef DEBUG
printf("Response size is %d\n", responseSize);
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: Response size is %d\n", responseSize);
} /* DEBUG */
if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) {
if (!LSA_SUCCESS(Status)) {
@ -788,7 +811,9 @@ ShowLastError(
static WCHAR szMsgBuf[MAX_MSG_SIZE];
DWORD dwRes;
printf("Error calling function %s: %lu\n", szAPI, dwError);
if (DEBUG) {
printf("LSA: Error calling function %s: %lu\n", szAPI, dwError);
}
dwRes = FormatMessage (
FORMAT_MESSAGE_FROM_SYSTEM,
@ -798,11 +823,13 @@ ShowLastError(
szMsgBuf,
MAX_MSG_SIZE,
NULL);
if (DEBUG) {
if (0 == dwRes) {
printf("FormatMessage failed with %d\n", GetLastError());
printf("LSA: FormatMessage failed with %d\n", GetLastError());
// ExitProcess(EXIT_FAILURE);
} else {
printf("%S",szMsgBuf);
printf("LSA: %S",szMsgBuf);
}
}
}
@ -896,17 +923,19 @@ jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName,
((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL)));
wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR));
#ifdef DEBUG
printf("Principal domain is %S\n", realm);
printf("Name type is %x\n", principalName->NameType);
printf("Name count is %x\n", principalName->NameCount);
#endif
if (DEBUG) {
printf("LSA: Principal domain is %S\n", realm);
printf("LSA: Name type is %x\n", principalName->NameType);
printf("LSA: Name count is %x\n", principalName->NameCount);
}
nameCount = principalName->NameCount;
stringArray = (*env)->NewObjectArray(env, nameCount,
javaLangStringClass, NULL);
if (stringArray == NULL) {
printf("Can't allocate String array for Principal\n");
if (DEBUG) {
printf("LSA: Can't allocate String array for Principal\n");
}
LocalFree(realm);
return principal;
}
@ -941,6 +970,17 @@ jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey) {
// First, need to build a byte array
jbyteArray ary;
jobject encryptionKey = NULL;
unsigned int i;
for (i=0; i<cryptoKey->Length; i++) {
if (cryptoKey->Value[i]) break;
}
if (i == cryptoKey->Length) {
if (DEBUG) {
printf("LSA: Session key all zero. Stop.\n");
}
return NULL;
}
ary = (*env)->NewByteArray(env,cryptoKey->Length);
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length,
@ -1005,9 +1045,9 @@ jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime) {
hour,
minute,
second );
#ifdef DEBUG
printf("%S\n", (wchar_t *)timeString);
#endif /* DEBUG */
if (DEBUG) {
printf("LSA: %S\n", (wchar_t *)timeString);
} /* DEBUG */
stringTime = (*env)->NewString(env, timeString,
(sizeof(timeString)/sizeof(WCHAR))-1);
if (stringTime != NULL) { // everything's OK so far