8210610: Improved LSA authentication
Reviewed-by: valeriep, mschoene, rhalade
This commit is contained in:
parent
9a9b3e9ac5
commit
d2590ffc9d
@ -78,7 +78,8 @@ BOOL native_debug = 0;
|
||||
|
||||
BOOL PackageConnectLookup(PHANDLE,PULONG);
|
||||
|
||||
NTSTATUS ConstructTicketRequest(UNICODE_STRING DomainName,
|
||||
NTSTATUS ConstructTicketRequest(JNIEnv *env,
|
||||
UNICODE_STRING DomainName,
|
||||
PKERB_RETRIEVE_TKT_REQUEST *outRequest,
|
||||
ULONG *outSize);
|
||||
|
||||
@ -104,6 +105,8 @@ jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey);
|
||||
jobject BuildTicketFlags(JNIEnv *env, PULONG flags);
|
||||
jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime);
|
||||
|
||||
void ThrowOOME(JNIEnv *env, const char *szMessage);
|
||||
|
||||
/*
|
||||
* Class: sun_security_krb5_KrbCreds
|
||||
* Method: JNI_OnLoad
|
||||
@ -497,7 +500,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
|
||||
}
|
||||
|
||||
// use domain to request Ticket
|
||||
Status = ConstructTicketRequest(msticket->TargetDomainName,
|
||||
Status = ConstructTicketRequest(env, msticket->TargetDomainName,
|
||||
&pTicketRequest, &requestSize);
|
||||
if (!LSA_SUCCESS(Status)) {
|
||||
ShowNTError("ConstructTicketRequest status", Status);
|
||||
@ -691,7 +694,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
|
||||
}
|
||||
|
||||
static NTSTATUS
|
||||
ConstructTicketRequest(UNICODE_STRING DomainName,
|
||||
ConstructTicketRequest(JNIEnv *env, UNICODE_STRING DomainName,
|
||||
PKERB_RETRIEVE_TKT_REQUEST *outRequest, ULONG *outSize)
|
||||
{
|
||||
NTSTATUS Status;
|
||||
@ -738,8 +741,10 @@ ConstructTicketRequest(UNICODE_STRING DomainName,
|
||||
|
||||
pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST)
|
||||
LocalAlloc(LMEM_ZEROINIT, RequestSize);
|
||||
if (!pTicketRequest)
|
||||
if (!pTicketRequest) {
|
||||
ThrowOOME(env, "Can't allocate memory for ticket");
|
||||
return GetLastError();
|
||||
}
|
||||
|
||||
//
|
||||
// Concatenate the target prefix with the previous response's
|
||||
@ -896,7 +901,7 @@ jobject BuildTicket(JNIEnv *env, PUCHAR encodedTicket, ULONG encodedTicketSize)
|
||||
jbyteArray ary;
|
||||
|
||||
ary = (*env)->NewByteArray(env,encodedTicketSize);
|
||||
if ((*env)->ExceptionOccurred(env)) {
|
||||
if (ary == NULL) {
|
||||
return (jobject) NULL;
|
||||
}
|
||||
|
||||
@ -942,6 +947,10 @@ jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName,
|
||||
|
||||
realm = (WCHAR *) LocalAlloc(LMEM_ZEROINIT,
|
||||
((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL)));
|
||||
if (realm == NULL) {
|
||||
ThrowOOME(env, "Can't allocate memory for realm");
|
||||
return NULL;
|
||||
}
|
||||
wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR));
|
||||
|
||||
if (native_debug) {
|
||||
@ -1016,6 +1025,9 @@ jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey) {
|
||||
}
|
||||
|
||||
ary = (*env)->NewByteArray(env,cryptoKey->Length);
|
||||
if (ary == NULL) {
|
||||
return (jobject) NULL;
|
||||
}
|
||||
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length,
|
||||
(jbyte *)cryptoKey->Value);
|
||||
if ((*env)->ExceptionOccurred(env)) {
|
||||
@ -1038,6 +1050,9 @@ jobject BuildTicketFlags(JNIEnv *env, PULONG flags) {
|
||||
ULONG nlflags = htonl(*flags);
|
||||
|
||||
ary = (*env)->NewByteArray(env, sizeof(*flags));
|
||||
if (ary == NULL) {
|
||||
return (jobject) NULL;
|
||||
}
|
||||
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(*flags),
|
||||
(jbyte *)&nlflags);
|
||||
if ((*env)->ExceptionOccurred(env)) {
|
||||
@ -1090,3 +1105,10 @@ jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime) {
|
||||
}
|
||||
return kerberosTime;
|
||||
}
|
||||
|
||||
void ThrowOOME(JNIEnv *env, const char *szMessage) {
|
||||
jclass exceptionClazz = (*env)->FindClass(env, "java/lang/OutOfMemoryError");
|
||||
if (exceptionClazz != NULL) {
|
||||
(*env)->ThrowNew(env, exceptionClazz, szMessage);
|
||||
}
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user