8210610: Improved LSA authentication

Reviewed-by: valeriep, mschoene, rhalade
This commit is contained in:
Weijun Wang 2018-09-29 10:08:42 +08:00
parent 9a9b3e9ac5
commit d2590ffc9d

@ -78,7 +78,8 @@ BOOL native_debug = 0;
BOOL PackageConnectLookup(PHANDLE,PULONG);
NTSTATUS ConstructTicketRequest(UNICODE_STRING DomainName,
NTSTATUS ConstructTicketRequest(JNIEnv *env,
UNICODE_STRING DomainName,
PKERB_RETRIEVE_TKT_REQUEST *outRequest,
ULONG *outSize);
@ -104,6 +105,8 @@ jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey);
jobject BuildTicketFlags(JNIEnv *env, PULONG flags);
jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime);
void ThrowOOME(JNIEnv *env, const char *szMessage);
/*
* Class: sun_security_krb5_KrbCreds
* Method: JNI_OnLoad
@ -497,7 +500,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
}
// use domain to request Ticket
Status = ConstructTicketRequest(msticket->TargetDomainName,
Status = ConstructTicketRequest(env, msticket->TargetDomainName,
&pTicketRequest, &requestSize);
if (!LSA_SUCCESS(Status)) {
ShowNTError("ConstructTicketRequest status", Status);
@ -691,7 +694,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
}
static NTSTATUS
ConstructTicketRequest(UNICODE_STRING DomainName,
ConstructTicketRequest(JNIEnv *env, UNICODE_STRING DomainName,
PKERB_RETRIEVE_TKT_REQUEST *outRequest, ULONG *outSize)
{
NTSTATUS Status;
@ -738,8 +741,10 @@ ConstructTicketRequest(UNICODE_STRING DomainName,
pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST)
LocalAlloc(LMEM_ZEROINIT, RequestSize);
if (!pTicketRequest)
if (!pTicketRequest) {
ThrowOOME(env, "Can't allocate memory for ticket");
return GetLastError();
}
//
// Concatenate the target prefix with the previous response's
@ -896,7 +901,7 @@ jobject BuildTicket(JNIEnv *env, PUCHAR encodedTicket, ULONG encodedTicketSize)
jbyteArray ary;
ary = (*env)->NewByteArray(env,encodedTicketSize);
if ((*env)->ExceptionOccurred(env)) {
if (ary == NULL) {
return (jobject) NULL;
}
@ -942,6 +947,10 @@ jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName,
realm = (WCHAR *) LocalAlloc(LMEM_ZEROINIT,
((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL)));
if (realm == NULL) {
ThrowOOME(env, "Can't allocate memory for realm");
return NULL;
}
wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR));
if (native_debug) {
@ -1016,6 +1025,9 @@ jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey) {
}
ary = (*env)->NewByteArray(env,cryptoKey->Length);
if (ary == NULL) {
return (jobject) NULL;
}
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length,
(jbyte *)cryptoKey->Value);
if ((*env)->ExceptionOccurred(env)) {
@ -1038,6 +1050,9 @@ jobject BuildTicketFlags(JNIEnv *env, PULONG flags) {
ULONG nlflags = htonl(*flags);
ary = (*env)->NewByteArray(env, sizeof(*flags));
if (ary == NULL) {
return (jobject) NULL;
}
(*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(*flags),
(jbyte *)&nlflags);
if ((*env)->ExceptionOccurred(env)) {
@ -1090,3 +1105,10 @@ jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime) {
}
return kerberosTime;
}
void ThrowOOME(JNIEnv *env, const char *szMessage) {
jclass exceptionClazz = (*env)->FindClass(env, "java/lang/OutOfMemoryError");
if (exceptionClazz != NULL) {
(*env)->ThrowNew(env, exceptionClazz, szMessage);
}
}