changeset 1153:897b2d42995a

6587676: Krb5LoginModule failure if useTicketCache=true on Vista Reviewed-by: valeriep
author weijun
date Fri, 10 Apr 2009 11:21:31 +0800
parents 8d37331265ae
children 572d3f36c8a9
files src/windows/native/sun/security/krb5/NativeCreds.c
diffstat 1 files changed, 149 insertions(+), 109 deletions(-) [+]
line wrap: on
line diff
--- a/src/windows/native/sun/security/krb5/NativeCreds.c	Thu Apr 09 15:32:55 2009 +0800
+++ b/src/windows/native/sun/security/krb5/NativeCreds.c	Fri Apr 10 11:21:31 2009 +0800
@@ -73,6 +73,7 @@
  * Function prototypes for internal routines
  *
  */
+BOOL DEBUG = 0;
 
 BOOL PackageConnectLookup(PHANDLE,PULONG);
 
@@ -113,208 +114,221 @@
 
     jclass cls;
     JNIEnv *env;
+    jfieldID fldDEBUG;
 
     if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) {
         return JNI_EVERSION; /* JNI version not supported */
     }
 
+    cls = (*env)->FindClass(env,"sun/security/krb5/internal/Krb5");
+    if (cls == NULL) {
+        printf("LSA: Couldn't find Krb5\n");
+        return JNI_ERR;
+    }
+    fldDEBUG = (*env)->GetStaticFieldID(env, cls, "DEBUG", "Z");
+    if (fldDEBUG == NULL) {
+        printf("LSA: Krb5 has no DEBUG field\n");
+        return JNI_ERR;
+    }
+    DEBUG = (*env)->GetStaticBooleanField(env, cls, fldDEBUG);
+
     cls = (*env)->FindClass(env,"sun/security/krb5/internal/Ticket");
 
     if (cls == NULL) {
-        printf("Couldn't find Ticket\n");
+        printf("LSA: Couldn't find Ticket\n");
         return JNI_ERR;
     }
-    #ifdef DEBUG
-    printf("Found Ticket\n");
-    #endif /* DEBUG */
+    if (DEBUG) {
+        printf("LSA: Found Ticket\n");
+    } /* DEBUG */
 
     ticketClass = (*env)->NewWeakGlobalRef(env,cls);
     if (ticketClass == NULL) {
         return JNI_ERR;
     }
-    #ifdef DEBUG
-    printf("Made NewWeakGlobalRef\n");
-    #endif /* DEBUG */
+    if (DEBUG) {
+        printf("LSA: Made NewWeakGlobalRef\n");
+    } /* DEBUG */
 
     cls = (*env)->FindClass(env, "sun/security/krb5/PrincipalName");
 
     if (cls == NULL) {
-        printf("Couldn't find PrincipalName\n");
+        printf("LSA: Couldn't find PrincipalName\n");
         return JNI_ERR;
     }
-    #ifdef DEBUG
-    printf("Found PrincipalName\n");
-    #endif /* DEBUG */
+    if (DEBUG) {
+        printf("LSA: Found PrincipalName\n");
+    } /* DEBUG */
 
     principalNameClass = (*env)->NewWeakGlobalRef(env,cls);
     if (principalNameClass == NULL) {
         return JNI_ERR;
     }
-    #ifdef DEBUG
-    printf("Made NewWeakGlobalRef\n");
-    #endif /* DEBUG */
+    if (DEBUG) {
+        printf("LSA: Made NewWeakGlobalRef\n");
+    } /* DEBUG */
 
     cls = (*env)->FindClass(env,"sun/security/util/DerValue");
 
     if (cls == NULL) {
-        printf("Couldn't find DerValue\n");
+        printf("LSA: Couldn't find DerValue\n");
         return JNI_ERR;
     }
-    #ifdef DEBUG
-    printf("Found DerValue\n");
-    #endif /* DEBUG */
+    if (DEBUG) {
+        printf("LSA: Found DerValue\n");
+    } /* DEBUG */
 
     derValueClass = (*env)->NewWeakGlobalRef(env,cls);
     if (derValueClass == NULL) {
         return JNI_ERR;
     }
-    #ifdef DEBUG
-    printf("Made NewWeakGlobalRef\n");
-    #endif /* DEBUG */
+    if (DEBUG) {
+        printf("LSA: Made NewWeakGlobalRef\n");
+    } /* DEBUG */
 
     cls = (*env)->FindClass(env,"sun/security/krb5/EncryptionKey");
 
     if (cls == NULL) {
-        printf("Couldn't find EncryptionKey\n");
+        printf("LSA: Couldn't find EncryptionKey\n");
         return JNI_ERR;
     }
-    #ifdef DEBUG
-    printf("Found EncryptionKey\n");
-    #endif /* DEBUG */
+    if (DEBUG) {
+        printf("LSA: Found EncryptionKey\n");
+    } /* DEBUG */
 
     encryptionKeyClass = (*env)->NewWeakGlobalRef(env,cls);
     if (encryptionKeyClass == NULL) {
         return JNI_ERR;
     }
-    #ifdef DEBUG
-    printf("Made NewWeakGlobalRef\n");
-    #endif /* DEBUG */
+    if (DEBUG) {
+        printf("LSA: Made NewWeakGlobalRef\n");
+    } /* DEBUG */
 
     cls = (*env)->FindClass(env,"sun/security/krb5/internal/TicketFlags");
 
     if (cls == NULL) {
-        printf("Couldn't find TicketFlags\n");
+        printf("LSA: Couldn't find TicketFlags\n");
         return JNI_ERR;
     }
-    #ifdef DEBUG
-    printf("Found TicketFlags\n");
-    #endif /* DEBUG */
+    if (DEBUG) {
+        printf("LSA: Found TicketFlags\n");
+    } /* DEBUG */
 
     ticketFlagsClass = (*env)->NewWeakGlobalRef(env,cls);
     if (ticketFlagsClass == NULL) {
         return JNI_ERR;
     }
-    #ifdef DEBUG
-    printf("Made NewWeakGlobalRef\n");
-    #endif /* DEBUG */
+    if (DEBUG) {
+        printf("LSA: Made NewWeakGlobalRef\n");
+    } /* DEBUG */
 
     cls = (*env)->FindClass(env,"sun/security/krb5/internal/KerberosTime");
 
     if (cls == NULL) {
-        printf("Couldn't find KerberosTime\n");
+        printf("LSA: Couldn't find KerberosTime\n");
         return JNI_ERR;
     }
-    #ifdef DEBUG
-    printf("Found KerberosTime\n");
-    #endif /* DEBUG */
+    if (DEBUG) {
+        printf("LSA: Found KerberosTime\n");
+    } /* DEBUG */
 
     kerberosTimeClass = (*env)->NewWeakGlobalRef(env,cls);
     if (kerberosTimeClass == NULL) {
         return JNI_ERR;
     }
-    #ifdef DEBUG
-    printf("Made NewWeakGlobalRef\n");
-    #endif /* DEBUG */
+    if (DEBUG) {
+        printf("LSA: Made NewWeakGlobalRef\n");
+    } /* DEBUG */
 
     cls = (*env)->FindClass(env,"java/lang/String");
 
     if (cls == NULL) {
-        printf("Couldn't find String\n");
+        printf("LSA: Couldn't find String\n");
         return JNI_ERR;
     }
-    #ifdef DEBUG
-    printf("Found String\n");
-    #endif /* DEBUG */
+    if (DEBUG) {
+        printf("LSA: Found String\n");
+    } /* DEBUG */
 
     javaLangStringClass = (*env)->NewWeakGlobalRef(env,cls);
     if (javaLangStringClass == NULL) {
         return JNI_ERR;
     }
-    #ifdef DEBUG
-    printf("Made NewWeakGlobalRef\n");
-    #endif /* DEBUG */
+    if (DEBUG) {
+        printf("LSA: Made NewWeakGlobalRef\n");
+    } /* DEBUG */
 
     derValueConstructor = (*env)->GetMethodID(env, derValueClass,
                                             "<init>", "([B)V");
     if (derValueConstructor == 0) {
-        printf("Couldn't find DerValue constructor\n");
+        printf("LSA: Couldn't find DerValue constructor\n");
         return JNI_ERR;
     }
-    #ifdef DEBUG
-    printf("Found DerValue constructor\n");
-    #endif /* DEBUG */
+    if (DEBUG) {
+        printf("LSA: Found DerValue constructor\n");
+    } /* DEBUG */
 
     ticketConstructor = (*env)->GetMethodID(env, ticketClass,
                             "<init>", "(Lsun/security/util/DerValue;)V");
     if (ticketConstructor == 0) {
-        printf("Couldn't find Ticket constructor\n");
+        printf("LSA: Couldn't find Ticket constructor\n");
         return JNI_ERR;
     }
-    #ifdef DEBUG
-    printf("Found Ticket constructor\n");
-    #endif /* DEBUG */
+    if (DEBUG) {
+        printf("LSA: Found Ticket constructor\n");
+    } /* DEBUG */
 
     principalNameConstructor = (*env)->GetMethodID(env, principalNameClass,
                                     "<init>", "([Ljava/lang/String;)V");
     if (principalNameConstructor == 0) {
-        printf("Couldn't find PrincipalName constructor\n");
+        printf("LSA: Couldn't find PrincipalName constructor\n");
         return JNI_ERR;
     }
-    #ifdef DEBUG
-    printf("Found PrincipalName constructor\n");
-    #endif /* DEBUG */
+    if (DEBUG) {
+        printf("LSA: Found PrincipalName constructor\n");
+    } /* DEBUG */
 
     encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass,
                                             "<init>", "(I[B)V");
     if (encryptionKeyConstructor == 0) {
-        printf("Couldn't find EncryptionKey constructor\n");
+        printf("LSA: Couldn't find EncryptionKey constructor\n");
         return JNI_ERR;
     }
-    #ifdef DEBUG
-    printf("Found EncryptionKey constructor\n");
-    #endif /* DEBUG */
+    if (DEBUG) {
+        printf("LSA: Found EncryptionKey constructor\n");
+    } /* DEBUG */
 
     ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass,
                                             "<init>", "(I[B)V");
     if (ticketFlagsConstructor == 0) {
-        printf("Couldn't find TicketFlags constructor\n");
+        printf("LSA: Couldn't find TicketFlags constructor\n");
         return JNI_ERR;
     }
-    #ifdef DEBUG
-    printf("Found TicketFlags constructor\n");
-    #endif /* DEBUG */
+    if (DEBUG) {
+        printf("LSA: Found TicketFlags constructor\n");
+    } /* DEBUG */
 
     kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass,
                                     "<init>", "(Ljava/lang/String;)V");
     if (kerberosTimeConstructor == 0) {
-        printf("Couldn't find KerberosTime constructor\n");
+        printf("LSA: Couldn't find KerberosTime constructor\n");
         return JNI_ERR;
     }
-    #ifdef DEBUG
-    printf("Found KerberosTime constructor\n");
-    #endif /* DEBUG */
+    if (DEBUG) {
+        printf("LSA: Found KerberosTime constructor\n");
+    } /* DEBUG */
 
     // load the setRealm method in PrincipalName
     setRealmMethod = (*env)->GetMethodID(env, principalNameClass,
                                     "setRealm", "(Ljava/lang/String;)V");
     if (setRealmMethod == 0) {
-        printf("Couldn't find setRealm in PrincipalName\n");
+        printf("LSA: Couldn't find setRealm in PrincipalName\n");
         return JNI_ERR;
     }
 
-    #ifdef DEBUG
-    printf("Finished OnLoad processing\n");
-    #endif /* DEBUG */
+    if (DEBUG) {
+        printf("LSA: Finished OnLoad processing\n");
+    } /* DEBUG */
 
     return JNI_VERSION_1_2;
 }
@@ -389,16 +403,25 @@
 
         if (krbcredsConstructor == 0) {
             krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "<init>",
-                    "(Lsun/security/krb5/internal/Ticket;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/EncryptionKey;Lsun/security/krb5/internal/TicketFlags;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/HostAddresses;)V");
+                    "(Lsun/security/krb5/internal/Ticket;"
+                    "Lsun/security/krb5/PrincipalName;"
+                    "Lsun/security/krb5/PrincipalName;"
+                    "Lsun/security/krb5/EncryptionKey;"
+                    "Lsun/security/krb5/internal/TicketFlags;"
+                    "Lsun/security/krb5/internal/KerberosTime;"
+                    "Lsun/security/krb5/internal/KerberosTime;"
+                    "Lsun/security/krb5/internal/KerberosTime;"
+                    "Lsun/security/krb5/internal/KerberosTime;"
+                    "Lsun/security/krb5/internal/HostAddresses;)V");
             if (krbcredsConstructor == 0) {
-                printf("Couldn't find sun.security.krb5.Credentials constructor\n");
+                printf("LSA: Couldn't find sun.security.krb5.Credentials constructor\n");
                 break;
             }
         }
 
-        #ifdef DEBUG
-        printf("Found KrbCreds constructor\n");
-        #endif
+        if (DEBUG) {
+            printf("LSA: Found KrbCreds constructor\n");
+        }
 
         //
         // Get the logon handle and package ID from the
@@ -407,9 +430,9 @@
         if (!PackageConnectLookup(&LogonHandle, &PackageId))
             break;
 
-        #ifdef DEBUG
-        printf("Got handle to Kerberos package\n");
-        #endif /* DEBUG */
+        if (DEBUG) {
+            printf("LSA: Got handle to Kerberos package\n");
+        } /* DEBUG */
 
         // Get the MS TGT from cache
         CacheRequest.MessageType = KerbRetrieveTicketMessage;
@@ -426,9 +449,9 @@
                         &SubStatus
                         );
 
-        #ifdef DEBUG
-        printf("Response size is %d\n", rspSize);
-        #endif
+        if (DEBUG) {
+            printf("LSA: Response size is %d\n", rspSize);
+        }
 
         if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) {
             if (!LSA_SUCCESS(Status)) {
@@ -467,9 +490,9 @@
         }
 
         if (ignore_cache) {
-            #ifdef DEBUG
-            printf("MS TGT in cache is invalid/not supported; request new ticket\n");
-            #endif /* DEBUG */
+            if (DEBUG) {
+                printf("LSA: MS TGT in cache is invalid/not supported; request new ticket\n");
+            } /* DEBUG */
 
             // use domain to request Ticket
             Status = ConstructTicketRequest(msticket->TargetDomainName,
@@ -493,9 +516,9 @@
                         &SubStatus
                         );
 
-            #ifdef DEBUG
-            printf("Response size is %d\n", responseSize);
-            #endif /* DEBUG */
+            if (DEBUG) {
+                printf("LSA: Response size is %d\n", responseSize);
+            } /* DEBUG */
 
             if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) {
                 if (!LSA_SUCCESS(Status)) {
@@ -788,7 +811,9 @@
     static WCHAR szMsgBuf[MAX_MSG_SIZE];
     DWORD dwRes;
 
-    printf("Error calling function %s: %lu\n", szAPI, dwError);
+    if (DEBUG) {
+        printf("LSA: Error calling function %s: %lu\n", szAPI, dwError);
+    }
 
     dwRes = FormatMessage (
             FORMAT_MESSAGE_FROM_SYSTEM,
@@ -798,11 +823,13 @@
             szMsgBuf,
             MAX_MSG_SIZE,
             NULL);
-    if (0 == dwRes) {
-        printf("FormatMessage failed with %d\n", GetLastError());
-        // ExitProcess(EXIT_FAILURE);
-    } else {
-        printf("%S",szMsgBuf);
+    if (DEBUG) {
+        if (0 == dwRes) {
+            printf("LSA: FormatMessage failed with %d\n", GetLastError());
+            // ExitProcess(EXIT_FAILURE);
+        } else {
+            printf("LSA: %S",szMsgBuf);
+        }
     }
 }
 
@@ -896,17 +923,19 @@
             ((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL)));
     wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR));
 
-    #ifdef DEBUG
-    printf("Principal domain is %S\n", realm);
-    printf("Name type is %x\n", principalName->NameType);
-    printf("Name count is %x\n", principalName->NameCount);
-    #endif
+    if (DEBUG) {
+        printf("LSA: Principal domain is %S\n", realm);
+        printf("LSA: Name type is %x\n", principalName->NameType);
+        printf("LSA: Name count is %x\n", principalName->NameCount);
+    }
 
     nameCount = principalName->NameCount;
     stringArray = (*env)->NewObjectArray(env, nameCount,
                             javaLangStringClass, NULL);
     if (stringArray == NULL) {
-        printf("Can't allocate String array for Principal\n");
+        if (DEBUG) {
+            printf("LSA: Can't allocate String array for Principal\n");
+        }
         LocalFree(realm);
         return principal;
     }
@@ -941,6 +970,17 @@
     // First, need to build a byte array
     jbyteArray ary;
     jobject encryptionKey = NULL;
+    unsigned int i;
+
+    for (i=0; i<cryptoKey->Length; i++) {
+        if (cryptoKey->Value[i]) break;
+    }
+    if (i == cryptoKey->Length) {
+        if (DEBUG) {
+            printf("LSA: Session key all zero. Stop.\n");
+        }
+        return NULL;
+    }
 
     ary = (*env)->NewByteArray(env,cryptoKey->Length);
     (*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length,
@@ -1005,9 +1045,9 @@
                 hour,
                 minute,
                 second );
-        #ifdef DEBUG
-        printf("%S\n", (wchar_t *)timeString);
-        #endif /* DEBUG */
+        if (DEBUG) {
+            printf("LSA: %S\n", (wchar_t *)timeString);
+        } /* DEBUG */
         stringTime = (*env)->NewString(env, timeString,
                 (sizeof(timeString)/sizeof(WCHAR))-1);
         if (stringTime != NULL) { // everything's OK so far