changeset 56395:e4ce29f6094e

8228659: Record which Java methods are called by native codes in JGSS and JAAS Reviewed-by: mullan
author weijun
date Wed, 25 Sep 2019 17:54:21 +0800
parents de8e08015d51
children b311681bc3f9
files src/java.security.jgss/macosx/native/libosxkrb5/nativeccache.c src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSCredElement.java src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSLibStub.java src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java src/java.security.jgss/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java src/java.security.jgss/share/classes/sun/security/krb5/EncryptionKey.java src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddress.java src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddresses.java src/java.security.jgss/share/classes/sun/security/krb5/internal/KerberosTime.java src/java.security.jgss/share/classes/sun/security/krb5/internal/Krb5.java src/java.security.jgss/share/classes/sun/security/krb5/internal/Ticket.java src/java.security.jgss/share/classes/sun/security/krb5/internal/TicketFlags.java src/java.security.jgss/windows/native/libw2k_lsa_auth/NativeCreds.c src/jdk.security.auth/share/classes/com/sun/security/auth/module/NTSystem.java src/jdk.security.auth/share/classes/com/sun/security/auth/module/UnixSystem.java
diffstat 17 files changed, 44 insertions(+), 95 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.security.jgss/macosx/native/libosxkrb5/nativeccache.c	Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/macosx/native/libosxkrb5/nativeccache.c	Wed Sep 25 17:54:21 2019 +0800
@@ -43,7 +43,6 @@
  * Statics for this module
  */
 
-static jclass derValueClass = NULL;
 static jclass ticketClass = NULL;
 static jclass principalNameClass = NULL;
 static jclass encryptionKeyClass = NULL;
@@ -54,7 +53,6 @@
 static jclass hostAddressClass = NULL;
 static jclass hostAddressesClass = NULL;
 
-static jmethodID derValueConstructor = 0;
 static jmethodID ticketConstructor = 0;
 static jmethodID principalNameConstructor = 0;
 static jmethodID encryptionKeyConstructor = 0;
@@ -108,9 +106,6 @@
     principalNameClass = FindClass(env, "sun/security/krb5/PrincipalName");
     if (principalNameClass == NULL) return JNI_ERR;
 
-    derValueClass = FindClass(env, "sun/security/util/DerValue");
-    if (derValueClass == NULL) return JNI_ERR;
-
     encryptionKeyClass = FindClass(env, "sun/security/krb5/EncryptionKey");
     if (encryptionKeyClass == NULL) return JNI_ERR;
 
@@ -132,13 +127,7 @@
     hostAddressesClass = FindClass(env,"sun/security/krb5/internal/HostAddresses");
     if (hostAddressesClass == NULL) return JNI_ERR;
 
-    derValueConstructor = (*env)->GetMethodID(env, derValueClass, "<init>", "([B)V");
-    if (derValueConstructor == 0) {
-        printf("Couldn't find DerValue constructor\n");
-        return JNI_ERR;
-    }
-
-    ticketConstructor = (*env)->GetMethodID(env, ticketClass, "<init>", "(Lsun/security/util/DerValue;)V");
+    ticketConstructor = (*env)->GetMethodID(env, ticketClass, "<init>", "([B)V");
     if (ticketConstructor == 0) {
         printf("Couldn't find Ticket constructor\n");
         return JNI_ERR;
@@ -204,9 +193,6 @@
     if (ticketClass != NULL) {
         (*env)->DeleteWeakGlobalRef(env,ticketClass);
     }
-    if (derValueClass != NULL) {
-        (*env)->DeleteWeakGlobalRef(env,derValueClass);
-    }
     if (principalNameClass != NULL) {
         (*env)->DeleteWeakGlobalRef(env,principalNameClass);
     }
@@ -421,11 +407,9 @@
 
 jobject BuildTicket(JNIEnv *env, krb5_data *encodedTicket)
 {
-    /* To build a Ticket, we first need to build a DerValue out of the EncodedTicket.
-    * But before we can do that, we need to make a byte array out of the ET.
-    */
+    // To build a Ticket, we need to make a byte array out of the EncodedTicket.
 
-    jobject derValue, ticket;
+    jobject ticket;
     jbyteArray ary;
 
     ary = (*env)->NewByteArray(env, encodedTicket->length);
@@ -439,19 +423,12 @@
         return (jobject) NULL;
     }
 
-    derValue = (*env)->NewObject(env, derValueClass, derValueConstructor, ary);
+    ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, ary);
     if ((*env)->ExceptionCheck(env)) {
         (*env)->DeleteLocalRef(env, ary);
         return (jobject) NULL;
     }
-
     (*env)->DeleteLocalRef(env, ary);
-    ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, derValue);
-    if ((*env)->ExceptionCheck(env)) {
-        (*env)->DeleteLocalRef(env, derValue);
-        return (jobject) NULL;
-    }
-    (*env)->DeleteLocalRef(env, derValue);
     return ticket;
 }
 
--- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSCredElement.java	Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSCredElement.java	Wed Sep 25 17:54:21 2019 +0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -61,6 +61,7 @@
     }
 
     // Construct delegation cred using the actual context mech and srcName
+    // Warning: called by NativeUtil.c
     GSSCredElement(long pCredentials, GSSNameElement srcName, Oid mech)
         throws GSSException {
         pCred = pCredentials;
--- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSLibStub.java	Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSLibStub.java	Wed Sep 25 17:54:21 2019 +0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -43,7 +43,7 @@
 class GSSLibStub {
 
     private Oid mech;
-    private long pMech;
+    private long pMech; // Warning: used by NativeUtil.c
 
     /**
      * Initialization routine to dynamically load function pointers.
--- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java	Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java	Wed Sep 25 17:54:21 2019 +0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -97,6 +97,7 @@
         printableName = "<DEFAULT ACCEPTOR>";
     }
 
+    // Warning: called by NativeUtil.c
     GSSNameElement(long pNativeName, GSSLibStub stub) throws GSSException {
         assert(stub != null);
         if (pNativeName == 0) {
--- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java	Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java	Wed Sep 25 17:54:21 2019 +0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -59,20 +59,22 @@
 
     private static final int NUM_OF_INQUIRE_VALUES = 6;
 
+    // Warning: The following 9 fields are used by NativeUtil.c
     private long pContext = 0; // Pointer to the gss_ctx_id_t structure
     private GSSNameElement srcName;
     private GSSNameElement targetName;
+    private boolean isInitiator;
+    private boolean isEstablished;
+    private GSSCredElement delegatedCred;
+    private int flags;
+    private int lifetime = GSSCredential.DEFAULT_LIFETIME;
+    private Oid actualMech; // Assigned during context establishment
+
     private GSSCredElement cred;
     private GSSCredElement disposeCred;
-    private boolean isInitiator;
-    private boolean isEstablished;
-    private Oid actualMech; // Assigned during context establishment
 
     private ChannelBinding cb;
-    private GSSCredElement delegatedCred;
     private GSSCredElement disposeDelegatedCred;
-    private int flags;
-    private int lifetime = GSSCredential.DEFAULT_LIFETIME;
     private final GSSLibStub cStub;
 
     private boolean skipDelegPermCheck;
@@ -231,6 +233,7 @@
     }
 
     // Constructor for imported context
+    // Warning: called by NativeUtil.c
     NativeGSSContext(long pCtxt, GSSLibStub stub) throws GSSException {
         assert(pContext != 0);
         pContext = pCtxt;
--- a/src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java	Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java	Wed Sep 25 17:54:21 2019 +0800
@@ -88,6 +88,7 @@
         this.authzData = authzData;
     }
 
+    // Warning: called by NativeCreds.c and nativeccache.c
     public Credentials(Ticket new_ticket,
                        PrincipalName new_client,
                        PrincipalName new_client_alias,
--- a/src/java.security.jgss/share/classes/sun/security/krb5/EncryptionKey.java	Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/EncryptionKey.java	Wed Sep 25 17:54:21 2019 +0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -218,8 +218,8 @@
      * credential cache file.
      *
      */
-     // Used in JSSE (KerberosWrapper), Credentials,
-     // javax.security.auth.kerberos.KeyImpl
+    // Used in Credentials, and javax.security.auth.kerberos.KeyImpl
+    // Warning: called by NativeCreds.c and nativeccache.c
     public EncryptionKey(int keyType,
                          byte[] keyValue) {
         this(keyValue, keyType, null);
--- a/src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java	Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java	Wed Sep 25 17:54:21 2019 +0800
@@ -158,7 +158,7 @@
         this.realmDeduced = false;
     }
 
-    // This method is called by Windows NativeCred.c
+    // Warning: called by NativeCreds.c
     public PrincipalName(String[] nameParts, String realm) throws RealmException {
         this(KRB_NT_UNKNOWN, nameParts, new Realm(realm));
     }
@@ -484,6 +484,7 @@
         }
     }
 
+    // Warning: called by nativeccache.c
     public PrincipalName(String name, int type) throws RealmException {
         this(name, type, (String)null);
     }
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddress.java	Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddress.java	Wed Sep 25 17:54:21 2019 +0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -165,6 +165,8 @@
     /**
      * Creates a HostAddress from the specified address and address type.
      *
+     * Warning: called by nativeccache.c.
+     *
      * @param new_addrType the value of the address type which matches the defined
      *                       address family constants in the Berkeley Standard
      *                       Distributions of Unix.
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddresses.java	Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddresses.java	Wed Sep 25 17:54:21 2019 +0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -68,6 +68,7 @@
     private HostAddress[] addresses = null;
     private volatile int hashCode = 0;
 
+    // Warning: called by nativeccache.c
     public HostAddresses(HostAddress[] new_addresses) throws IOException {
         if (new_addresses != null) {
            addresses = new HostAddress[new_addresses.length];
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/KerberosTime.java	Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/KerberosTime.java	Wed Sep 25 17:54:21 2019 +0800
@@ -88,8 +88,7 @@
         this(time, 0);
     }
 
-    // This constructor is used in the native code
-    // src/windows/native/sun/security/krb5/NativeCreds.c
+    // Warning: called by NativeCreds.c and nativeccache.c
     public KerberosTime(String time) throws Asn1Exception {
         this(toKerberosTime(time), 0);
     }
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/Krb5.java	Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/Krb5.java	Wed Sep 25 17:54:21 2019 +0800
@@ -309,7 +309,7 @@
         return errMsgList.get(i);
     }
 
-
+    // Warning: used by NativeCreds.c
     public static final boolean DEBUG = GetBooleanAction
             .privilegedGetProperty("sun.security.krb5.debug");
 
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/Ticket.java	Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/Ticket.java	Wed Sep 25 17:54:21 2019 +0800
@@ -83,6 +83,7 @@
         encPart = new_encPart;
     }
 
+    // Warning: called by NativeCreds.c and nativeccache.c
     public Ticket(byte[] data) throws Asn1Exception,
     RealmException, KrbApErrException, IOException {
         init(new DerValue(data));
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/TicketFlags.java	Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/TicketFlags.java	Wed Sep 25 17:54:21 2019 +0800
@@ -67,6 +67,7 @@
         }
     }
 
+    // Warning: called by NativeCreds.c and nativeccache.c
     public TicketFlags(int size, byte[] data) throws Asn1Exception {
         super(size, data);
         if ((size > data.length * BITS_PER_UNIT) || (size > Krb5.TKT_OPTS_MAX + 1))
--- a/src/java.security.jgss/windows/native/libw2k_lsa_auth/NativeCreds.c	Wed Sep 25 14:48:39 2019 +0530
+++ b/src/java.security.jgss/windows/native/libw2k_lsa_auth/NativeCreds.c	Wed Sep 25 17:54:21 2019 +0800
@@ -54,7 +54,6 @@
  * Library-wide static references
  */
 
-jclass derValueClass = NULL;
 jclass ticketClass = NULL;
 jclass principalNameClass = NULL;
 jclass encryptionKeyClass = NULL;
@@ -62,7 +61,6 @@
 jclass kerberosTimeClass = NULL;
 jclass javaLangStringClass = NULL;
 
-jmethodID derValueConstructor = 0;
 jmethodID ticketConstructor = 0;
 jmethodID principalNameConstructor = 0;
 jmethodID encryptionKeyConstructor = 0;
@@ -172,24 +170,6 @@
         printf("LSA: Made NewWeakGlobalRef\n");
     }
 
-    cls = (*env)->FindClass(env,"sun/security/util/DerValue");
-
-    if (cls == NULL) {
-        printf("LSA: Couldn't find DerValue\n");
-        return JNI_ERR;
-    }
-    if (native_debug) {
-        printf("LSA: Found DerValue\n");
-    }
-
-    derValueClass = (*env)->NewWeakGlobalRef(env,cls);
-    if (derValueClass == NULL) {
-        return JNI_ERR;
-    }
-    if (native_debug) {
-        printf("LSA: Made NewWeakGlobalRef\n");
-    }
-
     cls = (*env)->FindClass(env,"sun/security/krb5/EncryptionKey");
 
     if (cls == NULL) {
@@ -262,18 +242,8 @@
         printf("LSA: Made NewWeakGlobalRef\n");
     }
 
-    derValueConstructor = (*env)->GetMethodID(env, derValueClass,
-                                            "<init>", "([B)V");
-    if (derValueConstructor == 0) {
-        printf("LSA: Couldn't find DerValue constructor\n");
-        return JNI_ERR;
-    }
-    if (native_debug) {
-        printf("LSA: Found DerValue constructor\n");
-    }
-
     ticketConstructor = (*env)->GetMethodID(env, ticketClass,
-                            "<init>", "(Lsun/security/util/DerValue;)V");
+                            "<init>", "([B)V");
     if (ticketConstructor == 0) {
         printf("LSA: Couldn't find Ticket constructor\n");
         return JNI_ERR;
@@ -347,9 +317,6 @@
     if (ticketClass != NULL) {
         (*env)->DeleteWeakGlobalRef(env,ticketClass);
     }
-    if (derValueClass != NULL) {
-        (*env)->DeleteWeakGlobalRef(env,derValueClass);
-    }
     if (principalNameClass != NULL) {
         (*env)->DeleteWeakGlobalRef(env,principalNameClass);
     }
@@ -897,11 +864,9 @@
 
 jobject BuildTicket(JNIEnv *env, PUCHAR encodedTicket, ULONG encodedTicketSize) {
 
-    /* To build a Ticket, we first need to build a DerValue out of the EncodedTicket.
-     * But before we can do that, we need to make a byte array out of the ET.
-     */
+    // To build a Ticket, we need to make a byte array out of the EncodedTicket.
 
-    jobject derValue, ticket;
+    jobject ticket;
     jbyteArray ary;
 
     ary = (*env)->NewByteArray(env,encodedTicketSize);
@@ -916,19 +881,12 @@
         return (jobject) NULL;
     }
 
-    derValue = (*env)->NewObject(env, derValueClass, derValueConstructor, ary);
+    ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, ary);
     if ((*env)->ExceptionOccurred(env)) {
         (*env)->DeleteLocalRef(env, ary);
         return (jobject) NULL;
     }
-
     (*env)->DeleteLocalRef(env, ary);
-    ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, derValue);
-    if ((*env)->ExceptionOccurred(env)) {
-        (*env)->DeleteLocalRef(env, derValue);
-        return (jobject) NULL;
-    }
-    (*env)->DeleteLocalRef(env, derValue);
     return ticket;
 }
 
--- a/src/jdk.security.auth/share/classes/com/sun/security/auth/module/NTSystem.java	Wed Sep 25 14:48:39 2019 +0530
+++ b/src/jdk.security.auth/share/classes/com/sun/security/auth/module/NTSystem.java	Wed Sep 25 17:54:21 2019 +0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -35,12 +35,14 @@
     private native void getCurrent(boolean debug);
     private native long getImpersonationToken0();
 
+    // Warning: the next 6 fields are used by nt.c
     private String userName;
     private String domain;
     private String domainSID;
     private String userSID;
     private String[] groupIDs;
     private String primaryGroupID;
+
     private long   impersonationToken;
 
     /**
--- a/src/jdk.security.auth/share/classes/com/sun/security/auth/module/UnixSystem.java	Wed Sep 25 14:48:39 2019 +0530
+++ b/src/jdk.security.auth/share/classes/com/sun/security/auth/module/UnixSystem.java	Wed Sep 25 17:54:21 2019 +0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,7 @@
 
     private native void getUnixInfo();
 
+    // Warning: the following 4 fields are used by Unix.c
     protected String username;
     protected long uid;
     protected long gid;