3752N/A * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 0N/A * =========================================================================== 0N/A * (C) Copyright IBM Corp. 2000 All Rights Reserved. 0N/A * =========================================================================== 0N/A * Library-wide static references 0N/A * Function prototypes for internal routines 0N/A * Class: sun_security_krb5_KrbCreds 0N/A * Method: JNI_OnLoad 50N/A "<init>",
"([B)V");
1103N/A printf(
"LSA: Couldn't find PrincipalName constructor\n");
50N/A "<init>",
"(I[B)V");
1103N/A printf(
"LSA: Couldn't find EncryptionKey constructor\n");
50N/A "<init>",
"(I[B)V");
50N/A // load the setRealm method in PrincipalName 1103N/A printf(
"LSA: Couldn't find setRealm in PrincipalName\n");
0N/A * Class: sun_security_jgss_KrbCreds 0N/A * Method: JNI_OnUnload 50N/A return;
/* Nothing else we can do */ 0N/A * Class: sun_security_krb5_Credentials 0N/A * Method: acquireDefaultNativeCreds 0N/A // Get the logon handle and package ID from the 0N/A // Get the MS TGT from cache 0N/A // got the native MS TGT 0N/A // check TGT validity 0N/A // use domain to request Ticket 0N/A // got the native MS Kerberos TGT 50N/A typedef struct _KERB_RETRIEVE_TKT_RESPONSE { 50N/A KERB_EXTERNAL_TICKET Ticket; 50N/A } KERB_RETRIEVE_TKT_RESPONSE, *PKERB_RETRIEVE_TKT_RESPONSE; 50N/A typedef struct _KERB_EXTERNAL_TICKET { 50N/A PKERB_EXTERNAL_NAME ServiceName; 50N/A PKERB_EXTERNAL_NAME TargetName; 50N/A PKERB_EXTERNAL_NAME ClientName; 50N/A UNICODE_STRING DomainName; 50N/A UNICODE_STRING TargetDomainName; 50N/A UNICODE_STRING AltTargetDomainName; 50N/A KERB_CRYPTO_KEY SessionKey; 50N/A LARGE_INTEGER KeyExpirationTime; 50N/A LARGE_INTEGER StartTime; 50N/A LARGE_INTEGER EndTime; 50N/A LARGE_INTEGER RenewUntil; 50N/A LARGE_INTEGER TimeSkew; 50N/A ULONG EncodedTicketSize; 50N/A PUCHAR EncodedTicket; <========== Here's the good stuff 50N/A } KERB_EXTERNAL_TICKET, *PKERB_EXTERNAL_TICKET; 50N/A typedef struct _KERB_EXTERNAL_NAME { 50N/A UNICODE_STRING Names[ANYSIZE_ARRAY]; 50N/A } KERB_EXTERNAL_NAME, *PKERB_EXTERNAL_NAME; 50N/A typedef struct _LSA_UNICODE_STRING { 50N/A USHORT MaximumLength; 50N/A } LSA_UNICODE_STRING, *PLSA_UNICODE_STRING; 50N/A typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING; 50N/A typedef struct KERB_CRYPTO_KEY { 50N/A } KERB_CRYPTO_KEY, *PKERB_CRYPTO_KEY; 0N/A // OK, have a Ticket, now need to get the client name 0N/A // and the "name" of tgt 0N/A // Get the encryption key 0N/A // and the ticket flags 0N/A // Get the start time 0N/A * mdu: No point storing the eky expiration time in the auth 0N/A * time field. Set it to be same as startTime. Looks like 0N/A * windows does not have post-dated tickets. 0N/A // Get the renew till time 0N/A // and now go build a KrbCreds object 50N/A // clean up resources 50N/A // Set up the "krbtgt/" target prefix into a UNICODE_STRING so we 50N/A // can easily concatenate it later. 50N/A // We will need to concatenate the "krbtgt/" prefix and the 50N/A // Logon Session's DnsDomainName into our request's target name. 50N/A // Therefore, first compute the necessary buffer size for that. 50N/A // Note that we might theoretically have integer overflow. 50N/A // The ticket request buffer needs to be a single buffer. That buffer 50N/A // needs to include the buffer for the target name. 50N/A // Allocate the request buffer and make sure it's zero-filled. 50N/A // Concatenate the target prefix with the previous reponse's 50N/A // The buffers for Source1 and Source2 cannot overlap pTarget's 50N/A // buffer. Source1.Length + Source2.Length must be <= 0xFFFF, 50N/A // otherwise we overflow... 1103N/A // ExitProcess(EXIT_FAILURE); 0N/A // Convert the NTSTATUS to Winerror. Then call ShowLastError(). 50N/A /* To build a Ticket, we first need to build a DerValue out of the EncodedTicket. 50N/A * But before we can do that, we need to make a byte array out of the ET. 50N/A * To build the Principal, we need to get the names out of 50N/A * this goofy MS structure 1103N/A printf(
"LSA: Can't allocate String array for Principal\n");
50N/A // get the principal name 50N/A // OK, got a Char array, so construct a String 50N/A // Set the String into the StringArray 50N/A // Do I have to worry about storage reclamation here? 50N/A // now set the realm in the principal 50N/A // free local resources 50N/A // First, need to build a byte array 50N/A * mdu: Convert the bytes to nework byte order before copying 50N/A * them to a Java byte array. 50N/A // XXX Cannot use %02.2ld, because the leading 0 is ignored for integers. 50N/A // So, print them to strings, and then print them to the master string with a 50N/A // format pattern that makes it two digits and prefix with a 0 if necessary. 50N/A L
"%ld%02.2s%02.2s%02.2s%02.2s%02.2sZ",