/* * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ #include #include #include #include #include #include #include #include #include #include #include #include "jni_util.h" #define SECURITY_WIN32 #include "sspi.h" static void endSequence (PCredHandle credHand, PCtxtHandle ctxHandle, JNIEnv *env, jobject status); static jfieldID ntlm_ctxHandleID; static jfieldID ntlm_crdHandleID; static jfieldID status_seqCompleteID; static HINSTANCE lib = NULL; JNIEXPORT void JNICALL Java_sun_net_www_protocol_http_ntlm_NTLMAuthSequence_initFirst (JNIEnv *env, jclass authseq_clazz, jclass status_clazz) { ntlm_ctxHandleID = (*env)->GetFieldID(env, authseq_clazz, "ctxHandle", "J"); CHECK_NULL(ntlm_ctxHandleID); ntlm_crdHandleID = (*env)->GetFieldID(env, authseq_clazz, "crdHandle", "J"); CHECK_NULL(ntlm_crdHandleID); status_seqCompleteID = (*env)->GetFieldID(env, status_clazz, "sequenceComplete", "Z"); } /* * Class: sun_net_www_protocol_http_NTLMAuthSequence * Method: getCredentialsHandle * Signature: (Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)J */ JNIEXPORT jlong JNICALL Java_sun_net_www_protocol_http_ntlm_NTLMAuthSequence_getCredentialsHandle (JNIEnv *env, jobject this, jstring user, jstring domain, jstring password) { SEC_WINNT_AUTH_IDENTITY AuthId; SEC_WINNT_AUTH_IDENTITY * pAuthId; const CHAR *pUser = 0; const CHAR *pDomain = 0; const CHAR *pPassword = 0; CredHandle *pCred; TimeStamp ltime; jboolean isCopy; SECURITY_STATUS ss; if (user != 0) { pUser = JNU_GetStringPlatformChars(env, user, &isCopy); if (pUser == NULL) return 0; // pending Exception } if (domain != 0) { pDomain = JNU_GetStringPlatformChars(env, domain, &isCopy); if (pDomain == NULL) { if (pUser != NULL) JNU_ReleaseStringPlatformChars(env, user, pUser); return 0; // pending Exception } } if (password != 0) { pPassword = JNU_GetStringPlatformChars(env, password, &isCopy); if (pPassword == NULL) { if(pUser != NULL) JNU_ReleaseStringPlatformChars(env, user, pUser); if(pDomain != NULL) JNU_ReleaseStringPlatformChars(env, domain, pDomain); return 0; // pending Exception } } pCred = (CredHandle *)malloc(sizeof (CredHandle)); if (pCred == NULL) { JNU_ThrowOutOfMemoryError(env, "native memory allocation failed"); if (pUser != NULL) JNU_ReleaseStringPlatformChars(env, user, pUser); if (pPassword != NULL) JNU_ReleaseStringPlatformChars(env, password, pPassword); if (pDomain != NULL) JNU_ReleaseStringPlatformChars(env, domain, pDomain); return NULL; } if ( ((pUser != NULL) || (pPassword != NULL)) || (pDomain != NULL)) { pAuthId = &AuthId; memset( &AuthId, 0, sizeof( AuthId )); if ( pUser != NULL ) { AuthId.User = (unsigned char *) pUser; AuthId.UserLength = (unsigned long) strlen( pUser ); } if ( pPassword != NULL ) { AuthId.Password = (unsigned char *) pPassword; AuthId.PasswordLength = (unsigned long) strlen( pPassword ); } if ( pDomain != NULL ) { AuthId.Domain = (unsigned char *) pDomain; AuthId.DomainLength = (unsigned long) strlen( pDomain ); } AuthId.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI; } else { pAuthId = NULL; } ss = AcquireCredentialsHandleA( NULL, "NTLM", SECPKG_CRED_OUTBOUND, NULL, pAuthId, NULL, NULL, pCred, <ime ); /* Release resources held by JNU_GetStringPlatformChars */ if (pUser != NULL) JNU_ReleaseStringPlatformChars(env, user, pUser); if (pPassword != NULL) JNU_ReleaseStringPlatformChars(env, password, pPassword); if (pDomain != NULL) JNU_ReleaseStringPlatformChars(env, domain, pDomain); if (ss == 0) { return (jlong) pCred; } else { return 0; } } /* * Class: sun_net_www_protocol_http_ntlm_NTLMAuthSequence * Method: getNextToken * Signature: (J[BLsun/net/www/protocol/http/ntlm/NTLMAuthSequence/Status;)[B */ JNIEXPORT jbyteArray JNICALL Java_sun_net_www_protocol_http_ntlm_NTLMAuthSequence_getNextToken (JNIEnv *env, jobject this, jlong crdHandle, jbyteArray lastToken, jobject status) { VOID *pInput = 0; DWORD inputLen; CHAR buffOut[1024]; jboolean isCopy; SECURITY_STATUS ss; SecBufferDesc OutBuffDesc; SecBuffer OutSecBuff; SecBufferDesc InBuffDesc; SecBuffer InSecBuff; ULONG ContextAttributes; CredHandle *pCred = (CredHandle *)crdHandle; CtxtHandle *pCtx; CtxtHandle *newContext; TimeStamp ltime; jbyteArray result; pCtx = (CtxtHandle *) (*env)->GetLongField (env, this, ntlm_ctxHandleID); if (pCtx == 0) { /* first call */ newContext = (CtxtHandle *)malloc(sizeof(CtxtHandle)); if (newContext != NULL) { (*env)->SetLongField (env, this, ntlm_ctxHandleID, (jlong)newContext); } else { JNU_ThrowOutOfMemoryError(env, "native memory allocation failed"); return NULL; } } else { newContext = pCtx; } OutBuffDesc.ulVersion = 0; OutBuffDesc.cBuffers = 1; OutBuffDesc.pBuffers = &OutSecBuff; OutSecBuff.cbBuffer = 1024; OutSecBuff.BufferType = SECBUFFER_TOKEN; OutSecBuff.pvBuffer = buffOut; /* * Prepare our Input buffer - Note the server is expecting the client's * negotiation packet on the first call */ if (lastToken != 0) { pInput = (VOID *)(*env)->GetByteArrayElements(env, lastToken, &isCopy); CHECK_NULL_RETURN(pInput, NULL); inputLen = (*env)->GetArrayLength(env, lastToken); InBuffDesc.ulVersion = 0; InBuffDesc.cBuffers = 1; InBuffDesc.pBuffers = &InSecBuff; InSecBuff.cbBuffer = inputLen; InSecBuff.BufferType = SECBUFFER_TOKEN; InSecBuff.pvBuffer = pInput; } /* * will return success when its done but we still * need to send the out buffer if there are bytes to send */ ss = InitializeSecurityContextA( pCred, pCtx, NULL, 0, 0, SECURITY_NATIVE_DREP, lastToken ? &InBuffDesc : NULL, 0, newContext, &OutBuffDesc, &ContextAttributes, <ime ); if (pInput != 0) { (*env)->ReleaseByteArrayElements(env, lastToken, pInput, JNI_ABORT); } if (ss < 0) { endSequence (pCred, pCtx, env, status); return 0; } if ((ss == SEC_I_COMPLETE_NEEDED) || (ss == SEC_I_COMPLETE_AND_CONTINUE) ) { ss = CompleteAuthToken( pCtx, &OutBuffDesc ); if (ss < 0) { endSequence (pCred, pCtx, env, status); return 0; } } if ( OutSecBuff.cbBuffer > 0 ) { jbyteArray ret = (*env)->NewByteArray(env, OutSecBuff.cbBuffer); if (ret != NULL) { (*env)->SetByteArrayRegion(env, ret, 0, OutSecBuff.cbBuffer, OutSecBuff.pvBuffer); } if (lastToken != 0) // 2nd stage endSequence (pCred, pCtx, env, status); result = ret; } if ((ss != SEC_I_CONTINUE_NEEDED) && (ss == SEC_I_COMPLETE_AND_CONTINUE)) { endSequence (pCred, pCtx, env, status); } return result; } static void endSequence (PCredHandle credHand, PCtxtHandle ctxHandle, JNIEnv *env, jobject status) { if (credHand != 0) { FreeCredentialsHandle(credHand); free(credHand); } if (ctxHandle != 0) { DeleteSecurityContext(ctxHandle); free(ctxHandle); } /* Sequence is complete so set flag */ (*env)->SetBooleanField(env, status, status_seqCompleteID, JNI_TRUE); }