OpenJDK / jdk / jdk
changeset 56395:e4ce29f6094e
8228659: Record which Java methods are called by native codes in JGSS and JAAS
Reviewed-by: mullan
line wrap: on
line diff
--- a/src/java.security.jgss/macosx/native/libosxkrb5/nativeccache.c Wed Sep 25 14:48:39 2019 +0530 +++ b/src/java.security.jgss/macosx/native/libosxkrb5/nativeccache.c Wed Sep 25 17:54:21 2019 +0800 @@ -43,7 +43,6 @@ * Statics for this module */ -static jclass derValueClass = NULL; static jclass ticketClass = NULL; static jclass principalNameClass = NULL; static jclass encryptionKeyClass = NULL; @@ -54,7 +53,6 @@ static jclass hostAddressClass = NULL; static jclass hostAddressesClass = NULL; -static jmethodID derValueConstructor = 0; static jmethodID ticketConstructor = 0; static jmethodID principalNameConstructor = 0; static jmethodID encryptionKeyConstructor = 0; @@ -108,9 +106,6 @@ principalNameClass = FindClass(env, "sun/security/krb5/PrincipalName"); if (principalNameClass == NULL) return JNI_ERR; - derValueClass = FindClass(env, "sun/security/util/DerValue"); - if (derValueClass == NULL) return JNI_ERR; - encryptionKeyClass = FindClass(env, "sun/security/krb5/EncryptionKey"); if (encryptionKeyClass == NULL) return JNI_ERR; @@ -132,13 +127,7 @@ hostAddressesClass = FindClass(env,"sun/security/krb5/internal/HostAddresses"); if (hostAddressesClass == NULL) return JNI_ERR; - derValueConstructor = (*env)->GetMethodID(env, derValueClass, "<init>", "([B)V"); - if (derValueConstructor == 0) { - printf("Couldn't find DerValue constructor\n"); - return JNI_ERR; - } - - ticketConstructor = (*env)->GetMethodID(env, ticketClass, "<init>", "(Lsun/security/util/DerValue;)V"); + ticketConstructor = (*env)->GetMethodID(env, ticketClass, "<init>", "([B)V"); if (ticketConstructor == 0) { printf("Couldn't find Ticket constructor\n"); return JNI_ERR; @@ -204,9 +193,6 @@ if (ticketClass != NULL) { (*env)->DeleteWeakGlobalRef(env,ticketClass); } - if (derValueClass != NULL) { - (*env)->DeleteWeakGlobalRef(env,derValueClass); - } if (principalNameClass != NULL) { (*env)->DeleteWeakGlobalRef(env,principalNameClass); } @@ -421,11 +407,9 @@ jobject BuildTicket(JNIEnv *env, krb5_data *encodedTicket) { - /* To build a Ticket, we first need to build a DerValue out of the EncodedTicket. - * But before we can do that, we need to make a byte array out of the ET. - */ + // To build a Ticket, we need to make a byte array out of the EncodedTicket. - jobject derValue, ticket; + jobject ticket; jbyteArray ary; ary = (*env)->NewByteArray(env, encodedTicket->length); @@ -439,19 +423,12 @@ return (jobject) NULL; } - derValue = (*env)->NewObject(env, derValueClass, derValueConstructor, ary); + ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, ary); if ((*env)->ExceptionCheck(env)) { (*env)->DeleteLocalRef(env, ary); return (jobject) NULL; } - (*env)->DeleteLocalRef(env, ary); - ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, derValue); - if ((*env)->ExceptionCheck(env)) { - (*env)->DeleteLocalRef(env, derValue); - return (jobject) NULL; - } - (*env)->DeleteLocalRef(env, derValue); return ticket; }
--- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSCredElement.java Wed Sep 25 14:48:39 2019 +0530 +++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSCredElement.java Wed Sep 25 17:54:21 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -61,6 +61,7 @@ } // Construct delegation cred using the actual context mech and srcName + // Warning: called by NativeUtil.c GSSCredElement(long pCredentials, GSSNameElement srcName, Oid mech) throws GSSException { pCred = pCredentials;
--- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSLibStub.java Wed Sep 25 14:48:39 2019 +0530 +++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSLibStub.java Wed Sep 25 17:54:21 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -43,7 +43,7 @@ class GSSLibStub { private Oid mech; - private long pMech; + private long pMech; // Warning: used by NativeUtil.c /** * Initialization routine to dynamically load function pointers.
--- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java Wed Sep 25 14:48:39 2019 +0530 +++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java Wed Sep 25 17:54:21 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -97,6 +97,7 @@ printableName = "<DEFAULT ACCEPTOR>"; } + // Warning: called by NativeUtil.c GSSNameElement(long pNativeName, GSSLibStub stub) throws GSSException { assert(stub != null); if (pNativeName == 0) {
--- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java Wed Sep 25 14:48:39 2019 +0530 +++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java Wed Sep 25 17:54:21 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -59,20 +59,22 @@ private static final int NUM_OF_INQUIRE_VALUES = 6; + // Warning: The following 9 fields are used by NativeUtil.c private long pContext = 0; // Pointer to the gss_ctx_id_t structure private GSSNameElement srcName; private GSSNameElement targetName; - private GSSCredElement cred; - private GSSCredElement disposeCred; private boolean isInitiator; private boolean isEstablished; + private GSSCredElement delegatedCred; + private int flags; + private int lifetime = GSSCredential.DEFAULT_LIFETIME; private Oid actualMech; // Assigned during context establishment + private GSSCredElement cred; + private GSSCredElement disposeCred; + private ChannelBinding cb; - private GSSCredElement delegatedCred; private GSSCredElement disposeDelegatedCred; - private int flags; - private int lifetime = GSSCredential.DEFAULT_LIFETIME; private final GSSLibStub cStub; private boolean skipDelegPermCheck; @@ -231,6 +233,7 @@ } // Constructor for imported context + // Warning: called by NativeUtil.c NativeGSSContext(long pCtxt, GSSLibStub stub) throws GSSException { assert(pContext != 0); pContext = pCtxt;
--- a/src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java Wed Sep 25 14:48:39 2019 +0530 +++ b/src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java Wed Sep 25 17:54:21 2019 +0800 @@ -88,6 +88,7 @@ this.authzData = authzData; } + // Warning: called by NativeCreds.c and nativeccache.c public Credentials(Ticket new_ticket, PrincipalName new_client, PrincipalName new_client_alias,
--- a/src/java.security.jgss/share/classes/sun/security/krb5/EncryptionKey.java Wed Sep 25 14:48:39 2019 +0530 +++ b/src/java.security.jgss/share/classes/sun/security/krb5/EncryptionKey.java Wed Sep 25 17:54:21 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -218,8 +218,8 @@ * credential cache file. * */ - // Used in JSSE (KerberosWrapper), Credentials, - // javax.security.auth.kerberos.KeyImpl + // Used in Credentials, and javax.security.auth.kerberos.KeyImpl + // Warning: called by NativeCreds.c and nativeccache.c public EncryptionKey(int keyType, byte[] keyValue) { this(keyValue, keyType, null);
--- a/src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java Wed Sep 25 14:48:39 2019 +0530 +++ b/src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java Wed Sep 25 17:54:21 2019 +0800 @@ -158,7 +158,7 @@ this.realmDeduced = false; } - // This method is called by Windows NativeCred.c + // Warning: called by NativeCreds.c public PrincipalName(String[] nameParts, String realm) throws RealmException { this(KRB_NT_UNKNOWN, nameParts, new Realm(realm)); } @@ -484,6 +484,7 @@ } } + // Warning: called by nativeccache.c public PrincipalName(String name, int type) throws RealmException { this(name, type, (String)null); }
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddress.java Wed Sep 25 14:48:39 2019 +0530 +++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddress.java Wed Sep 25 17:54:21 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -165,6 +165,8 @@ /** * Creates a HostAddress from the specified address and address type. * + * Warning: called by nativeccache.c. + * * @param new_addrType the value of the address type which matches the defined * address family constants in the Berkeley Standard * Distributions of Unix.
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddresses.java Wed Sep 25 14:48:39 2019 +0530 +++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddresses.java Wed Sep 25 17:54:21 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -68,6 +68,7 @@ private HostAddress[] addresses = null; private volatile int hashCode = 0; + // Warning: called by nativeccache.c public HostAddresses(HostAddress[] new_addresses) throws IOException { if (new_addresses != null) { addresses = new HostAddress[new_addresses.length];
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/KerberosTime.java Wed Sep 25 14:48:39 2019 +0530 +++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/KerberosTime.java Wed Sep 25 17:54:21 2019 +0800 @@ -88,8 +88,7 @@ this(time, 0); } - // This constructor is used in the native code - // src/windows/native/sun/security/krb5/NativeCreds.c + // Warning: called by NativeCreds.c and nativeccache.c public KerberosTime(String time) throws Asn1Exception { this(toKerberosTime(time), 0); }
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/Krb5.java Wed Sep 25 14:48:39 2019 +0530 +++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/Krb5.java Wed Sep 25 17:54:21 2019 +0800 @@ -309,7 +309,7 @@ return errMsgList.get(i); } - + // Warning: used by NativeCreds.c public static final boolean DEBUG = GetBooleanAction .privilegedGetProperty("sun.security.krb5.debug");
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/Ticket.java Wed Sep 25 14:48:39 2019 +0530 +++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/Ticket.java Wed Sep 25 17:54:21 2019 +0800 @@ -83,6 +83,7 @@ encPart = new_encPart; } + // Warning: called by NativeCreds.c and nativeccache.c public Ticket(byte[] data) throws Asn1Exception, RealmException, KrbApErrException, IOException { init(new DerValue(data));
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/TicketFlags.java Wed Sep 25 14:48:39 2019 +0530 +++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/TicketFlags.java Wed Sep 25 17:54:21 2019 +0800 @@ -67,6 +67,7 @@ } } + // Warning: called by NativeCreds.c and nativeccache.c public TicketFlags(int size, byte[] data) throws Asn1Exception { super(size, data); if ((size > data.length * BITS_PER_UNIT) || (size > Krb5.TKT_OPTS_MAX + 1))
--- a/src/java.security.jgss/windows/native/libw2k_lsa_auth/NativeCreds.c Wed Sep 25 14:48:39 2019 +0530 +++ b/src/java.security.jgss/windows/native/libw2k_lsa_auth/NativeCreds.c Wed Sep 25 17:54:21 2019 +0800 @@ -54,7 +54,6 @@ * Library-wide static references */ -jclass derValueClass = NULL; jclass ticketClass = NULL; jclass principalNameClass = NULL; jclass encryptionKeyClass = NULL; @@ -62,7 +61,6 @@ jclass kerberosTimeClass = NULL; jclass javaLangStringClass = NULL; -jmethodID derValueConstructor = 0; jmethodID ticketConstructor = 0; jmethodID principalNameConstructor = 0; jmethodID encryptionKeyConstructor = 0; @@ -172,24 +170,6 @@ printf("LSA: Made NewWeakGlobalRef\n"); } - cls = (*env)->FindClass(env,"sun/security/util/DerValue"); - - if (cls == NULL) { - printf("LSA: Couldn't find DerValue\n"); - return JNI_ERR; - } - if (native_debug) { - printf("LSA: Found DerValue\n"); - } - - derValueClass = (*env)->NewWeakGlobalRef(env,cls); - if (derValueClass == NULL) { - return JNI_ERR; - } - if (native_debug) { - printf("LSA: Made NewWeakGlobalRef\n"); - } - cls = (*env)->FindClass(env,"sun/security/krb5/EncryptionKey"); if (cls == NULL) { @@ -262,18 +242,8 @@ printf("LSA: Made NewWeakGlobalRef\n"); } - derValueConstructor = (*env)->GetMethodID(env, derValueClass, - "<init>", "([B)V"); - if (derValueConstructor == 0) { - printf("LSA: Couldn't find DerValue constructor\n"); - return JNI_ERR; - } - if (native_debug) { - printf("LSA: Found DerValue constructor\n"); - } - ticketConstructor = (*env)->GetMethodID(env, ticketClass, - "<init>", "(Lsun/security/util/DerValue;)V"); + "<init>", "([B)V"); if (ticketConstructor == 0) { printf("LSA: Couldn't find Ticket constructor\n"); return JNI_ERR; @@ -347,9 +317,6 @@ if (ticketClass != NULL) { (*env)->DeleteWeakGlobalRef(env,ticketClass); } - if (derValueClass != NULL) { - (*env)->DeleteWeakGlobalRef(env,derValueClass); - } if (principalNameClass != NULL) { (*env)->DeleteWeakGlobalRef(env,principalNameClass); } @@ -897,11 +864,9 @@ jobject BuildTicket(JNIEnv *env, PUCHAR encodedTicket, ULONG encodedTicketSize) { - /* To build a Ticket, we first need to build a DerValue out of the EncodedTicket. - * But before we can do that, we need to make a byte array out of the ET. - */ + // To build a Ticket, we need to make a byte array out of the EncodedTicket. - jobject derValue, ticket; + jobject ticket; jbyteArray ary; ary = (*env)->NewByteArray(env,encodedTicketSize); @@ -916,19 +881,12 @@ return (jobject) NULL; } - derValue = (*env)->NewObject(env, derValueClass, derValueConstructor, ary); + ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, ary); if ((*env)->ExceptionOccurred(env)) { (*env)->DeleteLocalRef(env, ary); return (jobject) NULL; } - (*env)->DeleteLocalRef(env, ary); - ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, derValue); - if ((*env)->ExceptionOccurred(env)) { - (*env)->DeleteLocalRef(env, derValue); - return (jobject) NULL; - } - (*env)->DeleteLocalRef(env, derValue); return ticket; }
--- a/src/jdk.security.auth/share/classes/com/sun/security/auth/module/NTSystem.java Wed Sep 25 14:48:39 2019 +0530 +++ b/src/jdk.security.auth/share/classes/com/sun/security/auth/module/NTSystem.java Wed Sep 25 17:54:21 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -35,12 +35,14 @@ private native void getCurrent(boolean debug); private native long getImpersonationToken0(); + // Warning: the next 6 fields are used by nt.c private String userName; private String domain; private String domainSID; private String userSID; private String[] groupIDs; private String primaryGroupID; + private long impersonationToken; /**
--- a/src/jdk.security.auth/share/classes/com/sun/security/auth/module/UnixSystem.java Wed Sep 25 14:48:39 2019 +0530 +++ b/src/jdk.security.auth/share/classes/com/sun/security/auth/module/UnixSystem.java Wed Sep 25 17:54:21 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,6 +33,7 @@ private native void getUnixInfo(); + // Warning: the following 4 fields are used by Unix.c protected String username; protected long uid; protected long gid;