sspiContext = new WindowsSecurityContextImpl(); sspiContext.setPrincipalName(targetName); sspiContext.setCredentialsHandle(clientCredentials); sspiContext.setSecurityPackage(securityPackage); sspiContext.initialize(null, null, targetName); } catch (Win32Exception ex) { throw new PSQLException("Could not initialize SSPI security context", sendSSPIResponse(sspiContext.getToken()); LOGGER.log(Level.FINEST, "Sent first SSPI negotiation message"); } catch (NoClassDefFoundError ex) {
/** * Continue an existing authentication conversation with the back-end in resonse to an * authentication request of type AUTH_REQ_GSS_CONT. * * @param msgLength Length of message to read, excluding length word and message type word * @throws SQLException if something wrong happens * @throws IOException if something wrong happens */ public void continueSSPI(int msgLength) throws SQLException, IOException { if (sspiContext == null) { throw new IllegalStateException("Cannot continue SSPI authentication that we didn't begin"); } LOGGER.log(Level.FINEST, "Continuing SSPI negotiation"); /* Read the response token from the server */ byte[] receivedToken = pgStream.receive(msgLength); SecBufferDesc continueToken = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, receivedToken); sspiContext.initialize(sspiContext.getHandle(), continueToken, targetName); /* * Now send the response token. If negotiation is complete there may be zero bytes to send, in * which case we shouldn't send a reply as the server is not expecting one; see fe-auth.c in * libpq for details. */ byte[] responseToken = sspiContext.getToken(); if (responseToken.length > 0) { sendSSPIResponse(responseToken); LOGGER.log(Level.FINEST, "Sent SSPI negotiation continuation message"); } else { LOGGER.log(Level.FINEST, "SSPI authentication complete, no reply required"); } }
/** * Clean up native win32 resources after completion or failure of SSPI authentication. This * SSPIClient instance becomes unusable after disposal. */ public void dispose() { if (sspiContext != null) { sspiContext.dispose(); sspiContext = null; } if (clientCredentials != null) { clientCredentials.dispose(); clientCredentials = null; } } }
pfClientContextAttr, null); sc = new WindowsSecurityContextImpl(); sc.setCredentialsHandle(serverCredential); sc.setSecurityPackage(securityPackage); sc.setSecurityContext(phNewServerContext); sc.dispose(); WindowsSecurityContextImpl.dispose(continueHandle); break; case WinError.SEC_E_OK: sc.setToken(pbServerToken.getBytes() == null ? new byte[0] : pbServerToken.getBytes().clone()); sc.setContinue(false); break; case WinError.SEC_I_CONTINUE_NEEDED: sc.setToken(pbServerToken.getBytes() == null ? new byte[0] : pbServerToken.getBytes().clone()); sc.setContinue(true); break; default: sc.dispose(); WindowsSecurityContextImpl.dispose(continueHandle); this.continueContexts.asMap().remove(connectionId); throw new Win32Exception(rc);
pfClientContextAttr, null); sc = new WindowsSecurityContextImpl(); sc.setCredentialsHandle(serverCredential); sc.setSecurityPackage(securityPackage); sc.setSecurityContext(phNewServerContext); sc.dispose(); WindowsSecurityContextImpl.dispose(continueHandle); break; case WinError.SEC_E_OK: sc.setToken(pbServerToken.getBytes() == null ? new byte[0] : pbServerToken.getBytes().clone()); sc.setContinue(false); break; case WinError.SEC_I_CONTINUE_NEEDED: sc.setToken(pbServerToken.getBytes() == null ? new byte[0] : pbServerToken.getBytes().clone()); sc.setContinue(true); break; default: sc.dispose(); WindowsSecurityContextImpl.dispose(continueHandle); this.resetSecurityToken(connectionId); throw new Win32Exception(rc);
/** * Get the current Windows security context for a given SSPI package. * * @param securityPackage * SSPI package. * @param targetName * The target of the context. The string contents are security-package specific. * @return Windows security context. */ public static IWindowsSecurityContext getCurrent(final String securityPackage, final String targetName) { IWindowsCredentialsHandle credentialsHandle = WindowsCredentialsHandleImpl.getCurrent(securityPackage); credentialsHandle.initialize(); try { final WindowsSecurityContextImpl ctx = new WindowsSecurityContextImpl(); ctx.setPrincipalName(WindowsAccountImpl.getCurrentUsername()); ctx.setCredentialsHandle(credentialsHandle); ctx.setSecurityPackage(securityPackage); ctx.initialize(null, null, targetName); // Starting from here ctx 'owns' the credentials handle, so let's null out the // variable. This will prevent the finally block below from disposing it right away. credentialsHandle = null; return ctx; } finally { if (credentialsHandle != null) { credentialsHandle.dispose(); } } }
pfClientContextAttr, null); sc = new WindowsSecurityContextImpl(); sc.setCredentialsHandle(serverCredential); sc.setSecurityPackage(securityPackage); sc.setSecurityContext(phNewServerContext); sc.dispose(); WindowsSecurityContextImpl.dispose(continueHandle); break; case WinError.SEC_E_OK: sc.setToken(pbServerToken.getBuffer(0).getBytes() == null ? new byte[0] : pbServerToken.getBuffer(0).getBytes().clone()); sc.setContinue(false); break; case WinError.SEC_I_CONTINUE_NEEDED: sc.setToken(pbServerToken.getBuffer(0).getBytes() == null ? new byte[0] : pbServerToken.getBuffer(0).getBytes().clone()); sc.setContinue(true); break; default: sc.dispose(); WindowsSecurityContextImpl.dispose(continueHandle); this.resetSecurityToken(connectionId); throw new Win32Exception(rc);
@Override public void dispose() { WindowsSecurityContextImpl.dispose(this.ctx); if (this.credentials != null) { this.credentials.dispose(); } }
/** * Get the current Windows security context for a given SSPI package. * * @param securityPackage * SSPI package. * @param targetName * The target of the context. The string contents are security-package specific. * @return Windows security context. */ public static IWindowsSecurityContext getCurrent(final String securityPackage, final String targetName) { IWindowsCredentialsHandle credentialsHandle = WindowsCredentialsHandleImpl.getCurrent(securityPackage); credentialsHandle.initialize(); try { final WindowsSecurityContextImpl ctx = new WindowsSecurityContextImpl(); ctx.setPrincipalName(WindowsAccountImpl.getCurrentUsername()); ctx.setCredentialsHandle(credentialsHandle); ctx.setSecurityPackage(securityPackage); ctx.initialize(null, null, targetName); // Starting from here ctx 'owns' the credentials handle, so let's null out the // variable. This will prevent the finally block below from disposing it right away. credentialsHandle = null; return ctx; } finally { if (credentialsHandle != null) { credentialsHandle.dispose(); } } }
@Override public void dispose() { WindowsSecurityContextImpl.dispose(this.ctx); if (this.credentials != null) { this.credentials.dispose(); } }
/** * Get the current Windows security context for a given SSPI package. * * @param securityPackage * SSPI package. * @param targetName * The target of the context. The string contents are security-package specific. * @return Windows security context. */ public static IWindowsSecurityContext getCurrent(final String securityPackage, final String targetName) { IWindowsCredentialsHandle credentialsHandle = WindowsCredentialsHandleImpl.getCurrent(securityPackage); credentialsHandle.initialize(); try { final WindowsSecurityContextImpl ctx = new WindowsSecurityContextImpl(); ctx.setPrincipalName(WindowsAccountImpl.getCurrentUsername()); ctx.setCredentialsHandle(credentialsHandle); ctx.setSecurityPackage(securityPackage); ctx.initialize(null, null, targetName); // Starting from here ctx 'owns' the credentials handle, so let's null out the // variable. This will prevent the finally block below from disposing it right away. credentialsHandle = null; return ctx; } finally { if (credentialsHandle != null) { credentialsHandle.dispose(); } } }
@Override public void dispose() { WindowsSecurityContextImpl.dispose(this.ctx); if (this.credentials != null) { this.credentials.dispose(); } }
WindowsSecurityContextImpl clientContext = new WindowsSecurityContextImpl(); clientContext.setPrincipalName(Advapi32Util.getUserName()); clientContext.setCredentialsHandle(credentials.getHandle()); clientContext.setSecurityPackage(securityPackage); clientContext.initialize(); clientContext.initialize(clientContext.getHandle(), continueToken); serverContext = provider.acceptSecurityToken(clientContext.getToken(), "Negotiate"); } while (clientContext.getContinue() || serverContext.getContinue());
clientCredentials.initialize(); clientContext = new WindowsSecurityContextImpl(); clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername()); clientContext.setCredentialsHandle(clientCredentials.getHandle()); clientContext.setSecurityPackage(securityPackage); clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername()); Sspi.SecBufferDesc continueTokenBuffer = new Sspi. SecBufferDesc(Sspi.SECBUFFER_TOKEN, continueTokenBytes); clientContext.initialize(clientContext.getHandle(), continueTokenBuffer, "localhost"); token = Base64.encode(clientContext.getToken()); } catch (Exception e) { log.error("Error while validating the NTLM authentication grant", e);
clientCredentials.initialize(); clientContext = new WindowsSecurityContextImpl(); clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername()); clientContext.setCredentialsHandle(clientCredentials.getHandle()); clientContext.setSecurityPackage(securityPackage); clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername()); Sspi.SecBufferDesc continueTokenBuffer = new Sspi. SecBufferDesc(Sspi.SECBUFFER_TOKEN, continueTokenBytes); clientContext.initialize(clientContext.getHandle(), continueTokenBuffer, "localhost"); token = Base64.encode(clientContext.getToken()); } catch (Exception e) { log.error("Error while validating the NTLM authentication grant", e);