/** * Clean up native win32 resources after completion or failure of SSPI authentication. This * SSPIClient instance becomes unusable after disposal. */ public void dispose() { if (sspiContext != null) { sspiContext.dispose(); sspiContext = null; } if (clientCredentials != null) { clientCredentials.dispose(); clientCredentials = null; } } }
clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage); clientCredentials.initialize(); } catch (Win32Exception ex) { sspiContext = new WindowsSecurityContextImpl(); sspiContext.setPrincipalName(targetName); sspiContext.setCredentialsHandle(clientCredentials); sspiContext.setSecurityPackage(securityPackage); sspiContext.initialize(null, null, targetName); } catch (Win32Exception ex) { throw new PSQLException("Could not initialize SSPI security context", sendSSPIResponse(sspiContext.getToken()); LOGGER.log(Level.FINEST, "Sent first SSPI negotiation message"); } catch (NoClassDefFoundError ex) {
/** * Continue an existing authentication conversation with the back-end in resonse to an * authentication request of type AUTH_REQ_GSS_CONT. * * @param msgLength Length of message to read, excluding length word and message type word * @throws SQLException if something wrong happens * @throws IOException if something wrong happens */ public void continueSSPI(int msgLength) throws SQLException, IOException { if (sspiContext == null) { throw new IllegalStateException("Cannot continue SSPI authentication that we didn't begin"); } LOGGER.log(Level.FINEST, "Continuing SSPI negotiation"); /* Read the response token from the server */ byte[] receivedToken = pgStream.receive(msgLength); SecBufferDesc continueToken = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, receivedToken); sspiContext.initialize(sspiContext.getHandle(), continueToken, targetName); /* * Now send the response token. If negotiation is complete there may be zero bytes to send, in * which case we shouldn't send a reply as the server is not expecting one; see fe-auth.c in * libpq for details. */ byte[] responseToken = sspiContext.getToken(); if (responseToken.length > 0) { sendSSPIResponse(responseToken); LOGGER.log(Level.FINEST, "Sent SSPI negotiation continuation message"); } else { LOGGER.log(Level.FINEST, "SSPI authentication complete, no reply required"); } }
@Override public String getFqn() { return this.getWindowsAccount().fqn; }
@Override public IWindowsIdentity logonDomainUser(final String username, final String domain, final String password) { return this.logonDomainUserEx(username, domain, password, WinBase.LOGON32_LOGON_NETWORK, WinBase.LOGON32_PROVIDER_DEFAULT); }
@Override public String getTrustTypeString() { return this.trustType.toString(); }
@Override public IWindowsAccount lookupAccount(final String username) { return new WindowsAccountImpl(username); }
@Override public IWindowsImpersonationContext impersonate() { return new WindowsIdentityImpersonationContextImpl(this.windowsIdentity); }
@Override public IWindowsImpersonationContext impersonate() { return new WindowsSecurityContextImpersonationContextImpl(this.ctx); }
@Override public String getTrustDirectionString() { return this.trustDirection.toString(); }
/** * Instantiates a new negotiate authentication realm. */ public NegotiateAuthenticationRealm() { this.windowsAuthProvider = new WindowsAuthProviderImpl(); }
@Override public String getFqn() { return this.getWindowsAccount().fqn; }
@Override public IWindowsIdentity logonDomainUser(final String username, final String domain, final String password) { return this.logonDomainUserEx(username, domain, password, WinBase.LOGON32_LOGON_NETWORK, WinBase.LOGON32_PROVIDER_DEFAULT); }
@Override public String getTrustTypeString() { return this.trustType.toString(); }
@Override public IWindowsAccount lookupAccount(final String username) { return new WindowsAccountImpl(username); }
@Override public byte[] getSid() { return this.getWindowsAccount().sid; }
@Override public IWindowsIdentity logonDomainUser(final String username, final String domain, final String password) { return this.logonDomainUserEx(username, domain, password, WinBase.LOGON32_LOGON_NETWORK, WinBase.LOGON32_PROVIDER_DEFAULT); }
@Override public String getTrustTypeString() { return this.trustType.toString(); }
@Override public String getSidString() { return this.getWindowsAccount().sidString; }