/** * Continue an existing authentication conversation with the back-end in resonse to an * authentication request of type AUTH_REQ_GSS_CONT. * * @param msgLength Length of message to read, excluding length word and message type word * @throws SQLException if something wrong happens * @throws IOException if something wrong happens */ public void continueSSPI(int msgLength) throws SQLException, IOException { if (sspiContext == null) { throw new IllegalStateException("Cannot continue SSPI authentication that we didn't begin"); } LOGGER.log(Level.FINEST, "Continuing SSPI negotiation"); /* Read the response token from the server */ byte[] receivedToken = pgStream.receive(msgLength); SecBufferDesc continueToken = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, receivedToken); sspiContext.initialize(sspiContext.getHandle(), continueToken, targetName); /* * Now send the response token. If negotiation is complete there may be zero bytes to send, in * which case we shouldn't send a reply as the server is not expecting one; see fe-auth.c in * libpq for details. */ byte[] responseToken = sspiContext.getToken(); if (responseToken.length > 0) { sendSSPIResponse(responseToken); LOGGER.log(Level.FINEST, "Sent SSPI negotiation continuation message"); } else { LOGGER.log(Level.FINEST, "SSPI authentication complete, no reply required"); } }
substring(securityPackage.length() + 1); byte[] continueTokenBytes = Base64.decode(continueToken); Sspi.SecBufferDesc continueTokenBuffer = new Sspi. SecBufferDesc(Sspi.SECBUFFER_TOKEN, continueTokenBytes); clientContext.initialize(clientContext.getHandle(), continueTokenBuffer, "localhost");
final SecBufferDesc pbServerToken = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, tokenSize); final SecBufferDesc pbClientToken = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, token); final IntByReference pfClientContextAttr = new IntByReference();
substring(securityPackage.length() + 1); byte[] continueTokenBytes = Base64.decode(continueToken); Sspi.SecBufferDesc continueTokenBuffer = new Sspi. SecBufferDesc(Sspi.SECBUFFER_TOKEN, continueTokenBytes); clientContext.initialize(clientContext.getHandle(), continueTokenBuffer, "localhost");
try { final byte[] continueTokenBytes = Base64.decodeBase64(this.challenge); final SecBufferDesc continueTokenBuffer = new SecBufferDesc( Sspi.SECBUFFER_TOKEN, continueTokenBytes); final String targetName = getServicePrincipalName(context);
final SecBufferDesc pbServerToken = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, tokenSize); final SecBufferDesc pbClientToken = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, token); final IntByReference pfClientContextAttr = new IntByReference();
sequence.set(in.getLastPacketSeq()); byte[] tokenForTheClientOnTheServer = buffer.readRawBytes(buffer.remaining()); Sspi.SecBufferDesc continueToken = new Sspi.SecBufferDesc(Sspi.SECBUFFER_TOKEN, tokenForTheClientOnTheServer); clientContext.initialize(clientContext.getHandle(), continueToken, servicePrincipalName);
sequence.set(in.getLastPacketSeq()); byte[] tokenForTheClientOnTheServer = buffer.readRawBytes(buffer.remaining()); Sspi.SecBufferDesc continueToken = new Sspi.SecBufferDesc(Sspi.SECBUFFER_TOKEN, tokenForTheClientOnTheServer); clientContext.initialize(clientContext.getHandle(), continueToken, servicePrincipalName);
@Override public void initialize(final CtxtHandle continueCtx, final SecBufferDesc continueToken, final String targetName) { this.attr = new IntByReference(); this.ctx = new CtxtHandle(); int tokenSize = Sspi.MAX_TOKEN_SIZE; int rc; do { this.token = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, tokenSize); rc = Secur32.INSTANCE.InitializeSecurityContext(this.credentials.getHandle(), continueCtx, targetName, Sspi.ISC_REQ_CONNECTION, 0, Sspi.SECURITY_NATIVE_DREP, continueToken, 0, this.ctx, this.token, this.attr, null); switch (rc) { case WinError.SEC_E_INSUFFICIENT_MEMORY: tokenSize += Sspi.MAX_TOKEN_SIZE; break; case WinError.SEC_E_BUFFER_TOO_SMALL: tokenSize += Sspi.MAX_TOKEN_SIZE; break; case WinError.SEC_I_CONTINUE_NEEDED: this.continueFlag = true; break; case WinError.SEC_E_OK: this.continueFlag = false; break; default: throw new Win32Exception(rc); } } while (rc == WinError.SEC_E_INSUFFICIENT_MEMORY || rc == WinError.SEC_E_BUFFER_TOO_SMALL); }
@Override public void initialize(final CtxtHandle continueCtx, final SecBufferDesc continueToken, final String targetName) { final IntByReference attr = new IntByReference(); this.ctx = new CtxtHandle(); int tokenSize = Sspi.MAX_TOKEN_SIZE; int rc; do { this.token = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, tokenSize); rc = Secur32.INSTANCE.InitializeSecurityContext(this.credentials.getHandle(), continueCtx, targetName, Sspi.ISC_REQ_CONNECTION, 0, Sspi.SECURITY_NATIVE_DREP, continueToken, 0, this.ctx, this.token, attr, null); switch (rc) { case WinError.SEC_E_INSUFFICIENT_MEMORY: case WinError.SEC_E_BUFFER_TOO_SMALL: tokenSize += Sspi.MAX_TOKEN_SIZE; break; case WinError.SEC_I_CONTINUE_NEEDED: this.continueFlag = true; break; case WinError.SEC_E_OK: this.continueFlag = false; break; default: throw new Win32Exception(rc); } } while (rc == WinError.SEC_E_INSUFFICIENT_MEMORY || rc == WinError.SEC_E_BUFFER_TOO_SMALL); }
String getToken( final CtxtHandle continueCtx, final SecBufferDesc continueToken, final String targetName) { final IntByReference attr = new IntByReference(); final SecBufferDesc token = new SecBufferDesc( Sspi.SECBUFFER_TOKEN, Sspi.MAX_TOKEN_SIZE); sspiContext = new CtxtHandle(); final int rc = Secur32.INSTANCE.InitializeSecurityContext(clientCred, continueCtx, targetName, Sspi.ISC_REQ_DELEGATE | Sspi.ISC_REQ_MUTUAL_AUTH, 0, Sspi.SECURITY_NATIVE_DREP, continueToken, 0, sspiContext, token, attr, null); switch (rc) { case WinError.SEC_I_CONTINUE_NEEDED: continueNeeded = true; break; case WinError.SEC_E_OK: dispose(); // Don't keep the context continueNeeded = false; break; default: dispose(); throw new Win32Exception(rc); } return Base64.encodeBase64String(token.getBytes()); }
/** * Sets the token. * * @param bytes * the new token */ public void setToken(final byte[] bytes) { this.token = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, bytes); }
/** * Sets the token. * * @param bytes * the new token */ public void setToken(final byte[] bytes) { this.token = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, bytes); }