JNA to call Secur32 InitializeSecurityContext, returns error

I am trying to implement something similar to single signon thr' Java using Microsoft SSPI.
I need to invoke following two windows APIs in secur32.dll to accomplish it

1) AcquireCredentialsHandle
2) InitializeSecurityContext

Out of that first one (AcquireCredentialsHandle) seems to work fine, but the second one returns me some negative number during first run, which indicates it is an error. But that negative no can't be mapped to any of the error codes mentioned by Microsoft on msdn (http://msdn.microsoft.com/en-us/library/aa375512(VS.85).aspx).
The negative value returned is (-2146893052). I know there must be something wrong with my code but this error code is not helping me to find it out.

Following is the signature of InitializeSecurityContext -

SECURITY_STATUS SEC_Entry InitializeSecurityContext(
__in_opt PCredHandle phCredential,
__in_opt PCtxtHandle phContext,
__in SEC_CHAR *pszTargetName,
__in ULONG fContextReq,
__in ULONG Reserved1,
__in ULONG TargetDataRep,
__in_opt PSecBufferDesc pInput,
__in ULONG Reserved2,
__inout_opt PCtxtHandle phNewContext,
__inout_opt PSecBufferDesc pOutput,
__out PULONG pfContextAttr,
__out_opt PTimeStamp ptsExpiry
);

Following is how I have mapped all the attributes in Java
__in_opt PCredHandle phCredential - passed as Structure.ByReference (refer to SECURITY_HANDLE.java in attached file)
__in_opt PCtxtHandle phContext, - passed as null during first call
__in SEC_CHAR *pszTargetName - passed a Java String
__in ULONG fContextReq - ISC_REQ_CONFIDENTIALITY | ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT| ISC_REQ_CONNECTION
__in ULONG Reserved1 - 0
__in ULONG TargetDataRep - 0x10
__in_opt PSecBufferDesc pInput - null for first time
__in ULONG Reserved2 - 0
__inout_opt PCtxtHandle phNewContext - passed as Structure.ByReference (refer to SECURITY_HANDLE.java in attached file)
__inout_opt PSecBufferDesc pOutput - passed as Structure.ByReference ( refer to SecBufferDesc.java and SecBuffer.java), I think I am making some mistake in this mapping
__out PULONG pfContextAttr - LongByReference
__out_opt PTimeStamp ptsExpiry - passed as Structure.ByReference (refer to SECURITY_INTEGER.java in attached file).

Somebody has already done same thing using JInvoke, but I need to do it using jna, but I have used almost same code base with relevant changes.

Important URLs from microsft are -
1) http://msdn.microsoft.com/en-us/library/aa375512(VS.85).aspx
2)http://msdn.microsoft.com/en-us/library/aa379814(VS.85).aspx
3)http://msdn.microsoft.com/en-us/library/aa379815(VS.85).aspx

I can share the code, but it probably need to be on one to one basis as site doesn;t allow me to upload the code zip
Thanks,
Bhushan

bhushan shelke wrote:thr'

http://faq.javaranch.com/java/UseRealWords

The negative value returned is (-2146893052). I know there must be something wrong with my code but this error code is not helping me to find it out.

The possible values, according to my local MSDN library installation:
Value Meaning SEC_E_INVALID_HANDLE The handle passed to the function is invalid. SEC_E_TARGET_UNKNOWN The target was not recognized. SEC_E_LOGON_DENIED The logon failed. SEC_E_INTERNAL_ERROR The Local Security Authority cannot be contacted. SEC_E_NO_CREDENTIALS No credentials are available in the security package. SEC_E_NO_AUTHENTICATING_AUTHORITY No authority could be contacted for authentication.And here's the content of security.h from my MinGW installation:
#ifndef _SECURITY_H #define _SECURITY_H #if __GNUC__ >=3 #pragma GCC system_header #endif #define SEC_E_OK 0 #define SEC_E_CERT_EXPIRED (-2146893016) #define SEC_E_INCOMPLETE_MESSAGE (-2146893032) #define SEC_E_INSUFFICIENT_MEMORY (-2146893056) #define SEC_E_INTERNAL_ERROR (-2146893052) #define SEC_E_INVALID_HANDLE (-2146893055) #define SEC_E_INVALID_TOKEN (-2146893048) #define SEC_E_LOGON_DENIED (-2146893044) #define SEC_E_NO_AUTHENTICATING_AUTHORITY (-2146893039) #define SEC_E_NO_CREDENTIALS (-2146893042) #define SEC_E_TARGET_UNKNOWN (-2146893053) #define SEC_E_UNSUPPORTED_FUNCTION (-2146893054) #define SEC_E_UNTRUSTED_ROOT (-2146893019) #define SEC_E_WRONG_PRINCIPAL (-2146893022) #define SEC_E_SECPKG_NOT_FOUND (-2146893051) #define SEC_E_QOP_NOT_SUPPORTED (-2146893046) #define SEC_E_UNKNOWN_CREDENTIALS (-2146893043) #define SEC_E_NOT_OWNER (-2146893050) #define SEC_I_RENEGOTIATE 590625 #define SEC_I_COMPLETE_AND_CONTINUE 590612 #define SEC_I_COMPLETE_NEEDED 590611 #define SEC_I_CONTINUE_NEEDED 590610 #define SEC_I_INCOMPLETE_CREDENTIALS 590624 /* always a char */ typedef char SEC_CHAR; typedef wchar_t SEC_WCHAR; typedef long SECURITY_STATUS; #define SEC_FAR #include <sspi.h> #include <ntsecpkg.h> #include <secext.h> #endif /* _SECURITY_H */As you can see, your error code is SEC_E_INTERNAL_ERROR: The Local Security Authority cannot be contacted.

Hey thanks Buddy, it did help me. Actually I was was assigning memory.gePointer to a Pointer, did not realize that Memory extends Pointer and just assigning memory reference would be sufficient. After that everything worked.
Now, I have another question which related to correct usages of jna, for instance I am using things like

1) Structure.ByReference
2) Memory
Who is responsible for freeing up the memory after program is over especially when I use something like -
(Memory buf = new Memory(size)), which will allocate memory on native heap, will JVM GC collect such memory?

If not, how do I free up the memory, I saw there is free() method in Memory class but is not a public method.
One way I can imagine how this may work is after all reference to Memory object become void and when finalize method is invoked by GC on memory object
it will free the memory on native heap as well, is it how it works? (I hope, I don't sound too imaginative :-))

hi,
I am trying to use JNA , to call secur32.dll funtions but is not working for me .Can you help me

Regards
Kannan

Sure

Kannan Mani wrote:hi,
I am trying to use JNA , to call secur32.dll funtions but is not working for me .Can you help me

Regards
Kannan

Ya Sure Its Not Working For me in Kerberos ,but its worked for NTLM

This is great. Are you planning on open source-ing your code?

I hope you will also be able to fix/solve this other problem for everyone...

http://forums.sun.com/thread.jspa?threadID=5385184&tstart=0

As an alternative for other readers, if you are on Java 6 or higher,
you may want to consider this other open source project if you
need to get single sign-on working in your java apps:

http://spnego.sourceforge.net

Good luck!

com.sun.jna.platform.win32.Secur32 and com.sun.jna.platform.win32.Sspi were committed to JNA at rev. 1041. Secur32 implements all these calls and tests were written that make sure it works. See http://code.dblock.org/ShowPost.aspx?id=91 for the long story.