JNA to call Secur32 InitializeSecurityContext, returns error
bhushan shelke
Greenhorn
Posts: 7
posted 7 years ago
I am trying to implement something similar to single signon thr' Java using Microsoft SSPI.
I need to invoke following two windows APIs in secur32.dll to accomplish it
1) AcquireCredentialsHandle
2) InitializeSecurityContext
Out of that first one (AcquireCredentialsHandle) seems to work fine, but the second one returns me some negative number during first run, which indicates it is an error. But that negative no can't be mapped to any of the error codes mentioned by Microsoft on msdn (http://msdn.microsoft.com/en-us/library/aa375512(VS.85).aspx).
The negative value returned is (-2146893052). I know there must be something wrong with my code but this error code is not helping me to find it out.
Following is the signature of InitializeSecurityContext -
SECURITY_STATUS SEC_Entry InitializeSecurityContext(
__in_opt PCredHandle phCredential,
__in_opt PCtxtHandle phContext,
__in SEC_CHAR *pszTargetName,
__in ULONG fContextReq,
__in ULONG Reserved1,
__in ULONG TargetDataRep,
__in_opt PSecBufferDesc pInput,
__in ULONG Reserved2,
__inout_opt PCtxtHandle phNewContext,
__inout_opt PSecBufferDesc pOutput,
__out PULONG pfContextAttr,
__out_opt PTimeStamp ptsExpiry
);
Following is how I have mapped all the attributes in Java
__in_opt PCredHandle phCredential - passed as Structure.ByReference (refer to SECURITY_HANDLE.java in attached file)
__in_opt PCtxtHandle phContext, - passed as null during first call
__in SEC_CHAR *pszTargetName - passed a Java String
__in ULONG fContextReq - ISC_REQ_CONFIDENTIALITY | ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT| ISC_REQ_CONNECTION
__in ULONG Reserved1 - 0
__in ULONG TargetDataRep - 0x10
__in_opt PSecBufferDesc pInput - null for first time
__in ULONG Reserved2 - 0
__inout_opt PCtxtHandle phNewContext - passed as Structure.ByReference (refer to SECURITY_HANDLE.java in attached file)
__inout_opt PSecBufferDesc pOutput - passed as Structure.ByReference ( refer to SecBufferDesc.java and SecBuffer.java), I think I am making some mistake in this mapping
__out PULONG pfContextAttr - LongByReference
__out_opt PTimeStamp ptsExpiry - passed as Structure.ByReference (refer to SECURITY_INTEGER.java in attached file).
Somebody has already done same thing using JInvoke, but I need to do it using jna, but I have used almost same code base with relevant changes.
Important URLs from microsft are -
1) http://msdn.microsoft.com/en-us/library/aa375512(VS.85).aspx
2)http://msdn.microsoft.com/en-us/library/aa379814(VS.85).aspx
3)http://msdn.microsoft.com/en-us/library/aa379815(VS.85).aspx
I can share the code, but it probably need to be on one to one basis as site doesn;t allow me to upload the code zip
Thanks,
Bhushan
I need to invoke following two windows APIs in secur32.dll to accomplish it
1) AcquireCredentialsHandle
2) InitializeSecurityContext
Out of that first one (AcquireCredentialsHandle) seems to work fine, but the second one returns me some negative number during first run, which indicates it is an error. But that negative no can't be mapped to any of the error codes mentioned by Microsoft on msdn (http://msdn.microsoft.com/en-us/library/aa375512(VS.85).aspx).
The negative value returned is (-2146893052). I know there must be something wrong with my code but this error code is not helping me to find it out.
Following is the signature of InitializeSecurityContext -
SECURITY_STATUS SEC_Entry InitializeSecurityContext(
__in_opt PCredHandle phCredential,
__in_opt PCtxtHandle phContext,
__in SEC_CHAR *pszTargetName,
__in ULONG fContextReq,
__in ULONG Reserved1,
__in ULONG TargetDataRep,
__in_opt PSecBufferDesc pInput,
__in ULONG Reserved2,
__inout_opt PCtxtHandle phNewContext,
__inout_opt PSecBufferDesc pOutput,
__out PULONG pfContextAttr,
__out_opt PTimeStamp ptsExpiry
);
Following is how I have mapped all the attributes in Java
__in_opt PCredHandle phCredential - passed as Structure.ByReference (refer to SECURITY_HANDLE.java in attached file)
__in_opt PCtxtHandle phContext, - passed as null during first call
__in SEC_CHAR *pszTargetName - passed a Java String
__in ULONG fContextReq - ISC_REQ_CONFIDENTIALITY | ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT| ISC_REQ_CONNECTION
__in ULONG Reserved1 - 0
__in ULONG TargetDataRep - 0x10
__in_opt PSecBufferDesc pInput - null for first time
__in ULONG Reserved2 - 0
__inout_opt PCtxtHandle phNewContext - passed as Structure.ByReference (refer to SECURITY_HANDLE.java in attached file)
__inout_opt PSecBufferDesc pOutput - passed as Structure.ByReference ( refer to SecBufferDesc.java and SecBuffer.java), I think I am making some mistake in this mapping
__out PULONG pfContextAttr - LongByReference
__out_opt PTimeStamp ptsExpiry - passed as Structure.ByReference (refer to SECURITY_INTEGER.java in attached file).
Somebody has already done same thing using JInvoke, but I need to do it using jna, but I have used almost same code base with relevant changes.
Important URLs from microsft are -
1) http://msdn.microsoft.com/en-us/library/aa375512(VS.85).aspx
2)http://msdn.microsoft.com/en-us/library/aa379814(VS.85).aspx
3)http://msdn.microsoft.com/en-us/library/aa379815(VS.85).aspx
I can share the code, but it probably need to be on one to one basis as site doesn;t allow me to upload the code zip
Thanks,
Bhushan
posted 7 years ago
http://faq.javaranch.com/java/UseRealWords
The possible values, according to my local MSDN library installation:
And here's the content of security.h from my MinGW installation:
As you can see, your error code is SEC_E_INTERNAL_ERROR: The Local Security Authority cannot be contacted.
bhushan shelke wrote:thr'
http://faq.javaranch.com/java/UseRealWords
The negative value returned is (-2146893052). I know there must be something wrong with my code but this error code is not helping me to find it out.
The possible values, according to my local MSDN library installation:
And here's the content of security.h from my MinGW installation:
As you can see, your error code is SEC_E_INTERNAL_ERROR: The Local Security Authority cannot be contacted.
SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6 - OCEJPAD 6
How To Ask Questions How To Answer Questions
bhushan shelke
Greenhorn
Posts: 7
posted 7 years ago
Hey thanks Buddy, it did help me. Actually I was was assigning memory.gePointer to a Pointer, did not realize that Memory extends Pointer and just assigning memory reference would be sufficient. After that everything worked.
Now, I have another question which related to correct usages of jna, for instance I am using things like
1) Structure.ByReference
2) Memory
Who is responsible for freeing up the memory after program is over especially when I use something like -
(Memory buf = new Memory(size)), which will allocate memory on native heap, will JVM GC collect such memory?
If not, how do I free up the memory, I saw there is free() method in Memory class but is not a public method.
One way I can imagine how this may work is after all reference to Memory object become void and when finalize method is invoked by GC on memory object
it will free the memory on native heap as well, is it how it works? (I hope, I don't sound too imaginative :-))
Now, I have another question which related to correct usages of jna, for instance I am using things like
1) Structure.ByReference
2) Memory
Who is responsible for freeing up the memory after program is over especially when I use something like -
(Memory buf = new Memory(size)), which will allocate memory on native heap, will JVM GC collect such memory?
If not, how do I free up the memory, I saw there is free() method in Memory class but is not a public method.
One way I can imagine how this may work is after all reference to Memory object become void and when finalize method is invoked by GC on memory object
it will free the memory on native heap as well, is it how it works? (I hope, I don't sound too imaginative :-))
Kannan Mani
Greenhorn
Posts: 3
bhushan shelke
Greenhorn
Posts: 7
Kannan Mani
Greenhorn
Posts: 3
Pat Gonzalez
Greenhorn
Posts: 19
posted 7 years ago
This is great. Are you planning on open source-ing your code?
I hope you will also be able to fix/solve this other problem for everyone...
http://forums.sun.com/thread.jspa?threadID=5385184&tstart=0
As an alternative for other readers, if you are on Java 6 or higher,
you may want to consider this other open source project if you
need to get single sign-on working in your java apps:
http://spnego.sourceforge.net
Good luck!
This is great. Are you planning on open source-ing your code?
I hope you will also be able to fix/solve this other problem for everyone...
http://forums.sun.com/thread.jspa?threadID=5385184&tstart=0
As an alternative for other readers, if you are on Java 6 or higher,
you may want to consider this other open source project if you
need to get single sign-on working in your java apps:
http://spnego.sourceforge.net
Good luck!
Daniel Block
Greenhorn
Posts: 1
posted 7 years ago
com.sun.jna.platform.win32.Secur32 and com.sun.jna.platform.win32.Sspi were committed to JNA at rev. 1041. Secur32 implements all these calls and tests were written that make sure it works. See http://code.dblock.org/ShowPost.aspx?id=91 for the long story.
| Consider Paul's rocket mass heater. |