• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Paul Clapham
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Liutauras Vilda
Saloon Keepers:
  • Tim Holloway
  • Carey Brown
  • Roland Mueller
  • Piet Souris
Bartenders:

JNA to call Secur32 InitializeSecurityContext, returns error

 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am trying to implement something similar to single signon thr' Java using Microsoft SSPI.
I need to invoke following two windows APIs in secur32.dll to accomplish it

1) AcquireCredentialsHandle
2) InitializeSecurityContext

Out of that first one (AcquireCredentialsHandle) seems to work fine, but the second one returns me some negative number during first run, which indicates it is an error. But that negative no can't be mapped to any of the error codes mentioned by Microsoft on msdn (http://msdn.microsoft.com/en-us/library/aa375512(VS.85).aspx).
The negative value returned is (-2146893052). I know there must be something wrong with my code but this error code is not helping me to find it out.

Following is the signature of InitializeSecurityContext -

SECURITY_STATUS SEC_Entry InitializeSecurityContext(
__in_opt PCredHandle phCredential,
__in_opt PCtxtHandle phContext,
__in SEC_CHAR *pszTargetName,
__in ULONG fContextReq,
__in ULONG Reserved1,
__in ULONG TargetDataRep,
__in_opt PSecBufferDesc pInput,
__in ULONG Reserved2,
__inout_opt PCtxtHandle phNewContext,
__inout_opt PSecBufferDesc pOutput,
__out PULONG pfContextAttr,
__out_opt PTimeStamp ptsExpiry
);

Following is how I have mapped all the attributes in Java
__in_opt PCredHandle phCredential - passed as Structure.ByReference (refer to SECURITY_HANDLE.java in attached file)
__in_opt PCtxtHandle phContext, - passed as null during first call
__in SEC_CHAR *pszTargetName - passed a Java String
__in ULONG fContextReq - ISC_REQ_CONFIDENTIALITY | ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT| ISC_REQ_CONNECTION
__in ULONG Reserved1 - 0
__in ULONG TargetDataRep - 0x10
__in_opt PSecBufferDesc pInput - null for first time
__in ULONG Reserved2 - 0
__inout_opt PCtxtHandle phNewContext - passed as Structure.ByReference (refer to SECURITY_HANDLE.java in attached file)
__inout_opt PSecBufferDesc pOutput - passed as Structure.ByReference ( refer to SecBufferDesc.java and SecBuffer.java), I think I am making some mistake in this mapping
__out PULONG pfContextAttr - LongByReference
__out_opt PTimeStamp ptsExpiry - passed as Structure.ByReference (refer to SECURITY_INTEGER.java in attached file).

Somebody has already done same thing using JInvoke, but I need to do it using jna, but I have used almost same code base with relevant changes.

Important URLs from microsft are -
1) http://msdn.microsoft.com/en-us/library/aa375512(VS.85).aspx
2)http://msdn.microsoft.com/en-us/library/aa379814(VS.85).aspx
3)http://msdn.microsoft.com/en-us/library/aa379815(VS.85).aspx

I can share the code, but it probably need to be on one to one basis as site doesn;t allow me to upload the code zip
Thanks,
Bhushan
 
Sheriff
Posts: 22862
132
Eclipse IDE Spring TypeScript Quarkus Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

bhushan shelke wrote:thr'


http://faq.javaranch.com/java/UseRealWords

The negative value returned is (-2146893052). I know there must be something wrong with my code but this error code is not helping me to find it out.


The possible values, according to my local MSDN library installation:
And here's the content of security.h from my MinGW installation:
As you can see, your error code is SEC_E_INTERNAL_ERROR: The Local Security Authority cannot be contacted.
 
bhushan shelke
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey thanks Buddy, it did help me. Actually I was was assigning memory.gePointer to a Pointer, did not realize that Memory extends Pointer and just assigning memory reference would be sufficient. After that everything worked.
Now, I have another question which related to correct usages of jna, for instance I am using things like

1) Structure.ByReference
2) Memory
Who is responsible for freeing up the memory after program is over especially when I use something like -
(Memory buf = new Memory(size)), which will allocate memory on native heap, will JVM GC collect such memory?

If not, how do I free up the memory, I saw there is free() method in Memory class but is not a public method.
One way I can imagine how this may work is after all reference to Memory object become void and when finalize method is invoked by GC on memory object
it will free the memory on native heap as well, is it how it works? (I hope, I don't sound too imaginative :-))
 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi,
I am trying to use JNA , to call secur32.dll funtions but is not working for me .Can you help me

Regards
Kannan
 
bhushan shelke
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sure

Kannan Mani wrote:hi,
I am trying to use JNA , to call secur32.dll funtions but is not working for me .Can you help me

Regards
Kannan

 
Kannan Mani
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ya Sure Its Not Working For me in Kerberos ,but its worked for NTLM
 
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

This is great. Are you planning on open source-ing your code?

I hope you will also be able to fix/solve this other problem for everyone...

http://forums.sun.com/thread.jspa?threadID=5385184&tstart=0

As an alternative for other readers, if you are on Java 6 or higher,
you may want to consider this other open source project if you
need to get single sign-on working in your java apps:

http://spnego.sourceforge.net

Good luck!

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
com.sun.jna.platform.win32.Secur32 and com.sun.jna.platform.win32.Sspi were committed to JNA at rev. 1041. Secur32 implements all these calls and tests were written that make sure it works. See http://code.dblock.org/ShowPost.aspx?id=91 for the long story.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic