Skip to content

Commit

Permalink
Revised implementation
Browse files Browse the repository at this point in the history 
Decided to not dispose user created credentials at all.
  • Loading branch information
@rene-ye
rene-ye committed May 30, 2018
1 parent d969b03 commit 88dc78b
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 24 deletions.
7 changes: 6 additions & 1 deletion src/main/java/com/microsoft/sqlserver/jdbc/KerbAuthentication.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ final class KerbAuthentication extends SSPIAuthentication {

private final GSSManager manager = GSSManager.getInstance();
private LoginContext lc = null;
private boolean isUserCreatedCredential = false;
private GSSCredential peerCredentials = null;
private GSSContext peerContext = null;

Expand Down Expand Up @@ -390,6 +391,7 @@ interface RealmValidator {
int port,
GSSCredential ImpersonatedUserCred) throws SQLServerException {
this(con, address, port);
isUserCreatedCredential = true;
peerCredentials = ImpersonatedUserCred;
}

Expand All @@ -403,8 +405,11 @@ byte[] GenerateClientContext(byte[] pin,

int ReleaseClientContext() throws SQLServerException {
try {
if (null != peerCredentials)
if (null != peerCredentials && !isUserCreatedCredential) {
peerCredentials.dispose();
} else if (null != peerCredentials && isUserCreatedCredential) {
peerCredentials = null;
}
if (null != peerContext)
peerContext.dispose();
if (null != lc)
Expand Down
32 changes: 9 additions & 23 deletions src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3417,9 +3417,10 @@ final boolean doExecute() throws SQLServerException {
if (integratedSecurity && AuthenticationScheme.nativeAuthentication == intAuthScheme)
authentication = new AuthenticationJNI(this, currentConnectPlaceHolder.getServerName(), currentConnectPlaceHolder.getPortNumber());
if (integratedSecurity && AuthenticationScheme.javaKerberos == intAuthScheme) {
if (null != ImpersonatedUserCred)
if (null != ImpersonatedUserCred) {
authentication = new KerbAuthentication(this, currentConnectPlaceHolder.getServerName(), currentConnectPlaceHolder.getPortNumber(),
ImpersonatedUserCred);
}
else
authentication = new KerbAuthentication(this, currentConnectPlaceHolder.getServerName(), currentConnectPlaceHolder.getPortNumber());
}
Expand All @@ -3441,7 +3442,6 @@ final boolean doExecute() throws SQLServerException {
// No need any further info from the server for token based authentication. So set _federatedAuthenticationRequested to true
federatedAuthenticationRequested = true;
}

try {
sendLogon(command, authentication, fedAuthFeatureExtensionData);

Expand All @@ -3455,29 +3455,15 @@ final boolean doExecute() throws SQLServerException {
connectionCommand(sqlStmt, "Change Settings");
}
}
}
finally {
if (integratedSecurity) {
if (null != ImpersonatedUserCred) {
try {
if (ImpersonatedUserCred.getRemainingLifetime() <= 0) {
if (null != authentication) {
authentication.ReleaseClientContext();
}
authentication = null;
ImpersonatedUserCred.dispose();
}
}
catch (GSSException e) {
if (connectionlogger.isLoggable(Level.FINER))
connectionlogger.finer(toString() + " Release of the credentials failed GSSException: " + e);
}
} else {
if (null != authentication) {
authentication.ReleaseClientContext();
}
} finally {
if (integratedSecurity) {
if (null != authentication) {
authentication.ReleaseClientContext();
authentication = null;
}
if (null != ImpersonatedUserCred) {
ImpersonatedUserCred = null;
}
}
}
}
Expand Down

0 comments on commit 88dc78b

Please sign in to comment.