[icedtea-web] RFC: Patch for PR861: Code in a jar cannot connect to jar host server
Deepak Bhole
dbhole at redhat.com
Mon May 28 10:16:07 PDT 2012
Hi,
Attached patch resolves PR861:
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=861
ChangeLog:
2012-05-28 Deepak Bhole <dbhole at redhat.com>
PR861: Allow loading from non codebase hosts. Allow code to connect to
hosting server.
* netx/net/sourceforge/jnlp/SecurityDesc.java
(getSandBoxPermissions): Only add host if it is not empty.
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
(getPermissions): Add SocketPermission for code source host.
(findLoadedClassAll): Call super methods privileged so that connection to
non codebase hosts can be made.
(findClass): Same.
(findResourcesBySearching): Same. Also use privileged context for enum
operations because the enum is defined on the fly by URLClassLoader and
checks for hosting server connectivity via next().
(getAccessControlContextForClassLoading): New method. Returns a control
context for classloader operations like find/load/etc.
(CodeBaseClassLoader::findClass): Call super methods privileged so that
connection to non codebase hosts can be made.
(CodeBaseClassLoader::findResource): Same.
Applets may specify jars from different host servers. The current code only
allows socket connect permissions for codebase. This is insufficient as a class
from one jar may need a class from another jar that is hosted on a different
server.
Furthermore, if a class comes from server foo, it should be allowed to connect
to foo throughout its lifetime.
Attached patch resolves the above issues and makes the site mentioned in the
bug (http://broadband.mpi-sws.org/transparency/glasnost.php) work again.
OK for HEAD?
Cheers,
Deepak
-------------- next part --------------
diff -r 6df151bb5320 NEWS
--- a/NEWS Fri May 25 11:44:13 2012 -0400
+++ b/NEWS Mon May 28 13:11:12 2012 -0400
@@ -15,6 +15,7 @@
* Plugin
- PR820: IcedTea-Web 1.1.3 crashing Firefox when loading Citrix XenApp
- PR895: IcedTea-Web searches for missing classes on each loadClass or findClass
+ - PR861: Allow loading from non codebase hosts. Allow code to connect to hosting server.
* Common
- PR918: java applet windows uses a low resulution black/white icon
diff -r 6df151bb5320 netx/net/sourceforge/jnlp/SecurityDesc.java
--- a/netx/net/sourceforge/jnlp/SecurityDesc.java Fri May 25 11:44:13 2012 -0400
+++ b/netx/net/sourceforge/jnlp/SecurityDesc.java Mon May 28 13:11:12 2012 -0400
@@ -238,7 +238,7 @@
for (int i = 0; i < jnlpRIAPermissions.length; i++)
permissions.add(jnlpRIAPermissions[i]);
- if (downloadHost != null)
+ if (downloadHost != null && downloadHost.length() > 0)
permissions.add(new SocketPermission(downloadHost,
"connect, accept"));
diff -r 6df151bb5320 netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Fri May 25 11:44:13 2012 -0400
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Mon May 28 13:11:12 2012 -0400
@@ -25,9 +25,11 @@
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
+import java.net.SocketPermission;
import java.net.URL;
import java.net.URLClassLoader;
import java.security.AccessControlContext;
+import java.security.AccessControlException;
import java.security.AccessController;
import java.security.AllPermission;
import java.security.CodeSource;
@@ -35,9 +37,12 @@
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
+import java.security.ProtectionDomain;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
@@ -948,6 +953,11 @@
result.add(runtimePermissions.get(i));
}
+ // Class from host X should be allowed to connect to host X
+ if (cs.getLocation().getHost().length() > 0)
+ result.add(new SocketPermission(cs.getLocation().getHost(),
+ "connect, accept"));
+
return result;
} catch (RuntimeException ex) {
if (JNLPRuntime.isDebug()) {
@@ -1316,10 +1326,21 @@
for (int i = 0; i < loaders.length; i++) {
Class result = null;
- if (loaders[i] == this)
- result = super.findLoadedClass(name);
- else
+ if (loaders[i] == this) {
+ final String fName = name;
+ try {
+ result = AccessController.doPrivileged(
+ new PrivilegedExceptionAction<Class<?>>() {
+ public Class<?> run() {
+ return JNLPClassLoader.super.findLoadedClass(fName);
+ }
+ }, getAccessControlContextForClassLoading());
+ } catch (PrivilegedActionException pae) {
+ result = null;
+ }
+ } else {
result = loaders[i].findLoadedClassAll(name);
+ }
if (result != null)
return result;
@@ -1517,12 +1538,20 @@
protected Class findClass(String name) throws ClassNotFoundException {
for (int i = 0; i < loaders.length; i++) {
try {
- if (loaders[i] == this)
- return super.findClass(name);
- else
+ if (loaders[i] == this) {
+ final String fName = name;
+ return AccessController.doPrivileged(
+ new PrivilegedExceptionAction<Class<?>>() {
+ public Class<?> run() throws ClassNotFoundException {
+ return JNLPClassLoader.super.findClass(fName);
+ }
+ }, getAccessControlContextForClassLoading());
+ } else {
return loaders[i].findClass(name);
+ }
} catch (ClassNotFoundException ex) {
} catch (ClassFormatError cfe) {
+ } catch (PrivilegedActionException pae) {
}
}
@@ -1631,20 +1660,42 @@
*/
private Enumeration<URL> findResourcesBySearching(String name) throws IOException {
List<URL> resources = new ArrayList<URL>();
- Enumeration<URL> e;
+ Enumeration<URL> e = null;
for (int i = 0; i < loaders.length; i++) {
// TODO check if this will blow up or not
// if loaders[1].getResource() is called, wont it call getResource() on
// the original caller? infinite recursion?
- if (loaders[i] == this)
- e = super.findResources(name);
- else
+ if (loaders[i] == this) {
+ final String fName = name;
+ try {
+ e = AccessController.doPrivileged(
+ new PrivilegedExceptionAction<Enumeration<URL>>() {
+ public Enumeration<URL> run() throws IOException {
+ return JNLPClassLoader.super.findResources(fName);
+ }
+ }, getAccessControlContextForClassLoading());
+ } catch (PrivilegedActionException pae) {
+ }
+ } else {
e = loaders[i].findResources(name);
+ }
- while (e.hasMoreElements())
- resources.add(e.nextElement());
+ final Enumeration<URL> fURLEnum = e;
+ try {
+ resources.addAll(AccessController.doPrivileged(
+ new PrivilegedExceptionAction<Collection<URL>>() {
+ public Collection<URL> run() {
+ List<URL> resources = new ArrayList<URL>();
+ while (fURLEnum != null && fURLEnum.hasMoreElements()) {
+ resources.add(fURLEnum.nextElement());
+ }
+ return resources;
+ }
+ }, getAccessControlContextForClassLoading()));
+ } catch (PrivilegedActionException pae) {
+ }
}
// Add resources from codebase (only if nothing was found above,
@@ -1896,6 +1947,56 @@
}
}
+ /**
+ * Returns an appropriate AccessControlContext for loading classes in
+ * the running instance.
+ *
+ * The default context during class-loading only allows connection to
+ * codebase. However applets are allowed to load jars from arbitrary
+ * locations and the codebase only access falls short if a class from
+ * one location needs a class from another.
+ *
+ * Given protected access since CodeBaseClassloader uses this function too.
+ *
+ * @return The appropriate AccessControlContext for loading classes for this instance
+ */
+ public AccessControlContext getAccessControlContextForClassLoading() {
+ AccessControlContext context = AccessController.getContext();
+
+ try {
+ context.checkPermission(new AllPermission());
+ return context; // If context already has all permissions, don't bother
+ } catch (AccessControlException ace) {
+ // continue below
+ }
+
+ // Since this is for class-loading, technically any class from one jar
+ // should be able to access a class from another, therefore making the
+ // original context code source irrelevant
+ PermissionCollection permissions = this.security.getSandBoxPermissions();
+
+ // Local cache access permissions
+ for (Permission resourcePermission : resourcePermissions) {
+ permissions.add(resourcePermission);
+ }
+
+ // Permissions for all remote hosting urls
+ for (URL u: jarLocationSecurityMap.keySet()) {
+ permissions.add(new SocketPermission(u.getHost(),
+ "connect, accept"));
+ }
+
+ // Permissions for codebase urls
+ for (URL u : codeBaseLoader.getURLs()) {
+ permissions.add(new SocketPermission(u.getHost(),
+ "connect, accept"));
+ }
+
+ ProtectionDomain pd = new ProtectionDomain(null, permissions);
+
+ return new AccessControlContext(new ProtectionDomain[] { pd });
+ }
+
/*
* Helper class to expose protected URLClassLoader methods.
*/
@@ -1927,10 +2028,16 @@
throw new ClassNotFoundException(name);
try {
- return super.findClass(name);
- } catch (ClassNotFoundException cnfe) {
+ final String fName = name;
+ return AccessController.doPrivileged(
+ new PrivilegedExceptionAction<Class<?>>() {
+ public Class<?> run() throws ClassNotFoundException {
+ return CodeBaseClassLoader.super.findClass(fName);
+ }
+ }, parentJNLPClassLoader.getAccessControlContextForClassLoading());
+ } catch (PrivilegedActionException pae) {
notFoundResources.put(name, super.getURLs());
- throw cnfe;
+ throw new ClassNotFoundException("Could not find class " + name);
}
}
@@ -1983,8 +2090,18 @@
if (Arrays.equals(super.getURLs(), notFoundResources.get(name)))
return null;
+ URL url = null;
if (!name.startsWith("META-INF")) {
- URL url = super.findResource(name);
+ try {
+ final String fName = name;
+ url = AccessController.doPrivileged(
+ new PrivilegedExceptionAction<URL>() {
+ public URL run() {
+ return CodeBaseClassLoader.super.findResource(fName);
+ }
+ }, parentJNLPClassLoader.getAccessControlContextForClassLoading());
+ } catch (PrivilegedActionException pae) {
+ }
if (url == null) {
notFoundResources.put(name, super.getURLs());
More information about the distro-pkg-dev
mailing list