Merge
This commit is contained in:
commit
009c6ca539
corba/src/java.corba/share/classes/com/sun/jndi
@ -33,6 +33,8 @@ import java.util.Hashtable;
|
|||||||
|
|
||||||
import org.omg.CosNaming.*;
|
import org.omg.CosNaming.*;
|
||||||
|
|
||||||
|
import com.sun.jndi.toolkit.corba.CorbaUtils;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Implements the JNDI NamingEnumeration interface for COS
|
* Implements the JNDI NamingEnumeration interface for COS
|
||||||
* Naming. Gets hold of a list of bindings from the COS Naming Server
|
* Naming. Gets hold of a list of bindings from the COS Naming Server
|
||||||
@ -212,7 +214,10 @@ final class CNBindingEnumeration
|
|||||||
Name cname = CNNameParser.cosNameToName(bndg.binding_name);
|
Name cname = CNNameParser.cosNameToName(bndg.binding_name);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
obj = NamingManager.getObjectInstance(obj, cname, _ctx, _env);
|
// Check whether object factory codebase is trusted
|
||||||
|
if (CorbaUtils.isObjectFactoryTrusted(obj)) {
|
||||||
|
obj = NamingManager.getObjectInstance(obj, cname, _ctx, _env);
|
||||||
|
}
|
||||||
} catch (NamingException e) {
|
} catch (NamingException e) {
|
||||||
throw e;
|
throw e;
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
|
@ -36,6 +36,8 @@ import java.io.InputStream;
|
|||||||
import java.io.InputStreamReader;
|
import java.io.InputStreamReader;
|
||||||
import java.io.BufferedReader;
|
import java.io.BufferedReader;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.security.AccessController;
|
||||||
|
import java.security.PrivilegedAction;
|
||||||
|
|
||||||
import org.omg.CosNaming.*;
|
import org.omg.CosNaming.*;
|
||||||
import org.omg.CosNaming.NamingContextPackage.*;
|
import org.omg.CosNaming.NamingContextPackage.*;
|
||||||
@ -82,6 +84,19 @@ public class CNCtx implements javax.naming.Context {
|
|||||||
private static final String FED_PROP = "com.sun.jndi.cosnaming.federation";
|
private static final String FED_PROP = "com.sun.jndi.cosnaming.federation";
|
||||||
boolean federation = false;
|
boolean federation = false;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determines whether classes may be loaded from an arbitrary URL code base.
|
||||||
|
*/
|
||||||
|
public static final boolean trustURLCodebase;
|
||||||
|
static {
|
||||||
|
// System property to control whether classes may be loaded from an
|
||||||
|
// arbitrary URL code base
|
||||||
|
PrivilegedAction<String> act = () -> System.getProperty(
|
||||||
|
"com.sun.jndi.cosnaming.object.trustURLCodebase", "false");
|
||||||
|
String trust = AccessController.doPrivileged(act);
|
||||||
|
trustURLCodebase = "true".equalsIgnoreCase(trust);
|
||||||
|
}
|
||||||
|
|
||||||
// Reference counter for tracking _orb references
|
// Reference counter for tracking _orb references
|
||||||
OrbReuseTracker orbTracker = null;
|
OrbReuseTracker orbTracker = null;
|
||||||
int enumCount;
|
int enumCount;
|
||||||
@ -534,12 +549,16 @@ public class CNCtx implements javax.naming.Context {
|
|||||||
if (name.size() == 0 )
|
if (name.size() == 0 )
|
||||||
return this; // %%% should clone() so that env can be changed
|
return this; // %%% should clone() so that env can be changed
|
||||||
NameComponent[] path = CNNameParser.nameToCosName(name);
|
NameComponent[] path = CNNameParser.nameToCosName(name);
|
||||||
|
java.lang.Object answer = null;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
java.lang.Object answer = callResolve(path);
|
answer = callResolve(path);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
return NamingManager.getObjectInstance(answer, name, this, _env);
|
// Check whether object factory codebase is trusted
|
||||||
|
if (CorbaUtils.isObjectFactoryTrusted(answer)) {
|
||||||
|
answer = NamingManager.getObjectInstance(
|
||||||
|
answer, name, this, _env);
|
||||||
|
}
|
||||||
} catch (NamingException e) {
|
} catch (NamingException e) {
|
||||||
throw e;
|
throw e;
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
@ -552,6 +571,7 @@ public class CNCtx implements javax.naming.Context {
|
|||||||
javax.naming.Context cctx = getContinuationContext(cpe);
|
javax.naming.Context cctx = getContinuationContext(cpe);
|
||||||
return cctx.lookup(cpe.getRemainingName());
|
return cctx.lookup(cpe.getRemainingName());
|
||||||
}
|
}
|
||||||
|
return answer;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -33,6 +33,8 @@ import org.omg.CosNaming.*;
|
|||||||
import org.omg.CosNaming.NamingContextPackage.*;
|
import org.omg.CosNaming.NamingContextPackage.*;
|
||||||
import org.omg.CORBA.*;
|
import org.omg.CORBA.*;
|
||||||
|
|
||||||
|
import com.sun.jndi.toolkit.corba.CorbaUtils;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A convenience class to map the COS Naming exceptions to the JNDI exceptions.
|
* A convenience class to map the COS Naming exceptions to the JNDI exceptions.
|
||||||
* @author Raj Krishnamurthy
|
* @author Raj Krishnamurthy
|
||||||
@ -202,10 +204,13 @@ public final class ExceptionMapper {
|
|||||||
// Not a context, use object factory to transform object.
|
// Not a context, use object factory to transform object.
|
||||||
|
|
||||||
Name cname = CNNameParser.cosNameToName(resolvedName);
|
Name cname = CNNameParser.cosNameToName(resolvedName);
|
||||||
java.lang.Object resolvedObj2;
|
java.lang.Object resolvedObj2 = null;
|
||||||
try {
|
try {
|
||||||
resolvedObj2 = NamingManager.getObjectInstance(resolvedObj,
|
// Check whether object factory codebase is trusted
|
||||||
cname, ctx, ctx._env);
|
if (CorbaUtils.isObjectFactoryTrusted(resolvedObj)) {
|
||||||
|
resolvedObj2 = NamingManager.getObjectInstance(resolvedObj,
|
||||||
|
cname, ctx, ctx._env);
|
||||||
|
}
|
||||||
} catch (NamingException ge) {
|
} catch (NamingException ge) {
|
||||||
throw ge;
|
throw ge;
|
||||||
} catch (Exception ge) {
|
} catch (Exception ge) {
|
||||||
|
@ -36,11 +36,12 @@ import java.applet.Applet;
|
|||||||
|
|
||||||
import org.omg.CORBA.ORB;
|
import org.omg.CORBA.ORB;
|
||||||
|
|
||||||
import javax.naming.Context;
|
import javax.naming.*;
|
||||||
import javax.naming.ConfigurationException;
|
|
||||||
import javax.rmi.CORBA.Stub;
|
import javax.rmi.CORBA.Stub;
|
||||||
import javax.rmi.PortableRemoteObject;
|
import javax.rmi.PortableRemoteObject;
|
||||||
|
|
||||||
|
import com.sun.jndi.cosnaming.CNCtx;
|
||||||
|
|
||||||
import java.io.UnsupportedEncodingException;
|
import java.io.UnsupportedEncodingException;
|
||||||
import java.net.MalformedURLException;
|
import java.net.MalformedURLException;
|
||||||
import java.net.URLDecoder;
|
import java.net.URLDecoder;
|
||||||
@ -182,6 +183,32 @@ public class CorbaUtils {
|
|||||||
return ORB.init(new String[0], orbProp);
|
return ORB.init(new String[0], orbProp);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check whether object factory code base is trusted.
|
||||||
|
* Classes may only be loaded from an arbitrary URL code base when
|
||||||
|
* the system property com.sun.jndi.rmi.object.trustURLCodebase
|
||||||
|
* has been set to "true".
|
||||||
|
*/
|
||||||
|
public static boolean isObjectFactoryTrusted(Object obj)
|
||||||
|
throws NamingException {
|
||||||
|
|
||||||
|
// Extract Reference, if possible
|
||||||
|
Reference ref = null;
|
||||||
|
if (obj instanceof Reference) {
|
||||||
|
ref = (Reference) obj;
|
||||||
|
} else if (obj instanceof Referenceable) {
|
||||||
|
ref = ((Referenceable)(obj)).getReference();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (ref != null && ref.getFactoryClassLocation() != null &&
|
||||||
|
!CNCtx.trustURLCodebase) {
|
||||||
|
throw new ConfigurationException(
|
||||||
|
"The object factory is untrusted. Set the system property" +
|
||||||
|
" 'com.sun.jndi.cosnaming.object.trustURLCodebase' to 'true'.");
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Decode a URI string (according to RFC 2396).
|
* Decode a URI string (according to RFC 2396).
|
||||||
*/
|
*/
|
||||||
|
Loading…
x
Reference in New Issue
Block a user