提交 7d25aec6 编写于 作者: M michaelm

8028293: Check local configuration for actual ephemeral port range

Reviewed-by: alanb, chegar, smarks
上级 81f1717d
......@@ -25,6 +25,7 @@
LIBNET_SRC_DIRS := $(JDK_TOPDIR)/src/share/native/java/net \
$(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/native/java/net \
$(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/native/sun/net/ \
$(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/native/sun/net/dns \
$(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/native/sun/net/spi
......
......@@ -86,6 +86,8 @@ SUNWprivate_1.1 {
Java_java_net_PlainSocketImpl_socketConnect;
Java_java_net_PlainDatagramSocketImpl_getTimeToLive;
Java_java_net_PlainDatagramSocketImpl_setTimeToLive;
Java_sun_net_PortConfig_getUpper0;
Java_sun_net_PortConfig_getLower0;
Java_sun_net_dns_ResolverConfigurationImpl_localDomain0;
Java_sun_net_dns_ResolverConfigurationImpl_fallbackDomain0;
Java_sun_net_sdp_SdpSupport_convert0;
......
......@@ -44,6 +44,7 @@ import java.io.ObjectInputStream;
import java.io.IOException;
import sun.net.util.IPAddressUtil;
import sun.net.RegisteredDomain;
import sun.net.PortConfig;
import sun.security.util.SecurityConstants;
import sun.security.util.Debug;
......@@ -1217,17 +1218,9 @@ public final class SocketPermission extends Permission
if (val != -1) {
return val;
} else {
String prop = Security.getProperty(
"network.ephemeralPortRange."+suffix
);
try {
val = Integer.parseInt(prop);
} catch (NumberFormatException e) {
// shouldn't happen
return defval;
}
return suffix.equals("low") ?
PortConfig.getLower() : PortConfig.getUpper();
}
return val;
}
}
);
......
......@@ -119,8 +119,23 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
public RegistryImpl(int port)
throws RemoteException
{
LiveRef lref = new LiveRef(id, port);
setup(new UnicastServerRef(lref));
if (port == Registry.REGISTRY_PORT && System.getSecurityManager() != null) {
// grant permission for default port only.
try {
AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
public Void run() throws RemoteException {
LiveRef lref = new LiveRef(id, port);
setup(new UnicastServerRef(lref));
return null;
}
}, null, new SocketPermission("localhost:"+port, "listen,accept"));
} catch (PrivilegedActionException pae) {
throw (RemoteException)pae.getException();
}
} else {
LiveRef lref = new LiveRef(id, port);
setup(new UnicastServerRef(lref));
}
}
/*
......@@ -419,7 +434,7 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
* related classes themselves are more tightly limited by RMI.
*/
perms.add(new SocketPermission("*", "connect,accept"));
perms.add(new SocketPermission("localhost:"+port, "listen,accept"));
perms.add(new SocketPermission("localhost:"+port, "listen,accept"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));
......
......@@ -496,20 +496,3 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
#
# Default ephemeral port ranges (operating system specific)
# used by java.net.SocketPermission to interpret the meaning of the special
# port value zero, as in the following example:
#
# SocketPermission("localhost:0" , "listen");
#
# These can be overridden by the system properties:
#
# jdk.net.ephemeralPortRange.low and
# jdk.net.ephemeralPortRange.high
#
# respectively.
#
network.ephemeralPortRange.low=32768
network.ephemeralPortRange.high=65535
......@@ -497,22 +497,3 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
#
# Default ephemeral port ranges (operating system specific)
# used by java.net.SocketPermission to interpret the meaning of the special
# port value zero, as in the following example:
#
# SocketPermission("localhost:0" , "listen");
#
# These can be overridden by the system properties:
#
# jdk.net.ephemeralPortRange.low and
# jdk.net.ephemeralPortRange.high
#
# respectively.
#
network.ephemeralPortRange.low=49152
network.ephemeralPortRange.high=65535
......@@ -496,21 +496,3 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
#
# Default ephemeral port ranges (operating system specific)
# used by java.net.SocketPermission to interpret the meaning of the special
# port value zero, as in the following example:
#
# SocketPermission("localhost:0" , "listen");
#
# These can be overridden by the system properties:
#
# jdk.net.ephemeralPortRange.low and
# jdk.net.ephemeralPortRange.high
#
# respectively.
#
network.ephemeralPortRange.low=32768
network.ephemeralPortRange.high=65535
......@@ -497,20 +497,3 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
#
# Default ephemeral port ranges (operating system specific)
# used by java.net.SocketPermission to interpret the meaning of the special
# port value zero, as in the following example:
#
# SocketPermission("localhost:0" , "listen");
#
# These can be overridden by the system properties:
#
# jdk.net.ephemeralPortRange.low and
# jdk.net.ephemeralPortRange.high
#
# respectively.
#
network.ephemeralPortRange.low=49152
network.ephemeralPortRange.high=65535
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.net;
import java.security.AccessController;
/**
* Determines the ephemeral port range in use on this system.
* If this cannot be determined, then the default settings
* of the OS are returned.
*/
public final class PortConfig {
private static int defaultUpper, defaultLower;
private final static int upper, lower;
private PortConfig() {}
static {
AccessController.doPrivileged(
new java.security.PrivilegedAction<Void>() {
public Void run() {
System.loadLibrary("net");
String os = System.getProperty("os.name");
if (os.startsWith("Linux")) {
defaultLower = 32768;
defaultUpper = 61000;
} else if (os.startsWith("SunOS")) {
defaultLower = 32768;
defaultUpper = 65535;
} else if (os.contains("OS X")) {
defaultLower = 49152;
defaultUpper = 65535;
} else {
throw new InternalError(
"sun.net.PortConfig: unknown OS");
}
return null;
}
});
int v = getLower0();
if (v == -1) {
v = defaultLower;
}
lower = v;
v = getUpper0();
if (v == -1) {
v = defaultUpper;
}
upper = v;
}
static native int getLower0();
static native int getUpper0();
public static int getLower() {
return lower;
}
public static int getUpper() {
return upper;
}
}
......@@ -138,8 +138,7 @@ static int useExclBind = 0;
* of the parameter is assumed to be an 'int'. If the parameter
* cannot be obtained return -1
*/
static int
getParam(char *driver, char *param)
int net_getParam(char *driver, char *param)
{
struct strioctl stri;
char buf [64];
......@@ -166,7 +165,7 @@ getParam(char *driver, char *param)
/*
* Iterative way to find the max value that SO_SNDBUF or SO_RCVBUF
* for Solaris versions that do not support the ioctl() in getParam().
* for Solaris versions that do not support the ioctl() in net_getParam().
* Ugly, but only called once (for each sotype).
*
* As an optimization, we make a guess using the default values for Solaris
......@@ -1359,7 +1358,7 @@ NET_SetSockOpt(int fd, int level, int opt, const void *arg,
* If that fails, we use the search algorithm in findMaxBuf()
*/
if (!init_tcp_max_buf && sotype == SOCK_STREAM) {
tcp_max_buf = getParam("/dev/tcp", "tcp_max_buf");
tcp_max_buf = net_getParam("/dev/tcp", "tcp_max_buf");
if (tcp_max_buf == -1) {
tcp_max_buf = findMaxBuf(fd, opt, SOCK_STREAM);
if (tcp_max_buf == -1) {
......@@ -1368,7 +1367,7 @@ NET_SetSockOpt(int fd, int level, int opt, const void *arg,
}
init_tcp_max_buf = 1;
} else if (!init_udp_max_buf && sotype == SOCK_DGRAM) {
udp_max_buf = getParam("/dev/udp", "udp_max_buf");
udp_max_buf = net_getParam("/dev/udp", "udp_max_buf");
if (udp_max_buf == -1) {
udp_max_buf = findMaxBuf(fd, opt, SOCK_DGRAM);
if (udp_max_buf == -1) {
......
......@@ -81,6 +81,9 @@ extern int NET_Poll(struct pollfd *ufds, unsigned int nfds, int timeout);
int getDefaultIPv6Interface(struct in6_addr *target_addr);
#endif
#ifdef __solaris__
extern int net_getParam(char *driver, char *param);
#endif
/* needed from libsocket on Solaris 8 */
......
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#if defined(_ALLBSD_SOURCE)
#include <sys/sysctl.h>
#endif
#include "jni.h"
#include "net_util.h"
#include "sun_net_PortConfig.h"
#ifdef __cplusplus
extern "C" {
#endif
struct portrange {
int lower;
int higher;
};
static int getPortRange(struct portrange *range)
{
#ifdef __linux__
{
FILE *f;
int ret;
f = fopen("/proc/sys/net/ipv4/ip_local_port_range", "r");
if (f != NULL) {
ret = fscanf(f, "%d %d", &range->lower, &range->higher);
fclose(f);
return ret == 2 ? 0 : -1;
}
return -1;
}
#elif defined(__solaris__)
{
range->higher = net_getParam("/dev/tcp", "tcp_largest_anon_port");
range->lower = net_getParam("/dev/tcp", "tcp_smallest_anon_port");
return 0;
}
#elif defined(_ALLBSD_SOURCE)
{
int ret;
size_t size = sizeof(range->lower);
ret = sysctlbyname(
"net.inet.ip.portrange.first", &range->lower, &size, 0, 0
);
if (ret == -1) {
return -1;
}
size = sizeof(range->higher);
ret = sysctlbyname(
"net.inet.ip.portrange.last", &range->higher, &size, 0, 0
);
return ret;
}
#else
return -1;
#endif
}
/*
* Class: sun_net_PortConfig
* Method: getLower0
* Signature: ()I
*/
JNIEXPORT jint JNICALL Java_sun_net_PortConfig_getLower0
(JNIEnv *env, jclass clazz)
{
struct portrange range;
if (getPortRange(&range) < 0) {
return -1;
}
return range.lower;
}
/*
* Class: sun_net_PortConfig
* Method: getUpper0
* Signature: ()I
*/
JNIEXPORT jint JNICALL Java_sun_net_PortConfig_getUpper0
(JNIEnv *env, jclass clazz)
{
struct portrange range;
if (getPortRange(&range) < 0) {
return -1;
}
return range.higher;
}
#ifdef __cplusplus
}
#endif
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.net;
import java.security.AccessController;
/**
* Determines the ephemeral port range in use on this system.
* If this cannot be determined, then the default settings
* of the OS are returned.
*/
public final class PortConfig {
private static int defaultUpper, defaultLower;
private final static int upper, lower;
static {
AccessController.doPrivileged(
new java.security.PrivilegedAction<Void>() {
public Void run() {
System.loadLibrary("net");
return null;
}
});
int v = getLower0();
if (v == -1) {
v = defaultLower;
}
lower = v;
v = getUpper0();
if (v == -1) {
v = defaultUpper;
}
upper = v;
}
static native int getLower0();
static native int getUpper0();
public static int getLower() {
return lower;
}
public static int getUpper() {
return upper;
}
}
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
#include <windows.h>
#include "jni.h"
#include "net_util.h"
#include "sun_net_PortConfig.h"
#ifdef __cplusplus
extern "C" {
#endif
struct portrange {
int lower;
int higher;
};
static int getPortRange(struct portrange *range)
{
OSVERSIONINFO ver;
ver.dwOSVersionInfoSize = sizeof(ver);
GetVersionEx(&ver);
/* Check for major version 5 or less = Windows XP/2003 or older */
if (ver.dwMajorVersion <= 5) {
LONG ret;
HKEY hKey;
range->lower = 1024;
range->higher = 4999;
/* check registry to see if upper limit was raised */
ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters",
0, KEY_READ, (PHKEY)&hKey
);
if (ret == ERROR_SUCCESS) {
DWORD maxuserport;
ULONG ulType;
DWORD dwLen = sizeof(maxuserport);
ret = RegQueryValueEx(hKey, "MaxUserPort", NULL, &ulType,
(LPBYTE)&maxuserport, &dwLen);
RegCloseKey(hKey);
if (ret == ERROR_SUCCESS) {
range->higher = maxuserport;
}
}
} else {
/* There doesn't seem to be an API to access this. "MaxUserPort"
* is affected, but is not sufficient to determine.
* so we just use the defaults, which are less likely to change
*/
range->lower = 49152;
range->higher = 65535;
}
return 0;
}
/*
* Class: sun_net_PortConfig
* Method: getLower0
* Signature: ()I
*/
JNIEXPORT jint JNICALL Java_sun_net_PortConfig_getLower0
(JNIEnv *env, jclass clazz)
{
struct portrange range;
getPortRange(&range);
return range.lower;
}
/*
* Class: sun_net_PortConfig
* Method: getUpper0
* Signature: ()I
*/
JNIEXPORT jint JNICALL Java_sun_net_PortConfig_getUpper0
(JNIEnv *env, jclass clazz)
{
struct portrange range;
getPortRange(&range);
return range.higher;
}
#ifdef __cplusplus
}
#endif
......@@ -88,6 +88,17 @@ public class RmidViaInheritedChannel implements Callback {
TestLibrary.RMIDVIAINHERITEDCHANNEL_ACTIVATION_PORT);
rmid.addOptions(new String[]{
"-Djava.nio.channels.spi.SelectorProvider=RmidViaInheritedChannel$RmidSelectorProvider"});
if (System.getProperty("os.name").startsWith("Windows") &&
System.getProperty("os.version").startsWith("5."))
{
/* Windows XP/2003 or older
* Need to expand ephemeral range to include RMI test ports
*/
rmid.addOptions(new String[]{
"-Djdk.net.ephemeralPortRange.low=1024",
"-Djdk.net.ephemeralPortRange.high=64000"
});
}
rmid.start();
/*
......
......@@ -29,6 +29,10 @@
# @run shell readTest.sh
OS=`uname -s`
VER=`uname -r`
ARGS=""
REGARGS=""
case "$OS" in
SunOS | Linux | Darwin )
PS=":"
......@@ -39,11 +43,19 @@ case "$OS" in
PS=";"
FS="\\"
FILEURL="file:/"
if [ "$VER" -eq "5" ]; then
ARGS="-Djdk.net.ephemeralPortRange.low=1024 -Djdk.net.ephemeralPortRange.high=65000"
REGARGS="-J-Djdk.net.ephemeralPortRange.low=1024 -J-Djdk.net.ephemeralPortRange.high=65000"
fi
;;
CYGWIN* )
PS=";"
FS="/"
FILEURL="file:/"
if [ "$VER" -eq "5" ]; then
ARGS="-Djdk.net.ephemeralPortRange.low=1024 -Djdk.net.ephemeralPortRange.high=65000"
REGARGS="-J-Djdk.net.ephemeralPortRange.low=1024 -J-Djdk.net.ephemeralPortRange.high=65000"
fi
;;
* )
echo "Unrecognized system!"
......@@ -61,8 +73,8 @@ RMIREG_OUT=rmi.out
#start rmiregistry without any local classes on classpath
cd rmi_tmp
# NOTE: This RMI Registry port must match TestLibrary.READTEST_REGISTRY_PORT
${TESTJAVA}${FS}bin${FS}rmiregistry -J-Djava.rmi.server.useCodebaseOnly=false \
${TESTTOOLVMOPTS} 64005 > ..${FS}${RMIREG_OUT} 2>&1 &
${TESTJAVA}${FS}bin${FS}rmiregistry ${REGARGS} -J-Djava.rmi.server.useCodebaseOnly=false \
${TESTTOOLVMOPTS} 60005 > ..${FS}${RMIREG_OUT} 2>&1 &
RMIREG_PID=$!
# allow some time to start
sleep 3
......@@ -74,10 +86,10 @@ case "$OS" in
;;
* )
CODEBASE=`pwd`
;;
;;
esac
# trailing / after code base is important for rmi codebase property.
${TESTJAVA}${FS}bin${FS}java ${TESTVMOPTS} -cp $TEST_CLASSPATH -Djava.rmi.server.codebase=${FILEURL}$CODEBASE/ readTest > OUT.TXT 2>&1 &
${TESTJAVA}${FS}bin${FS}java ${TESTVMOPTS} -cp $TEST_CLASSPATH ${ARGS} -Djava.rmi.server.codebase=${FILEURL}$CODEBASE/ readTest > OUT.TXT 2>&1 &
TEST_PID=$!
#bulk of testcase - let it run for a while
sleep 5
......@@ -100,7 +112,7 @@ grep "Test passed" OUT.TXT
result2=$?
if [ $result1 -eq 0 -a $result2 -eq 0 ]
then
then
echo "Passed"
exitCode=0;
else
......@@ -108,6 +120,6 @@ else
exitCode=1
fi
rm -rf OUT.TXT ${RMIREG_OUT} rmi_tmp
exit ${exitCode}
exit ${exitCode}
......@@ -86,13 +86,13 @@ public class TestLibrary {
* FIXED_PORT_MIN or above FIXED_PORT_MAX, then adjust
* FIXED_PORT_MIN/MAX appropriately.
*/
public final static int FIXED_PORT_MIN = 64001;
public final static int FIXED_PORT_MAX = 64010;
public final static int RMIDVIAINHERITEDCHANNEL_ACTIVATION_PORT = 64001;
public final static int RMIDVIAINHERITEDCHANNEL_REGISTRY_PORT = 64002;
public final static int INHERITEDCHANNELNOTSERVERSOCKET_ACTIVATION_PORT = 64003;
public final static int INHERITEDCHANNELNOTSERVERSOCKET_REGISTRY_PORT = 64004;
public final static int READTEST_REGISTRY_PORT = 64005;
public final static int FIXED_PORT_MIN = 60001;
public final static int FIXED_PORT_MAX = 60010;
public final static int RMIDVIAINHERITEDCHANNEL_ACTIVATION_PORT = 60001;
public final static int RMIDVIAINHERITEDCHANNEL_REGISTRY_PORT = 60002;
public final static int INHERITEDCHANNELNOTSERVERSOCKET_ACTIVATION_PORT = 60003;
public final static int INHERITEDCHANNELNOTSERVERSOCKET_REGISTRY_PORT = 60004;
public final static int READTEST_REGISTRY_PORT = 60005;
private final static int MAX_SERVER_SOCKET_TRIES = 2*(FIXED_PORT_MAX-FIXED_PORT_MIN+1);
static void mesg(Object mesg) {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册