8031395: Enhance LDAP processing

Reviewed-by: vinnie, alanb, skoivu, ahgross

8031395: Enhance LDAP processing
Reviewed-by: vinnie, alanb, skoivu, ahgross
7d7a2180 · weijun · 11790479 · 7d7a2180 · 7d7a2180
2 changed file
--- a/src/share/classes/com/sun/jndi/ldap/LdapBindingEnumeration.java
+++ b/src/share/classes/com/sun/jndi/ldap/LdapBindingEnumeration.java
@@ -25,6 +25,10 @@

 package com.sun.jndi.ldap;

+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.util.Vector;
 import javax.naming.*;
 import javax.naming.directory.*;
@@ -36,6 +40,8 @@ import com.sun.jndi.toolkit.ctx.Continuation;
 final class LdapBindingEnumeration
        extends AbstractLdapNamingEnumeration<Binding> {

+    private final AccessControlContext acc = AccessController.getContext();
+
    LdapBindingEnumeration(LdapCtx homeCtx, LdapResult answer, Name remain,
        Continuation cont) throws NamingException
    {
@@ -52,7 +58,16 @@ final class LdapBindingEnumeration

        if (attrs.get(Obj.JAVA_ATTRIBUTES[Obj.CLASSNAME]) != null) {
            // serialized object or object reference
-            obj = Obj.decodeObject(attrs);
+            try {
+                obj = AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
+                    @Override
+                    public Object run() throws NamingException {
+                        return Obj.decodeObject(attrs);
+                    }
+                }, acc);
+            } catch (PrivilegedActionException e) {
+                throw (NamingException)e.getException();
+            }
        }
        if (obj == null) {
            // DirContext object

--- a/src/share/classes/com/sun/jndi/ldap/LdapSearchEnumeration.java
+++ b/src/share/classes/com/sun/jndi/ldap/LdapSearchEnumeration.java
@@ -25,6 +25,10 @@

 package com.sun.jndi.ldap;

+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.util.Vector;
 import javax.naming.*;
 import javax.naming.directory.*;
@@ -40,6 +44,8 @@ final class LdapSearchEnumeration
    private Name startName;             // prefix of names of search results
    private LdapCtx.SearchArgs searchArgs = null;

+    private final AccessControlContext acc = AccessController.getContext();
+
    LdapSearchEnumeration(LdapCtx homeCtx, LdapResult search_results,
        String starter, LdapCtx.SearchArgs args, Continuation cont)
        throws NamingException {
@@ -112,8 +118,16 @@ final class LdapSearchEnumeration
            if (attrs.get(Obj.JAVA_ATTRIBUTES[Obj.CLASSNAME]) != null) {
                // Entry contains Java-object attributes (ser/ref object)
                // serialized object or object reference
-                obj = Obj.decodeObject(attrs);
-
+                try {
+                    obj = AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
+                        @Override
+                        public Object run() throws NamingException {
+                            return Obj.decodeObject(attrs);
+                        }
+                    }, acc);
+                } catch (PrivilegedActionException e) {
+                    throw (NamingException)e.getException();
+                }
            }
            if (obj == null) {
                obj = new LdapCtx(homeCtx, dn);