提交 7d7fd064 编写于 作者: S shshahma

8198662: Incompatible internal API change in JDK8u161: signature of method exportObject()

Reviewed-by: dfuchs, robm, jwilhelm, rriggs
上级 f3951e57
/* /*
* Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -25,7 +25,6 @@ ...@@ -25,7 +25,6 @@
package com.sun.jmx.remote.internal; package com.sun.jmx.remote.internal;
import sun.misc.ObjectInputFilter;
import java.rmi.NoSuchObjectException; import java.rmi.NoSuchObjectException;
import java.rmi.Remote; import java.rmi.Remote;
import java.rmi.RemoteException; import java.rmi.RemoteException;
...@@ -52,8 +51,7 @@ public interface RMIExporter { ...@@ -52,8 +51,7 @@ public interface RMIExporter {
public Remote exportObject(Remote obj, public Remote exportObject(Remote obj,
int port, int port,
RMIClientSocketFactory csf, RMIClientSocketFactory csf,
RMIServerSocketFactory ssf, RMIServerSocketFactory ssf)
ObjectInputFilter filter)
throws RemoteException; throws RemoteException;
public boolean unexportObject(Remote obj, boolean force) public boolean unexportObject(Remote obj, boolean force)
......
/* /*
* Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -69,61 +69,6 @@ public class EnvHelp { ...@@ -69,61 +69,6 @@ public class EnvHelp {
public static final String CREDENTIAL_TYPES = public static final String CREDENTIAL_TYPES =
"jmx.remote.rmi.server.credential.types"; "jmx.remote.rmi.server.credential.types";
/**
* Name of the attribute that specifies an
* {@link ObjectInputFilter} pattern string to filter classes acceptable
* for {@link RMIServer#newClient(java.lang.Object) RMIServer.newClient()}
* remote method call.
* <p>
* The filter pattern must be in same format as used in
* {@link java.io.ObjectInputFilter.Config.createFilter}
* <p>
* This list of classes allowed by filter should correspond to the
* transitive closure of the credentials class (or classes) used by the
* installed {@linkplain JMXAuthenticator} associated with the
* {@linkplain RMIServer} implementation.
* If the attribute is not set then any class is deemed acceptable.
* @see ObjectInputFilter
*/
public static final String CREDENTIALS_FILTER_PATTERN =
"jmx.remote.rmi.server.credentials.filter.pattern";
/**
* This attribute defines a pattern from which to create a
* {@link java.io.ObjectInputFilter} that will be used when deserializing
* objects sent to the {@code JMXConnectorServer} by any client.
* <p>
* The filter will be called for any class found in the serialized
* stream sent to server by client, including all JMX defined classes
* (such as {@link javax.management.ObjectName}), all method parameters,
* and, if present in the stream, all classes transitively referred by
* the serial form of any deserialized object.
* The pattern must be in same format as used in
* {@link java.io.ObjectInputFilter.Config.createFilter}.
* It may define a white list of permitted classes, a black list of
* rejected classes, a maximum depth for the deserialized objects,
* etc.
* <p>
* To be functional, the filter should allow at least all the
* concrete types in the transitive closure of all objects that
* might get serialized when serializing all JMX classes referred
* as parameters in the {@link
* javax.management.remote.rmi.RMIConnection} interface,
* plus all classes that a {@link javax.management.remote.rmi.RMIConnectorClient}
* might need to transmit wrapped in {@linkplain java.rmi.MarshalledObject
* marshalled objects} in order to interoperate with the MBeans registered
* in the {@code MBeanServer}. That would potentially include all the
* concrete {@linkplain javax.management.openmbean JMX OpenTypes} and the
* classes they use in their serial form.
* <p>
* Care must be taken when defining such a filter, as defining
* a white list too restrictive or a too wide a black list may
* prevent legitimate clients from interoperating with the
* {@code JMXConnectorServer}.
*/
public static final String SERIAL_FILTER_PATTERN =
"jmx.remote.rmi.server.serial.filter.pattern";
/** /**
* <p>Name of the attribute that specifies a default class loader * <p>Name of the attribute that specifies a default class loader
* object. * object.
......
...@@ -45,6 +45,8 @@ import static java.io.ObjectStreamClass.processQueue; ...@@ -45,6 +45,8 @@ import static java.io.ObjectStreamClass.processQueue;
import sun.misc.SharedSecrets; import sun.misc.SharedSecrets;
import sun.misc.ObjectInputFilter; import sun.misc.ObjectInputFilter;
import sun.misc.ObjectStreamClassValidator;
import sun.misc.SharedSecrets;
import sun.reflect.misc.ReflectUtil; import sun.reflect.misc.ReflectUtil;
import sun.misc.JavaOISAccess; import sun.misc.JavaOISAccess;
import sun.util.logging.PlatformLogger; import sun.util.logging.PlatformLogger;
...@@ -1750,6 +1752,9 @@ public class ObjectInputStream ...@@ -1750,6 +1752,9 @@ public class ObjectInputStream
throw new StreamCorruptedException( throw new StreamCorruptedException(
String.format("invalid type code: %02X", tc)); String.format("invalid type code: %02X", tc));
} }
if (descriptor != null) {
validateDescriptor(descriptor);
}
return descriptor; return descriptor;
} }
...@@ -3895,4 +3900,21 @@ public class ObjectInputStream ...@@ -3895,4 +3900,21 @@ public class ObjectInputStream
throw new AssertionError(); throw new AssertionError();
} }
} }
private void validateDescriptor(ObjectStreamClass descriptor) {
ObjectStreamClassValidator validating = validator;
if (validating != null) {
validating.validateDescriptor(descriptor);
}
}
// controlled access to ObjectStreamClassValidator
private volatile ObjectStreamClassValidator validator;
private static void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator) {
ois.validator = validator;
}
static {
SharedSecrets.setJavaObjectInputStreamAccess(ObjectInputStream::setValidator);
}
} }
/* /*
* Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -33,7 +33,6 @@ import com.sun.jmx.remote.util.EnvHelp; ...@@ -33,7 +33,6 @@ import com.sun.jmx.remote.util.EnvHelp;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
import sun.misc.ObjectInputFilter;
import java.io.ObjectOutputStream; import java.io.ObjectOutputStream;
import java.net.MalformedURLException; import java.net.MalformedURLException;
import java.rmi.server.RMIClientSocketFactory; import java.rmi.server.RMIClientSocketFactory;
......
/* /*
* Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -26,7 +26,6 @@ ...@@ -26,7 +26,6 @@
package javax.management.remote.rmi; package javax.management.remote.rmi;
import java.io.IOException; import java.io.IOException;
import sun.misc.ObjectInputFilter;
import java.rmi.NoSuchObjectException; import java.rmi.NoSuchObjectException;
import java.rmi.Remote; import java.rmi.Remote;
import java.rmi.RemoteException; import java.rmi.RemoteException;
...@@ -48,11 +47,6 @@ import sun.reflect.misc.ReflectUtil; ...@@ -48,11 +47,6 @@ import sun.reflect.misc.ReflectUtil;
import sun.rmi.server.DeserializationChecker; import sun.rmi.server.DeserializationChecker;
import sun.rmi.server.UnicastServerRef; import sun.rmi.server.UnicastServerRef;
import sun.rmi.server.UnicastServerRef2; import sun.rmi.server.UnicastServerRef2;
import java.util.Arrays;
import java.util.Set;
import java.util.stream.Collectors;
import sun.rmi.transport.LiveRef;
/** /**
* <p>An {@link RMIServer} object that is exported through JRMP and that * <p>An {@link RMIServer} object that is exported through JRMP and that
...@@ -65,6 +59,8 @@ import sun.rmi.transport.LiveRef; ...@@ -65,6 +59,8 @@ import sun.rmi.transport.LiveRef;
*/ */
public class RMIJRMPServerImpl extends RMIServerImpl { public class RMIJRMPServerImpl extends RMIServerImpl {
private final ExportedWrapper exportedWrapper;
/** /**
* <p>Creates a new {@link RMIServer} object that will be exported * <p>Creates a new {@link RMIServer} object that will be exported
* on the given port using the given socket factories.</p> * on the given port using the given socket factories.</p>
...@@ -105,37 +101,31 @@ public class RMIJRMPServerImpl extends RMIServerImpl { ...@@ -105,37 +101,31 @@ public class RMIJRMPServerImpl extends RMIServerImpl {
String[] credentialsTypes String[] credentialsTypes
= (String[]) this.env.get(EnvHelp.CREDENTIAL_TYPES); = (String[]) this.env.get(EnvHelp.CREDENTIAL_TYPES);
List<String> types = null;
String credentialsFilter if (credentialsTypes != null) {
= (String) this.env.get(EnvHelp.CREDENTIALS_FILTER_PATTERN); types = new ArrayList<>();
for (String type : credentialsTypes) {
if(credentialsFilter != null){ if (type == null) {
cFilter = ObjectInputFilter.Config.createFilter(credentialsFilter); throw new IllegalArgumentException("A credential type is null.");
allowedTypes = null;
} }
else if (credentialsTypes != null) { ReflectUtil.checkPackageAccess(type);
allowedTypes = Arrays.stream(credentialsTypes).filter( types.add(type);
s -> s!= null).collect(Collectors.toSet());
allowedTypes.stream().forEach(ReflectUtil::checkPackageAccess);
cFilter = this::newClientCheckInput;
} else {
allowedTypes = null;
cFilter = null;
} }
}
String userJmxFilter = exportedWrapper = types != null ?
(String) this.env.get(EnvHelp.SERIAL_FILTER_PATTERN); new ExportedWrapper(this, types) :
if(userJmxFilter != null && !userJmxFilter.isEmpty()) null;
jmxRmiFilter = ObjectInputFilter.Config.createFilter(userJmxFilter);
else
jmxRmiFilter = null;
} }
protected void export() throws IOException { protected void export() throws IOException {
export(this, cFilter); if (exportedWrapper != null) {
export(exportedWrapper);
} else {
export(this);
}
} }
private void export(Remote obj, ObjectInputFilter typeFilter) throws RemoteException { private void export(Remote obj) throws RemoteException {
final RMIExporter exporter = final RMIExporter exporter =
(RMIExporter) env.get(RMIExporter.EXPORTER_ATTRIBUTE); (RMIExporter) env.get(RMIExporter.EXPORTER_ATTRIBUTE);
final boolean daemon = EnvHelp.isServerDaemon(env); final boolean daemon = EnvHelp.isServerDaemon(env);
...@@ -146,14 +136,16 @@ public class RMIJRMPServerImpl extends RMIServerImpl { ...@@ -146,14 +136,16 @@ public class RMIJRMPServerImpl extends RMIServerImpl {
" cannot be used to specify an exporter!"); " cannot be used to specify an exporter!");
} }
if (exporter != null) { if (daemon) {
exporter.exportObject(obj, port, csf, ssf, typeFilter);
} else {
if (csf == null && ssf == null) { if (csf == null && ssf == null) {
new UnicastServerRef(new LiveRef(port), typeFilter).exportObject(obj, null, daemon); new UnicastServerRef(port).exportObject(obj, null, true);
} else { } else {
new UnicastServerRef2(port, csf, ssf, typeFilter).exportObject(obj, null, daemon); new UnicastServerRef2(port, csf, ssf).exportObject(obj, null, true);
} }
} else if (exporter != null) {
exporter.exportObject(obj, port, csf, ssf);
} else {
UnicastRemoteObject.exportObject(obj, port, csf, ssf);
} }
} }
...@@ -180,8 +172,12 @@ public class RMIJRMPServerImpl extends RMIServerImpl { ...@@ -180,8 +172,12 @@ public class RMIJRMPServerImpl extends RMIServerImpl {
* RMIJRMPServerImpl has not been exported yet. * RMIJRMPServerImpl has not been exported yet.
*/ */
public Remote toStub() throws IOException { public Remote toStub() throws IOException {
if (exportedWrapper != null) {
return RemoteObject.toStub(exportedWrapper);
} else {
return RemoteObject.toStub(this); return RemoteObject.toStub(this);
} }
}
/** /**
* <p>Creates a new client connection as an RMI object exported * <p>Creates a new client connection as an RMI object exported
...@@ -210,7 +206,7 @@ public class RMIJRMPServerImpl extends RMIServerImpl { ...@@ -210,7 +206,7 @@ public class RMIJRMPServerImpl extends RMIServerImpl {
RMIConnection client = RMIConnection client =
new RMIConnectionImpl(this, connectionId, getDefaultClassLoader(), new RMIConnectionImpl(this, connectionId, getDefaultClassLoader(),
subject, env); subject, env);
export(client, jmxRmiFilter); export(client);
return client; return client;
} }
...@@ -227,38 +223,56 @@ public class RMIJRMPServerImpl extends RMIServerImpl { ...@@ -227,38 +223,56 @@ public class RMIJRMPServerImpl extends RMIServerImpl {
* server failed. * server failed.
*/ */
protected void closeServer() throws IOException { protected void closeServer() throws IOException {
if (exportedWrapper != null) {
unexport(exportedWrapper, true);
} else {
unexport(this, true); unexport(this, true);
} }
/**
* Check that a type in the remote invocation of {@link RMIServerImpl#newClient}
* is one of the {@code allowedTypes}.
*
* @param clazz the class; may be null
* @param size the size for arrays, otherwise is 0
* @param nObjectRefs the current number of object references
* @param depth the current depth
* @param streamBytes the current number of bytes consumed
* @return {@code ObjectInputFilter.Status.ALLOWED} if the class is allowed,
* otherwise {@code ObjectInputFilter.Status.REJECTED}
*/
ObjectInputFilter.Status newClientCheckInput(ObjectInputFilter.FilterInfo filterInfo) {
ObjectInputFilter.Status status = ObjectInputFilter.Status.UNDECIDED;
if (allowedTypes != null && filterInfo.serialClass() != null) {
// If enabled, check type
String type = filterInfo.serialClass().getName();
if (allowedTypes.contains(type))
status = ObjectInputFilter.Status.ALLOWED;
else
status = ObjectInputFilter.Status.REJECTED;
}
return status;
} }
private final int port; private final int port;
private final RMIClientSocketFactory csf; private final RMIClientSocketFactory csf;
private final RMIServerSocketFactory ssf; private final RMIServerSocketFactory ssf;
private final Map<String, ?> env; private final Map<String, ?> env;
private final Set<String> allowedTypes;
private final ObjectInputFilter jmxRmiFilter; private static class ExportedWrapper implements RMIServer, DeserializationChecker {
private final ObjectInputFilter cFilter; private final RMIServer impl;
private final List<String> allowedTypes;
private ExportedWrapper(RMIServer impl, List<String> credentialsTypes) {
this.impl = impl;
allowedTypes = credentialsTypes;
}
@Override
public String getVersion() throws RemoteException {
return impl.getVersion();
}
@Override
public RMIConnection newClient(Object credentials) throws IOException {
return impl.newClient(credentials);
}
@Override
public void check(Method method, ObjectStreamClass descriptor,
int paramIndex, int callID) {
String type = descriptor.getName();
if (!allowedTypes.contains(type)) {
throw new ClassCastException("Unsupported type: " + type);
}
}
@Override
public void checkProxyClass(Method method, String[] ifaces,
int paramIndex, int callID) {
if (ifaces != null && ifaces.length > 0) {
for (String iface : ifaces) {
if (!allowedTypes.contains(iface)) {
throw new ClassCastException("Unsupported type: " + iface);
}
}
}
}
}
} }
/* /*
* Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -30,7 +30,7 @@ import java.io.File; ...@@ -30,7 +30,7 @@ import java.io.File;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import sun.misc.ObjectInputFilter; import java.io.Serializable;
import java.lang.management.ManagementFactory; import java.lang.management.ManagementFactory;
import java.net.InetAddress; import java.net.InetAddress;
import java.net.MalformedURLException; import java.net.MalformedURLException;
...@@ -43,6 +43,7 @@ import java.rmi.RemoteException; ...@@ -43,6 +43,7 @@ import java.rmi.RemoteException;
import java.rmi.registry.Registry; import java.rmi.registry.Registry;
import java.rmi.server.RMIClientSocketFactory; import java.rmi.server.RMIClientSocketFactory;
import java.rmi.server.RMIServerSocketFactory; import java.rmi.server.RMIServerSocketFactory;
import java.rmi.server.RMISocketFactory;
import java.rmi.server.RemoteObject; import java.rmi.server.RemoteObject;
import java.rmi.server.UnicastRemoteObject; import java.rmi.server.UnicastRemoteObject;
import java.security.KeyStore; import java.security.KeyStore;
...@@ -82,7 +83,6 @@ import sun.management.FileSystem; ...@@ -82,7 +83,6 @@ import sun.management.FileSystem;
import sun.rmi.server.UnicastRef; import sun.rmi.server.UnicastRef;
import sun.rmi.server.UnicastServerRef; import sun.rmi.server.UnicastServerRef;
import sun.rmi.server.UnicastServerRef2; import sun.rmi.server.UnicastServerRef2;
import sun.rmi.transport.LiveRef;
/** /**
* This class initializes and starts the RMIConnectorServer for JSR 163 * This class initializes and starts the RMIConnectorServer for JSR 163
...@@ -141,8 +141,6 @@ public final class ConnectorBootstrap { ...@@ -141,8 +141,6 @@ public final class ConnectorBootstrap {
"com.sun.management.jmxremote.ssl.need.client.auth"; "com.sun.management.jmxremote.ssl.need.client.auth";
public static final String SSL_CONFIG_FILE_NAME = public static final String SSL_CONFIG_FILE_NAME =
"com.sun.management.jmxremote.ssl.config.file"; "com.sun.management.jmxremote.ssl.config.file";
public static final String SERIAL_FILTER_PATTERN =
"com.sun.management.jmxremote.serial.filter.pattern";
} }
/** /**
...@@ -183,8 +181,7 @@ public final class ConnectorBootstrap { ...@@ -183,8 +181,7 @@ public final class ConnectorBootstrap {
public Remote exportObject(Remote obj, public Remote exportObject(Remote obj,
int port, int port,
RMIClientSocketFactory csf, RMIClientSocketFactory csf,
RMIServerSocketFactory ssf, RMIServerSocketFactory ssf)
ObjectInputFilter filter)
throws RemoteException { throws RemoteException {
synchronized (this) { synchronized (this) {
...@@ -195,9 +192,9 @@ public final class ConnectorBootstrap { ...@@ -195,9 +192,9 @@ public final class ConnectorBootstrap {
final UnicastServerRef ref; final UnicastServerRef ref;
if (csf == null && ssf == null) { if (csf == null && ssf == null) {
ref = new UnicastServerRef(new LiveRef(port), filter); ref = new UnicastServerRef(port);
} else { } else {
ref = new UnicastServerRef2(port, csf, ssf, filter); ref = new UnicastServerRef2(port, csf, ssf);
} }
return ref.exportObject(obj, null, true); return ref.exportObject(obj, null, true);
} }
...@@ -437,7 +434,6 @@ public final class ConnectorBootstrap { ...@@ -437,7 +434,6 @@ public final class ConnectorBootstrap {
final String bindAddress = final String bindAddress =
props.getProperty(PropertyNames.HOST); props.getProperty(PropertyNames.HOST);
final String jmxRmiFilter = props.getProperty(PropertyNames.SERIAL_FILTER_PATTERN);
if (log.debugOn()) { if (log.debugOn()) {
log.debug("startRemoteConnectorServer", log.debug("startRemoteConnectorServer",
...@@ -474,7 +470,7 @@ public final class ConnectorBootstrap { ...@@ -474,7 +470,7 @@ public final class ConnectorBootstrap {
sslConfigFileName, enabledCipherSuitesList, sslConfigFileName, enabledCipherSuitesList,
enabledProtocolsList, sslNeedClientAuth, enabledProtocolsList, sslNeedClientAuth,
useAuthentication, loginConfigName, useAuthentication, loginConfigName,
passwordFileName, accessFileName, bindAddress, jmxRmiFilter); passwordFileName, accessFileName, bindAddress);
cs = data.jmxConnectorServer; cs = data.jmxConnectorServer;
url = data.jmxRemoteURL; url = data.jmxRemoteURL;
log.config("startRemoteConnectorServer", log.config("startRemoteConnectorServer",
...@@ -514,7 +510,9 @@ public final class ConnectorBootstrap { ...@@ -514,7 +510,9 @@ public final class ConnectorBootstrap {
// This RMI server should not keep the VM alive // This RMI server should not keep the VM alive
Map<String, Object> env = new HashMap<>(); Map<String, Object> env = new HashMap<>();
env.put(RMIExporter.EXPORTER_ATTRIBUTE, new PermanentExporter()); env.put(RMIExporter.EXPORTER_ATTRIBUTE, new PermanentExporter());
env.put(EnvHelp.CREDENTIALS_FILTER_PATTERN, String.class.getName() + ";!*"); env.put(EnvHelp.CREDENTIAL_TYPES, new String[]{
String[].class.getName(), String.class.getName()
});
// The local connector server need only be available via the // The local connector server need only be available via the
// loopback connection. // loopback connection.
...@@ -730,8 +728,7 @@ public final class ConnectorBootstrap { ...@@ -730,8 +728,7 @@ public final class ConnectorBootstrap {
String loginConfigName, String loginConfigName,
String passwordFileName, String passwordFileName,
String accessFileName, String accessFileName,
String bindAddress, String bindAddress)
String jmxRmiFilter)
throws IOException, MalformedURLException { throws IOException, MalformedURLException {
/* Make sure we use non-guessable RMI object IDs. Otherwise /* Make sure we use non-guessable RMI object IDs. Otherwise
...@@ -746,11 +743,9 @@ public final class ConnectorBootstrap { ...@@ -746,11 +743,9 @@ public final class ConnectorBootstrap {
PermanentExporter exporter = new PermanentExporter(); PermanentExporter exporter = new PermanentExporter();
env.put(RMIExporter.EXPORTER_ATTRIBUTE, exporter); env.put(RMIExporter.EXPORTER_ATTRIBUTE, exporter);
env.put(EnvHelp.CREDENTIALS_FILTER_PATTERN, String.class.getName() + ";!*"); env.put(EnvHelp.CREDENTIAL_TYPES, new String[]{
String[].class.getName(), String.class.getName()
if(jmxRmiFilter != null && !jmxRmiFilter.isEmpty()) { });
env.put(EnvHelp.SERIAL_FILTER_PATTERN, jmxRmiFilter);
}
boolean useSocketFactory = bindAddress != null && !useSsl; boolean useSocketFactory = bindAddress != null && !useSsl;
......
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.misc;
import java.io.ObjectInputStream;
/**
* The interface to specify methods for accessing {@code ObjectInputStream}
* @author sjiang
*/
public interface JavaObjectInputStreamAccess {
/**
* Sets a descriptor validating.
* @param ois stream to have the descriptors validated
* @param validator validator used to validate a descriptor.
*/
public void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator);
}
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.misc;
import java.io.ObjectStreamClass;
/**
* A callback used by {@code ObjectInputStream} to do descriptor validation.
*
* @author sjiang
*/
public interface ObjectStreamClassValidator {
/**
* This method will be called by ObjectInputStream to
* check a descriptor just before creating an object described by this descriptor.
* The object will not be created if this method throws a {@code RuntimeException}.
* @param descriptor descriptor to be checked.
*/
public void validateDescriptor(ObjectStreamClass descriptor);
}
...@@ -59,6 +59,7 @@ public class SharedSecrets { ...@@ -59,6 +59,7 @@ public class SharedSecrets {
private static JavaAWTAccess javaAWTAccess; private static JavaAWTAccess javaAWTAccess;
private static JavaOISAccess javaOISAccess; private static JavaOISAccess javaOISAccess;
private static JavaxCryptoSealedObjectAccess javaxCryptoSealedObjectAccess; private static JavaxCryptoSealedObjectAccess javaxCryptoSealedObjectAccess;
private static JavaObjectInputStreamAccess javaObjectInputStreamAccess;
public static JavaUtilJarAccess javaUtilJarAccess() { public static JavaUtilJarAccess javaUtilJarAccess() {
if (javaUtilJarAccess == null) { if (javaUtilJarAccess == null) {
...@@ -201,6 +202,18 @@ public class SharedSecrets { ...@@ -201,6 +202,18 @@ public class SharedSecrets {
return javaAWTAccess; return javaAWTAccess;
} }
public static JavaObjectInputStreamAccess getJavaObjectInputStreamAccess() {
if (javaObjectInputStreamAccess == null) {
unsafe.ensureClassInitialized(ObjectInputStream.class);
}
return javaObjectInputStreamAccess;
}
public static void setJavaObjectInputStreamAccess(JavaObjectInputStreamAccess access) {
javaObjectInputStreamAccess = access;
}
public static void setJavaxCryptoSealedObjectAccess(JavaxCryptoSealedObjectAccess jcsoa) { public static void setJavaxCryptoSealedObjectAccess(JavaxCryptoSealedObjectAccess jcsoa) {
javaxCryptoSealedObjectAccess = jcsoa; javaxCryptoSealedObjectAccess = jcsoa;
} }
......
/* /*
* Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -34,6 +34,8 @@ import java.util.*; ...@@ -34,6 +34,8 @@ import java.util.*;
import java.security.AccessControlException; import java.security.AccessControlException;
import java.security.Permission; import java.security.Permission;
import java.rmi.server.RMIClassLoader; import java.rmi.server.RMIClassLoader;
import sun.misc.ObjectStreamClassValidator;
import sun.misc.SharedSecrets;
/** /**
* MarshalInputStream is an extension of ObjectInputStream. When resolving * MarshalInputStream is an extension of ObjectInputStream. When resolving
...@@ -51,6 +53,11 @@ import java.rmi.server.RMIClassLoader; ...@@ -51,6 +53,11 @@ import java.rmi.server.RMIClassLoader;
* @author Peter Jones * @author Peter Jones
*/ */
public class MarshalInputStream extends ObjectInputStream { public class MarshalInputStream extends ObjectInputStream {
interface StreamChecker extends ObjectStreamClassValidator {
void checkProxyInterfaceNames(String[] ifaces);
}
private volatile StreamChecker streamChecker = null;
/** /**
* Value of "java.rmi.server.useCodebaseOnly" property, * Value of "java.rmi.server.useCodebaseOnly" property,
...@@ -237,6 +244,11 @@ public class MarshalInputStream extends ObjectInputStream { ...@@ -237,6 +244,11 @@ public class MarshalInputStream extends ObjectInputStream {
protected Class<?> resolveProxyClass(String[] interfaces) protected Class<?> resolveProxyClass(String[] interfaces)
throws IOException, ClassNotFoundException throws IOException, ClassNotFoundException
{ {
StreamChecker checker = streamChecker;
if (checker != null) {
checker.checkProxyInterfaceNames(interfaces);
}
/* /*
* Always read annotation written by MarshalOutputStream. * Always read annotation written by MarshalOutputStream.
*/ */
...@@ -318,4 +330,28 @@ public class MarshalInputStream extends ObjectInputStream { ...@@ -318,4 +330,28 @@ public class MarshalInputStream extends ObjectInputStream {
void useCodebaseOnly() { void useCodebaseOnly() {
useCodebaseOnly = true; useCodebaseOnly = true;
} }
synchronized void setStreamChecker(StreamChecker checker) {
streamChecker = checker;
SharedSecrets.getJavaObjectInputStreamAccess().setValidator(this, checker);
}
@Override
protected ObjectStreamClass readClassDescriptor() throws IOException,
ClassNotFoundException {
ObjectStreamClass descriptor = super.readClassDescriptor();
validateDesc(descriptor);
return descriptor;
}
private void validateDesc(ObjectStreamClass descriptor) {
StreamChecker checker;
synchronized (this) {
checker = streamChecker;
}
if (checker != null) {
checker.validateDescriptor(descriptor);
}
}
} }
/* /*
* Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -29,6 +29,7 @@ import java.io.IOException; ...@@ -29,6 +29,7 @@ import java.io.IOException;
import java.io.ObjectInput; import java.io.ObjectInput;
import java.io.ObjectInputStream; import java.io.ObjectInputStream;
import java.io.ObjectOutput; import java.io.ObjectOutput;
import java.io.ObjectStreamClass;
import java.lang.reflect.InvocationTargetException; import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import java.rmi.AccessException; import java.rmi.AccessException;
...@@ -331,15 +332,10 @@ public class UnicastServerRef extends UnicastRef ...@@ -331,15 +332,10 @@ public class UnicastServerRef extends UnicastRef
logCall(obj, method); logCall(obj, method);
// unmarshal parameters // unmarshal parameters
Class<?>[] types = method.getParameterTypes(); Object[] params = null;
Object[] params = new Object[types.length];
try { try {
unmarshalCustomCallData(in); unmarshalCustomCallData(in);
// Unmarshal the parameters params = unmarshalParameters(obj, method, marshalStream);
for (int i = 0; i < types.length; i++) {
params[i] = unmarshalValue(types[i], in);
}
} catch (AccessException aex) { } catch (AccessException aex) {
// For compatibility, AccessException is not wrapped in UnmarshalException // For compatibility, AccessException is not wrapped in UnmarshalException
...@@ -609,4 +605,84 @@ public class UnicastServerRef extends UnicastRef ...@@ -609,4 +605,84 @@ public class UnicastServerRef extends UnicastRef
} }
} }
/**
* Unmarshal parameters for the given method of the given instance over
* the given marshalinputstream. Perform any necessary checks.
*/
private Object[] unmarshalParameters(Object obj, Method method, MarshalInputStream in)
throws IOException, ClassNotFoundException {
return (obj instanceof DeserializationChecker) ?
unmarshalParametersChecked((DeserializationChecker)obj, method, in) :
unmarshalParametersUnchecked(method, in);
}
/**
* Unmarshal parameters for the given method of the given instance over
* the given marshalinputstream. Do not perform any additional checks.
*/
private Object[] unmarshalParametersUnchecked(Method method, ObjectInput in)
throws IOException, ClassNotFoundException {
Class<?>[] types = method.getParameterTypes();
Object[] params = new Object[types.length];
for (int i = 0; i < types.length; i++) {
params[i] = unmarshalValue(types[i], in);
}
return params;
}
/**
* Unmarshal parameters for the given method of the given instance over
* the given marshalinputstream. Do perform all additional checks.
*/
private Object[] unmarshalParametersChecked(
DeserializationChecker checker,
Method method, MarshalInputStream in)
throws IOException, ClassNotFoundException {
int callID = methodCallIDCount.getAndIncrement();
MyChecker myChecker = new MyChecker(checker, method, callID);
in.setStreamChecker(myChecker);
try {
Class<?>[] types = method.getParameterTypes();
Object[] values = new Object[types.length];
for (int i = 0; i < types.length; i++) {
myChecker.setIndex(i);
values[i] = unmarshalValue(types[i], in);
}
myChecker.end(callID);
return values;
} finally {
in.setStreamChecker(null);
}
}
private static class MyChecker implements MarshalInputStream.StreamChecker {
private final DeserializationChecker descriptorCheck;
private final Method method;
private final int callID;
private int parameterIndex;
MyChecker(DeserializationChecker descriptorCheck, Method method, int callID) {
this.descriptorCheck = descriptorCheck;
this.method = method;
this.callID = callID;
}
@Override
public void validateDescriptor(ObjectStreamClass descriptor) {
descriptorCheck.check(method, descriptor, parameterIndex, callID);
}
@Override
public void checkProxyInterfaceNames(String[] ifaces) {
descriptorCheck.checkProxyClass(method, ifaces, parameterIndex, callID);
}
void setIndex(int parameterIndex) {
this.parameterIndex = parameterIndex;
}
void end(int callId) {
descriptorCheck.end(callId);
}
}
} }
...@@ -329,38 +329,3 @@ ...@@ -329,38 +329,3 @@
# The format of the value for that property is any string accepted # The format of the value for that property is any string accepted
# by java.net.InetAddress.getByName(String). # by java.net.InetAddress.getByName(String).
# #
# ################ Filter for ObjectInputStream #############################
# com.sun.management.jmxremote.serial.filter.pattern=<filter-string>
# A filter, if configured, is used by java.io.ObjectInputStream during
# deserialization of parameters sent to the JMX default agent to validate the
# contents of the stream.
# A filter is configured as a sequence of patterns, each pattern is either
# matched against the name of a class in the stream or defines a limit.
# Patterns are separated by ";" (semicolon).
# Whitespace is significant and is considered part of the pattern.
#
# If a pattern includes a "=", it sets a limit.
# If a limit appears more than once the last value is used.
# Limits are checked before classes regardless of the order in the sequence of patterns.
# If any of the limits are exceeded, the filter status is REJECTED.
#
# maxdepth=value - the maximum depth of a graph
# maxrefs=value - the maximum number of internal references
# maxbytes=value - the maximum number of bytes in the input stream
# maxarray=value - the maximum array length allowed
#
# Other patterns, from left to right, match the class or package name as
# returned from Class.getName.
# If the class is an array type, the class or package to be matched is the element type.
# Arrays of any number of dimensions are treated the same as the element type.
# For example, a pattern of "!example.Foo", rejects creation of any instance or
# array of example.Foo.
#
# If the pattern starts with "!", the status is REJECTED if the remaining pattern
# is matched; otherwise the status is ALLOWED if the pattern matches.
# If the pattern ends with ".**" it matches any class in the package and all subpackages.
# If the pattern ends with ".*" it matches any class in the package.
# If the pattern ends with "*", it matches any class with the pattern as a prefix.
# If the pattern is equal to the class name, it matches.
# Otherwise, the status is UNDECIDED.
/* /*
* Copyright (c) 2004, 2017, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -46,7 +46,6 @@ import javax.management.remote.JMXConnectorServer; ...@@ -46,7 +46,6 @@ import javax.management.remote.JMXConnectorServer;
import javax.management.remote.JMXConnectorServerFactory; import javax.management.remote.JMXConnectorServerFactory;
import javax.management.remote.JMXServiceURL; import javax.management.remote.JMXServiceURL;
import com.sun.jmx.remote.internal.RMIExporter; import com.sun.jmx.remote.internal.RMIExporter;
import sun.misc.ObjectInputFilter;
public class RMIExporterTest { public class RMIExporterTest {
...@@ -60,8 +59,7 @@ public class RMIExporterTest { ...@@ -60,8 +59,7 @@ public class RMIExporterTest {
public Remote exportObject(Remote obj, public Remote exportObject(Remote obj,
int port, int port,
RMIClientSocketFactory csf, RMIClientSocketFactory csf,
RMIServerSocketFactory ssf, RMIServerSocketFactory ssf)
ObjectInputFilter unused)
throws RemoteException { throws RemoteException {
System.out.println("CustomRMIExporter::exportObject():: " + System.out.println("CustomRMIExporter::exportObject():: " +
"Remote = " + obj); "Remote = " + obj);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册