8158997: JNDI Protocols Switch

Reviewed-by: vinnie

8158997: JNDI Protocols Switch
Reviewed-by: vinnie
dd8c83f2 · robm · 621570f4 · dd8c83f2 · dd8c83f2 · dd8c83f2
5 changed file
--- a/src/share/classes/com/sun/jndi/cosnaming/CNBindingEnumeration.java
+++ b/src/share/classes/com/sun/jndi/cosnaming/CNBindingEnumeration.java
@@ -33,6 +33,8 @@ import java.util.Hashtable;

 import org.omg.CosNaming.*;

+import com.sun.jndi.toolkit.corba.CorbaUtils;
+
 /**
  * Implements the JNDI NamingEnumeration interface for COS
  * Naming. Gets hold of a list of bindings from the COS Naming Server
@@ -212,7 +214,10 @@ final class CNBindingEnumeration
        Name cname = CNNameParser.cosNameToName(bndg.binding_name);

        try {
+            // Check whether object factory codebase is trusted
+            if (CorbaUtils.isObjectFactoryTrusted(obj)) {
            obj = NamingManager.getObjectInstance(obj, cname, _ctx, _env);
+            }
        } catch (NamingException e) {
            throw e;
        } catch (Exception e) {

--- a/src/share/classes/com/sun/jndi/cosnaming/CNCtx.java
+++ b/src/share/classes/com/sun/jndi/cosnaming/CNCtx.java
@@ -36,6 +36,8 @@ import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.BufferedReader;
 import java.io.IOException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;

 import org.omg.CosNaming.*;
 import org.omg.CosNaming.NamingContextPackage.*;
@@ -82,6 +84,19 @@ public class CNCtx implements javax.naming.Context {
    private static final String FED_PROP = "com.sun.jndi.cosnaming.federation";
    boolean federation = false;

+    /**
+     * Determines whether classes may be loaded from an arbitrary URL code base.
+     */
+    public static final boolean trustURLCodebase;
+    static {
+        // System property to control whether classes may be loaded from an
+        // arbitrary URL code base
+        PrivilegedAction<String> act = () -> System.getProperty(
+            "com.sun.jndi.cosnaming.object.trustURLCodebase", "false");
+        String trust = AccessController.doPrivileged(act);
+        trustURLCodebase = "true".equalsIgnoreCase(trust);
+    }
+
    // Reference counter for tracking _orb references
    OrbReuseTracker orbTracker = null;
    int enumCount;
@@ -534,12 +549,16 @@ public class CNCtx implements javax.naming.Context {
            if (name.size() == 0 )
                return this; // %%% should clone() so that env can be changed
            NameComponent[] path = CNNameParser.nameToCosName(name);
+            java.lang.Object answer = null;

            try {
-                java.lang.Object answer = callResolve(path);
-
+                answer = callResolve(path);
                try {
-                    return NamingManager.getObjectInstance(answer, name, this, _env);
+                    // Check whether object factory codebase is trusted
+                    if (CorbaUtils.isObjectFactoryTrusted(answer)) {
+                        answer = NamingManager.getObjectInstance(
+                            answer, name, this, _env);
+                    }
                } catch (NamingException e) {
                    throw e;
                } catch (Exception e) {
@@ -552,6 +571,7 @@ public class CNCtx implements javax.naming.Context {
                javax.naming.Context cctx = getContinuationContext(cpe);
                return cctx.lookup(cpe.getRemainingName());
            }
+            return answer;
    }

    /**

--- a/src/share/classes/com/sun/jndi/cosnaming/ExceptionMapper.java
+++ b/src/share/classes/com/sun/jndi/cosnaming/ExceptionMapper.java
@@ -33,6 +33,8 @@ import org.omg.CosNaming.*;
 import org.omg.CosNaming.NamingContextPackage.*;
 import org.omg.CORBA.*;

+import com.sun.jndi.toolkit.corba.CorbaUtils;
+
 /**
  * A convenience class to map the COS Naming exceptions to the JNDI exceptions.
  * @author Raj Krishnamurthy
@@ -202,10 +204,13 @@ public final class ExceptionMapper {
            // Not a context, use object factory to transform object.

            Name cname = CNNameParser.cosNameToName(resolvedName);
-            java.lang.Object resolvedObj2;
+            java.lang.Object resolvedObj2 = null;
            try {
+                // Check whether object factory codebase is trusted
+                if (CorbaUtils.isObjectFactoryTrusted(resolvedObj)) {
                resolvedObj2 = NamingManager.getObjectInstance(resolvedObj,
                    cname, ctx, ctx._env);
+                }
            } catch (NamingException ge) {
                throw ge;
            } catch (Exception ge) {

--- a/src/share/classes/com/sun/jndi/rmi/registry/RegistryContext.java
+++ b/src/share/classes/com/sun/jndi/rmi/registry/RegistryContext.java
@@ -32,6 +32,8 @@ import java.rmi.*;
 import java.rmi.server.*;
 import java.rmi.registry.Registry;
 import java.rmi.registry.LocateRegistry;
+import java.security.AccessController;
+import java.security.PrivilegedAction;

 import javax.naming.*;
 import javax.naming.spi.NamingManager;
@@ -52,6 +54,18 @@ public class RegistryContext implements Context, Referenceable {
    private int port;
    private static final NameParser nameParser = new AtomicNameParser();
    private static final String SOCKET_FACTORY = "com.sun.jndi.rmi.factory.socket";
+    /**
+     * Determines whether classes may be loaded from an arbitrary URL code base.
+     */
+    static final boolean trustURLCodebase;
+    static {
+        // System property to control whether classes may be loaded from an
+        // arbitrary URL codebase
+        PrivilegedAction<String> act = () -> System.getProperty(
+            "com.sun.jndi.rmi.object.trustURLCodebase", "false");
+        String trust = AccessController.doPrivileged(act);
+        trustURLCodebase = "true".equalsIgnoreCase(trust);
+    }

    Reference reference = null; // ref used to create this context, if any

@@ -461,6 +475,27 @@ public class RegistryContext implements Context, Referenceable {
            Object obj = (r instanceof RemoteReference)
                        ? ((RemoteReference)r).getReference()
                        : (Object)r;
+
+            /*
+             * Classes may only be loaded from an arbitrary URL codebase when
+             * the system property com.sun.jndi.rmi.object.trustURLCodebase
+             * has been set to "true".
+             */
+
+            // Use reference if possible
+            Reference ref = null;
+            if (obj instanceof Reference) {
+                ref = (Reference) obj;
+            } else if (obj instanceof Referenceable) {
+                ref = ((Referenceable)(obj)).getReference();
+            }
+
+            if (ref != null && ref.getFactoryClassLocation() != null &&
+                !trustURLCodebase) {
+                throw new ConfigurationException(
+                    "The object factory is untrusted. Set the system property" +
+                    " 'com.sun.jndi.rmi.object.trustURLCodebase' to 'true'.");
+            }
            return NamingManager.getObjectInstance(obj, name, this,
                                                   environment);
        } catch (NamingException e) {

--- a/src/share/classes/com/sun/jndi/toolkit/corba/CorbaUtils.java
+++ b/src/share/classes/com/sun/jndi/toolkit/corba/CorbaUtils.java
@@ -36,8 +36,9 @@ import java.util.Enumeration;

 import org.omg.CORBA.ORB;

-import javax.naming.Context;
-import javax.naming.ConfigurationException;
+import javax.naming.*;
+
+import com.sun.jndi.cosnaming.CNCtx;

 /**
  * Contains utilities for performing CORBA-related tasks:
@@ -203,6 +204,32 @@ public class CorbaUtils {
        return ORB.init(new String[0], orbProp);
    }

+    /**
+     * Check whether object factory code base is trusted.
+     * Classes may only be loaded from an arbitrary URL code base when
+     * the system property com.sun.jndi.rmi.object.trustURLCodebase
+     * has been set to "true".
+     */
+    public static boolean isObjectFactoryTrusted(Object obj)
+        throws NamingException {
+
+        // Extract Reference, if possible
+        Reference ref = null;
+        if (obj instanceof Reference) {
+            ref = (Reference) obj;
+        } else if (obj instanceof Referenceable) {
+            ref = ((Referenceable)(obj)).getReference();
+        }
+
+        if (ref != null && ref.getFactoryClassLocation() != null &&
+                !CNCtx.trustURLCodebase) {
+            throw new ConfigurationException(
+                "The object factory is untrusted. Set the system property" +
+                " 'com.sun.jndi.cosnaming.object.trustURLCodebase' to 'true'.");
+        }
+        return true;
+    }
+
    /**
     * This method returns a new ORB instance for the given applet
     * without creating a static dependency on java.applet.