diff --git a/src/share/classes/com/sun/jndi/cosnaming/CNBindingEnumeration.java b/src/share/classes/com/sun/jndi/cosnaming/CNBindingEnumeration.java index ae5c61d6fe7487bc13ce16ddfb151bfb90bd30cd..77db2257ccea36895f06d710ac9d3d251e673ec6 100644 --- a/src/share/classes/com/sun/jndi/cosnaming/CNBindingEnumeration.java +++ b/src/share/classes/com/sun/jndi/cosnaming/CNBindingEnumeration.java @@ -33,6 +33,8 @@ import java.util.Hashtable; import org.omg.CosNaming.*; +import com.sun.jndi.toolkit.corba.CorbaUtils; + /** * Implements the JNDI NamingEnumeration interface for COS * Naming. Gets hold of a list of bindings from the COS Naming Server @@ -212,7 +214,10 @@ final class CNBindingEnumeration Name cname = CNNameParser.cosNameToName(bndg.binding_name); try { + // Check whether object factory codebase is trusted + if (CorbaUtils.isObjectFactoryTrusted(obj)) { obj = NamingManager.getObjectInstance(obj, cname, _ctx, _env); + } } catch (NamingException e) { throw e; } catch (Exception e) { diff --git a/src/share/classes/com/sun/jndi/cosnaming/CNCtx.java b/src/share/classes/com/sun/jndi/cosnaming/CNCtx.java index 800c0a536434030508d1215b1c48cb5d4eb7bb01..27dc14e33a4fd42f639d94b7be4393743f8c959e 100644 --- a/src/share/classes/com/sun/jndi/cosnaming/CNCtx.java +++ b/src/share/classes/com/sun/jndi/cosnaming/CNCtx.java @@ -36,6 +36,8 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.io.BufferedReader; import java.io.IOException; +import java.security.AccessController; +import java.security.PrivilegedAction; import org.omg.CosNaming.*; import org.omg.CosNaming.NamingContextPackage.*; @@ -82,6 +84,19 @@ public class CNCtx implements javax.naming.Context { private static final String FED_PROP = "com.sun.jndi.cosnaming.federation"; boolean federation = false; + /** + * Determines whether classes may be loaded from an arbitrary URL code base. + */ + public static final boolean trustURLCodebase; + static { + // System property to control whether classes may be loaded from an + // arbitrary URL code base + PrivilegedAction act = () -> System.getProperty( + "com.sun.jndi.cosnaming.object.trustURLCodebase", "false"); + String trust = AccessController.doPrivileged(act); + trustURLCodebase = "true".equalsIgnoreCase(trust); + } + // Reference counter for tracking _orb references OrbReuseTracker orbTracker = null; int enumCount; @@ -534,12 +549,16 @@ public class CNCtx implements javax.naming.Context { if (name.size() == 0 ) return this; // %%% should clone() so that env can be changed NameComponent[] path = CNNameParser.nameToCosName(name); + java.lang.Object answer = null; try { - java.lang.Object answer = callResolve(path); - + answer = callResolve(path); try { - return NamingManager.getObjectInstance(answer, name, this, _env); + // Check whether object factory codebase is trusted + if (CorbaUtils.isObjectFactoryTrusted(answer)) { + answer = NamingManager.getObjectInstance( + answer, name, this, _env); + } } catch (NamingException e) { throw e; } catch (Exception e) { @@ -552,6 +571,7 @@ public class CNCtx implements javax.naming.Context { javax.naming.Context cctx = getContinuationContext(cpe); return cctx.lookup(cpe.getRemainingName()); } + return answer; } /** diff --git a/src/share/classes/com/sun/jndi/cosnaming/ExceptionMapper.java b/src/share/classes/com/sun/jndi/cosnaming/ExceptionMapper.java index a1e9fd66424802874ad6efebd5219a543afa5645..f2c91a09c9f7786534b8650d59085cef1d638bd3 100644 --- a/src/share/classes/com/sun/jndi/cosnaming/ExceptionMapper.java +++ b/src/share/classes/com/sun/jndi/cosnaming/ExceptionMapper.java @@ -33,6 +33,8 @@ import org.omg.CosNaming.*; import org.omg.CosNaming.NamingContextPackage.*; import org.omg.CORBA.*; +import com.sun.jndi.toolkit.corba.CorbaUtils; + /** * A convenience class to map the COS Naming exceptions to the JNDI exceptions. * @author Raj Krishnamurthy @@ -202,10 +204,13 @@ public final class ExceptionMapper { // Not a context, use object factory to transform object. Name cname = CNNameParser.cosNameToName(resolvedName); - java.lang.Object resolvedObj2; + java.lang.Object resolvedObj2 = null; try { + // Check whether object factory codebase is trusted + if (CorbaUtils.isObjectFactoryTrusted(resolvedObj)) { resolvedObj2 = NamingManager.getObjectInstance(resolvedObj, cname, ctx, ctx._env); + } } catch (NamingException ge) { throw ge; } catch (Exception ge) { diff --git a/src/share/classes/com/sun/jndi/rmi/registry/RegistryContext.java b/src/share/classes/com/sun/jndi/rmi/registry/RegistryContext.java index 2990ed8b5499370913004714f54e03c5d35d768a..8b3839476faf05597fad2b94898b5ba6c6b30c61 100644 --- a/src/share/classes/com/sun/jndi/rmi/registry/RegistryContext.java +++ b/src/share/classes/com/sun/jndi/rmi/registry/RegistryContext.java @@ -32,6 +32,8 @@ import java.rmi.*; import java.rmi.server.*; import java.rmi.registry.Registry; import java.rmi.registry.LocateRegistry; +import java.security.AccessController; +import java.security.PrivilegedAction; import javax.naming.*; import javax.naming.spi.NamingManager; @@ -52,6 +54,18 @@ public class RegistryContext implements Context, Referenceable { private int port; private static final NameParser nameParser = new AtomicNameParser(); private static final String SOCKET_FACTORY = "com.sun.jndi.rmi.factory.socket"; + /** + * Determines whether classes may be loaded from an arbitrary URL code base. + */ + static final boolean trustURLCodebase; + static { + // System property to control whether classes may be loaded from an + // arbitrary URL codebase + PrivilegedAction act = () -> System.getProperty( + "com.sun.jndi.rmi.object.trustURLCodebase", "false"); + String trust = AccessController.doPrivileged(act); + trustURLCodebase = "true".equalsIgnoreCase(trust); + } Reference reference = null; // ref used to create this context, if any @@ -461,6 +475,27 @@ public class RegistryContext implements Context, Referenceable { Object obj = (r instanceof RemoteReference) ? ((RemoteReference)r).getReference() : (Object)r; + + /* + * Classes may only be loaded from an arbitrary URL codebase when + * the system property com.sun.jndi.rmi.object.trustURLCodebase + * has been set to "true". + */ + + // Use reference if possible + Reference ref = null; + if (obj instanceof Reference) { + ref = (Reference) obj; + } else if (obj instanceof Referenceable) { + ref = ((Referenceable)(obj)).getReference(); + } + + if (ref != null && ref.getFactoryClassLocation() != null && + !trustURLCodebase) { + throw new ConfigurationException( + "The object factory is untrusted. Set the system property" + + " 'com.sun.jndi.rmi.object.trustURLCodebase' to 'true'."); + } return NamingManager.getObjectInstance(obj, name, this, environment); } catch (NamingException e) { diff --git a/src/share/classes/com/sun/jndi/toolkit/corba/CorbaUtils.java b/src/share/classes/com/sun/jndi/toolkit/corba/CorbaUtils.java index dd32fef3445ee38ce403261bce49ffe085f12e9b..cb92e1b7abfa72a47c571deedb05ad7548a596cb 100644 --- a/src/share/classes/com/sun/jndi/toolkit/corba/CorbaUtils.java +++ b/src/share/classes/com/sun/jndi/toolkit/corba/CorbaUtils.java @@ -36,8 +36,9 @@ import java.util.Enumeration; import org.omg.CORBA.ORB; -import javax.naming.Context; -import javax.naming.ConfigurationException; +import javax.naming.*; + +import com.sun.jndi.cosnaming.CNCtx; /** * Contains utilities for performing CORBA-related tasks: @@ -203,6 +204,32 @@ public class CorbaUtils { return ORB.init(new String[0], orbProp); } + /** + * Check whether object factory code base is trusted. + * Classes may only be loaded from an arbitrary URL code base when + * the system property com.sun.jndi.rmi.object.trustURLCodebase + * has been set to "true". + */ + public static boolean isObjectFactoryTrusted(Object obj) + throws NamingException { + + // Extract Reference, if possible + Reference ref = null; + if (obj instanceof Reference) { + ref = (Reference) obj; + } else if (obj instanceof Referenceable) { + ref = ((Referenceable)(obj)).getReference(); + } + + if (ref != null && ref.getFactoryClassLocation() != null && + !CNCtx.trustURLCodebase) { + throw new ConfigurationException( + "The object factory is untrusted. Set the system property" + + " 'com.sun.jndi.cosnaming.object.trustURLCodebase' to 'true'."); + } + return true; + } + /** * This method returns a new ORB instance for the given applet * without creating a static dependency on java.applet.