From 0f0ec0d0e5e95233cc0fe98e7531af50d040b3bb Mon Sep 17 00:00:00 2001 From: Kohsuke Kawaguchi Date: Thu, 23 Jun 2011 15:18:31 -0700 Subject: [PATCH] make the restricted flag modifiable. This allows restricted channel to be "upgraded" to unrestricted channel. --- remoting/src/main/java/hudson/remoting/Channel.java | 13 ++++++++++++- .../java/hudson/remoting/RemoteClassLoader.java | 8 ++++---- .../src/main/java/hudson/remoting/UserRequest.java | 2 +- 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/remoting/src/main/java/hudson/remoting/Channel.java b/remoting/src/main/java/hudson/remoting/Channel.java index c9a42aafa1..fb6904f453 100644 --- a/remoting/src/main/java/hudson/remoting/Channel.java +++ b/remoting/src/main/java/hudson/remoting/Channel.java @@ -114,7 +114,7 @@ public class Channel implements VirtualChannel, IChannel { * and error reports. */ private final String name; - /*package*/ final boolean isRestricted; + private volatile boolean isRestricted; /*package*/ final ExecutorService executor; /** @@ -774,6 +774,17 @@ public class Channel implements VirtualChannel, IChannel { return inClosed!=null; } + /** + * Returns true if this channel is currently does not load classes from the remote peer. + */ + public boolean isRestricted() { + return isRestricted; + } + + public void setRestricted(boolean b) { + isRestricted = b; + } + /** * Waits for this {@link Channel} to be closed down, but only up the given milliseconds. * diff --git a/remoting/src/main/java/hudson/remoting/RemoteClassLoader.java b/remoting/src/main/java/hudson/remoting/RemoteClassLoader.java index d357cfd8db..d1ed56f369 100644 --- a/remoting/src/main/java/hudson/remoting/RemoteClassLoader.java +++ b/remoting/src/main/java/hudson/remoting/RemoteClassLoader.java @@ -45,7 +45,7 @@ import java.util.HashSet; * Loads class files from the other peer through {@link Channel}. * *

- * If the {@linkplain Channel#isRestricted channel is restricted}, this classloader will be + * If the {@linkplain Channel#isRestricted() channel is restricted}, this classloader will be * created by will not attempt to load anything from the remote classloader. The reason we * create such a useless instance is so that when such classloader is sent back to the remote side again, * the remoting system can re-discover what {@link ClassLoader} this was tied to. @@ -103,7 +103,7 @@ final class RemoteClassLoader extends URLClassLoader { // first attempt to load from locally fetched jars return super.findClass(name); } catch (ClassNotFoundException e) { - if(channel.isRestricted) + if(channel.isRestricted()) throw e; // delegate to remote if (channel.remoteCapability.supportsMultiClassLoaderRPC()) { @@ -170,7 +170,7 @@ final class RemoteClassLoader extends URLClassLoader { public URL findResource(String name) { // first attempt to load from locally fetched jars URL url = super.findResource(name); - if(url!=null || channel.isRestricted) return url; + if(url!=null || channel.isRestricted()) return url; try { if(resourceMap.containsKey(name)) { @@ -209,7 +209,7 @@ final class RemoteClassLoader extends URLClassLoader { } public Enumeration findResources(String name) throws IOException { - if(channel.isRestricted) + if(channel.isRestricted()) return new Vector().elements(); // TODO: use the locally fetched jars to speed up the look up diff --git a/remoting/src/main/java/hudson/remoting/UserRequest.java b/remoting/src/main/java/hudson/remoting/UserRequest.java index 70e538e008..313166c630 100644 --- a/remoting/src/main/java/hudson/remoting/UserRequest.java +++ b/remoting/src/main/java/hudson/remoting/UserRequest.java @@ -105,7 +105,7 @@ final class UserRequest extends Request callable = (Callable)o; - if(channel.isRestricted && !(callable instanceof RPCRequest)) + if(channel.isRestricted() && !(callable instanceof RPCRequest)) // if we allow restricted channel to execute arbitrary Callable, the remote JVM can pick up many existing // Callable implementations (such as ones in Hudson's FilePath) and do quite a lot. So restrict that. // OTOH, we need to allow RPCRequest so that method invocations on exported objects will go through. -- GitLab