Skip to content

J
jenkins

xxadev / jenkins
与 Fork 源项目一致

从无法访问的项目Fork

通知 3
Star 0
Fork 0
J
jenkins

体验新版 GitCode,发现更多精彩内容 >>

提交 9d477e3f 编写于 作者: K kohsuke
浏览文件
操作

adding a mode in the remoting infrastructure for dealing with untrusted remote JVMs 

git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@17577 71c3de6d-444a-0410-be80-ed276b4c234a
上级 e2500b07
隐藏空白更改
内联 并排
Showing with 27 addition and 2 deletion
remoting/src/main/java/hudson/remoting/Channel.java
浏览文件 @ 9d477e3f
......@@ -101,6 +101,7 @@ public class Channel implements VirtualChannel {
private final ObjectInputStream ois;
private final ObjectOutputStream oos;
private final String name;
/*package*/ final boolean isRestricted;
/*package*/ final ExecutorService executor;
/**
......@@ -236,6 +237,10 @@ public class Channel implements VirtualChannel {
this(name,exec,Mode.BINARY,is,os,header);
}
public Channel(String name, ExecutorService exec, Mode mode, InputStream is, OutputStream os, OutputStream header) throws IOException {
this(name,exec,mode,is,os,header,false);
}
/**
* Creates a new channel.
*
......@@ -256,10 +261,19 @@ public class Channel implements VirtualChannel {
* the data goes into the "binary mode". This is useful
* when the established communication channel might include some data that might
* be useful for debugging/trouble-shooting.
* @param restricted
* If true, this channel won't accept {@link Command}s that allow the remote end to execute arbitrary closures
* --- instead they can only call methods on objects that are exported by this channel.
* This also prevents the remote end from loading classes into JVM.
*
* Note that it still allows the remote end to deserialize arbitrary object graph
* (provided that all the classes are already available in this JVM), so exactly how
* safe the resulting behavior is is up to discussion.
*/
public Channel(String name, ExecutorService exec, Mode mode, InputStream is, OutputStream os, OutputStream header) throws IOException {
public Channel(String name, ExecutorService exec, Mode mode, InputStream is, OutputStream os, OutputStream header, boolean restricted) throws IOException {
this.name = name;
this.executor = exec;
this.isRestricted = restricted;
ObjectOutputStream oos = null;
// write the magic preamble.
......
remoting/src/main/java/hudson/remoting/RemoteClassLoader.java
浏览文件 @ 9d477e3f
......@@ -44,6 +44,12 @@ import java.util.HashSet;
/**
* Loads class files from the other peer through {@link Channel}.
*
* <p>
* If the {@linkplain Channel#isRestricted channel is restricted}, this classloader will be
* created by will not attempt to load anything from the remote classloader. The reason we
* create such a useless instance is so that when such classloader is sent back to the remote side again,
* the remoting system can re-discover what {@link ClassLoader} this was tied to.
*
* @author Kohsuke Kawaguchi
*/
final class RemoteClassLoader extends URLClassLoader {
......@@ -88,6 +94,8 @@ final class RemoteClassLoader extends URLClassLoader {
// first attempt to load from locally fetched jars
return super.findClass(name);
} catch (ClassNotFoundException e) {
if(channel.isRestricted)
throw e;
// delegate to remote
long startTime = System.nanoTime();
byte[] bytes = proxy.fetch(name);
......@@ -120,7 +128,7 @@ final class RemoteClassLoader extends URLClassLoader {
public URL findResource(String name) {
// first attempt to load from locally fetched jars
URL url = super.findResource(name);
if(url!=null) return url;
if(url!=null || channel.isRestricted) return url;
try {
if(resourceMap.containsKey(name)) {
......@@ -159,6 +167,9 @@ final class RemoteClassLoader extends URLClassLoader {
}
public Enumeration<URL> findResources(String name) throws IOException {
if(channel.isRestricted)
return new Vector<URL>().elements();
// TODO: use the locally fetched jars to speed up the look up
// the challenge is how to combine the list from local jars
// and the remote list
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册