# HG changeset patch # User Omair Majid # Date 1325782072 18000 # Node ID 05bf6d3edab66b6413da4d0fba7d27a471b229d9 # Parent 65ae83133df3e77e0d4940283d21019bc3cce5da S7102369, S7094468: remove java.rmi.server.codebase property parsing from rmiregistry Backport of: S7102369: remove java.rmi.server.codebase property parsing from registyimpl S7094468: rmiregistry clean up Upstream changeset: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/6b46f3c7c97c Fixes RH751203 2011-12-12 Omair Majid S7102369, S7094468: remove java.rmi.server.codebase property parsing from rmiregistry * patches/openjdk/7102369-7094468-rmiregistry.patch: New file. Backport from OpenJDK6. * Makefile.am (ICEDTEA_PATCHES): Apply the patch. diff -r 65ae83133df3 -r 05bf6d3edab6 ChangeLog --- a/ChangeLog Tue Nov 08 22:47:10 2011 +0000 +++ b/ChangeLog Thu Jan 05 11:47:52 2012 -0500 @@ -1,3 +1,11 @@ +2012-01-04 Omair Majid + + S7102369, S7094468: remove java.rmi.server.codebase property parsing from + rmiregistry + * patches/openjdk/7102369-7094468-rmiregistry.patch: New file. Backport + from OpenJDK6. + * Makefile.am (ICEDTEA_PATCHES): Apply the patch. + 2011-11-08 Andrew John Hughes * NEWS: Prepare for 1.9.12. diff -r 65ae83133df3 -r 05bf6d3edab6 Makefile.am --- a/Makefile.am Tue Nov 08 22:47:10 2011 +0000 +++ b/Makefile.am Thu Jan 05 11:47:52 2012 -0500 @@ -368,7 +368,8 @@ patches/mark_sun_toolkit_privileged_code.patch \ patches/fonts-rhel-version.patch \ patches/support_linux_3.patch \ - patches/libpng-1.5.patch + patches/libpng-1.5.patch \ + patches/openjdk/7102369-7094468-rmiregistry.patch if WITH_ALT_HSBUILD ICEDTEA_PATCHES += \ diff -r 65ae83133df3 -r 05bf6d3edab6 NEWS --- a/NEWS Tue Nov 08 22:47:10 2011 +0000 +++ b/NEWS Thu Jan 05 11:47:52 2012 -0500 @@ -10,6 +10,10 @@ New in release 1.9.12 (20XX-XX-XX): +* Backports + - S7102369: remove java.rmi.server.codebase property parsing from registyimpl + - S7094468: rmiregistry clean up + New in release 1.9.11 (2011-11-08): * Security fixes diff -r 65ae83133df3 -r 05bf6d3edab6 patches/openjdk/7102369-7094468-rmiregistry.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/openjdk/7102369-7094468-rmiregistry.patch Thu Jan 05 11:47:52 2012 -0500 @@ -0,0 +1,473 @@ +# HG changeset patch +# User coffeys +# Date 1321449297 0 +# Node ID 6b46f3c7c97cb060f88b196171b95d33bff80b7c +# Parent 020dcd6d69ac9406809aabe8888a0b8d52912e7f +7102369: remove java.rmi.server.codebase property parsing from registyimpl +7094468: rmiregistry clean up +Reviewed-by: smarks + +diff -r 020dcd6d69ac -r 6b46f3c7c97c src/share/classes/sun/rmi/registry/RegistryImpl.java +--- openjdk/jdk/src/share/classes/sun/rmi/registry/RegistryImpl.java Tue Nov 15 16:44:14 2011 -0800 ++++ openjdk/jdk/src/share/classes/sun/rmi/registry/RegistryImpl.java Wed Nov 16 13:14:57 2011 +0000 +@@ -29,6 +29,7 @@ + import java.util.Hashtable; + import java.util.MissingResourceException; + import java.util.ResourceBundle; ++import java.io.FilePermission; + import java.io.IOException; + import java.net.*; + import java.rmi.*; +@@ -41,12 +42,12 @@ + import java.security.AccessControlContext; + import java.security.AccessController; + import java.security.CodeSource; +-import java.security.Policy; ++import java.security.Policy; + import java.security.PrivilegedActionException; + import java.security.PrivilegedExceptionAction; + import java.security.PermissionCollection; + import java.security.Permissions; +-import java.security.ProtectionDomain; ++import java.security.ProtectionDomain; + import java.text.MessageFormat; + import sun.rmi.server.LoaderHandler; + import sun.rmi.server.UnicastServerRef; +@@ -54,7 +55,6 @@ + import sun.rmi.transport.LiveRef; + import sun.rmi.transport.ObjectTable; + import sun.rmi.transport.Target; +-import sun.security.action.GetPropertyAction; + + /** + * A "registry" exists on every node that allows RMI connections to +@@ -76,8 +76,10 @@ + + /* indicate compatibility with JDK 1.1.x version of class */ + private static final long serialVersionUID = 4666870661827494597L; +- private Hashtable bindings = new Hashtable(101); +- private static Hashtable allowedAccessCache = new Hashtable(3); ++ private Hashtable bindings ++ = new Hashtable(101); ++ private static Hashtable allowedAccessCache ++ = new Hashtable(3); + private static RegistryImpl registry; + private static ObjID id = new ObjID(ObjID.REGISTRY_ID); + +@@ -129,7 +131,7 @@ + throws RemoteException, NotBoundException + { + synchronized (bindings) { +- Remote obj = (Remote)bindings.get(name); ++ Remote obj = bindings.get(name); + if (obj == null) + throw new NotBoundException(name); + return obj; +@@ -146,7 +148,7 @@ + { + checkAccess("Registry.bind"); + synchronized (bindings) { +- Remote curr = (Remote)bindings.get(name); ++ Remote curr = bindings.get(name); + if (curr != null) + throw new AlreadyBoundException(name); + bindings.put(name, obj); +@@ -163,7 +165,7 @@ + { + checkAccess("Registry.unbind"); + synchronized (bindings) { +- Remote obj = (Remote)bindings.get(name); ++ Remote obj = bindings.get(name); + if (obj == null) + throw new NotBoundException(name); + bindings.remove(name); +@@ -213,10 +215,9 @@ + InetAddress clientHost; + + try { +- clientHost = (InetAddress) +- java.security.AccessController.doPrivileged( +- new java.security.PrivilegedExceptionAction() { +- public Object run() ++ clientHost = java.security.AccessController.doPrivileged( ++ new java.security.PrivilegedExceptionAction() { ++ public InetAddress run() + throws java.net.UnknownHostException + { + return InetAddress.getByName(clientHostName); +@@ -238,8 +239,8 @@ + final InetAddress finalClientHost = clientHost; + + java.security.AccessController.doPrivileged( +- new java.security.PrivilegedExceptionAction() { +- public Object run() throws java.io.IOException { ++ new java.security.PrivilegedExceptionAction() { ++ public Void run() throws java.io.IOException { + /* + * if a ServerSocket can be bound to the client's + * address then that address must be local +@@ -334,19 +335,6 @@ + URL[] urls = sun.misc.URLClassPath.pathToURLs(envcp); + ClassLoader cl = new URLClassLoader(urls); + +- String codebaseProperty = null; +- String prop = java.security.AccessController.doPrivileged( +- new GetPropertyAction("java.rmi.server.codebase")); +- if (prop != null && prop.trim().length() > 0) { +- codebaseProperty = prop; +- } +- URL[] codebaseURLs = null; +- if (codebaseProperty != null) { +- codebaseURLs = sun.misc.URLClassPath.pathToURLs(codebaseProperty); +- } else { +- codebaseURLs = new URL[0]; +- } +- + /* + * Fix bugid 4242317: Classes defined by this class loader should + * be annotated with the value of the "java.rmi.server.codebase" +@@ -364,7 +352,7 @@ + public RegistryImpl run() throws RemoteException { + return new RegistryImpl(regPort); + } +- }, getAccessControlContext(codebaseURLs)); ++ }, getAccessControlContext()); + } catch (PrivilegedActionException ex) { + throw (RemoteException) ex.getException(); + } +@@ -390,11 +378,11 @@ + } + + /** +- * Generates an AccessControlContext from several URLs. ++ * Generates an AccessControlContext with minimal permissions. + * The approach used here is taken from the similar method + * getAccessControlContext() in the sun.applet.AppletPanel class. + */ +- private static AccessControlContext getAccessControlContext(URL[] urls) { ++ private static AccessControlContext getAccessControlContext() { + // begin with permissions granted to all code in current policy + PermissionCollection perms = AccessController.doPrivileged( + new java.security.PrivilegedAction() { +@@ -419,17 +407,15 @@ + + perms.add(new RuntimePermission("accessClassInPackage.sun.*")); + +- // add permissions required to load from codebase URL path +- LoaderHandler.addPermissionsForURLs(urls, perms, false); ++ perms.add(new FilePermission("<>", "read")); + + /* + * Create an AccessControlContext that consists of a single + * protection domain with only the permissions calculated above. + */ + ProtectionDomain pd = new ProtectionDomain( +- new CodeSource((urls.length > 0 ? urls[0] : null), +- (java.security.cert.Certificate[]) null), +- perms); ++ new CodeSource(null, ++ (java.security.cert.Certificate[]) null), perms); + return new AccessControlContext(new ProtectionDomain[] { pd }); + } + } +diff -r 020dcd6d69ac -r 6b46f3c7c97c src/share/classes/sun/rmi/server/LoaderHandler.java +--- openjdk/jdk/src/share/classes/sun/rmi/server/LoaderHandler.java Tue Nov 15 16:44:14 2011 -0800 ++++ openjdk/jdk/src/share/classes/sun/rmi/server/LoaderHandler.java Wed Nov 16 13:14:57 2011 +0000 +@@ -1028,7 +1028,7 @@ + * loader. A given permission is only added to the collection if + * it is not already implied by the collection. + */ +- public static void addPermissionsForURLs(URL[] urls, ++ private static void addPermissionsForURLs(URL[] urls, + PermissionCollection perms, + boolean forLoader) + { +diff -r 020dcd6d69ac -r 6b46f3c7c97c test/java/rmi/registry/readTest/readTest.java +--- /dev/null Thu Jan 01 00:00:00 1970 +0000 ++++ openjdk/jdk/test/java/rmi/registry/readTest/readTest.java Wed Nov 16 13:14:57 2011 +0000 +@@ -0,0 +1,59 @@ ++/* ++ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import java.rmi.registry.Registry; ++import java.rmi.registry.LocateRegistry; ++import java.rmi.RemoteException; ++import java.rmi.server.UnicastRemoteObject; ++ ++ ++public class readTest { ++ ++ public static void main(String args[]) throws Exception { ++ int port = 7491; ++ try { ++ testPkg.Server obj = new testPkg.Server(); ++ testPkg.Hello stub = (testPkg.Hello) UnicastRemoteObject.exportObject(obj, 0); ++ // Bind the remote object's stub in the registry ++ Registry registry = LocateRegistry.getRegistry(port); ++ registry.bind("Hello", stub); ++ ++ System.err.println("Server ready"); ++ ++ // now, let's test client ++ testPkg.Client client = new testPkg.Client(port); ++ String testStubReturn = client.testStub(); ++ if(!testStubReturn.equals(obj.hello)) { ++ throw new RuntimeException("Test Fails : unexpected string from stub call"); ++ } else { ++ System.out.println("Test passed"); ++ } ++ registry.unbind("Hello"); ++ ++ } catch (Exception e) { ++ System.err.println("Server exception: " + e.toString()); ++ e.printStackTrace(); ++ } ++ ++ } ++} +diff -r 020dcd6d69ac -r 6b46f3c7c97c test/java/rmi/registry/readTest/readTest.sh +--- /dev/null Thu Jan 01 00:00:00 1970 +0000 ++++ openjdk/jdk/test/java/rmi/registry/readTest/readTest.sh Wed Nov 16 13:14:57 2011 +0000 +@@ -0,0 +1,95 @@ ++# ++# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. ++# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++# ++# This code is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License version 2 only, as ++# published by the Free Software Foundation. ++# ++# This code is distributed in the hope that it will be useful, but WITHOUT ++# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++# version 2 for more details (a copy is included in the LICENSE file that ++# accompanied this code). ++# ++# You should have received a copy of the GNU General Public License version ++# 2 along with this work; if not, write to the Free Software Foundation, ++# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++# ++# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++# or visit www.oracle.com if you need additional information or have any ++# questions. ++# ++ ++# @test ++# @bug 7102369 7094468 7100592 ++# @summary remove java.rmi.server.codebase property parsing from registyimpl ++# @run shell readTest.sh ++ ++OS=`uname -s` ++case "$OS" in ++ SunOS | Linux ) ++ PS=":" ++ FS="/" ++ FILEURL="file:" ++ ;; ++ Windows* | CYGWIN* ) ++ PS=";" ++ FS="\\" ++ FILEURL="file:/" ++ ;; ++ * ) ++ echo "Unrecognized system!" ++ exit 1; ++ ;; ++esac ++ ++cp -r ${TESTSRC}${FS}* . ++${TESTJAVA}${FS}bin${FS}javac testPkg${FS}*java ++${TESTJAVA}${FS}bin${FS}javac readTest.java ++ ++mkdir rmi_tmp ++RMIREG_OUT=rmi.out ++#start rmiregistry without any local classes on classpath ++cd rmi_tmp ++${TESTJAVA}${FS}bin${FS}rmiregistry 7491 > ..${FS}${RMIREG_OUT} 2>&1 & ++RMIREG_PID=$! ++# allow some time to start ++sleep 3 ++cd .. ++ ++# trailing / after code base is important for rmi codebase property. ++${TESTJAVA}${FS}bin${FS}java -Djava.rmi.server.codebase=${FILEURL}`pwd`/ readTest > OUT.TXT 2>&1 & ++TEST_PID=$! ++#bulk of testcase - let it run for a while ++sleep 5 ++ ++#we're done, kill processes first ++kill -9 ${RMIREG_PID} ${TEST_PID} ++sleep 3 ++ ++echo "Test output : " ++ ++cat OUT.TXT ++echo "==============" ++echo "rmiregistry output : " ++cat ${RMIREG_OUT} ++echo "==============" ++ ++grep "Server ready" OUT.TXT ++result1=$? ++grep "Test passed" OUT.TXT ++result2=$? ++ ++if [ $result1 -eq 0 -a $result2 -eq 0 ] ++then ++ echo "Passed" ++ exitCode=0; ++else ++ echo "Failed" ++ exitCode=1 ++fi ++rm -rf OUT.TXT ${RMIREG_OUT} rmi_tmp ++exit ${exitCode} ++ ++ +diff -r 020dcd6d69ac -r 6b46f3c7c97c test/java/rmi/registry/readTest/testPkg/Client.java +--- /dev/null Thu Jan 01 00:00:00 1970 +0000 ++++ openjdk/jdk/test/java/rmi/registry/readTest/testPkg/Client.java Wed Nov 16 13:14:57 2011 +0000 +@@ -0,0 +1,48 @@ ++/* ++ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package testPkg; ++ ++import java.rmi.registry.LocateRegistry; ++import java.rmi.registry.Registry; ++ ++public class Client { ++ int port; ++ ++ public Client(int p) { ++ port = p; ++ } ++ ++ public String testStub() throws Exception { ++ try { ++ Registry registry = LocateRegistry.getRegistry(port); ++ Hello stub = (Hello) registry.lookup("Hello"); ++ String response = stub.sayHello(); ++ return response; ++ } catch (Exception e) { ++ System.err.println("Client exception: " + e.toString()); ++ throw e; ++ } ++ } ++ } ++ +diff -r 020dcd6d69ac -r 6b46f3c7c97c test/java/rmi/registry/readTest/testPkg/Hello.java +--- /dev/null Thu Jan 01 00:00:00 1970 +0000 ++++ openjdk/jdk/test/java/rmi/registry/readTest/testPkg/Hello.java Wed Nov 16 13:14:57 2011 +0000 +@@ -0,0 +1,31 @@ ++/* ++ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package testPkg; ++ ++import java.rmi.Remote; ++import java.rmi.RemoteException; ++ ++public interface Hello extends Remote { ++ String sayHello() throws RemoteException; ++} +diff -r 020dcd6d69ac -r 6b46f3c7c97c test/java/rmi/registry/readTest/testPkg/Server.java +--- /dev/null Thu Jan 01 00:00:00 1970 +0000 ++++ openjdk/jdk/test/java/rmi/registry/readTest/testPkg/Server.java Wed Nov 16 13:14:57 2011 +0000 +@@ -0,0 +1,36 @@ ++/* ++ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package testPkg; ++ ++public class Server implements Hello { ++ ++ public String hello = "Hello, world!"; ++ ++ public Server() {} ++ ++ public String sayHello() { ++ return hello; ++ } ++ ++}