more securitymanager improvements...
This commit is contained in:
parent
0728b28900
commit
a964437d1a
|
@ -43,6 +43,14 @@ public class SecurityManager extends java.lang.SecurityManager {
|
|||
private Permission reflectPerm = new java.lang.reflect.ReflectPermission("suppressAccessChecks");
|
||||
private Permission classLoaderPerm = new java.lang.RuntimePermission("createClassLoader");
|
||||
|
||||
public SecurityManager() {
|
||||
try {
|
||||
new java.net.URL("http://localhost/");
|
||||
} catch (Exception e) {
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
public void addPermissions(ClassLoader cl, Permissions perms) {
|
||||
// if they can't set the SecurityManager, they shouldn't be able to modify this one, so check...
|
||||
System.getSecurityManager().checkPermission(new java.lang.RuntimePermission("setSecurityManager"));
|
||||
|
@ -109,11 +117,13 @@ public class SecurityManager extends java.lang.SecurityManager {
|
|||
// if the classloader isn't in our map, we don't have any say on it so continue
|
||||
if (clPerms == null)
|
||||
continue;
|
||||
// 2 exceptions here for java.util.GregorianCalendar and java.util.Calendar:
|
||||
// 2 exceptions here for java.util.GregorianCalendar, java.util.Calendar, java.text.SimpleDateFormat:
|
||||
// java.lang.RuntimePermission accessClassInPackage.sun.util.resources
|
||||
// java.lang.reflect.ReflectPermission suppressAccessChecks
|
||||
String lastCName = c[i - 1].getName();
|
||||
if (lastCName.startsWith("java.util.") && lastCName.endsWith("Calendar") && (perm.equals(p1) || perm.equals(reflectPerm)))
|
||||
if (((lastCName.startsWith("java.util.") && lastCName.endsWith("Calendar"))
|
||||
|| lastCName.equals("java.text.SimpleDateFormat"))
|
||||
&& (perm.equals(p1) || perm.equals(reflectPerm)))
|
||||
return;
|
||||
// some more exceptions for when java classes use reflection. why?...
|
||||
// also an exception for jsound, we can't just allow loadlibrary.jsound* because there could be malicious
|
||||
|
@ -178,8 +188,11 @@ public class SecurityManager extends java.lang.SecurityManager {
|
|||
MainPanel.debug("allowedDir: " + allowedDir);
|
||||
Permissions permissions = new Permissions();
|
||||
//permissions.add(new java.security.AllPermission());
|
||||
|
||||
// only needed when not in a jar
|
||||
// will deny this later
|
||||
permissions.add(new java.io.FilePermission("./-", "read"));
|
||||
permissions.add(new java.net.SocketPermission("graveman.info", "connect,accept,resolve"));
|
||||
//questionable
|
||||
permissions.add(new RuntimePermission("accessDeclaredMembers"));
|
||||
permissions.add(new RuntimePermission("setFactory"));
|
||||
|
@ -189,29 +202,27 @@ public class SecurityManager extends java.lang.SecurityManager {
|
|||
permissions.add(new RuntimePermission("modifyThreadGroup"));
|
||||
permissions.add(new java.net.NetPermission("getProxySelector"));
|
||||
//needed
|
||||
//String javaHome = "${java.home}/-";
|
||||
String javaHome = System.getProperty("java.home") + "/-";
|
||||
//System.out.println("java.home: "+javaHome);
|
||||
permissions.add(new java.io.FilePermission(javaHome, "read"));
|
||||
permissions.add(new java.io.FilePermission(allowedDir, "read,write,delete"));
|
||||
permissions.add(new java.io.FilePermission(allowedDir.substring(0, allowedDir.length() - 2), "read,write,delete"));
|
||||
permissions.add(new java.net.SocketPermission("localhost:1024-", "accept,connect,listen"));
|
||||
permissions.add(new java.util.PropertyPermission("socksProxyHost", "read"));
|
||||
permissions.add(new java.util.PropertyPermission("line.separator", "read"));
|
||||
permissions.add(new java.util.PropertyPermission("java.protocol.handler.pkgs", "read"));
|
||||
// java.util.Calendar screwing with things again, write isn't too harmful, it only
|
||||
// lasts for the run of that individual JVM
|
||||
permissions.add(new java.util.PropertyPermission("user.timezone", "read,write"));
|
||||
permissions.add(new java.util.PropertyPermission("user.country", "read"));
|
||||
permissions.add(new java.util.PropertyPermission("sun.timezone.ids.oldmapping", "read"));
|
||||
permissions.add(new java.util.PropertyPermission("sun.net.inetaddr.ttl", "read"));
|
||||
permissions.add(new java.util.PropertyPermission("java.net.useSystemProxies", "read"));
|
||||
permissions.add(new java.security.SecurityPermission("getProperty.networkaddress.*"));
|
||||
// following needed for networking and file read/write
|
||||
// this is OK because we restrict FilePermissions and SocketPermission
|
||||
permissions.add(new RuntimePermission("readFileDescriptor"));
|
||||
permissions.add(new RuntimePermission("writeFileDescriptor"));
|
||||
|
||||
//platform specific? :( (all for fonts, whats a better way?)
|
||||
/* permissions.add(new java.io.FilePermission("/usr/share/fonts/-", "read"));
|
||||
permissions.add(new java.io.FilePermission("/usr/lib/jvm/-", "read"));
|
||||
permissions.add(new java.io.FilePermission("/var/lib/defoma/-", "read"));
|
||||
permissions.add(new java.io.FilePermission(System.getProperty("user.home") + "/.fonts/-", "read"));
|
||||
permissions.add(new java.io.FilePermission(System.getProperty("user.home") + "/.fonts", "read"));
|
||||
permissions.add(new java.io.FilePermission("/usr/X11R6/lib/X11/fonts/-", "read"));
|
||||
*/ //System.out.println(permissions.toString());
|
||||
|
||||
// asked for with java5 runtime
|
||||
permissions.add(new java.util.PropertyPermission("sun.java2d.remote", "read"));
|
||||
|
||||
|
@ -230,14 +241,6 @@ public class SecurityManager extends java.lang.SecurityManager {
|
|||
permissions.add(new java.net.NetPermission("getResponseCache"));
|
||||
permissions.add(new RuntimePermission("loadLibrary.jsound"));
|
||||
|
||||
//platform specific again :(
|
||||
//permissions.add(new java.lang.RuntimePermission("loadLibrary.jsoundalsa"));
|
||||
|
||||
// will deny this later
|
||||
permissions.add(new java.net.SocketPermission("graveman.info", "connect,accept,resolve"));
|
||||
//permissions.add(new java.lang.RuntimePermission("createClassLoader"));
|
||||
//permissions.add(new java.lang.reflect.ReflectPermission("suppressAccessChecks"));
|
||||
|
||||
// following for OSX leopard
|
||||
permissions.add(new java.util.PropertyPermission("socksNonProxyHosts", "read"));
|
||||
permissions.add(new java.util.PropertyPermission("sun.java2d.*", "read"));
|
||||
|
@ -254,6 +257,8 @@ public class SecurityManager extends java.lang.SecurityManager {
|
|||
|
||||
// for 508
|
||||
permissions.add(new java.util.PropertyPermission("python.home", "read,write"));
|
||||
permissions.add(new java.util.PropertyPermission("java.vm.vendor", "read"));
|
||||
permissions.add(new java.util.PropertyPermission("python.home", "read"));
|
||||
|
||||
//System.out.println(permissions.toString());
|
||||
return permissions;
|
||||
|
|
|
@ -169,7 +169,7 @@ public abstract class Server extends Thread {
|
|||
|
||||
public void handleException(Exception e) {
|
||||
if (MainPanel.debug()) {
|
||||
String myName = this.getClass().getName();
|
||||
//String myName = this.getClass().getName();
|
||||
//if (myName.equals("org.moparscape.userver.v508.OndemandServer443")) return;
|
||||
System.err.print("Server error: ");
|
||||
e.printStackTrace();
|
||||
|
|
|
@ -59,45 +59,46 @@ public class OndemandServer extends Server {
|
|||
}
|
||||
|
||||
public void handleConnection(Socket s) throws IOException {
|
||||
//System.out.println("ods: new connection to update server");
|
||||
try {
|
||||
//System.out.println("ods: new connection to update server");
|
||||
|
||||
boolean identify = false;
|
||||
DataOutputStream out = new DataOutputStream(s.getOutputStream());
|
||||
DataInputStream in = new DataInputStream(s.getInputStream());
|
||||
//s.setSoTimeout(0);
|
||||
if (in == null)
|
||||
return;
|
||||
while (!s.isClosed()) {
|
||||
//System.out.println("in loop");
|
||||
byte dataType = 0;
|
||||
int version = 0;
|
||||
if (!identify) {
|
||||
//s.setSoTimeout(100);
|
||||
//System.out.println("HERE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
|
||||
dataType = in.readByte();
|
||||
//System.out.println("ANDNOW!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
|
||||
//s.setSoTimeout(0);
|
||||
version = in.readInt();
|
||||
//System.out.println("dataType:" + dataType + " version:" + version);
|
||||
}
|
||||
if (dataType == 15 && version == clientVersion) {
|
||||
//System.out.println("new client connected to update server");
|
||||
out.writeByte(0);
|
||||
identify = true;
|
||||
in.skip(4);
|
||||
} else {
|
||||
int type = in.read();
|
||||
//System.out.println("type:" + type);
|
||||
// if (type != 0 && type != 1 && type != 3)
|
||||
// System.exit(-433);
|
||||
//int hash = ((in.get()& 0xff) << 16) + ((in.get()& 0xff) << 8) + (in.get()& 0xff);
|
||||
if (type == 0 || type == 1) {
|
||||
//int index = in.read() & 0xff;
|
||||
//int id = in.readShort();
|
||||
int uid = (in.readUnsignedByte() << 16) + (in.readUnsignedByte() << 8) + in.readUnsignedByte();
|
||||
int index = uid >> 16;
|
||||
int id = uid & 0xFFFF;
|
||||
//System.out.println("index:" + index + " id:" + id);
|
||||
boolean identify = false;
|
||||
DataOutputStream out = new DataOutputStream(s.getOutputStream());
|
||||
DataInputStream in = new DataInputStream(s.getInputStream());
|
||||
//s.setSoTimeout(0);
|
||||
if (in == null)
|
||||
return;
|
||||
while (!s.isClosed()) {
|
||||
//System.out.println("in loop");
|
||||
byte dataType = 0;
|
||||
int version = 0;
|
||||
if (!identify) {
|
||||
//s.setSoTimeout(100);
|
||||
//System.out.println("HERE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
|
||||
dataType = in.readByte();
|
||||
//System.out.println("ANDNOW!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
|
||||
//s.setSoTimeout(0);
|
||||
version = in.readInt();
|
||||
//System.out.println("dataType:" + dataType + " version:" + version);
|
||||
}
|
||||
if (dataType == 15 && version == clientVersion) {
|
||||
//System.out.println("new client connected to update server");
|
||||
out.writeByte(0);
|
||||
identify = true;
|
||||
in.skip(4);
|
||||
} else {
|
||||
int type = in.read();
|
||||
//System.out.println("type:" + type);
|
||||
// if (type != 0 && type != 1 && type != 3)
|
||||
// System.exit(-433);
|
||||
//int hash = ((in.get()& 0xff) << 16) + ((in.get()& 0xff) << 8) + (in.get()& 0xff);
|
||||
if (type == 0 || type == 1) {
|
||||
//int index = in.read() & 0xff;
|
||||
//int id = in.readShort();
|
||||
int uid = (in.readUnsignedByte() << 16) + (in.readUnsignedByte() << 8) + in.readUnsignedByte();
|
||||
int index = uid >> 16;
|
||||
int id = uid & 0xFFFF;
|
||||
//System.out.println("index:" + index + " id:" + id);
|
||||
// if (index == 255 && id == 255) {
|
||||
// System.out.println("writing out update keys");
|
||||
// for (int i : UPDATE_KEYS)
|
||||
|
@ -130,73 +131,79 @@ public class OndemandServer extends Server {
|
|||
// if(true)
|
||||
// continue;
|
||||
|
||||
//long hash = (long) ((index << 16) + id);
|
||||
//System.out.println("request " + hash);
|
||||
//System.out.println(String.format(odsPath, index, id >= maxFilesInFolder ? "/a" : "", id));
|
||||
//long hash = (long) ((index << 16) + id);
|
||||
//System.out.println("request " + hash);
|
||||
//System.out.println(String.format(odsPath, index, id >= maxFilesInFolder ? "/a" : "", id));
|
||||
|
||||
URLConnection url = getHttpURLConnection(String.format(odsPath, index, id >= maxFilesInFolder ? "/a" : "", id));
|
||||
// if url is null, custom and default cannot be reached, continue
|
||||
if (url == null) {
|
||||
// unless we want the update keys and may not be connected to the internet
|
||||
// so we server them up if it is that which we are requesting
|
||||
if (index == 255 && id == 255) {
|
||||
System.out.println("UpdateServer: Update Keys do not exist on server, serving generic ones.");
|
||||
int[] UPDATE_KEYS = {
|
||||
0xff, 0x00, 0xff, 0x00, 0x00, 0x00, 0x00, 0xd8,
|
||||
0x84, 0xa1, 0xa1, 0x2b, 0x00, 0x00, 0x00, 0xba,
|
||||
0x58, 0x64, 0xe8, 0x14, 0x00, 0x00, 0x00, 0x7b,
|
||||
0xcc, 0xa0, 0x7e, 0x23, 0x00, 0x00, 0x00, 0x48,
|
||||
0x20, 0x0e, 0xe3, 0x6e, 0x00, 0x00, 0x01, 0x88,
|
||||
0xec, 0x0d, 0x58, 0xed, 0x00, 0x00, 0x00, 0x71,
|
||||
0xb9, 0x4c, 0xc0, 0x50, 0x00, 0x00, 0x01, 0x8b,
|
||||
0x5b, 0x61, 0x79, 0x20, 0x00, 0x00, 0x00, 0x0c,
|
||||
0x0c, 0x69, 0xb1, 0xc8, 0x00, 0x00, 0x02, 0x31,
|
||||
0xc8, 0x56, 0x67, 0x52, 0x00, 0x00, 0x00, 0x69,
|
||||
0x78, 0x17, 0x7b, 0xe2, 0x00, 0x00, 0x00, 0xc3,
|
||||
0x29, 0x76, 0x27, 0x6a, 0x00, 0x00, 0x00, 0x05,
|
||||
0x44, 0xe7, 0x75, 0xcb, 0x00, 0x00, 0x00, 0x08,
|
||||
0x7d, 0x21, 0x80, 0xd5, 0x00, 0x00, 0x01, 0x58,
|
||||
0xeb, 0x7d, 0x49, 0x8e, 0x00, 0x00, 0x00, 0x0c,
|
||||
0xf4, 0xdf, 0xd6, 0x4d, 0x00, 0x00, 0x00, 0x18,
|
||||
0xec, 0x33, 0x31, 0x7e, 0x00, 0x00, 0x00, 0x01,
|
||||
0xf7, 0x7a, 0x09, 0xe3, 0x00, 0x00, 0x00, 0xd7,
|
||||
0xe6, 0xa7, 0xa5, 0x18, 0x00, 0x00, 0x00, 0x45,
|
||||
0xb5, 0x0a, 0xe0, 0x64, 0x00, 0x00, 0x00, 0x75,
|
||||
0xba, 0xf2, 0xa2, 0xb9, 0x00, 0x00, 0x00, 0x5f,
|
||||
0x31, 0xff, 0xfd, 0x16, 0x00, 0x00, 0x01, 0x48,
|
||||
0x03, 0xf5, 0x55, 0xab, 0x00, 0x00, 0x00, 0x1e,
|
||||
0x85, 0x03, 0x5e, 0xa7, 0x00, 0x00, 0x00, 0x23,
|
||||
0x4e, 0x81, 0xae, 0x7d, 0x00, 0x00, 0x00, 0x18,
|
||||
0x67, 0x07, 0x33, 0xe3, 0x00, 0x00, 0x00, 0x14,
|
||||
0xab, 0x81, 0x05, 0xac, 0x00, 0x00, 0x00, 0x03,
|
||||
0x24, 0x75, 0x85, 0x14, 0x00, 0x00, 0x00, 0x36
|
||||
};
|
||||
for (int i : UPDATE_KEYS)
|
||||
out.writeByte(i);
|
||||
out.flush();
|
||||
URLConnection url = getHttpURLConnection(String.format(odsPath, index, id >= maxFilesInFolder ? "/a" : "", id));
|
||||
// if url is null, custom and default cannot be reached, continue
|
||||
if (url == null) {
|
||||
// unless we want the update keys and may not be connected to the internet
|
||||
// so we server them up if it is that which we are requesting
|
||||
if (index == 255 && id == 255) {
|
||||
System.out.println("UpdateServer: Update Keys do not exist on server, serving generic ones.");
|
||||
int[] UPDATE_KEYS = {
|
||||
0xff, 0x00, 0xff, 0x00, 0x00, 0x00, 0x00, 0xd8,
|
||||
0x84, 0xa1, 0xa1, 0x2b, 0x00, 0x00, 0x00, 0xba,
|
||||
0x58, 0x64, 0xe8, 0x14, 0x00, 0x00, 0x00, 0x7b,
|
||||
0xcc, 0xa0, 0x7e, 0x23, 0x00, 0x00, 0x00, 0x48,
|
||||
0x20, 0x0e, 0xe3, 0x6e, 0x00, 0x00, 0x01, 0x88,
|
||||
0xec, 0x0d, 0x58, 0xed, 0x00, 0x00, 0x00, 0x71,
|
||||
0xb9, 0x4c, 0xc0, 0x50, 0x00, 0x00, 0x01, 0x8b,
|
||||
0x5b, 0x61, 0x79, 0x20, 0x00, 0x00, 0x00, 0x0c,
|
||||
0x0c, 0x69, 0xb1, 0xc8, 0x00, 0x00, 0x02, 0x31,
|
||||
0xc8, 0x56, 0x67, 0x52, 0x00, 0x00, 0x00, 0x69,
|
||||
0x78, 0x17, 0x7b, 0xe2, 0x00, 0x00, 0x00, 0xc3,
|
||||
0x29, 0x76, 0x27, 0x6a, 0x00, 0x00, 0x00, 0x05,
|
||||
0x44, 0xe7, 0x75, 0xcb, 0x00, 0x00, 0x00, 0x08,
|
||||
0x7d, 0x21, 0x80, 0xd5, 0x00, 0x00, 0x01, 0x58,
|
||||
0xeb, 0x7d, 0x49, 0x8e, 0x00, 0x00, 0x00, 0x0c,
|
||||
0xf4, 0xdf, 0xd6, 0x4d, 0x00, 0x00, 0x00, 0x18,
|
||||
0xec, 0x33, 0x31, 0x7e, 0x00, 0x00, 0x00, 0x01,
|
||||
0xf7, 0x7a, 0x09, 0xe3, 0x00, 0x00, 0x00, 0xd7,
|
||||
0xe6, 0xa7, 0xa5, 0x18, 0x00, 0x00, 0x00, 0x45,
|
||||
0xb5, 0x0a, 0xe0, 0x64, 0x00, 0x00, 0x00, 0x75,
|
||||
0xba, 0xf2, 0xa2, 0xb9, 0x00, 0x00, 0x00, 0x5f,
|
||||
0x31, 0xff, 0xfd, 0x16, 0x00, 0x00, 0x01, 0x48,
|
||||
0x03, 0xf5, 0x55, 0xab, 0x00, 0x00, 0x00, 0x1e,
|
||||
0x85, 0x03, 0x5e, 0xa7, 0x00, 0x00, 0x00, 0x23,
|
||||
0x4e, 0x81, 0xae, 0x7d, 0x00, 0x00, 0x00, 0x18,
|
||||
0x67, 0x07, 0x33, 0xe3, 0x00, 0x00, 0x00, 0x14,
|
||||
0xab, 0x81, 0x05, 0xac, 0x00, 0x00, 0x00, 0x03,
|
||||
0x24, 0x75, 0x85, 0x14, 0x00, 0x00, 0x00, 0x36
|
||||
};
|
||||
for (int i : UPDATE_KEYS)
|
||||
out.writeByte(i);
|
||||
out.flush();
|
||||
}
|
||||
continue;
|
||||
}
|
||||
continue;
|
||||
|
||||
//int size = url.getContentLength();
|
||||
// if size == -1 it doesn't exist
|
||||
// however this cannot be counted on as a 404 will still send html
|
||||
//System.out.println("size: " + size);
|
||||
//System.out.println("opening stream");
|
||||
InputStream data1 = url.getInputStream();
|
||||
//System.out.println("InputStream Open!");
|
||||
|
||||
// buffer and len are static
|
||||
while ((len = data1.read(buffer)) >= 0) {
|
||||
//System.out.println("len read:"+len);
|
||||
out.write(buffer, 0, len);
|
||||
}
|
||||
//System.out.println("Data Written! len:"+len);
|
||||
out.flush();
|
||||
data1.close();
|
||||
}
|
||||
|
||||
//int size = url.getContentLength();
|
||||
// if size == -1 it doesn't exist
|
||||
// however this cannot be counted on as a 404 will still send html
|
||||
//System.out.println("size: " + size);
|
||||
//System.out.println("opening stream");
|
||||
InputStream data1 = url.getInputStream();
|
||||
//System.out.println("InputStream Open!");
|
||||
|
||||
// buffer and len are static
|
||||
while ((len = data1.read(buffer)) >= 0){
|
||||
//System.out.println("len read:"+len);
|
||||
out.write(buffer, 0, len);
|
||||
}
|
||||
//System.out.println("Data Written! len:"+len);
|
||||
out.flush();
|
||||
data1.close();
|
||||
}
|
||||
|
||||
}
|
||||
} catch (IOException e) {
|
||||
// since we know there is a problem with this, I don't want it clogging up debug, so we are going to ignore it
|
||||
// if we wanted to rethrow it to handleException, we could do so like this:
|
||||
|
||||
//throw e;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue