moparisthebest
/
MoparScape
mirror of https://github.com/moparisthebest/MoparScape
1
0
Fork 0
Code Issues Releases Wiki Activity

more securitymanager improvements...

This commit is contained in:
Travis Burtrum 2010-05-03 22:46:10 -04:00 committed by moparisthebest
parent 0728b28900
commit a964437d1a
3 changed files with 133 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
src/org/moparscape/security/SecurityManager.java
View File

@ -43,6 +43,14 @@ public class SecurityManager extends java.lang.SecurityManager {
private Permission reflectPerm = new java.lang.reflect.ReflectPermission("suppressAccessChecks");
private Permission classLoaderPerm = new java.lang.RuntimePermission("createClassLoader");
public SecurityManager() {
try {
new java.net.URL("http://localhost/");
} catch (Exception e) {
}
}
public void addPermissions(ClassLoader cl, Permissions perms) {
// if they can't set the SecurityManager, they shouldn't be able to modify this one, so check...
System.getSecurityManager().checkPermission(new java.lang.RuntimePermission("setSecurityManager"));
@ -109,11 +117,13 @@ public class SecurityManager extends java.lang.SecurityManager {
// if the classloader isn't in our map, we don't have any say on it so continue
if (clPerms == null)
continue;
// 2 exceptions here for java.util.GregorianCalendar and java.util.Calendar:
// 2 exceptions here for java.util.GregorianCalendar, java.util.Calendar, java.text.SimpleDateFormat:
// java.lang.RuntimePermission accessClassInPackage.sun.util.resources
// java.lang.reflect.ReflectPermission suppressAccessChecks
String lastCName = c[i - 1].getName();
if (lastCName.startsWith("java.util.") && lastCName.endsWith("Calendar") && (perm.equals(p1) || perm.equals(reflectPerm)))
if (((lastCName.startsWith("java.util.") && lastCName.endsWith("Calendar"))
|| lastCName.equals("java.text.SimpleDateFormat"))
&& (perm.equals(p1) || perm.equals(reflectPerm)))
return;
// some more exceptions for when java classes use reflection. why?...
// also an exception for jsound, we can't just allow loadlibrary.jsound* because there could be malicious
@ -178,8 +188,11 @@ public class SecurityManager extends java.lang.SecurityManager {
MainPanel.debug("allowedDir: " + allowedDir);
Permissions permissions = new Permissions();
//permissions.add(new java.security.AllPermission());
// only needed when not in a jar
// will deny this later
permissions.add(new java.io.FilePermission("./-", "read"));
permissions.add(new java.net.SocketPermission("graveman.info", "connect,accept,resolve"));
//questionable
permissions.add(new RuntimePermission("accessDeclaredMembers"));
permissions.add(new RuntimePermission("setFactory"));
@ -189,29 +202,27 @@ public class SecurityManager extends java.lang.SecurityManager {
permissions.add(new RuntimePermission("modifyThreadGroup"));
permissions.add(new java.net.NetPermission("getProxySelector"));
//needed
//String javaHome = "${java.home}/-";
String javaHome = System.getProperty("java.home") + "/-";
//System.out.println("java.home: "+javaHome);
permissions.add(new java.io.FilePermission(javaHome, "read"));
permissions.add(new java.io.FilePermission(allowedDir, "read,write,delete"));
permissions.add(new java.io.FilePermission(allowedDir.substring(0, allowedDir.length() - 2), "read,write,delete"));
permissions.add(new java.net.SocketPermission("localhost:1024-", "accept,connect,listen"));
permissions.add(new java.util.PropertyPermission("socksProxyHost", "read"));
permissions.add(new java.util.PropertyPermission("line.separator", "read"));
permissions.add(new java.util.PropertyPermission("java.protocol.handler.pkgs", "read"));
// java.util.Calendar screwing with things again, write isn't too harmful, it only
// lasts for the run of that individual JVM
permissions.add(new java.util.PropertyPermission("user.timezone", "read,write"));
permissions.add(new java.util.PropertyPermission("user.country", "read"));
permissions.add(new java.util.PropertyPermission("sun.timezone.ids.oldmapping", "read"));
permissions.add(new java.util.PropertyPermission("sun.net.inetaddr.ttl", "read"));
permissions.add(new java.util.PropertyPermission("java.net.useSystemProxies", "read"));
permissions.add(new java.security.SecurityPermission("getProperty.networkaddress.*"));
// following needed for networking and file read/write
// this is OK because we restrict FilePermissions and SocketPermission
permissions.add(new RuntimePermission("readFileDescriptor"));
permissions.add(new RuntimePermission("writeFileDescriptor"));
//platform specific? :( (all for fonts, whats a better way?)
/* permissions.add(new java.io.FilePermission("/usr/share/fonts/-", "read"));
permissions.add(new java.io.FilePermission("/usr/lib/jvm/-", "read"));
permissions.add(new java.io.FilePermission("/var/lib/defoma/-", "read"));
permissions.add(new java.io.FilePermission(System.getProperty("user.home") + "/.fonts/-", "read"));
permissions.add(new java.io.FilePermission(System.getProperty("user.home") + "/.fonts", "read"));
permissions.add(new java.io.FilePermission("/usr/X11R6/lib/X11/fonts/-", "read"));
*/ //System.out.println(permissions.toString());
// asked for with java5 runtime
permissions.add(new java.util.PropertyPermission("sun.java2d.remote", "read"));
@ -230,14 +241,6 @@ public class SecurityManager extends java.lang.SecurityManager {
permissions.add(new java.net.NetPermission("getResponseCache"));
permissions.add(new RuntimePermission("loadLibrary.jsound"));
//platform specific again :(
//permissions.add(new java.lang.RuntimePermission("loadLibrary.jsoundalsa"));
// will deny this later
permissions.add(new java.net.SocketPermission("graveman.info", "connect,accept,resolve"));
//permissions.add(new java.lang.RuntimePermission("createClassLoader"));
//permissions.add(new java.lang.reflect.ReflectPermission("suppressAccessChecks"));
// following for OSX leopard
permissions.add(new java.util.PropertyPermission("socksNonProxyHosts", "read"));
permissions.add(new java.util.PropertyPermission("sun.java2d.*", "read"));
@ -254,6 +257,8 @@ public class SecurityManager extends java.lang.SecurityManager {
// for 508
permissions.add(new java.util.PropertyPermission("python.home", "read,write"));
permissions.add(new java.util.PropertyPermission("java.vm.vendor", "read"));
permissions.add(new java.util.PropertyPermission("python.home", "read"));
//System.out.println(permissions.toString());
return permissions;

2
src/org/moparscape/userver/Server.java
View File

@ -169,7 +169,7 @@ public abstract class Server extends Thread {
public void handleException(Exception e) {
if (MainPanel.debug()) {
String myName = this.getClass().getName();
//String myName = this.getClass().getName();
//if (myName.equals("org.moparscape.userver.v508.OndemandServer443")) return;
System.err.print("Server error: ");
e.printStackTrace();

205
src/org/moparscape/userver/v508/OndemandServer.java
View File

@ -59,45 +59,46 @@ public class OndemandServer extends Server {
}
public void handleConnection(Socket s) throws IOException {
//System.out.println("ods: new connection to update server");
try {
//System.out.println("ods: new connection to update server");
boolean identify = false;
DataOutputStream out = new DataOutputStream(s.getOutputStream());
DataInputStream in = new DataInputStream(s.getInputStream());
//s.setSoTimeout(0);
if (in == null)
return;
while (!s.isClosed()) {
//System.out.println("in loop");
byte dataType = 0;
int version = 0;
if (!identify) {
//s.setSoTimeout(100);
//System.out.println("HERE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
dataType = in.readByte();
//System.out.println("ANDNOW!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
//s.setSoTimeout(0);
version = in.readInt();
//System.out.println("dataType:" + dataType + " version:" + version);
}
if (dataType == 15 && version == clientVersion) {
//System.out.println("new client connected to update server");
out.writeByte(0);
identify = true;
in.skip(4);
} else {
int type = in.read();
//System.out.println("type:" + type);
// if (type != 0 && type != 1 && type != 3)
// System.exit(-433);
//int hash = ((in.get()& 0xff) << 16) + ((in.get()& 0xff) << 8) + (in.get()& 0xff);
if (type == 0 || type == 1) {
//int index = in.read() & 0xff;
//int id = in.readShort();
int uid = (in.readUnsignedByte() << 16) + (in.readUnsignedByte() << 8) + in.readUnsignedByte();
int index = uid >> 16;
int id = uid & 0xFFFF;
//System.out.println("index:" + index + " id:" + id);
boolean identify = false;
DataOutputStream out = new DataOutputStream(s.getOutputStream());
DataInputStream in = new DataInputStream(s.getInputStream());
//s.setSoTimeout(0);
if (in == null)
return;
while (!s.isClosed()) {
//System.out.println("in loop");
byte dataType = 0;
int version = 0;
if (!identify) {
//s.setSoTimeout(100);
//System.out.println("HERE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
dataType = in.readByte();
//System.out.println("ANDNOW!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
//s.setSoTimeout(0);
version = in.readInt();
//System.out.println("dataType:" + dataType + " version:" + version);
}
if (dataType == 15 && version == clientVersion) {
//System.out.println("new client connected to update server");
out.writeByte(0);
identify = true;
in.skip(4);
} else {
int type = in.read();
//System.out.println("type:" + type);
// if (type != 0 && type != 1 && type != 3)
// System.exit(-433);
//int hash = ((in.get()& 0xff) << 16) + ((in.get()& 0xff) << 8) + (in.get()& 0xff);
if (type == 0 || type == 1) {
//int index = in.read() & 0xff;
//int id = in.readShort();
int uid = (in.readUnsignedByte() << 16) + (in.readUnsignedByte() << 8) + in.readUnsignedByte();
int index = uid >> 16;
int id = uid & 0xFFFF;
//System.out.println("index:" + index + " id:" + id);
// if (index == 255 && id == 255) {
// System.out.println("writing out update keys");
// for (int i : UPDATE_KEYS)
@ -130,73 +131,79 @@ public class OndemandServer extends Server {
// if(true)
// continue;
//long hash = (long) ((index << 16) + id);
//System.out.println("request " + hash);
//System.out.println(String.format(odsPath, index, id >= maxFilesInFolder ? "/a" : "", id));
//long hash = (long) ((index << 16) + id);
//System.out.println("request " + hash);
//System.out.println(String.format(odsPath, index, id >= maxFilesInFolder ? "/a" : "", id));
URLConnection url = getHttpURLConnection(String.format(odsPath, index, id >= maxFilesInFolder ? "/a" : "", id));
// if url is null, custom and default cannot be reached, continue
if (url == null) {
// unless we want the update keys and may not be connected to the internet
// so we server them up if it is that which we are requesting
if (index == 255 && id == 255) {
System.out.println("UpdateServer: Update Keys do not exist on server, serving generic ones.");
int[] UPDATE_KEYS = {
0xff, 0x00, 0xff, 0x00, 0x00, 0x00, 0x00, 0xd8,
0x84, 0xa1, 0xa1, 0x2b, 0x00, 0x00, 0x00, 0xba,
0x58, 0x64, 0xe8, 0x14, 0x00, 0x00, 0x00, 0x7b,
0xcc, 0xa0, 0x7e, 0x23, 0x00, 0x00, 0x00, 0x48,
0x20, 0x0e, 0xe3, 0x6e, 0x00, 0x00, 0x01, 0x88,
0xec, 0x0d, 0x58, 0xed, 0x00, 0x00, 0x00, 0x71,
0xb9, 0x4c, 0xc0, 0x50, 0x00, 0x00, 0x01, 0x8b,
0x5b, 0x61, 0x79, 0x20, 0x00, 0x00, 0x00, 0x0c,
0x0c, 0x69, 0xb1, 0xc8, 0x00, 0x00, 0x02, 0x31,
0xc8, 0x56, 0x67, 0x52, 0x00, 0x00, 0x00, 0x69,
0x78, 0x17, 0x7b, 0xe2, 0x00, 0x00, 0x00, 0xc3,
0x29, 0x76, 0x27, 0x6a, 0x00, 0x00, 0x00, 0x05,
0x44, 0xe7, 0x75, 0xcb, 0x00, 0x00, 0x00, 0x08,
0x7d, 0x21, 0x80, 0xd5, 0x00, 0x00, 0x01, 0x58,
0xeb, 0x7d, 0x49, 0x8e, 0x00, 0x00, 0x00, 0x0c,
0xf4, 0xdf, 0xd6, 0x4d, 0x00, 0x00, 0x00, 0x18,
0xec, 0x33, 0x31, 0x7e, 0x00, 0x00, 0x00, 0x01,
0xf7, 0x7a, 0x09, 0xe3, 0x00, 0x00, 0x00, 0xd7,
0xe6, 0xa7, 0xa5, 0x18, 0x00, 0x00, 0x00, 0x45,
0xb5, 0x0a, 0xe0, 0x64, 0x00, 0x00, 0x00, 0x75,
0xba, 0xf2, 0xa2, 0xb9, 0x00, 0x00, 0x00, 0x5f,
0x31, 0xff, 0xfd, 0x16, 0x00, 0x00, 0x01, 0x48,
0x03, 0xf5, 0x55, 0xab, 0x00, 0x00, 0x00, 0x1e,
0x85, 0x03, 0x5e, 0xa7, 0x00, 0x00, 0x00, 0x23,
0x4e, 0x81, 0xae, 0x7d, 0x00, 0x00, 0x00, 0x18,
0x67, 0x07, 0x33, 0xe3, 0x00, 0x00, 0x00, 0x14,
0xab, 0x81, 0x05, 0xac, 0x00, 0x00, 0x00, 0x03,
0x24, 0x75, 0x85, 0x14, 0x00, 0x00, 0x00, 0x36
};
for (int i : UPDATE_KEYS)
out.writeByte(i);
out.flush();
URLConnection url = getHttpURLConnection(String.format(odsPath, index, id >= maxFilesInFolder ? "/a" : "", id));
// if url is null, custom and default cannot be reached, continue
if (url == null) {
// unless we want the update keys and may not be connected to the internet
// so we server them up if it is that which we are requesting
if (index == 255 && id == 255) {
System.out.println("UpdateServer: Update Keys do not exist on server, serving generic ones.");
int[] UPDATE_KEYS = {
0xff, 0x00, 0xff, 0x00, 0x00, 0x00, 0x00, 0xd8,
0x84, 0xa1, 0xa1, 0x2b, 0x00, 0x00, 0x00, 0xba,
0x58, 0x64, 0xe8, 0x14, 0x00, 0x00, 0x00, 0x7b,
0xcc, 0xa0, 0x7e, 0x23, 0x00, 0x00, 0x00, 0x48,
0x20, 0x0e, 0xe3, 0x6e, 0x00, 0x00, 0x01, 0x88,
0xec, 0x0d, 0x58, 0xed, 0x00, 0x00, 0x00, 0x71,
0xb9, 0x4c, 0xc0, 0x50, 0x00, 0x00, 0x01, 0x8b,
0x5b, 0x61, 0x79, 0x20, 0x00, 0x00, 0x00, 0x0c,
0x0c, 0x69, 0xb1, 0xc8, 0x00, 0x00, 0x02, 0x31,
0xc8, 0x56, 0x67, 0x52, 0x00, 0x00, 0x00, 0x69,
0x78, 0x17, 0x7b, 0xe2, 0x00, 0x00, 0x00, 0xc3,
0x29, 0x76, 0x27, 0x6a, 0x00, 0x00, 0x00, 0x05,
0x44, 0xe7, 0x75, 0xcb, 0x00, 0x00, 0x00, 0x08,
0x7d, 0x21, 0x80, 0xd5, 0x00, 0x00, 0x01, 0x58,
0xeb, 0x7d, 0x49, 0x8e, 0x00, 0x00, 0x00, 0x0c,
0xf4, 0xdf, 0xd6, 0x4d, 0x00, 0x00, 0x00, 0x18,
0xec, 0x33, 0x31, 0x7e, 0x00, 0x00, 0x00, 0x01,
0xf7, 0x7a, 0x09, 0xe3, 0x00, 0x00, 0x00, 0xd7,
0xe6, 0xa7, 0xa5, 0x18, 0x00, 0x00, 0x00, 0x45,
0xb5, 0x0a, 0xe0, 0x64, 0x00, 0x00, 0x00, 0x75,
0xba, 0xf2, 0xa2, 0xb9, 0x00, 0x00, 0x00, 0x5f,
0x31, 0xff, 0xfd, 0x16, 0x00, 0x00, 0x01, 0x48,
0x03, 0xf5, 0x55, 0xab, 0x00, 0x00, 0x00, 0x1e,
0x85, 0x03, 0x5e, 0xa7, 0x00, 0x00, 0x00, 0x23,
0x4e, 0x81, 0xae, 0x7d, 0x00, 0x00, 0x00, 0x18,
0x67, 0x07, 0x33, 0xe3, 0x00, 0x00, 0x00, 0x14,
0xab, 0x81, 0x05, 0xac, 0x00, 0x00, 0x00, 0x03,
0x24, 0x75, 0x85, 0x14, 0x00, 0x00, 0x00, 0x36
};
for (int i : UPDATE_KEYS)
out.writeByte(i);
out.flush();
}
continue;
}
continue;
//int size = url.getContentLength();
// if size == -1 it doesn't exist
// however this cannot be counted on as a 404 will still send html
//System.out.println("size: " + size);
//System.out.println("opening stream");
InputStream data1 = url.getInputStream();
//System.out.println("InputStream Open!");
// buffer and len are static
while ((len = data1.read(buffer)) >= 0) {
//System.out.println("len read:"+len);
out.write(buffer, 0, len);
}
//System.out.println("Data Written! len:"+len);
out.flush();
data1.close();
}
//int size = url.getContentLength();
// if size == -1 it doesn't exist
// however this cannot be counted on as a 404 will still send html
//System.out.println("size: " + size);
//System.out.println("opening stream");
InputStream data1 = url.getInputStream();
//System.out.println("InputStream Open!");
// buffer and len are static
while ((len = data1.read(buffer)) >= 0){
//System.out.println("len read:"+len);
out.write(buffer, 0, len);
}
//System.out.println("Data Written! len:"+len);
out.flush();
data1.close();
}
}
} catch (IOException e) {
// since we know there is a problem with this, I don't want it clogging up debug, so we are going to ignore it
// if we wanted to rethrow it to handleException, we could do so like this:
//throw e;
}
}
}