86 = new Hashtable<>(101);
87 private static Hashtable<InetAddress, InetAddress> allowedAccessCache
88 = new Hashtable<>(3);
89 private static RegistryImpl registry;
90 private static ObjID id = new ObjID(ObjID.REGISTRY_ID);
91
92 private static ResourceBundle resources = null;
93
94 /**
95 * Property name of the RMI Registry serial filter to augment
96 * the built-in list of allowed types.
97 * Setting the property in the {@code lib/security/java.security} file
98 * will enable the augmented filter.
99 */
100 private static final String REGISTRY_FILTER_PROPNAME = "sun.rmi.registry.registryFilter";
101
102 /** Registry max depth of remote invocations. **/
103 private static final int REGISTRY_MAX_DEPTH = 20;
104
105 /** Registry maximum array size in remote invocations. **/
106 private static final int REGISTRY_MAX_ARRAY_SIZE = 10000;
107
108 /**
109 * The registryFilter created from the value of the {@code "sun.rmi.registry.registryFilter"}
110 * property.
111 */
112 private static final ObjectInputFilter registryFilter =
113 AccessController.doPrivileged((PrivilegedAction<ObjectInputFilter>)RegistryImpl::initRegistryFilter);
114
115 /**
116 * Initialize the registryFilter from the security properties or system property; if any
117 * @return an ObjectInputFilter, or null
118 */
119 private static ObjectInputFilter initRegistryFilter() {
120 ObjectInputFilter filter = null;
121 String props = System.getProperty(REGISTRY_FILTER_PROPNAME);
122 if (props == null) {
123 props = Security.getProperty(REGISTRY_FILTER_PROPNAME);
124 }
125 if (props != null) {
126 filter = ObjectInputFilter.Config.createFilter(props);
127 Log regLog = Log.getLog("sun.rmi.registry", "registry", -1);
128 if (regLog.isLoggable(Log.BRIEF)) {
129 regLog.log(Log.BRIEF, "registryFilter = " + filter);
130 }
131 }
132 return filter;
133 }
134
135 /**
136 * Construct a new RegistryImpl on the specified port with the
137 * given custom socket factory pair.
138 */
139 public RegistryImpl(int port,
140 RMIClientSocketFactory csf,
141 RMIServerSocketFactory ssf)
142 throws RemoteException
143 {
144 this(port, csf, ssf, RegistryImpl::registryFilter);
145 }
146
402 * @param filterInfo access to the class, array length, etc.
403 * @return {@link ObjectInputFilter.Status#ALLOWED} if allowed,
404 * {@link ObjectInputFilter.Status#REJECTED} if rejected,
405 * otherwise {@link ObjectInputFilter.Status#UNDECIDED}
406 */
407 private static ObjectInputFilter.Status registryFilter(ObjectInputFilter.FilterInfo filterInfo) {
408 if (registryFilter != null) {
409 ObjectInputFilter.Status status = registryFilter.checkInput(filterInfo);
410 if (status != ObjectInputFilter.Status.UNDECIDED) {
411 // The Registry filter can override the built-in white-list
412 return status;
413 }
414 }
415
416 if (filterInfo.depth() > REGISTRY_MAX_DEPTH) {
417 return ObjectInputFilter.Status.REJECTED;
418 }
419 Class<?> clazz = filterInfo.serialClass();
420 if (clazz != null) {
421 if (clazz.isArray()) {
422 if (filterInfo.arrayLength() >= 0 && filterInfo.arrayLength() > REGISTRY_MAX_ARRAY_SIZE) {
423 return ObjectInputFilter.Status.REJECTED;
424 }
425 do {
426 // Arrays are allowed depending on the component type
427 clazz = clazz.getComponentType();
428 } while (clazz.isArray());
429 }
430 if (clazz.isPrimitive()) {
431 // Arrays of primitives are allowed
432 return ObjectInputFilter.Status.ALLOWED;
433 }
434 if (String.class == clazz
435 || java.lang.Number.class.isAssignableFrom(clazz)
436 || Remote.class.isAssignableFrom(clazz)
437 || java.lang.reflect.Proxy.class.isAssignableFrom(clazz)
438 || UnicastRef.class.isAssignableFrom(clazz)
439 || RMIClientSocketFactory.class.isAssignableFrom(clazz)
440 || RMIServerSocketFactory.class.isAssignableFrom(clazz)
441 || java.rmi.activation.ActivationID.class.isAssignableFrom(clazz)
442 || java.rmi.server.UID.class.isAssignableFrom(clazz)) {
443 return ObjectInputFilter.Status.ALLOWED;
444 } else {
445 return ObjectInputFilter.Status.REJECTED;
446 }
447 }
448 return ObjectInputFilter.Status.UNDECIDED;
449 }
450
451 /**
452 * Main program to start a registry. <br>
|
86 = new Hashtable<>(101);
87 private static Hashtable<InetAddress, InetAddress> allowedAccessCache
88 = new Hashtable<>(3);
89 private static RegistryImpl registry;
90 private static ObjID id = new ObjID(ObjID.REGISTRY_ID);
91
92 private static ResourceBundle resources = null;
93
94 /**
95 * Property name of the RMI Registry serial filter to augment
96 * the built-in list of allowed types.
97 * Setting the property in the {@code lib/security/java.security} file
98 * will enable the augmented filter.
99 */
100 private static final String REGISTRY_FILTER_PROPNAME = "sun.rmi.registry.registryFilter";
101
102 /** Registry max depth of remote invocations. **/
103 private static final int REGISTRY_MAX_DEPTH = 20;
104
105 /** Registry maximum array size in remote invocations. **/
106 private static final int REGISTRY_MAX_ARRAY_SIZE = 1_000_000;
107
108 /**
109 * The registryFilter created from the value of the {@code "sun.rmi.registry.registryFilter"}
110 * property.
111 */
112 private static final ObjectInputFilter registryFilter =
113 AccessController.doPrivileged((PrivilegedAction<ObjectInputFilter>)RegistryImpl::initRegistryFilter);
114
115 /**
116 * Initialize the registryFilter from the security properties or system property; if any
117 * @return an ObjectInputFilter, or null
118 */
119 private static ObjectInputFilter initRegistryFilter() {
120 ObjectInputFilter filter = null;
121 String props = System.getProperty(REGISTRY_FILTER_PROPNAME);
122 if (props == null) {
123 props = Security.getProperty(REGISTRY_FILTER_PROPNAME);
124 }
125 if (props != null) {
126 filter = ObjectInputFilter.Config.createFilter2(props);
127 Log regLog = Log.getLog("sun.rmi.registry", "registry", -1);
128 if (regLog.isLoggable(Log.BRIEF)) {
129 regLog.log(Log.BRIEF, "registryFilter = " + filter);
130 }
131 }
132 return filter;
133 }
134
135 /**
136 * Construct a new RegistryImpl on the specified port with the
137 * given custom socket factory pair.
138 */
139 public RegistryImpl(int port,
140 RMIClientSocketFactory csf,
141 RMIServerSocketFactory ssf)
142 throws RemoteException
143 {
144 this(port, csf, ssf, RegistryImpl::registryFilter);
145 }
146
402 * @param filterInfo access to the class, array length, etc.
403 * @return {@link ObjectInputFilter.Status#ALLOWED} if allowed,
404 * {@link ObjectInputFilter.Status#REJECTED} if rejected,
405 * otherwise {@link ObjectInputFilter.Status#UNDECIDED}
406 */
407 private static ObjectInputFilter.Status registryFilter(ObjectInputFilter.FilterInfo filterInfo) {
408 if (registryFilter != null) {
409 ObjectInputFilter.Status status = registryFilter.checkInput(filterInfo);
410 if (status != ObjectInputFilter.Status.UNDECIDED) {
411 // The Registry filter can override the built-in white-list
412 return status;
413 }
414 }
415
416 if (filterInfo.depth() > REGISTRY_MAX_DEPTH) {
417 return ObjectInputFilter.Status.REJECTED;
418 }
419 Class<?> clazz = filterInfo.serialClass();
420 if (clazz != null) {
421 if (clazz.isArray()) {
422 // Arrays are REJECTED only if they exceed the limit
423 return (filterInfo.arrayLength() >= 0 && filterInfo.arrayLength() > REGISTRY_MAX_ARRAY_SIZE)
424 ? ObjectInputFilter.Status.REJECTED
425 : ObjectInputFilter.Status.UNDECIDED;
426 }
427 if (String.class == clazz
428 || java.lang.Number.class.isAssignableFrom(clazz)
429 || Remote.class.isAssignableFrom(clazz)
430 || java.lang.reflect.Proxy.class.isAssignableFrom(clazz)
431 || UnicastRef.class.isAssignableFrom(clazz)
432 || RMIClientSocketFactory.class.isAssignableFrom(clazz)
433 || RMIServerSocketFactory.class.isAssignableFrom(clazz)
434 || java.rmi.activation.ActivationID.class.isAssignableFrom(clazz)
435 || java.rmi.server.UID.class.isAssignableFrom(clazz)) {
436 return ObjectInputFilter.Status.ALLOWED;
437 } else {
438 return ObjectInputFilter.Status.REJECTED;
439 }
440 }
441 return ObjectInputFilter.Status.UNDECIDED;
442 }
443
444 /**
445 * Main program to start a registry. <br>
|