db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rhille...@apache.org
Subject svn commit: r547521 - in /db/derby/code/trunk/java: drda/org/apache/derby/drda/ engine/org/apache/derby/iapi/reference/ testing/org/apache/derbyTesting/functionTests/tests/derbynet/
Date Fri, 15 Jun 2007 04:27:35 GMT
Author: rhillegas
Date: Thu Jun 14 21:27:31 2007
New Revision: 547521

URL: http://svn.apache.org/viewvc?view=rev&rev=547521
Log:
DERBY-2811: Use internal variable name for host parameter in default security policy; and
handle hostname wildcard ::

Modified:
    db/derby/code/trunk/java/drda/org/apache/derby/drda/NetworkServerControl.java
    db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
    db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.java

Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/NetworkServerControl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/NetworkServerControl.java?view=diff&rev=547521&r1=547520&r2=547521
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/drda/NetworkServerControl.java (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/drda/NetworkServerControl.java Thu Jun
14 21:27:31 2007
@@ -178,6 +178,7 @@
 	private final static String POLICY_FILENAME = "server.policy";
 	private final static String POLICY_FILE_PROPERTY = "java.security.policy";
 	private final static String DERBY_HOSTNAME_WILDCARD = "0.0.0.0";
+	private final static String IPV6_HOSTNAME_WILDCARD = "::";
 	private final static String SOCKET_PERMISSION_HOSTNAME_WILDCARD = "*";
 
     private NetworkServerControlImpl serverImpl;
@@ -585,13 +586,14 @@
 
         //
         // Forcibly set the following property so that it will be correctly
-        // substituted into the default policy file. It is ok to force this
-        // property at this time because it has already been read
-        // (and if necessary overridden) by server.getPropertyInfo()
-        // followed by server.parseArgs().
+        // substituted into the default policy file. This is the hostname for
+        // SocketPermissions. This is an internal property which customers
+        // may not override.
         //
-        System.setProperty( Property.DRDA_PROP_HOSTNAME, getHostNameForSocketPermission(
server ) );
+        System.setProperty( Property.DERBY_SECURITY_HOST, getHostNameForSocketPermission(
server ) );
 
+        server.consoleMessage( "XXX " + Property.DERBY_SECURITY_HOST + " = " + PropertyUtil.getSystemProperty(
Property.DERBY_SECURITY_HOST )  );
+        
         //
         // Forcibly set the following property. This is the parameter in
         // the Basic policy which points at the directory where the embedded and
@@ -624,9 +626,9 @@
     /**
      * Get the hostname as a value suitable for substituting into the
      * default server policy file. The special
-     * wildcard value "0.0.0.0" is forced to be "*" since that is the wildcard
+     * wildcard valuse "0.0.0.0" and "::" are forced to be "*" since that is the wildcard
      * hostname understood by SocketPermission. SocketPermission does
-     * not understand the "0.0.0.0" wildcard.
+     * not understand the "0.0.0.0" and "::" wildcards.
      */
     private static String  getHostNameForSocketPermission( NetworkServerControlImpl server
)
         throws Exception
@@ -637,7 +639,11 @@
         //
         String  hostname = server.getHost();
         
-        if ( DERBY_HOSTNAME_WILDCARD.equals( hostname ) ) { hostname = SOCKET_PERMISSION_HOSTNAME_WILDCARD;
}
+        if (
+            DERBY_HOSTNAME_WILDCARD.equals( hostname ) ||
+            IPV6_HOSTNAME_WILDCARD.equals( hostname ) 
+            )
+        { hostname = SOCKET_PERMISSION_HOSTNAME_WILDCARD; }
 
         return hostname;
     }

Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy?view=diff&rev=547521&r1=547520&r2=547521
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy Thu Jun 14 21:27:31
2007
@@ -25,6 +25,6 @@
 //
 // This permission lets the Network Server manage connections from clients.
 //
-  permission java.net.SocketPermission "${derby.drda.host}:*", "accept"; 
+  permission java.net.SocketPermission "${derby.security.host}:*", "accept"; 
 };
 

Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy?view=diff&rev=547521&r1=547520&r2=547521
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy Thu Jun 14 21:27:31
2007
@@ -37,6 +37,6 @@
 //
 // This permission lets the Network Server manage connections from clients.
 //
-  permission java.net.SocketPermission "${derby.drda.host}:*", "accept"; 
+  permission java.net.SocketPermission "${derby.security.host}:*", "accept"; 
 };
 

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java?view=diff&rev=547521&r1=547520&r2=547521
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java Thu Jun
14 21:27:31 2007
@@ -325,6 +325,15 @@
      **/
     public static final String DERBY_INSTALL_URL = "derby.install.url";
 
+    /**
+     * Ths property is private to Derby.
+     * This property is forcibly set by the Network Server to override
+     * any values which the user may have set. This property is only used to
+     * parameterize the Basic security policy used by the Network Server.
+     * This property is the hostname which the server uses.
+     **/
+    public static final String DERBY_SECURITY_HOST = "derby.security.host";
+
 	/*
 	** derby.storage.*
 	*/

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.java?view=diff&rev=547521&r1=547520&r2=547521
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.java
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.java
Thu Jun 14 21:27:31 2007
@@ -64,7 +64,8 @@
     private static  final   String  SST_USER_NAME="MARY";
     private static  final   String  SST_PASSWORD = "marypwd";
     
-    private static  final   String  DERBY_HOSTNAME_WILDCARD = "0.0.0.0";
+    private static  final   String  HOSTW = "0.0.0.0";
+    private static  final   String  IPV6W = "::";
 
     ///////////////////////////////////////////////////////////////////////////////////
     //
@@ -112,7 +113,7 @@
     private boolean _unsecureSet;
     private boolean _authenticationRequired;
     private String   _customDerbyProperties;
-    private boolean _useWildCardHost;
+    private String _wildCardHost;
 
     // expected outcomes
     private Outcome _outcome;
@@ -132,7 +133,7 @@
          boolean unsecureSet,
          boolean authenticationRequired,
          String     customDerbyProperties,
-         boolean    useWildCardHost,
+         String     wildCardHost,
 
          Outcome    outcome
         )
@@ -142,7 +143,7 @@
          _unsecureSet =  unsecureSet;
          _authenticationRequired =  authenticationRequired;
          _customDerbyProperties = customDerbyProperties;
-         _useWildCardHost = useWildCardHost;
+         _wildCardHost = wildCardHost;
 
          _outcome = outcome;
 
@@ -174,17 +175,21 @@
         // O = Overriden
         // A = Authenticated
         // C = Custom properties
-        // W = Use wildcard host
+        // W = Wildcard host
         //
         //      .addTest( decorateTest( O,        A,       C,    W,    Outcome ) );
         //
 
-        suite.addTest( decorateTest( false,  false, null, false, RUNNING_SECURITY_BOOTED
) );
-        suite.addTest( decorateTest( false,  false, BASIC, false, RUNNING_SECURITY_BOOTED
) );
-        suite.addTest( decorateTest( false,  true, null, false, RUNNING_SECURITY_BOOTED )
);
-        suite.addTest( decorateTest( false,  true, null, true, RUNNING_SECURITY_BOOTED )
);
-        suite.addTest( decorateTest( true,  false, null, false, RUNNING_SECURITY_NOT_BOOTED
) );
-        suite.addTest( decorateTest( true,  true, null, false, RUNNING_SECURITY_NOT_BOOTED
) );
+        suite.addTest( decorateTest( false,  false, null, null, RUNNING_SECURITY_BOOTED )
);
+        suite.addTest( decorateTest( false,  false, BASIC, null, RUNNING_SECURITY_BOOTED
) );
+        suite.addTest( decorateTest( false,  true, null, null, RUNNING_SECURITY_BOOTED )
);
+        suite.addTest( decorateTest( false,  true, null, HOSTW, RUNNING_SECURITY_BOOTED )
);
+
+        // this wildcard port is rejected by the server right now
+        //suite.addTest( decorateTest( false,  true, null, IPV6W, RUNNING_SECURITY_BOOTED
) );
+        
+        suite.addTest( decorateTest( true,  false, null, null, RUNNING_SECURITY_NOT_BOOTED
) );
+        suite.addTest( decorateTest( true,  true, null, null, RUNNING_SECURITY_NOT_BOOTED
) );
         
         return suite;
     }
@@ -215,7 +220,7 @@
          boolean unsecureSet,
          boolean authenticationRequired,
          String customDerbyProperties,
-         boolean    useWildCardHost,
+         String wildCardHost,
          
          Outcome outcome
         )
@@ -225,13 +230,13 @@
              unsecureSet,
              authenticationRequired,
              customDerbyProperties,
-             useWildCardHost,
+             wildCardHost,
 
              outcome
             );
 
         String[]        startupProperties = getStartupProperties( authenticationRequired,
customDerbyProperties );
-        String[]        startupArgs = getStartupArgs( unsecureSet, useWildCardHost );
+        String[]        startupArgs = getStartupArgs( unsecureSet, wildCardHost );
 
         NetworkServerTestSetup networkServerTestSetup =
                 new NetworkServerTestSetup
@@ -272,7 +277,7 @@
      * Return an array of startup args suitable for booting a server.
      * </p>
      */
-    private static  String[]    getStartupArgs( boolean setUnsecureOption, boolean useWildCardHost
)
+    private static  String[]    getStartupArgs( boolean setUnsecureOption, String wildCardHost
)
     {
         ArrayList       list = new ArrayList();
 
@@ -281,10 +286,10 @@
             list.add( "-noSecurityManager" );
         }
         
-        if ( useWildCardHost )
+        if ( wildCardHost != null )
         {
             list.add( NetworkServerTestSetup.HOST_OPTION );
-            list.add( DERBY_HOSTNAME_WILDCARD );
+            list.add( wildCardHost );
         }
         
         String[]    result = new String[ list.size() ];
@@ -347,7 +352,7 @@
         // make sure that the default policy lets us connect to the server if the hostname
was
         // wildcarded (DERBY-2811)
         //
-        if ( _authenticationRequired && _useWildCardHost ) { connectToServer(); }
+        if ( _authenticationRequired && ( _wildCardHost != null ) ) { connectToServer();
}
     }
 
     private void    connectToServer()
@@ -383,7 +388,7 @@
         buffer.append( "Opened = " ); buffer.append( _unsecureSet);
         buffer.append( ", Authenticated= " ); buffer.append( _authenticationRequired );
         buffer.append( ", CustomDerbyProperties= " ); buffer.append( _customDerbyProperties
);
-        buffer.append( ", UsingWildCardHost= " ); buffer.append( _useWildCardHost );
+        buffer.append( ", WildCardHost= " ); buffer.append( _wildCardHost );
         buffer.append( " )" );
 
         return buffer.toString();



Mime
View raw message