This is an automated email from the ASF dual-hosted git repository.
jinmeiliao pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/develop by this push:
new 70f86c6 GEODE-7628: Block jmx mbean creation when no security manager
is configured (#4534)
70f86c6 is described below
commit 70f86c6c0ca39db8d3a0f412c7e05edd03b8d1c9
Author: Jinmei Liao <[email protected]>
AuthorDate: Fri Dec 27 18:19:24 2019 -0800
GEODE-7628: Block jmx mbean creation when no security manager is configured
(#4534)
---
.../internal/security/NoSecurityManagerTest.java | 52 ++++++++++++++++++++++
.../internal/BlockMBeanCreationController.java | 38 ++++++++++++++++
.../geode/management/internal/ManagementAgent.java | 7 ++-
3 files changed, 95 insertions(+), 2 deletions(-)
diff --git
a/geode-core/src/integrationTest/java/org/apache/geode/management/internal/security/NoSecurityManagerTest.java
b/geode-core/src/integrationTest/java/org/apache/geode/management/internal/security/NoSecurityManagerTest.java
new file mode 100644
index 0000000..bb4f4f7
--- /dev/null
+++
b/geode-core/src/integrationTest/java/org/apache/geode/management/internal/security/NoSecurityManagerTest.java
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
contributor license
+ * agreements. See the NOTICE file distributed with this work for additional
information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache
License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express
+ * or implied. See the License for the specific language governing permissions
and limitations under
+ * the License.
+ */
+package org.apache.geode.management.internal.security;
+
+
+
+import javax.management.MBeanServerConnection;
+import javax.management.ObjectName;
+
+import org.assertj.core.api.Assertions;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.rules.MBeanServerConnectionRule;
+import org.apache.geode.test.junit.rules.ServerStarterRule;
+
+@Category({SecurityTest.class})
+public class NoSecurityManagerTest {
+ @ClassRule
+ public static ServerStarterRule server = new
ServerStarterRule().withJMXManager()
+ .withAutoStart();
+
+ @Rule
+ public MBeanServerConnectionRule connectionRule =
+ new MBeanServerConnectionRule(server::getJmxPort);
+
+
+ @Test
+ public void cannotCreateMBeansInServer() throws Exception {
+ connectionRule.connect(server.getJmxPort());
+ MBeanServerConnection mBeanServerConnection =
connectionRule.getMBeanServerConnection();
+ ObjectName mletName = new ObjectName("foo:name=mlet");
+ Assertions.assertThatThrownBy(
+ () ->
mBeanServerConnection.createMBean("javax.management.loading.MLet", mletName))
+ .isInstanceOf(SecurityException.class);
+ }
+}
diff --git
a/geode-core/src/main/java/org/apache/geode/management/internal/BlockMBeanCreationController.java
b/geode-core/src/main/java/org/apache/geode/management/internal/BlockMBeanCreationController.java
new file mode 100644
index 0000000..48c8896
--- /dev/null
+++
b/geode-core/src/main/java/org/apache/geode/management/internal/BlockMBeanCreationController.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
contributor license
+ * agreements. See the NOTICE file distributed with this work for additional
information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache
License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express
+ * or implied. See the License for the specific language governing permissions
and limitations under
+ * the License.
+ */
+
+package org.apache.geode.management.internal;
+
+
+import com.sun.jmx.remote.security.MBeanServerAccessController;
+
+public class BlockMBeanCreationController extends MBeanServerAccessController {
+
+ @Override
+ protected void checkCreate(String className) {
+ throw new SecurityException(
+ "Access Denied. Remote MBean creation is not allowed unless a security
manager is enabled");
+ }
+
+ @Override
+ protected void checkRead() {
+
+ }
+
+ @Override
+ protected void checkWrite() {
+
+ }
+}
diff --git
a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
index 0638ada..f8d5319 100755
---
a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
+++
b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
@@ -418,8 +418,7 @@ public class ManagementAgent {
jmxConnectorServer.addNotificationListener(shiroAuthenticator, null,
jmxConnectorServer.getAttributes());
// always going to assume authorization is needed as well, if no custom
AccessControl, then
- // the CustomAuthRealm
- // should take care of that
+ // the CustomAuthRealm should take care of that
MBeanServerWrapper mBeanServerWrapper = new
MBeanServerWrapper(this.securityService);
jmxConnectorServer.setMBeanServerForwarder(mBeanServerWrapper);
} else {
@@ -434,6 +433,10 @@ public class ManagementAgent {
// Rewire the mbs hierarchy to set accessController
ReadOpFileAccessController controller = new
ReadOpFileAccessController(accessFile);
controller.setMBeanServer(mbs);
+ jmxConnectorServer.setMBeanServerForwarder(controller);
+ } else {
+ // if no access control, do not allow mbean creation to prevent Mlet
attack
+ jmxConnectorServer.setMBeanServerForwarder(new
BlockMBeanCreationController());
}
}
registerAccessControlMBean();
