Patch, begin of signed applet support

Koos Vriezen koos.vriezen at xs4all.nl
Sun Feb 8 01:07:38 GMT 2004


Hi,

Signed applets is one major missing feature. Attached a patch that could
be a start of this. It asks the user in case a permission is not granted
by the security manager.
What needs to be done is a way to store granted permissions, eg. with
this patch for each applet the user must answer if it allows access to 
the clipboard.

Koos
-------------- next part --------------
Index: kjavaappletserver.cpp
===================================================================
RCS file: /home/kde/kdelibs/khtml/java/kjavaappletserver.cpp,v
retrieving revision 1.68
diff -u -3 -p -r1.68 kjavaappletserver.cpp
--- kjavaappletserver.cpp	29 Nov 2003 13:05:21 -0000	1.68
+++ kjavaappletserver.cpp	8 Feb 2004 01:00:31 -0000
@@ -40,6 +40,7 @@
 #include <qvaluelist.h>
 #include <qdir.h>
 #include <qeventloop.h>
+#include <qapplication.h>
 
 #include <stdlib.h>
 #include <assert.h>
@@ -71,6 +72,7 @@
 #define KJAS_DATA_COMMAND      (char)25
 #define KJAS_PUT_URLDATA       (char)26
 #define KJAS_PUT_DATA          (char)27
+#define KJAS_SECURITY_CONFIRM  (char)28
 
 
 class JSStackFrame;
@@ -589,6 +591,14 @@ void KJavaAppletServer::slotJavaRequest(
             kdDebug(6100) << "Applet " << args[0] << " Failed: " << args[1] << endl;
             cmd = QString::fromLatin1( "AppletFailed" );
             break;
+        case KJAS_SECURITY_CONFIRM: {
+            kdDebug(6100) << "Security confirm " << args[0] << endl;
+            QStringList sl;
+            sl.push_front( KMessageBox::warningYesNo(qApp->activeWindow(), args[0], i18n("Security alert")) == KMessageBox::Yes ? "1" : "0");
+            sl.push_front(QString::number(ID_num));
+            process->send( KJAS_SECURITY_CONFIRM, sl );
+            return;
+        }
         default:
             return;
             break;
Index: org/kde/kjas/server/KJASProtocolHandler.java
===================================================================
RCS file: /home/kde/kdelibs/khtml/java/org/kde/kjas/server/KJASProtocolHandler.java,v
retrieving revision 1.51
diff -u -3 -p -r1.51 KJASProtocolHandler.java
--- org/kde/kjas/server/KJASProtocolHandler.java	23 Jan 2004 12:18:53 -0000	1.51
+++ org/kde/kjas/server/KJASProtocolHandler.java	8 Feb 2004 01:00:31 -0000
@@ -42,6 +42,7 @@ public class KJASProtocolHandler
     private static final int DataCommand         = 25;
     private static final int PutURLDataCode      = 26;
     private static final int PutDataCode         = 27;
+    private static final int SecurityConfirmCode = 28;
 
     //Holds contexts in contextID-context pairs
     private Hashtable contexts;
@@ -332,6 +333,19 @@ public class KJASProtocolHandler
             if ( context != null )
                 context.derefObject(Integer.parseInt(objid));
             Main.debug( "DerefObject " + objid);
+        } else
+        if (cmd_code_value == SecurityConfirmCode)
+        {
+            String id = getArg( command );
+            String confirm = getArg( command );
+            Thread t = (Thread) KJASSecurityManager.confirmRequests.get(id);
+            Main.debug( "SecurityConfirmCode " + id + " confirm:" + confirm );
+            if (t != null) {
+                KJASSecurityManager.confirmRequests.put(id, confirm);
+                try {
+                    t.interrupt();
+                } catch (SecurityException se) {}
+            }
         }
         else
         {
@@ -830,6 +844,32 @@ public class KJASProtocolHandler
 
         signals.write( bytes, 0, bytes.length );
     }
+    public void sendSecurityConfirm( String text, String id )
+    {
+        Main.debug("sendSecurityConfirm, ID = " + id + " text = " + text);
+
+        byte [] id_bytes = id.getBytes();
+        byte [] text_bytes = text.getBytes();
+        int length = text_bytes.length + id_bytes.length + 4;
+        byte [] bytes = new byte[ length + 8 ]; //for length of message
+        byte [] tmp_bytes = getPaddedLengthBytes( length );
+        int index = 0;
+
+        System.arraycopy( tmp_bytes, 0, bytes, index, tmp_bytes.length );
+        index += tmp_bytes.length;
+        bytes[index++] = (byte) SecurityConfirmCode;
+        bytes[index++] = sep;
+
+        System.arraycopy( id_bytes, 0, bytes, index, id_bytes.length );
+        index += id_bytes.length;
+        bytes[index++] = sep;
+
+        System.arraycopy( text_bytes, 0, bytes, index, text_bytes.length );
+        index += text_bytes.length;
+        bytes[index++] = sep;
+
+        signals.write( bytes, 0, bytes.length );
+    }
     /**************************************************************
      *****  Utility functions for parsing commands ****************
      **************************************************************/
Index: org/kde/kjas/server/KJASSecurityManager.java
===================================================================
RCS file: /home/kde/kdelibs/khtml/java/org/kde/kjas/server/KJASSecurityManager.java,v
retrieving revision 1.4
diff -u -3 -p -r1.4 KJASSecurityManager.java
--- org/kde/kjas/server/KJASSecurityManager.java	16 May 2002 23:55:32 -0000	1.4
+++ org/kde/kjas/server/KJASSecurityManager.java	8 Feb 2004 01:00:31 -0000
@@ -2,10 +2,14 @@ package org.kde.kjas.server;
 
 import java.security.*;
 import java.net.*;
+import java.util.Hashtable;
 
 
 public class KJASSecurityManager extends SecurityManager
 {
+    static Hashtable confirmRequests = new Hashtable();
+    static int confirmId = 0;
+
     public KJASSecurityManager()
     {
     }
@@ -15,6 +19,28 @@ public class KJASSecurityManager extends
      * applet cannot connect to any other but the host, where it comes from.
      * Anything else seems to be handled automagically
      */
+    public void checkPermission(Permission perm) throws SecurityException, NullPointerException {
+        try {
+            super.checkPermission(perm);
+        } catch (SecurityException se) {
+            String id = "" + confirmId++;
+            confirmRequests.put(id, Thread.currentThread());
+            Main.protocol.sendSecurityConfirm("" + perm, id);
+            boolean ok = false;
+            try {
+                Thread.currentThread().sleep(300000);
+            } catch (InterruptedException ie) {
+                if (((String) confirmRequests.get(id)).equals("1"))
+                    ok = true;
+            } finally {
+                confirmRequests.remove(id);
+            }
+            if (!ok) {
+                Main.debug("Permission denied" + perm);
+                throw se;
+            }
+        }
+    }
     public void disabled___checkPermission(Permission perm) throws SecurityException, NullPointerException
     {
         // does not seem to work as expected, Problems with proxy - and it seems that the default


More information about the kfm-devel mailing list