Patch, begin of signed applet support
Koos Vriezen
koos.vriezen at xs4all.nl
Sun Feb 8 01:07:38 GMT 2004
Hi,
Signed applets is one major missing feature. Attached a patch that could
be a start of this. It asks the user in case a permission is not granted
by the security manager.
What needs to be done is a way to store granted permissions, eg. with
this patch for each applet the user must answer if it allows access to
the clipboard.
Koos
-------------- next part --------------
Index: kjavaappletserver.cpp
===================================================================
RCS file: /home/kde/kdelibs/khtml/java/kjavaappletserver.cpp,v
retrieving revision 1.68
diff -u -3 -p -r1.68 kjavaappletserver.cpp
--- kjavaappletserver.cpp 29 Nov 2003 13:05:21 -0000 1.68
+++ kjavaappletserver.cpp 8 Feb 2004 01:00:31 -0000
@@ -40,6 +40,7 @@
#include <qvaluelist.h>
#include <qdir.h>
#include <qeventloop.h>
+#include <qapplication.h>
#include <stdlib.h>
#include <assert.h>
@@ -71,6 +72,7 @@
#define KJAS_DATA_COMMAND (char)25
#define KJAS_PUT_URLDATA (char)26
#define KJAS_PUT_DATA (char)27
+#define KJAS_SECURITY_CONFIRM (char)28
class JSStackFrame;
@@ -589,6 +591,14 @@ void KJavaAppletServer::slotJavaRequest(
kdDebug(6100) << "Applet " << args[0] << " Failed: " << args[1] << endl;
cmd = QString::fromLatin1( "AppletFailed" );
break;
+ case KJAS_SECURITY_CONFIRM: {
+ kdDebug(6100) << "Security confirm " << args[0] << endl;
+ QStringList sl;
+ sl.push_front( KMessageBox::warningYesNo(qApp->activeWindow(), args[0], i18n("Security alert")) == KMessageBox::Yes ? "1" : "0");
+ sl.push_front(QString::number(ID_num));
+ process->send( KJAS_SECURITY_CONFIRM, sl );
+ return;
+ }
default:
return;
break;
Index: org/kde/kjas/server/KJASProtocolHandler.java
===================================================================
RCS file: /home/kde/kdelibs/khtml/java/org/kde/kjas/server/KJASProtocolHandler.java,v
retrieving revision 1.51
diff -u -3 -p -r1.51 KJASProtocolHandler.java
--- org/kde/kjas/server/KJASProtocolHandler.java 23 Jan 2004 12:18:53 -0000 1.51
+++ org/kde/kjas/server/KJASProtocolHandler.java 8 Feb 2004 01:00:31 -0000
@@ -42,6 +42,7 @@ public class KJASProtocolHandler
private static final int DataCommand = 25;
private static final int PutURLDataCode = 26;
private static final int PutDataCode = 27;
+ private static final int SecurityConfirmCode = 28;
//Holds contexts in contextID-context pairs
private Hashtable contexts;
@@ -332,6 +333,19 @@ public class KJASProtocolHandler
if ( context != null )
context.derefObject(Integer.parseInt(objid));
Main.debug( "DerefObject " + objid);
+ } else
+ if (cmd_code_value == SecurityConfirmCode)
+ {
+ String id = getArg( command );
+ String confirm = getArg( command );
+ Thread t = (Thread) KJASSecurityManager.confirmRequests.get(id);
+ Main.debug( "SecurityConfirmCode " + id + " confirm:" + confirm );
+ if (t != null) {
+ KJASSecurityManager.confirmRequests.put(id, confirm);
+ try {
+ t.interrupt();
+ } catch (SecurityException se) {}
+ }
}
else
{
@@ -830,6 +844,32 @@ public class KJASProtocolHandler
signals.write( bytes, 0, bytes.length );
}
+ public void sendSecurityConfirm( String text, String id )
+ {
+ Main.debug("sendSecurityConfirm, ID = " + id + " text = " + text);
+
+ byte [] id_bytes = id.getBytes();
+ byte [] text_bytes = text.getBytes();
+ int length = text_bytes.length + id_bytes.length + 4;
+ byte [] bytes = new byte[ length + 8 ]; //for length of message
+ byte [] tmp_bytes = getPaddedLengthBytes( length );
+ int index = 0;
+
+ System.arraycopy( tmp_bytes, 0, bytes, index, tmp_bytes.length );
+ index += tmp_bytes.length;
+ bytes[index++] = (byte) SecurityConfirmCode;
+ bytes[index++] = sep;
+
+ System.arraycopy( id_bytes, 0, bytes, index, id_bytes.length );
+ index += id_bytes.length;
+ bytes[index++] = sep;
+
+ System.arraycopy( text_bytes, 0, bytes, index, text_bytes.length );
+ index += text_bytes.length;
+ bytes[index++] = sep;
+
+ signals.write( bytes, 0, bytes.length );
+ }
/**************************************************************
***** Utility functions for parsing commands ****************
**************************************************************/
Index: org/kde/kjas/server/KJASSecurityManager.java
===================================================================
RCS file: /home/kde/kdelibs/khtml/java/org/kde/kjas/server/KJASSecurityManager.java,v
retrieving revision 1.4
diff -u -3 -p -r1.4 KJASSecurityManager.java
--- org/kde/kjas/server/KJASSecurityManager.java 16 May 2002 23:55:32 -0000 1.4
+++ org/kde/kjas/server/KJASSecurityManager.java 8 Feb 2004 01:00:31 -0000
@@ -2,10 +2,14 @@ package org.kde.kjas.server;
import java.security.*;
import java.net.*;
+import java.util.Hashtable;
public class KJASSecurityManager extends SecurityManager
{
+ static Hashtable confirmRequests = new Hashtable();
+ static int confirmId = 0;
+
public KJASSecurityManager()
{
}
@@ -15,6 +19,28 @@ public class KJASSecurityManager extends
* applet cannot connect to any other but the host, where it comes from.
* Anything else seems to be handled automagically
*/
+ public void checkPermission(Permission perm) throws SecurityException, NullPointerException {
+ try {
+ super.checkPermission(perm);
+ } catch (SecurityException se) {
+ String id = "" + confirmId++;
+ confirmRequests.put(id, Thread.currentThread());
+ Main.protocol.sendSecurityConfirm("" + perm, id);
+ boolean ok = false;
+ try {
+ Thread.currentThread().sleep(300000);
+ } catch (InterruptedException ie) {
+ if (((String) confirmRequests.get(id)).equals("1"))
+ ok = true;
+ } finally {
+ confirmRequests.remove(id);
+ }
+ if (!ok) {
+ Main.debug("Permission denied" + perm);
+ throw se;
+ }
+ }
+ }
public void disabled___checkPermission(Permission perm) throws SecurityException, NullPointerException
{
// does not seem to work as expected, Problems with proxy - and it seems that the default
More information about the kfm-devel
mailing list