This patch is a result of our previous discussion with Henry about making
more secure default bindings in "server.xml".
Summary of changes:
src/etc/server.xml:
Added address="127.0.0.1" parameter to Ajp interceptors that should make
them bind to "localhost" by default (At the very least someone won't be
able to shutdown a server remotly now)
src/share/org/apache/tomcat/modules/server/Ajp12Interceptor.java:
Fixed to make it print IP into conf/ajp12.id in all the cases
( address.toString() does not always work the way we need here)
src/share/org/apache/tomcat/util/IntrospectionUtils.java:
Added support for method setXXX( InetAddress ) which is needed to do
all the stuff described above.
src/share/org/apache/tomcat/util/net/PoolTcpEndpoint.java:
Fixed to make work properly when bound to interface other than "localhost"
Attached please find diff.txt with all this changes.
Diff is made using "cvs diff" against current state of jakarta-tomcat CVS
repository.
Please let me know what you think:)
--
oo Andrey
oo
oOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOo
"All mail clients suck. This one just sucks less."
-- http://www.mutt.org/ Jeremy Blosser
oOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOo
? .bashrc
? Session.vim
? diff.txt
? .vimrc
? modified_files.txt
Index: src/etc/server.xml
===================================================================
RCS file: /home/cvspublic/jakarta-tomcat/src/etc/server.xml,v
retrieving revision 1.74
diff -r1.74 server.xml
191a192,193
> Parameter "address" defines network interface this Interceptor
> "binds" to. Delete it if you want to "bind" to all interfaces.
194a197
> address="127.0.0.1"
197a201,202
> Parameter "address" defines network interface this Interceptor
> "binds" to. Delete it if you want to "bind" to all interfaces.
200a206
> address="127.0.0.1"
Index: src/share/org/apache/tomcat/modules/server/Ajp12Interceptor.java
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/modules/server/Ajp12Interceptor.java,v
retrieving revision 1.13
diff -r1.13 Ajp12Interceptor.java
122c122
< stopF.println( address.toString() );
---
> stopF.println( address.getHostAddress() );
Index: src/share/org/apache/tomcat/util/IntrospectionUtils.java
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/util/IntrospectionUtils.java,v
retrieving revision 1.8
diff -r1.8 IntrospectionUtils.java
233,244d232
<
< // First, the ideal case - a setFoo( String ) method
< for( int i=0; i< methods.length; i++ ) {
< Class paramT[]=methods[i].getParameterTypes();
< if( setter.equals( methods[i].getName() ) &&
< paramT.length == 1 &&
< "java.lang.String".equals( paramT[0].getName())) {
<
< methods[i].invoke( o, new Object[] { value } );
< return;
< }
< }
246d233
< // Try a setFoo ( int ) or ( boolean )
255c242,247
< if ("java.lang.Integer".equals( paramType.getName()) ||
---
>
> // First, the ideal case - a setFoo( String ) method
> if ("java.lang.String".equals(paramType.getName())) {
> params[0]=value;
> // Try a setFoo ( int )
> }else if ("java.lang.Integer".equals( paramType.getName()) ||
259a252,253
>
> // Try a setFoo ( boolean )
263a258,269
>
> // Try a setFoo ( InetAddress )
> } else if ("java.net.InetAddress".
> equals( paramType.getName())){
> try{
> params[0]= InetAddress.getByName(value);
> }catch(UnknownHostException exc) {
> d("Unable to resolve host name:" + value);
> ok=false;
> }
>
> // Unknown type
Index: src/share/org/apache/tomcat/util/net/PoolTcpEndpoint.java
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/util/net/PoolTcpEndpoint.java,v
retrieving revision 1.10
diff -r1.10 PoolTcpEndpoint.java
267c267,272
< Socket s=new Socket("127.0.0.1", port );
---
> Socket s;
> if (inet == null) {
> s=new Socket("127.0.0.1", port );
> }else{
> s=new Socket(inet, port );
> }
