Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue on release 4.x #30

Closed
dinosn opened this issue Apr 22, 2022 · 2 comments · Fixed by #31
Closed

Issue on release 4.x #30

dinosn opened this issue Apr 22, 2022 · 2 comments · Fixed by #31
Labels
bug Something isn't working fixed Used for bugs that have been fixed

Comments

@dinosn
Copy link

dinosn commented Apr 22, 2022

Hi ! I have the following issue on the 4.x releases,

(root💀icestorm)-[~/tools/rmi/remote-method-guesser]# java -jar ../rmg-4.2.2-jar-with-dependencies.jar enum host0 1098  
[-] Caught unexpected java.lang.ClassCastException during lookup operation.
[-] Please report this to improve rmg :)
[-] StackTrace:
java.lang.ClassCastException: class sun.rmi.server.ActivatableRef cannot be cast to class sun.rmi.server.UnicastRef (sun.rmi.server.ActivatableRef and sun.rmi.server.UnicastRef are in module java.rmi of loader 'bootstrap')
        at de.qtc.rmg.utils.RemoteObjectWrapper.<init>(RemoteObjectWrapper.java:80)
        at de.qtc.rmg.networking.RMIRegistryEndpoint.lookup(RMIRegistryEndpoint.java:142)
        at de.qtc.rmg.operations.Dispatcher.obtainBoundObjects(Dispatcher.java:91)
        at de.qtc.rmg.operations.Dispatcher.dispatchEnum(Dispatcher.java:484)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at de.qtc.rmg.operations.Operation.invoke(Operation.java:319)
        at de.qtc.rmg.Starter.main(Starter.java:26)
[-] Cannot continue from here.
                                                                                                                                                                                                                                                                                         
(root💀icestorm)-[~/tools/rmi/remote-method-guesser]# java -version                                                                                                                                                                                                                  1 ⨯
openjdk version "11.0.14" 2022-01-18
OpenJDK Runtime Environment (build 11.0.14+9-post-Debian-1)
OpenJDK 64-Bit Server VM (build 11.0.14+9-post-Debian-1, mixed mode, sharing)

The same command using 3.2.2 or any of the other 3.x version will work without problem.
@qtc-de
Copy link
Owner

qtc-de commented Apr 29, 2022
edited
Loading

Hi dinosn 👋

thanks for reporting 👍

I know where the problem is, but the solution isn't obvious. There are some design decisions involved that need to be clarified first. Your problem is related to the action system, which is a deprecated feature of Java RMI. remote-method-guesser v4.x.x attempts to inspect the destination of bound names that are registered in the registry. rmg basically asks the registry where to find the object and the registry returns a remote reference. This reference is then inspected by using reflection.

In your case, the registry does not return a registry right away, but an activatable reference. As far as I understand it, this is a reference that points to an activator (another RMI service, comparable to the registry or the DGC) and that contains an ID that indicates the underlying object type. With this reference you can now ask the activator to activate the corresponding object, and this results in the final reference for the actual remote object.

The advantage is that remote objects do not need to be available all the time, but can be bound and exposed on demand. The design decision is now how rmg should handle this. Should it inspect the reference and only report that it's activatable or should it activate it to report the actual target? The best solution is probably making automatic activation optional. But I'm not sure yet.

However, as already mentioned, the activation features were removed in 2021 and are no longer supported. That being said, I'm still interested to implement support for your case. I will check how to build a test system and start working on it soon. Do you have your system still available for testing new release candidates? This would be great 😄

Best
Tobias

qtc-de added a commit that referenced this issue May 3, 2022
@qtc-de
[docker] Add activation system to example server
2bb957f 
Added an activation system to the example server. This can be used to
reproduce the error mentioned in issue #30. The code still throws one
exception where I'm not sure from where its coming from. However, the
server seems to be functional.

This commit probably crashes the pipeline, as the activation system was
removed from more recent jdk packages. We will need to investigate whats
the best way to build it in future.
qtc-de added a commit that referenced this issue May 5, 2022
@qtc-de
Add first draft for activation support
21d91d0 
Added a first draft for activation support that addresses issue #30.
The basic operations like enum should already be fully functional for
java versions that still containt the activation system related classes.
More complex operations need to be tested and may not be fully
functional yet for ActivatableRef types. Furthermore, support for java
versions that miss the activation classes needs to be implemented.
@qtc-de qtc-de mentioned this issue May 11, 2022
Merged
@qtc-de
Copy link
Owner

qtc-de commented May 11, 2022

remote-method-guesser v4.3.0 was just released and addresses this issue. ActivatableRef should now be handled correctly. The example-server includes now an Activation System to verify this. When launching the enum action against an RMI registry that is part of an Activation System, the output looks like this:

[qtc@devbox ~]$ rmg enum 172.17.0.2 1098
[+] RMI registry bound names:
[+]
[+] 	- activation-test
[+] 		--> de.qtc.rmg.server.activation.IActivationService (unknown class)
[+] 		    Activator: iinsecure.dev:1098  ActivationID: 6fd4e3c:180ac45a068:-7ff1
[+] 	- activation-test2
[+] 		--> de.qtc.rmg.server.activation.IActivationService2 (unknown class)
[+] 		    Activator: iinsecure.dev:1098  ActivationID: 6fd4e3c:180ac45a068:-7fee
[+] 	- plain-server
[+] 		--> de.qtc.rmg.server.interfaces.IPlainServer (unknown class)
[+] 		    Endpoint: iinsecure.dev:41867  TLS: no  ObjID: [6fd4e3c:180ac45a068:-7fec, 969949632761859811]
[+] 	- java.rmi.activation.ActivationSystem
[+] 		--> sun.rmi.server.Activation$ActivationSystemImpl_Stub (known class: RMI Activation System)
[+] 		    Endpoint: iinsecure.dev:1098  TLS: no  ObjID: [0:0:0, 4]

So instead of showing information on the associated remote object (that may does not already exist in the case of ActivatbaleRef, as it needs to be activated first), remote-method-guesser shows information on the associated Activator. By using the --activate option during the enum action, you can instruct remote-method-guesser to activate objects during the enumeration. In this case, information on the associated remote object is also displayed:

[qtc@devbox ~]$ rmg enum 172.17.0.2 1098 --activate
[+] RMI registry bound names:
[+]
[+] 	- activation-test
[+] 		--> de.qtc.rmg.server.activation.IActivationService (unknown class)
[+] 		    Activator: iinsecure.dev:1098  ActivationID: 6fd4e3c:180ac45a068:-7ff1
[+] 		    Endpoint: iinsecure.dev:37597  TLS: no  ObjID: [1c74dc89:180ac521427:-7ffb, 3078273701606404425]
[+] 	- activation-test2
[+] 		--> de.qtc.rmg.server.activation.IActivationService2 (unknown class)
[+] 		    Activator: iinsecure.dev:1098  ActivationID: 6fd4e3c:180ac45a068:-7fee
[+] 		    Endpoint: iinsecure.dev:35721  TLS: yes  ObjID: [1c74dc89:180ac521427:-7ff8, 6235870260204364974]
[+] 	- plain-server
[+] 		--> de.qtc.rmg.server.interfaces.IPlainServer (unknown class)
[+] 		    Endpoint: iinsecure.dev:41867  TLS: no  ObjID: [6fd4e3c:180ac45a068:-7fec, 969949632761859811]
[+] 	- java.rmi.activation.ActivationSystem
[+] 		--> sun.rmi.server.Activation$ActivationSystemImpl_Stub (known class: RMI Activation System)
[+] 		    Endpoint: iinsecure.dev:1098  TLS: no  ObjID: [0:0:0, 4]

Currently, ActivatableRef support is only working for Java installations that still have classes for the activation system present. Support for versions without activation system related classes will be added in future.

Best,
Tobias

@qtc-de qtc-de added bug Something isn't working fixed Used for bugs that have been fixed labels May 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working fixed Used for bugs that have been fixed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Prepare v4.3.0 Release qtc-de/remote-method-guesser
2 participants
@dinosn @qtc-de