From c5d155efe9a7492781f0ff142e237fe519937641 Mon Sep 17 00:00:00 2001 From: jaymode Date: Mon, 21 Mar 2016 06:39:38 -0400 Subject: [PATCH] security: always serialize the version with the user This change always serializes the version with the user so that we have this information for times when we need to make changes and deal with serialization changes. We do this in the authentication service because the user object is also serialized as part of the get users response and the StreamInput there will have the appropriate version set on it already and we do not need to add it in that case. Closes elastic/elasticsearch#1747 Original commit: elastic/x-pack-elasticsearch@a7ceece09c0f6ae7e37dcaf683cff54c7dc44754 --- .../shield/authc/InternalAuthenticationService.java | 4 ++++ .../authc/InternalAuthenticationServiceTests.java | 11 +++++++++++ 2 files changed, 15 insertions(+) diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java index 5113396c60f..d747f89cbf5 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java @@ -6,6 +6,7 @@ package org.elasticsearch.shield.authc; import org.elasticsearch.ElasticsearchSecurityException; +import org.elasticsearch.Version; import org.elasticsearch.common.Base64; import org.elasticsearch.common.Strings; import org.elasticsearch.common.component.AbstractComponent; @@ -224,6 +225,8 @@ public class InternalAuthenticationService extends AbstractComponent implements try { byte[] bytes = Base64.decode(text); StreamInput input = StreamInput.wrap(bytes); + Version version = Version.readVersion(input); + input.setVersion(version); return User.readFrom(input); } catch (IOException ioe) { throw authenticationError("could not read authenticated user", ioe); @@ -233,6 +236,7 @@ public class InternalAuthenticationService extends AbstractComponent implements static String encodeUser(User user, ESLogger logger) { try { BytesStreamOutput output = new BytesStreamOutput(); + Version.writeVersion(Version.CURRENT, output); User.writeTo(user, output); byte[] bytes = output.bytes().toBytes(); return Base64.encodeBytes(bytes); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java index 2238f67ed75..c3e832807b3 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java @@ -7,6 +7,8 @@ package org.elasticsearch.shield.authc; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.ElasticsearchSecurityException; +import org.elasticsearch.Version; +import org.elasticsearch.common.Base64; import org.elasticsearch.common.io.stream.BytesStreamOutput; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.settings.Settings; @@ -750,6 +752,15 @@ public class InternalAuthenticationServiceTests extends ESTestCase { } } + public void testVersionWrittenWithUser() throws Exception { + User user = new User("username", "r1", "r2", "r3"); + String text = InternalAuthenticationService.encodeUser(user, null); + + StreamInput input = StreamInput.wrap(Base64.decode(text)); + Version version = Version.readVersion(input); + assertThat(version, is(Version.CURRENT)); + } + private static class InternalMessage extends TransportMessage { } }