honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

security: read correct file when listing users 

Original commit: elastic/x-pack-elasticsearch@dca906abba
This commit is contained in:
jaymode 2016-03-31 14:42:34 -04:00
parent c9392183d2
commit d6cab8b9f1
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/file/tool/UsersTool.java
View File

@ -320,11 +320,14 @@ public class UsersTool extends MultiCommand {
static void listUsersAndRoles(Terminal terminal, Environment env, String username) throws Exception { static void listUsersAndRoles(Terminal terminal, Environment env, String username) throws Exception {
Settings esusersSettings = Realms.fileRealmSettings(env.settings()); Settings esusersSettings = Realms.fileRealmSettings(env.settings());
Path userRolesFilePath = FileUserRolesStore.resolveFile(esusersSettings, env); Path userRolesFilePath = FileUserRolesStore.resolveFile(esusersSettings, env);
Set<String> knownRoles = FileRolesStore.parseFileForRoleNames(userRolesFilePath, null);
Map<String, String[]> userRoles = FileUserRolesStore.parseFile(userRolesFilePath, null); Map<String, String[]> userRoles = FileUserRolesStore.parseFile(userRolesFilePath, null);
Path userFilePath = FileUserPasswdStore.resolveFile(esusersSettings, env); Path userFilePath = FileUserPasswdStore.resolveFile(esusersSettings, env);
Set<String> users = FileUserPasswdStore.parseFile(userFilePath, null).keySet(); Set<String> users = FileUserPasswdStore.parseFile(userFilePath, null).keySet();
Path rolesFilePath = FileRolesStore.resolveFile(env.settings(), env);
Set<String> knownRoles = FileRolesStore.parseFileForRoleNames(rolesFilePath, null);
if (username != null) { if (username != null) {
if (!users.contains(username)) { if (!users.contains(username)) {
throw new UserError(ExitCodes.NO_USER, "User [" + username + "] doesn't exist"); throw new UserError(ExitCodes.NO_USER, "User [" + username + "] doesn't exist");

9
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/tool/UsersToolTests.java
View File

@ -351,6 +351,9 @@ public class UsersToolTests extends CommandTestCase {
assertTrue(output, output.contains("test_admin")); assertTrue(output, output.contains("test_admin"));
assertTrue(output, output.contains("existing_user2")); assertTrue(output, output.contains("existing_user2"));
assertTrue(output, output.contains("test_r1")); assertTrue(output, output.contains("test_r1"));
// output should not contain '*' which indicates unknown role
assertFalse(output, output.contains("*"));
} }
public void testListSingleUser() throws Exception { public void testListSingleUser() throws Exception {
@ -359,6 +362,9 @@ public class UsersToolTests extends CommandTestCase {
assertTrue(output, output.contains("test_admin")); assertTrue(output, output.contains("test_admin"));
assertFalse(output, output.contains("existing_user2")); assertFalse(output, output.contains("existing_user2"));
assertFalse(output, output.contains("test_r1")); assertFalse(output, output.contains("test_r1"));
// output should not contain '*' which indicates unknown role
assertFalse(output, output.contains("*"));
} }
public void testListUnknownRoles() throws Exception { public void testListUnknownRoles() throws Exception {
@ -382,5 +388,8 @@ public class UsersToolTests extends CommandTestCase {
assertTrue(output, output.contains("existing_user3")); assertTrue(output, output.contains("existing_user3"));
output = execute("list"); output = execute("list");
assertTrue(output, output.contains("existing_user3")); assertTrue(output, output.contains("existing_user3"));
// output should not contain '*' which indicates unknown role
assertFalse(output, output.contains("*"));
} }
} }