In order to prevent too many automata constructions (which can be expensive) all the time, the automatas are now cached per action/privilege (since there are limited number of those, we don't expect a cache explosion).
Closeselastic/elasticsearch#125
Original commit: elastic/x-pack-elasticsearch@27a4e1fdbe
Shield needs to know about all the actions that are registered in core. We now check not only the external actions, meaning the classes that implement the Action interface, exposed via java api, but also all the transport handlers registered through the transport, which will contains all shard/node level actions plus the internal actions that are not exposed via java api.
We maintain two files, one for external actions, and one for the internal ones, and we check whether actions have been added or removed to/from core, to make sure we know about those changes.
Original commit: elastic/x-pack-elasticsearch@d6b68c44ee
Modified pom.xml to do static analysis without Jenkins
'mvn -DskipTests=true -Pstatic clean compile site' to start analysis
The reports are at target/site/project-reports.html.
Original commit: elastic/x-pack-elasticsearch@ddec28e8d0
Two reasons for this:
1) automatically convert the _all to its matching indices, in the context of the current user is authorized for, instead of resolving wildcards and then throwing authorization exception because the wildcard exp matches indices that the user is not authorized for
2) this makes the wildcards resolution secure, meaning that there is a single place that resolve wildcards. If it happened in shield while authorizing and in core while actually executing the operation, there would be mismatches which would allow to execute operation on indices that the user is not authorized for, if they get created with the "right" timing.
Closeselastic/elasticsearch#54Closeselastic/elasticsearch#105
Original commit: elastic/x-pack-elasticsearch@a02c6fbccf
esvm is small commandline tool to start different cluster in a fast way.
This commit adds a preconfigured .esvmrc for starting a SSL enabled cluster
in no time.
All you need to do is to build the package and run
esvm shield
This starts a two node cluster with SSL enabled on HTTP and transport
Original commit: elastic/x-pack-elasticsearch@f701fd1134
If a user was created, but the user was not supplied roles on the commandline,
a bogus 'user:' was added to the roles file. This fix checks, if roles were
supplied when creating a user and only changes the roles file in that case.
Original commit: elastic/x-pack-elasticsearch@286951c016
In order to prevent confusion when starting up nodes (so they can join easily together)
and adding some usability connections are not denied by default on the server side.
Original commit: elastic/x-pack-elasticsearch@6ffe3a7df2
SSLConfig is split into SSLConfig and SSLTrustConfig.
OpenLdapTests and ActiveDirectory tests connect via TLS to EC2 instances.
Original commit: elastic/x-pack-elasticsearch@ea38e58dea
The authc service will now authenticate the user on the rest layer as well, meaning there will only be a single authentication process no matter what is then entry point to ES (for example, if a rest handler executes two internal requests... like some of the _cat APIs, there'll still be a single authentication process)
In addition, the audit logs will now log REST authentication failures such that the remote address and the rest endpoint will show up in the logs as well.
Original commit: elastic/x-pack-elasticsearch@07af440147
This fixes a bug when the UsernamePasswordToken is cached in the userContext and reused after it's cleared.
Original commit: elastic/x-pack-elasticsearch@9aab1d8530
SecuredString encapsulates handling of passwords and clearing them when done. This change
includes changing everywhere passwords are used. After authentication the authentication service will
clear the token - which will clear the password. This avoids using any passwords in String objects.
This also adds commentary to BCrypt to show how it changed from the original external resource. It moves utility methods to CharArrays.
Original commit: elastic/x-pack-elasticsearch@d0ffbae5c8
In InternalKeyService, we encode the signatures with base64. For things like scroll id, that need to be placed in URLs it's important that the signature will be URL safe.
Original commit: elastic/x-pack-elasticsearch@138d02d966
ApacheDSRule has been moved to `ExternalResource` which requires less code and implements `TestRule` instead of `MethodRule`. `TestRule` supports `ClassRule`s as well as ordinary `Rule`s. A class rule is exactly what we need for the ldap tests since we want to start the ldap server once before class and shut it down after all tests (after class). Also made sure that the static fields are cleaned up, otherwise `StaticFieldsInvariantRule` barfs.
Added `extends ElasticsearchTestsCase` where missing also.
Closeselastic/elasticsearch#80
Original commit: elastic/x-pack-elasticsearch@2143a2dcc6
Added `ShieldRestTests` that extends `ElasticsearchRestTests` allowing to run REST tests against es+shield. Tests won't be run by default as they require additional configuration (e.g. rest tests and spec location on file system). They can be activated via `-Dtests.rest=true`. Rest tests and spec location can be provided as follows:
```
-Dtests.rest.spec=/path/to/elasticsearch/rest-api-spec/api -Dtests.rest.suite=/path/to/elasticsearch/master/rest-api-spec/test
```
Some tests need to be blacklisted at this moment as follows:
```
-Dtests.rest.blacklist=scroll/*/*,mpercolate/*/*,msearch/*/*
```
Closeselastic/elasticsearch#79
Original commit: elastic/x-pack-elasticsearch@6f3e72dd87
`randomInt` includes 0, thus the tampered id could stay the same as the signed scroll ids in some cases which would make everything work and the test fail.
Also cleared the scroll from a finally block, otherwise when the test fails the scroll stays around which might make after test checks fail.
Original commit: elastic/x-pack-elasticsearch@6f6b0d844d
- Key service provides un/signing functionality
- will initially be used to un/sign scroll ids (for the scroll api)
Original commit: elastic/x-pack-elasticsearch@256e0e3c5d
The current IP filter kicks in after the SSL handler, which only
makes sense, if you check things like the SSL certificate. For
now it makes most sense to really put this at the first place.
Original commit: elastic/x-pack-elasticsearch@bbaed67a3c
- Formalized the notion of a client vs. node mode. Introduced an `AbstractShieldModule` that takes care of that
- For now, standarized on the `Shield` name across the board (e.g. change `SecurityModule` to `ShieldModule`)
- Introduces static methods to `ShieldPlugin` to resolve shield specific config files (on the way fixed the file resolving of the ldap group mapper)
- The n2n ip filtering is now resolved at the module level. If not enabled, null is injected and the netty handler is then not injected to the pipeline
- updated code base with the latest changes in es-core around how relevant http headers are registered and copied over to the transport request
- Added new known action in es-core `indices:admin/get`
Original commit: elastic/x-pack-elasticsearch@ca8d85dc81
The wrong path was used as default path. Also added logging information
for all files, so one can at least check the paths.
Original commit: elastic/x-pack-elasticsearch@893493fd17