we're not using the _timestamp field and the path option is no longer supported
in elasticsearch 2.0 so this commit removes the field from the mapping.
Original commit: elastic/x-pack-elasticsearch@399d835d1f
- lowercase `beta` and `rc`
- replaced `.betaXXX` and `.rcXXXX` suffix with `-betaXXX` and `-rcXXX`
Original commit: elastic/x-pack-elasticsearch@843d01c647
This change renames the shield audit indices to keep naming consistent with other plugins.
The name of the index uses '_' to separate words, a '-' to separate the prefix from the time
portion, and '.'s to separate the different portions of the date.
Closeselastic/elasticsearch#925
Original commit: elastic/x-pack-elasticsearch@8ca6856e4a
Previously, we were just using the current time in milliseconds from the system
for dates and the indices were not being created for UTC dates. This change
uses UTC dates for timestamps and indices resolution for index auditing.
This also ensures that custom shield forbidden apis for tests are enforced.
Closeselastic/elasticsearch#916
Original commit: elastic/x-pack-elasticsearch@724d12cb7a
We currently store the names of indices as a comma separated string instead
of an array. An array is the proper format for this information so this commit
changes the index audit trail to store the indices as an array.
Closeselastic/elasticsearch#917
Original commit: elastic/x-pack-elasticsearch@025393d91c
The beforeIndexDeletion method expects that nothing is still indexing when it runs
but this is not the case as the index audit trail will continue indexing events that
occur as checks are being performed in the cluster.
Original commit: elastic/x-pack-elasticsearch@02001a5222
Previously we relied on the default dynamic mapping for the audit index output, which did
not create an ideal mapping. This change adds a mapping file with default settings and
dynamic mapping disabled for the audit indexes.
Additionally, the ability to override settings for the audit indexes has been provided so that
users can customize the number of shards and replicas to meet their needs.
In order to implement these changes, the index audit service had to be moved from a lifecycle
component to an abstract component that had its own custom lifecycle on top of the cluster
state. A ShieldLifecycleService class was added to accomplish this. In the future, this class
can be used for other services that need to perform index based operations.
Closeselastic/elasticsearch#913
Original commit: elastic/x-pack-elasticsearch@231740c1cc
If auditing is not enabled, we should not bind the index audit trail as a lifecycle component
since we do not bind all of its dependent classes when auditing is disabled.
Original commit: elastic/x-pack-elasticsearch@39f736ca6a
This changes how the user defines which events should be indexed. Previously, there were
several boolean settings being used. This condenses to an include and exclude setting.
Additionally, the IndexAuditTrail needed to become a lifecycle component since parsing the
enum could throw exceptions. Given this, the IndexBulkProcessor was condensed into the
IndexAuditTrail since it did not make sense to have two lifecycle components for an index
audit trail.
Closeselastic/elasticsearch#900
Original commit: elastic/x-pack-elasticsearch@4b4d824f5e
Today, a realm could throw an exception, which will not be caught and cause the audit
trail to be skipped. This commit catches exceptions thrown by realms and ensures that
the audit trail is called and then re-throws the exceptions.
Closeselastic/elasticsearch#901
Original commit: elastic/x-pack-elasticsearch@d260c00b33
Today, some system actions could be logged by default when the actions performed are
not internal. Additionally for internal actions, we never checked if the user was the system
user.
This adds a check to ensure the user is the System user and that the actions that are being
suppressed are known system actions.
Closeselastic/elasticsearch#902
Original commit: elastic/x-pack-elasticsearch@b107994692
Elasticsearch core no longer uses shaded dependencies by default, so this change makes
the plugin use the unshaded dependencies.
Original commit: elastic/x-pack-elasticsearch@495f636266
Today, we simply return a SSLSocketFactory from a SSLContext, which provides
the default SSL configuration for sockets. This means that SSLv3 could still be
enabled on these sockets when running in an older JVM. This also means that
the ciphers and protocol settings are not honored for users of this socket factory,
which is currently the LDAP code.
This change returns a custom socket factory that delegates to the default socket
factory and sets the ciphers and protocols on the socket before returning the
socket.
Original commit: elastic/x-pack-elasticsearch@c4cfedfd51
Our current CA configuration creates certificates with only a CN and this caused
the regular expression in the PKI realm to fail. The default regular expression in
the PKI realm has been changed to allow for only a CN, while still maintaining the
ability to extract only the CN when other fields are present in the DN.
Additionally, the CA configuration has been updated so that is will copy any of the
originally specified fields (besides CN and EMAILADDRESS) over to the signed
certificate.
Original commit: elastic/x-pack-elasticsearch@ff27f69781
The IndicesTermsFilter Cache in core can leak data by not authorizing users prior to
retrieving data from the cache. We work around this by ensuring that the cache has
a maximum size of 0, effectively disabling it.
A test is also added to ensure that data is not leaked by this cache or the cache used by
the ScriptService in core.
Closeselastic/elasticsearch#854
Original commit: elastic/x-pack-elasticsearch@8a48bdad98
Today, we only have the option to require client authentication or not require it. A third case
exists where the server can want client authentication, but if the client does not have credentials
or wish to send credentials the connection will still be allowed.
This is beneficial for the PKI realm because it allows some clients to authenticate with PKI and
others to use another authentication token such as username and password authentication.
Closeselastic/elasticsearch#858
Original commit: elastic/x-pack-elasticsearch@e7cbc20bca
Today, an exception is thrown when calls to the encrypt and decrypt methods are
made without a key being present. For now, we will not require the system key and
this behavior is undesirable.
This commit changes the behavior to just return the provided characters or bytes
when no key is present. Additionally, a method has been added for callers to see
if encryption is supported. Finally, the listener interface has been made public and
expanded to provide the old keys when the keys are changed. This allows
consumers to decrypt with the old key and re-encrypt with the new key.
Original commit: elastic/x-pack-elasticsearch@de3d5b6180
Today, we always throw an AuthorizationException for an unauthorized user. This is
problematic when anonymous access is enabled and the HTTP client being used
does not support preemptive basic authentication as only the anonymous user
will be used by such a client.
This change adds a setting to allow an AuthenticationException to be thrown for
anonymous users. This will clients such as browsers to work with anonymous
access and authenticated access.
Closeselastic/elasticsearch#853
Original commit: elastic/x-pack-elasticsearch@d338b468c7
The esusers tool reads the list of roles to provide validation feedback to the user,
however since we have added custom roles the tool doesn't know about these roles
as they come from outside of Shield. When a custom role was found, a warning
was printed that can be confusing to users.
Now when validating roles, we only read the names from the roles.yml file.
Closeselastic/elasticsearch#835
Original commit: elastic/x-pack-elasticsearch@89d0e3efce
Adds a check to all of the esusers commands to ensure the correct number
of arguments are found. If extra arguments are found, they are printed out
with an error message and the tool exits.
Closeselastic/elasticsearch#817
Original commit: elastic/x-pack-elasticsearch@cd3e786267
Reduces the amount of logging on both HTTP and Transport protocols for
a channel being closed while in the middle of a handshake. This often
occurs when the client does not trust the server certificate and aborts the
handshake. Also, reduces logging on the Transport protocol for a
plain text message received on a channel that is using TLS.
Closeselastic/elasticsearch#771
Original commit: elastic/x-pack-elasticsearch@321c384ddd
This commit removes the commons codec dependency and simplifies the
hasher code by only supporting bcrypt encryption in the users file. All tests
now also exercise the esusers realm with bcrypt instead of plain text passwords.
Closeselastic/elasticsearch#806
Original commit: elastic/x-pack-elasticsearch@3119267851
This commit makes TLSv1.2 the default protocol for better security. The
old value of TLS would only pick a TLSv1.0 supporting context and cause
client connections to be negotiated using that protocol when TLSv1.2 is
supported and considered an improved protocol.
Closeselastic/elasticsearch#867
Original commit: elastic/x-pack-elasticsearch@1f062f6dde
This commit removes the DHE cipher from our list of enabled ciphers
due to the recently published Logjam attack. The default configuration
is not susceptible to the Logjam attack, but since we support Java 7
the maximum prime size (768 bit) is considered too weak. Java 8 supports
1024 bit primes, but these are also not ideal and this cipher should not be
used with a prime smaller than 2048 bits.
Closeselastic/elasticsearch#862
Original commit: elastic/x-pack-elasticsearch@9785bf47cf
Adds JNA as a test time dependency to work around it being required on
windows in elasticsearch core.
Original commit: elastic/x-pack-elasticsearch@b8fc70a051
This commit is a squashed commit of work done in conjunction with @rmuir to make
shield work properly with elasticsearch 2.0. This includes ensuring all tests
pass when running with the security manager and updating the code to be compatible
with the latest core forbidden apis.
Shield is now a child project of elasticsearch-parent and inherits a lot of common
build, test, and static coverage functionality from that project resulting in a much
smaller and simpler pom.xml for shield. As part of this work, Shield can now read
rest tests from the elasticsearch jar so the rest tests are run automatically when
running the slow tests.
Original commit: elastic/x-pack-elasticsearch@2ebbf4284a
The system user needs to be able to execute a reroute action to support the
DiskThresholdDecider. The DiskThresholdDecider executes an empty reroute
request when a high disk watermark has been exceeded.
Relates to elastic/elasticsearch#816
Original commit: elastic/x-pack-elasticsearch@890b44d79e
The testChangingAByte method was requesting a random length byte array ranging
from 0-1000. The issue is that a byte array with length of 0 cannot be changed and
therefore this test is not valid in this case. It now requests a range of 1-1000.
Original commit: elastic/x-pack-elasticsearch@88edf535f4
jaymode
uboness
Boaz Leskes
Alexander Reelsen
aleph-zero