Adds a new `xpack.security.authc.accept_default_password` setting that defaults to `true`. If it is set to false, then the default password is not accepted in the reserved realm.
Adds a bootstrap check that the above setting must be set to `false` if security is enabled.
Adds docs for the new setting and bootstrap.
Changed `/_enable` and `/_disable`, to store a blank password if the user record did not previously exist, which is interpreted to mean "treat this user as having the default password". The previous functionality would explicitly set the user's password to `changeme`, which would then prevent the new configuration setting from doing its job.
For any existing reserved users that had their password set to `changeme`, migrates them to the blank password (per above paragraph)
Closes: elastic/elasticsearch#4333
Original commit: elastic/x-pack-elasticsearch@db64564093
This is related to elastic/elasticsearchelastic/elasticsearch#22964. Methods that could
open socket connections are being made forbidden apis. This commit
either replaces usages with URL.openStream() with a call to
FileSystemUtils.openFileURLStream(URL url) (in the case of a file url)
or adds SuppressForbidden annotations.
Original commit: elastic/x-pack-elasticsearch@93b1b11375
This commit brings back support an auto-generated certificate and private key for
transport traffic. The auto-generated certificate and key can only be used in development
mode; when moving to production a key and certificate must be provided.
For the edge case of a user not wanting to encrypt their traffic, the user can set
the cipher_suites setting to `TLS_RSA_WITH_NULL_SHA256` or a like cipher, but a key/cert
is still required.
Closeselastic/elasticsearch#4332
Original commit: elastic/x-pack-elasticsearch@b7a1e629f5
The output `Checked out Elasticsearch revision: ...` shows which revision of elasticsearch was included in the CI build. This makes it easier to diagnose and resolve x-pack build failures.
Original commit: elastic/x-pack-elasticsearch@8c39aafc2d
If a user has a basic license, but previously had a full-featured license (e.g. a trial license that expired) then they may have .security index that needs to be migrated even though security is not allowed under their license.
This change makes the clearing of the realm-cache conditional on the license state. If X-Pack is running on a license that does not allow auth, then, when the `logstash_system` user is disabled as part of an upgrade migration, the cache is not cleared.
This change also fix a bug whereby a mapping update could take place even if a data migration was in progress, which could cause the `logstash_system` user to be temporarily enabled when it ought not be.
Original commit: elastic/x-pack-elasticsearch@f272e2b19f
Today when running the certgen command, an error message is output by
the status logger. This is due to a logger instance being created before
logging is configured. This happens because the class initializer for
CertificateTool runs the class initializer for ParseField which creates
a deprecation logger which creates a logger. This commit fixes this
issue by wrapping the parser in another class so that we can defer class
initialization until it's actually needed, thus deferring creating the
logger instance until after logging is initialized.
Relates elastic/elasticsearch#4831
Original commit: elastic/x-pack-elasticsearch@00f978c878
This is related to elastic/elasticsearchelastic/elasticsearch#22116. There were a few
places where x-pack opens socket connects that were missed in PR elastic/elasticsearch#4701.
This commit adds the doPrivileged blocks.
Original commit: elastic/x-pack-elasticsearch@32bfa087f0
This commit upgrades the checkstyle configuration from version 5.9 to
version 7.5, the latest version as of today. The main enhancement
obtained via this upgrade is better detection of redundant modifiers.
Relates elastic/elasticsearch#4810
Original commit: elastic/x-pack-elasticsearch@2c9b7d23dc
This commit reuses the automaton that defines the allowed fields in
`FieldSubsetReader` rather than resolving the list of all matching fields from
the mapping. As a side-effect this change solves a bug that unmapped fields
could previously not be read from the source. Moreover it avoids determinization
errors in the case that the number of matching fields is high.
It also uses `CharacterRunAutomaton` to evaluate automata against a given
string, which should be faster than naively stepping into the automaton since
`CharacterRunAutomaton` builds a lookup table of transitions.
Closeselastic/elasticsearch#4679
Original commit: elastic/x-pack-elasticsearch@a30913dbd5
The way we check for the triggered watches on start-up did not take into account
that an index could be closed and thus resulted in an NPE.
This commit adds a check to ensure that the watch index and triggered watches index
are open, before trying to check if all primary shards are active.
Original commit: elastic/x-pack-elasticsearch@ee05779963
This change adapts x-pack to pass on the parsed XContentType from rest requests to transport
requests and use this value in place of attempting to auto-detect the content type.
Original commit: elastic/x-pack-elasticsearch@57475fd403
This is related to elastic/elasticsearch#22116. X-pack opens socket connections for a number
of pieces of functionality (Active Directory support, ssl, email
notification, etc). As SocketPermissions are transitioned out of core,
x-pack will require connect permission. This pull request wraps
operations requiring these permissions in doPrivileged blocks.
Original commit: elastic/x-pack-elasticsearch@1bfee97550
This adds a "doc_id" parameter to the index action itself, which can accept a single ID value. This also allows the payload to set _id (or _doc._id) for each document being indexed in order to support this with bulk index actions.
If doc_id and _id are used together, then this blocks the action.
Original commit: elastic/x-pack-elasticsearch@f186ccceb8
The `Integers` class was only used in tests (but lurked around in the src) and is not needed.
Also replaced some lambda calls with their shorter equivalents.
Original commit: elastic/x-pack-elasticsearch@a81a5c33d3
In order to display a better UI page for the watch history, the state
of a throttled watch should be visualized. However, right now there
is no way to differentiate between a time throttled watch and a user
acknowledged watch (or action). This commit introduces a new type in a
throttled result, which in turn is used to set the execution state of
a watch.
Closeselastic/elasticsearch#4531
Original commit: elastic/x-pack-elasticsearch@b86e666e54
RequestContext is a leftover from when we had no thread context. This
commit removes the last place where it was used and uses the thread context
instead.
Original commit: elastic/x-pack-elasticsearch@50a2bff400
Today we wrap the checked IOException in an unchecked exception when
sending back a failure the security transport interceptor. Yet, if that failure handling
in-turn fails due to a broken response channel we should rather log the exception instead
of bubbling it up since it can have unforeseeable side-effects.
Relates to elastic/elasticsearch#4706
* fix line len
Original commit: elastic/x-pack-elasticsearch@03c3826112
Today we might get a rejection on a critical operation where `forceExecution=true` but
due to the fact that the forceExecution flag is not passed to the transport interceptor
interface we were not able to preserve this flag when forking off the request after authentication.
This causes serious issues if for instance a replication handler is rejected.
Closeselastic/elasticsearch#4704
Original commit: elastic/x-pack-elasticsearch@f0aad7dede
This commit adds a mechanism for defining known sensitive values in rest bodies so that
these can be filtered when auditing the request body.
Original commit: elastic/x-pack-elasticsearch@d138a6bff7
Since some of the rest handlers depend on components constructed
in `createComponents` we use `SetOnce` to save a reference to
the components at the class level and reuse the reference in
`initRestHandlers`. This does require that `initRestHandlers`
is called after `createComponents` but I think that is fairly
reasonable.
Original commit: elastic/x-pack-elasticsearch@4fd87ad911
Also removes unused method convertToObject from XContentUtils that does not close XContentParser either.
Original commit: elastic/x-pack-elasticsearch@99ce977c55
This PR removes all leniency in the conversion of Strings to booleans: "true" is converted to the boolean value true, "false" is converted to the boolean value false. Everything else raises an error.
Relates elastic/elasticsearchelastic/elasticsearch#22200
Original commit: elastic/x-pack-elasticsearch@a505df1f5d
This is related to elastic/elasticsearch#22116. In the tests there are multiple usages of
server implementations that `accept()` socket connections. To avoid
throwing `SecurityException` when using the `SecurityManager` these
operations must be privileged. Additionally, x-pack:elasticsearch
requires `accept` permission. This was added in the plugin-security
policy file.
Original commit: elastic/x-pack-elasticsearch@057e2abb1f
Tim Vernum
Boaz Leskes
Tim Brooks
Jay Modi
Alexander Reelsen
Simon Willnauer
Suyog Rao
Jason Tedor
Adrien Grand
Ali Beyad
Jack Conradson
Peter Dyson
Nik Everett
Suyog Rao
Stacey Gammon
Chris Earle
Luca Cavanna
javanna
Yannick Welsch
Daniel Mitterdorfer
Daniel Mitterdorfer