The cache provides a get method with a callable to load the value into the cache. Our callable
performs authentication and then returns a value. The issue with this is that the cache will queue
concurrent calls if a value is already being loaded and return the result to all callers. This is
problematic since the key is only the username and we do not validate the credentials as part of
the get call. This means it is possible for valid credentials to be returned a null user and authentication
fails.
Additionally, another variant exists where it is possible for invalid credentials to be returned a valid
user, which allows an attacker to gain access by only knowing a username and issuing a large number
of concurrent requests.
Closeselastic/elasticsearch#860
Original commit: elastic/x-pack-elasticsearch@3d122d3bbb
The additional setting to specify the configuration path is no longer needed with elasticsearch 2.0, so
we should remove it from the documentation. Also cleans up the installation commands to be in line
with what 2.0 requires.
Original commit: elastic/x-pack-elasticsearch@b269568a67
Currently, Licensee#onChange is called with a license and its status, It would be
cleaner if it accepted the license's operationMode and status as parameters instead.
This hides the license responsible for the notification from the consumer plugins and only
provides the license information used by the commercial plugins to turn features on via
operationMode and status to act on whether the current license is enabled, in
grace_period or disabled.
Original commit: elastic/x-pack-elasticsearch@b0ea7ec32b
In the test we always create at least one type_ factory but the test incorrectly used type_1
as the first, when it should have been type_0
Original commit: elastic/x-pack-elasticsearch@e4128cbc26
This change allows for messages to be signed when message signing is enabled and a system
key is not present. This is accomplished by generating a random key on startup and then using
HKDF with HmacSHA1 to generate the keying material to be used to sign the messages. The random
key from the originating node is added to the signed message so that the signing key can be
derived on the receiving node.
When a system key is present, the system key is used for signing and the preexisting behavior
is maintained.
Closeselastic/elasticsearch#711
Original commit: elastic/x-pack-elasticsearch@c41fdc0ac3
This change removes obsolete forbidden API usage, cuts over
from an interface to an abstract class for IndexSearcherWrapper and
delegates all core cache keys to the wrapped reader.
Relates to elastic/elasticsearch#774
Original commit: elastic/x-pack-elasticsearch@3799bab0d9
Shield now supports the ability to disable or enable individual features based on the type of
license that is currently installed. The change replaces the LicenseService in shield with a
ShieldLicensee that is notified on changes to the license. The ShieldLicensee then updates
a ShieldLicenseState object, which contains the logic and methods to check for features being
enabled or disabled. The ShieldLicenseState object is used by consumers to check the status
of a feature. The decoupling of the feature enablement from the ShieldLicensee class was done
to work around circular dependency issues.
Closeselastic/elasticsearch#689
Original commit: elastic/x-pack-elasticsearch@442514496d
This commit removes Guava as a dependency. Note that Guava will remain
as a test-only dependency (transitively through Elasticsearch through
Jimfs).
Relates elastic/elasticsearchelastic/elasticsearch#13224
Original commit: elastic/x-pack-elasticsearch@fe23d5f25f
This commit catches up with master which removed the shard level injector
and changed the logic how the SearcherWrapper works and is installed.
The way we now install it is via a package private onModule(IndexModule) call.
There is no public API for this anymore.
The wrapper also doesn't need to watch the IndexShards state since now it will only
be used when the shard is STARTED or RECOVERED.
Original commit: elastic/x-pack-elasticsearch@42b9eeef3d
This commit removes all uses of com.google.common.net.InetAddresses
across the codebase. This is one of the few remaining steps in the
eventual removal of Guava as a dependency.
Relates elastic/elasticsearchelastic/elasticsearch#13224
Original commit: elastic/x-pack-elasticsearch@f6a0ed1395
This commit removes the use of com.google.common.cache.Cache,
com.google.common.cache.CacheBuilder and
com.google.common.cache.CacheLoader.
Relates elastic/elasticsearchelastic/elasticsearch#13224, elastic/elasticsearchelastic/elasticsearch#13717
Original commit: elastic/x-pack-elasticsearch@04c254ee95
Some tests are still using a node builder for nodes that need to load Shield, which is not currently
supported by elasticsearch. This changes some to use a MockNode and awaits fix a tribe test
that was previously testing nothing.
Original commit: elastic/x-pack-elasticsearch@57d0c902b6
This updates our test certificates to have more subject alternative names and adds a script
to make regeneration easier in the future. Also added are the private keys in PEM format and
a .p12 version of the keystore. In the future we may want to start supporting PKCS12 keystores
and this will be a starting point for that.
Original commit: elastic/x-pack-elasticsearch@92c94c9f28
These files are generated automatically with eclipse:eclipse so they shouldn't
be tracked in the repository.
Original commit: elastic/x-pack-elasticsearch@3869ddebfa
This also stops the remote IndexAuditTrail services prior to wiping the cluster to prevent possible
writes after a template has been deleted.
Original commit: elastic/x-pack-elasticsearch@30ef226250
This change updates the IPFilter to always allow traffic from the bound addresses of the node
even if they have been explicitly disabled. This behavior can be disabled through a setting but
that could be dangerous if the blocking rule is added via a persistent setting stored in the cluster
state.
Closeselastic/elasticsearch#487
Original commit: elastic/x-pack-elasticsearch@4c1cf9455f
When we receive a message and cannot decode the signed user header, we should audit
this as a tampered request. The request may not be tampered if nodes are configured
differently in terms of system keys, but this at least provides some evidence of the bad
request on the nodes that receives it.
Closeselastic/elasticsearch#647
Original commit: elastic/x-pack-elasticsearch@2f3411d9f9
This extracts an interface for methods that a caching realm must implement. The idea for this
interface is to allow for custom realms to integrate easily with the clear cache api. With this change
a custom realm can implement this API and the clear cache action can call the evict or evictAll
methods on the realm.
Closeselastic/elasticsearch#544
Original commit: elastic/x-pack-elasticsearch@62b0029689
This commit removes all uses of com.google.common.primitives.Ints
across the codebase.
Relates elastic/elasticsearchelastic/elasticsearch#13224
Original commit: elastic/x-pack-elasticsearch@9500282387
This commit keeps the behavior the same and does not exclude the index audit trail template from
being wiped, that will be done in a future commit.
Original commit: elastic/x-pack-elasticsearch@1ac9e22923
This commit removes all uses of com.google.common.base.Joiner across
the codebase.
Relates elastic/elasticsearchelastic/elasticsearch#13224
Original commit: elastic/x-pack-elasticsearch@f69b2addca
The IndexAuditTrail was checking the logger level of the class before adding the request
class to the message, which was an error. The logger level should not control anything
about the IndexAuditTrail.
Closeselastic/elasticsearch#546
Original commit: elastic/x-pack-elasticsearch@35ee8ab453
In 2.0, plugins cannot specify mandatory settings, they can only specify a default additional
set of settings. For tribe nodes, we require shield to be enabled and be a mandatory plugin.
If the settings specified by the user conflict with this, we now throw an exception and fail
startup.
Closeselastic/elasticsearch#426
Original commit: elastic/x-pack-elasticsearch@db4d6d7923
This commit removes all uses of com.google.common.collect.Iterables
across the codebase.
Relates elastic/elasticsearchelastic/elasticsearch#13224
Original commit: elastic/x-pack-elasticsearch@ca517de412
This adds the release notes to the documentation for Shield. Note, two new features do not
have links as the documentation for these are still pending.
Original commit: elastic/x-pack-elasticsearch@e66df5cf14
The SSL randomization can cause issues when running this test multiple times to look for an issue
since the suite cluster may have a different SSL value than the remote cluster during subsequent
runs.
Closeselastic/elasticsearch#607
Original commit: elastic/x-pack-elasticsearch@8ba3140c52
This commit cuts over to StandardCharset vs. guavas Charsets, removes
obsolete uses of Collections2 / Function and replaces all LoadingCaches
with simple CHM#loadIfAbsent
Original commit: elastic/x-pack-elasticsearch@7d1d607e9e
The IndexAuditTrail was not setting the appropriate user header on requests to see if the index exists and
the mapping is updated. This did not fail in tests because we set shield.user, but fails during a normal
installation.
Closeselastic/elasticsearch#626
Original commit: elastic/x-pack-elasticsearch@3771612b20
Remove use of com.google.common.collect.Sets.
This commit removes all uses of com.google.common.collect.Sets. This is
one of many steps in the eventual removal of Guava as a dependency.
Relates elastic/elasticsearchelastic/elasticsearch#13224
Original commit: elastic/x-pack-elasticsearch@5276ed9723
Simon Willnauer
jaymode
debadair
javanna
Lee Hinman
Nik Everett
Steve Kearns
Jay Modi
Colin Goodheart-Smithe
Tanguy Leroux
uboness
Areek Zillur
PhaedrusTheGreek
Jason Tedor
Alexander Reelsen
Martijn van Groningen
Robert Muir